1 / 24

The secure internet application for business education on the website

The secure internet application for business education on the website. Sok Hwan Cho, Ph D .(KAIM, South Korea) Sok Pal Cho, Ph. D .( Sungkyul University, South Korea). The 85 th SIEC/ISBE International Conference 2013 in Berlin, Germany, August 5-9, 2013. Index. Network Concept

jeremy-mcclain
Télécharger la présentation

The secure internet application for business education on the website

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The secure internet application for business education on the website Sok Hwan Cho, Ph D.(KAIM, South Korea) Sok Pal Cho, Ph. D.(Sungkyul University, South Korea) The 85th SIEC/ISBE International Conference 2013 in Berlin, Germany, August 5-9, 2013

  2. Index • Network Concept • 1.1 Network Component • 1.2 Network Interconnection • 1.3 Internet • 1.4 Paradigm Shifts of B.E • Threats in Internets • 2.1 Vulnerabilities of terminals on the Internet • 2.2 Network Vulnerabilities • 2.3 Preventing from external attackers • Secure Internet Application • 3.1 Information Ambiguity (Ambiguousness) • 3.2 Firewall or Demilitarized Zone • 3.3 Secure Channels - • 4. Conclusion

  3. 1. Network A network is the interconnection of a set of terminals capable of communication. In this definition, a device can be a host such as a large computer, desktop, laptop, workstation, cellular phone, or security system. A terminal in this definition can also be a connecting device such as a router a switch, a modem that changes the form of data, and so on.

  4. 1.1 Network components Five components onthe website

  5. 1.3 The Internet An internet is two or more networks that can communicate with each other. It is composed of thousands of interconnected networks. Understanding about terminals. The basic components of network>

  6. 1.4 Paradigm Shifts of education on the network Teacher oriented education learner oriented education Distributed education, Individual ordered education, Lifelong education Group education, Community education, Uniformed education Network Off-line education : physical classroom education , On-line education : website education; distance learning, e-m-u-/learning

  7. 2. Threats of Internet • a kind of threats; • Unauthorized access. • Malicious software; Virus, Worm, Trojan Code • Software failure. • Denial of service. • Modification by unauthorized person. • Calamity. • Interception by unauthorized person. • Etc. Annoying learning activities

  8. Interception (Theft) Interruption (Denial of Service) Hardware Software data Fabrication (Substitution) Modification Interruption (Deletion) Interruption (Loss) Interception Interception Modification Fabrication Fabrication Modification 2.1 Vulnerabilities of Terminal on the Internet

  9. 2.3 Network Vulnerabilities1

  10. Host C 2.3.2 Network Vulnerabilities(Uncertain Message) Network A Network B Host A1 • If A1 send a message to B3(A1 B3), it may be routed hosts C or D. Host C may provide acceptable security, but not D. Host B3 Host D Figure Uncertain Message Routing in a Network

  11. 2.3.4 Network Vulnerabilities(Impersonation) • In an impersonation(imitate), an attacker has several choices: • Guess the identity and authentication details of the target. • Pick up the identity and authentication details of the target from a previous communication or from wiretapping. • Circumvent or disable the authentication mechanism at the target computer. • Use a target that will not be authenticated. • Use a target whose authentication data are known.

  12. 2.3.6 Network Vulnerabilities(Interception) • A malicious middleman intercepts the response key and can then eavesdrop on, or even decrypt, modify, and re-encrypt any subsequent communications between two terminals. Key Distributor Malicious Interceptor User 2 User 1 Figure Key Interception by a Man-in-the-Middle Attack

  13. 2.3.7 Network Vulnerabilities (Website vulnerabilities) • Web Site Defacement(damage) • One of the most widely known attacks is the web site defacement attack. • Web sites are designed so that their code is downloaded, enabling an attacker to obtain the full hypertext document and all programs directed to user in the loading process. • The download process essentially gives the attacker the blueprints to the web site. Hypertext:

  14. 2.3.8 Network Vulnerabilities(Denial of Service) • Echo-Chargen (connection flooding) • Chargen is a protocol that generates a stream of packets; • The attackers sets up a Chargen process on host A, and if host A sends a packet to destination host B, B reply to A with echo packet; • Namely host A produces a stream of packets continuously to host B and host B reply to A, then A and B puts in an endless loop. send a stream of packet echo packet Host A Set up “Chargen” Host B Endless loop

  15. 2.3.10 Distributed Denial of Service(DDoS) • To perpetrate a distributed denial-of-service(or DDoS) attack, an attacker does two things. • The attacker plants a Trojan horseon a target machine. • That Trojan horse does not cause any harm to the target machine. • The Trojan horse file may be named for a popular editor or entered into the list of processes(daemons)activated at startup. • The attacker repeats this process with many targets. • Each of these target systems becomes what is know as a zombie. • The target systems carry out their normal work, unaware of the resident zombie. Ref)Trojan horse에 대한 유래 설명

  16. 3.1.2 Cryptosystem • Cryptosystem is a system for encryption and decryption. Original plaintext plaintext ciphertext encryption decryption

  17. Which of the learner that I know are you? I&A system 3.2.1 Introduction of I&A (Individual I&A) • Individual I&A determines the individual learner or user interacting with a process. In example is logging on a computer as shown figure. Individual identification and authentication representation

  18. Using function I&A service Learner, User 3.2.2 I&A Procedure • I&A service is requested by a using function, which has the responsibility of passing information to the I&A serviceto determine an identifier and authenticators. Request I&A service Request ID, authenticator Claimed ID, authenticator I&A result Permit Generic interaction model of I&A service

  19. 3.2.3 Type of I&A • Three general strategies exist to satisfy I&A requirements: automated I&A, physical I&A and procedural I&A. - Physical and procedural I&A includes measures such as a human guard reviewing ID badges, or a sign-in procedure. - Automated I&A design encompasses computer-based measures such as user IDs and password.

  20. 3.3 Protecting using a firewall or DMZ B.E DB server B.E Web server Cache Attacker Firewall or DMZ Memory B.E Application Server B.E State Server

  21. request request Packet filter firewall External host Local host P Internet 3.3.1 Packet filter firewall • A packet filter firewall intercepts all traffic coming and going from a port P and inspects its packets • - Data from coming or going to mistrusted address are rejected.

  22. 3.4 Secure Internet Application for business education • Secure Channels;for sensitive communication across a public network, create encrypted secure channels to ensure that data remains confidential in transit. • Demilitarized zone;separates the business functionality and information from the Web servers. • -Protection Reverse Proxy; protects the server software at the level of the application protocol. • Known partners; identify partner by Identification and Authentication.

  23. 3.4.1 Secure Internet 1 E/D E/D Learning Contents E/D Users(Learner, Teachers, etc.) 1st step: E/D: Encryption/Decryption 2nd step: Firewall(Packet, Proxy, State full) I&A with E/D 2nd step: I&A: Identification & Authentication ISP: Information Service Provider

  24. 4. Conclusion ▣ Secure internet channel provides;  Protecting user from attackers on the cyber space  Better securing the e, m, u-learning systems that store, process, or transmit the information of learning contents  More learning opportunities Improving interactions.  Improving higher quality  Enabling well-informed LMS(Learning Management System)

More Related