ganesh engg college

8/7/2019 Ganesh Engg College

1/26

Network Security and Network Security andWeb ServicesWeb Services

Sivappriya.S2nd Year CSE

Ganesh Engineering College


2/26

Th e Network Security on web

services h as become mandatory dueto h acking process

Th ere are many kinds of h ackingtech nologies available. I will s h ow you avideo about a person h acking a trafficsignal. He h acks t h e traffic signal andch anges it into h is required signal. Th isvideo is taken from you tube


3/26


4/26

Threats:

Illicit Activities

H ackers : enjoy intellectual challenges of

overcoming software limitations andhow to increase capabilities of systems

Crackers : illegally break into other

people s secure systems and networksCyber Terrorists : threaten and attack

other people s computers to further asocial or political agenda


5/26


6/26

21 January 2003

Two years jail for UK virus writer who infected 27,000 PCs

Simon Vallor , the twenty-two year old web designer fromNorth Wales who, in December 2002, pleaded guilty to writingand distributing three computer viruses, was today sentencedat Southwark Crown Court, London to a two year custodialsentence. His viruses - Gokar , Redesi and Admirer wereproven to have infected 27,000 PCs in 42 countries.

Source: www.sophos.com


7/26

Threats:

Illicit Activities

Malware Writers : responsible for the

creation of malicious softwareSamurai : hackers hired to legally enter

secure computer/network environments

Phreakers : Focus on defeating telephonesystems and associated communicationtechnologies


8/26

Threats:Illicit Activities

Phishing : sending out scam e-mails withthe criminal intent of deceit and extortion.

Spam : unsolicited and/or undesired bulk e-mail messages, often selling a product

Zombie Computers: Yours?

I will explain the above terms bit detail.


9/26

R eal Time A n alysis

Spam


10/26

Z o mbie B otnet

A computer is hacked in such a way that all the activities

the hacker want to perform will be done via yourcomputer on other PC. This computer is called Zombie. A botnet's originator can control the group remotely, andusually for nefarious purposes such as the sending of

mass spam.

Source: www.wikipedia.org


11/26

P hishi ng

Phishing is a technique used by strangersto "fish" for information about you,information that you would not normallydisclose to a stranger, such as your bankaccount number , PIN, and other personalidentifiers. These messages often containcompany/bank logos that look legitimate

and use flowery or legalistic languageabout improving security by confirmingyour identity details. Ex ample E mails From ICICI willcome as ICICIe, Paypal.


12/26

P hishi ng example


13/26


14/26

Malware Types Viruses:

Conceal themselvesInfect computer systemsReplicate themselves

Deliver a payload


15/26

Wo rms:Programs that are capable of

independently propagatingthroughout a computernetwork.

They replicate fast andconsume large amounts of the host computers memory.

Malware Types


16/26

Tr oj a n Ho rses:Programs that contain hidden

functionality that can harmthe host computer and thedata it contains.

.

Malware Types


17/26

S o ftware B o mbs:Time Bombs - triggered by a

specific time/dateLogic Bombs - triggered by a

specific event Both are introduced some time

before and will damage thehost system

Malware Types


18/26

Threats:

DEF

ACING WE

BS ITE

S

H ackers can leave their graffiti ( Drawing

Messages etc..) on other people swebsites. Below sites were hacked longtime back.FBI and CIANASABritish Labour and Conservative PartiesNew York Times


19/26


20/26

Bigg est Threat: Said to be onBanks.

G ood Ex ample for t h e Network security andweb service I feel is t h e banking sector

securities Normally all t h e banks h ave websitesecurity, Initially I will e x plain t h e type of

focus t h ey give on Web security.


21/26

All the banks have website security, Initially I willexplain the type of web security.The username and password for accessing the bankwebsites.Password encryption.Password length: ie the number of character used

for the passwords.Password Strength: combination of Characters,Numbers, Special characters.Password expiry after 30 days, Need to change thepassword every 30 days.We can also see some websites are using Keyboardsecurity( example mashreq) this security is goodenough. This is given because even when a useruses the keyboard hardware and the computer canhacked.


22/26

Ex ample of a B ank S h owing t h e

Virtual keyboard for security.


23/26

Now bankers areissuing Secure IDCard.

This card has adigital display,this has a 6 digit password

numbers. And thisnumber changesevery 60 seconds.


24/26

U sually everyone usewww i.e. h ttp port 80ie user friendly, Soh ackers target t h esekinds of Protocol, nowsecured websites are

being usedh

ttps 443for security reasons.U sually w h ile openingth is kind of securewebsite t h ere is a

warning message tocontinue.


25/26

It's h ard to know w h o you can trust on t h eInternet. Is t h at really my bank's website I'mviewing t h roug h my browser? Is t h ere a real

business be h ind t h at site. How do I know I'm

looking at t h e rig h t website? Internet Ex plorer 8supports t h e new Ex tended Validation SSL(Secure Socket Layer) certificates to h elp users

better answer t h ese questions and see identity

information for websites . B elow screen s h ot willh elp you to know if really a website can be trustedor not


26/26

G reen Colour indicates t h is is a

secured website.

ganesh engg college

Documents