16
The Internet Architecure Board The internet architecture board (IAB) is the committee responsible for supervising the technical and engineering development of the internet. The IAB committee is appointed by the Internet Society (ISOC), which is an international organization whose mission is to encourage Internet usage. The Internet Society has more than 100 organizational and more than 28,000 individual members in over 80 chapters around the world.

ITFT - Web security

Tags:

Embed Size (px)

DESCRIPTION

Web security,

Citation preview

Page 1: ITFT - Web security

The Internet Architecure Board

The internet architecture board (IAB) is the committee responsible for supervising the technical and engineering development of the internet. The IAB committee is appointed by the Internet Society (ISOC), which is an international organization whose mission is to encourage Internet usage. The Internet Society has more than 100 organizational and more than 28,000 individual members in over 80 chapters around the world.

Page 2: ITFT - Web security

Originally IAB was founded by the United States Department of Defense's ‘Defense Advanced Research Projects Agency’ that is responsible for development of new technology for use by the US military. In 1979, it was named Internet Configuration Control Board. Its name was changed to Internet Advisory Board in 1984 and internet Activities Board in 1986. In January 1992, it became Internet Architecture Board under ISOC.

Page 3: ITFT - Web security
Page 4: ITFT - Web security

Web Security

The web security is required to protect the web sites from unauthorized access, information disclosure and data theft. Security on the web can be ensured using the

following mechanism:

Page 5: ITFT - Web security

Encryption:

• It is the process of translating data into a secret code that cannot be easily understood by the unauthorized people. Encryption is the best technique of achieving data security. A secret key or password is needed to read an encrypted data. Unencrypted data is referred as plain text while encrypted data is called cipher text.

There are two types of encryption:

• Asymmetric encryption or public - key encryption

• Symmetric encryption

Page 6: ITFT - Web security

Asymmetric Encryption • This type of encryption makes use of two keys- a private

key and a public key. The private key also known as secret key is available to the recipient of the data only whereas the knowledge of public key is known to all.

• For instance, when Robert wants to send a message to Jane, he uses Jane’s public key to encrypt the message. Jane then uses her private key to decrypt the message. In asymmetric encryption, there is a relation between the public key and private keys in a way that for the encryption of the messages only the public key can be used and for the decryption, only corresponding private key can be used.

Page 7: ITFT - Web security

Asymmetric

• To use asymmetric encryption, there must be a way for people to discover other public keys. The typical technique is to use digital certificates (also known simply as certificates). A certificate is a package of information that identifies a user or a server, and contains information such as the organization name, the organization that issued the certificate, the user's e-mail address and country, and the user's public key.

Page 8: ITFT - Web security
Page 9: ITFT - Web security

Symmetric Encryption

• It is a type of encryption where the same key is used to encrypt and decrypt the data. The sender of the information encrypts the data using the shared keys and the receiver decrypts the information using the same key.

Page 10: ITFT - Web security
Page 11: ITFT - Web security

Secure Sockets Layer(SSL)

Netscape developed this protocol to transmit private data through the web. Data is encrypted in SSL with the use of two keys, private key and public key.

Secure HTTP: It is a protocol for transmitting data securely over the world wide web. S-HTTP and SSL help each other to transmit the information securely. A connection between the client and a server is created by SSL, over which data of any amount can be securely sent.

Page 12: ITFT - Web security

Secure HTTP

• Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP)

• . Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing tech.

• Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.

Page 13: ITFT - Web security

Firewall

• Firewalls are often used to prevent unauthorized users on the web from accessing private networks.

• The private networks are used and maintained by the companies to exchange business information. All the messages that enter or leave the private network go through the firewall. Each message is examined by the firewall and the ones that do not fulfill the security criteria specified, are blocked.

Page 14: ITFT - Web security
Page 15: ITFT - Web security

Security of the Web servers

It is possible to protect web servers from the risks that can affect information security through good security practices. Following are the practices that can be adopted to secure the web servers:

Remove all unnecessary services from your web server because an unnecessary service can become a possibility of unauthorized access.

Remote server administration should be avoided until and unless it is done using a secured connection or password.

Page 16: ITFT - Web security

Cont… The number of individuals who access the web

server should be limited.

All the server updates should be done through intranet.

We should have intrusion detection software (IDS) installed on web servers which inspects all the network activities and identifies the suspicious activities that may indicate an unauthorized access to the web server.


Itft agriculture

Itft agriculture

Education
ITFT- INDUSTRIAL LAW

ITFT- INDUSTRIAL LAW

Education
ITFT - HRM

ITFT - HRM

Education
ITFT Profile

ITFT Profile

Documents
ITFT Marketing automotion

ITFT Marketing automotion

Education
ITFT- Accounting

ITFT- Accounting

Education
ITFT _ Operating system

ITFT _ Operating system

Education
ITFT- Golden Triangle

ITFT- Golden Triangle

Education
ITFT - COST ACCOUNTING

ITFT - COST ACCOUNTING

Education
ITFT- COST ACCOUNTING

ITFT- COST ACCOUNTING

Education
ITFT- Sampling

ITFT- Sampling

Education
ITFT - Business Opportunity

ITFT - Business Opportunity

Education
ITFT- UFTAA

ITFT- UFTAA

Education
ITFT- Tourism Planning

ITFT- Tourism Planning

Education
itft-buzz marketing

itft-buzz marketing

Education
ITFT- egypt physical

ITFT- egypt physical

Education
ITFT - Innovation

ITFT - Innovation

Education
ITFT - Social environment

ITFT - Social environment

Education
ITFT- Dbms

ITFT- Dbms

Education
ITFT-Job evaluation

ITFT-Job evaluation

Education
ITFT - Software

ITFT - Software

Education
ITFT-Jet airways

ITFT-Jet airways

Education
ITFT Visual merchandising

ITFT Visual merchandising

Education
ITFT - Java

ITFT - Java

Education
ITFT - ISDN

ITFT - ISDN

Education
ITFT- Marketing

ITFT- Marketing

Education
ITFT- FHRAI

ITFT- FHRAI

Education
ITFT-Pricing stratigies

ITFT-Pricing stratigies

Education
ITFT-- Inventory management

ITFT-- Inventory management

Education
ITFT - Design

ITFT - Design

Education