INTERNET SECURITY

BY K.MOHANAKRISHNA-09C21A0435

WHAT IS INTERNET SECURITY?

Internet security is a branch of computer security specifically related to the internet. Its objective is to establish rules and measures to use against attacks over the internet

WHY DO WE NEED INTERNET SECURITY?

However, with all the advantages of the internet, there

are also some disadvantages. All financial dealings are made over the internet, it is estimated that billions of dollars are being exchanged online everyday. This has spawned a new generation of criminals. These cyber criminals develop software called spyware that invades our personal computer and starts gathering information such as our financial or personal details and sends it back to the person who developed the software.

 The thought of letting a stranger look at your personal

and financial information without you knowing about it can definitely make you cringe in fear. Armed with this information, the cyber criminals may be able to steal money from you. This is why it is very important for you to secure yourself from these crimes not just in the real world, but also in the cyber world as well.

TYPES OF SECURITY
SECURITY

Network layer security

IPSec Protocol

Electronic mail security (E-mail)

PGP

MIME

S/MIME

NETWORK LAYER SECURITY

Uses cryptographic methods
Used for securing communications on internet

 TCP/IP can be made secure with the help of

cryptographic methods and protocols that have been

developed for securing communications on the Internet.
These protocols include SSL and TLS for web traffic,

PGP for email, and IPsec for the network layer security.

IPSEC PROTOCOL
This protocol is designed to protect communication in

a secure manner using TCP/IP. It is a set of security extensions developed by IETF, and it provides security and authentication at the IP layer by using cryptography. There are two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and Encapsulating Security Payload (ESP). These two protocols provide data integrity, data origin authentication, and anti-replay service.

 The basic components of the IPsec security

architecture are described in terms of the following functionalities: Security association for policy management and traffic processing Manual and automatic key management for the internet key exchange (IKE) Algorithms for authentication and encryption Security protocols for AH and ESP

ELECTRONIC MAIL SECURITY

Email messages are composed, delivered, and stored in

a multiple step process, which starts with the message's composition. When the user finishes composing the message and sends it, the message is transformed into a standard format: an RFC 2822 formatted message. Afterwards, the message can be transmitted. Using a network connection, the mail client, referred to as a mail user agent (MUA), connects to a mail transfer agent (MTA) operating on the mail server.

Pretty Good Privacy (PGP)

PGP provides confidentiality by using an encryption

algorithm such 3DES or CAST-128. Email messages can be protected by using cryptography in the following ways: Signing an email message to ensure its integrity and confirm the identity of its sender. Encrypting the communications between mail servers to protect the confidentiality of both the message body and message header.

Multipurpose Internet Mail Extensions (MIME)

MIME transforms non-ASCII data at the sender's site

to Network Virtual Terminal (NVT) ASCII data and delivers it to client's Simple Mail Transfer Protocol(SMTP) to be sent through the Internet. The server SMTP at the receiver's side receives the NVT ASCII data and delivers it to MIME to be transformed back to the original non-ASCII data.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

S/MIME provides a consistent means to securely send

and receive MIME data. S/MIME is not only limited to email but can be used with any transport mechanism that carries MIME data, such Hypertext Transfer Protocol (HTTP).

MESSAGE AUTHENTICATION CODE

A Message Authentication Code is a cryptography

method that uses a secret key to encrypt a message. This method outputs a MAC value that can be decrypted by the receiver, using the same secret key used by the sender. The Message Authentication Code protects both a message's data integrity as well as its authenticity.

WHAT ARE THE RISK?

Vulnerabilities
Phishing Virus Hacking Trojan horses

VULNERABILITIES
In computer security, vulnerability is a weakness which allows an attacker to reduce a system's information assurance. To be vulnerable, an attacker must have at least one applicable tool or technique that can connect to a system weakness

IDENTIFYING & REMOVING VULNERABILITIES

Removal methods

constant vigilance

best practices in deployment

auditing

PHISHING
In

the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

PHISHING TECHNIQUES
Phishing techniques

Link manipulation

Filter evasion

Phone phishing

LINK MANIPULATION
Most methods of phishing use some form of technical deception

designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization
The following example link, http://en.wikipedia.org/wiki/Genuine,

appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception"

FILTER EVASION
Phishers have used images instead of text to make it harder

for anti-phishing filters to detect text commonly used in phishing e-mails.

PHONE PHISHING
Not all phishing attacks require a fake website
Messages that claimed to be from a bank told users to dial a phone

number regarding problems with their bank accounts Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.

MAIN TARGETS FOR PHISHING SCAMS

WHAT IS COMPUTER VIRUS?

A computer virus is a computer program that can copy

itself and infect a computer

The term "virus" is also commonly but erroneously used to

refer to other types of malware, including but not limited to adware and spyware programs that do not have the

reproductive ability

HOW DOES IT SPREAD?

HOW TO PREVENT VIRUS INVASION?

Load only software from original disk or CDs.
Execute only programs of which you are familiar as to their origin Check all shareware and free programs Purchase a virus program that runs as you boot or work your computer

HACKING
In common usage, a hacker is a stereotypical person who breaks into

computers and computer networks, either for profit or motivated by the challenge.

HACKING TECHNIQUES
Vulnerability scanner

TECHNIQES

HOW WE CAN AVOID THESE RISKS?

We must use antivirus softwares
We must use firewall for hacker attacks We shouldnt open every files

When we receive an email we should be careful

We shouldnt share our personal information on

internet We shouldnt accept every file, when we talk our friends such as msn messenger

ROLE OF FIREWALLS IN INTERNET SECURITY

A firewall controls access between networks It generally consists of gateways and filters which vary from

one firewall to another Firewalls act as the intermediate server between SMTP and HTTP connections

 Firewalls impose restrictions on incoming and

outgoing packets to and from private networks. All the traffic, whether incoming or outgoing, must pass through the firewall; only authorized traffic is allowed to pass through it.
Firewalls create checkpoints between an internal

private network and the public Internet, also known as choke points. Firewalls can create choke points based on IP source and TCP port number.

TYPES OF FIREWALLS
FIREWALLS

Packet Filters

Circuit-Level Gateways

Application-Level Gateways

PACKET FILTERS
Packet filters are one of several different types of

firewalls that process network traffic on a packet-bypacket basis. Their main job is to filter traffic from a remote IP host, so a router is needed to connect the internal network to the Internet. The router is known as a screening router, which screens packets leaving and entering the network.

CIRCUIT-LEVEL GATEWAYS
The circuit-level gateway is a proxy server that

statically defines what traffic will be allowed.This gateway operates at the network level of an OSI model. The main advantage of a proxy server is its ability to provide Network Address Translation (NAT), which can hide the user's IP address from the Internet, effectively protecting all internal information from the Internet.

APPLICATION-LEVEL GATEWAYS
An application-level gateway is a proxy server

operating at the TCP/IP application level. A packet is forwarded only if a connection is established using a known protocol. Application-level gateways are notable for analyzing entire messages rather than individual packets of data when the data are being sent or received

REFERENCES
Gralla, Preston (2007). How the Internet Works.

Que Pub, Indianapolis. ISBN 0-7897-2132-5. http://itcd.hq.nasa.gov/networking-vpn.html Virtual Private Network TCP/IP protocols fourth edition by mc-craw hill companies. www.google.co.in

THANK YOU

QUERIES ??