Matakuliah
Tahun
Versi
: M0284/Teknologi & Infrastruktur E-Business
: 2005
: <<versi/revisi>>
Pertemuan 10
Network Security and E-Commerce
1
Learning Objectives
• Understand how viruses operate and how to
protect systems from them.
2
Virus Protection
• Virus Categories
– File infectors
– System or boot-record infectors
– Macro viruses
– Worms
3
Virus Protection
• Backup and Recovery
– Organizations need to have clear procedures for
backup and recovery.
• Onsite
• Offsite
• Timed
– Organization must enforce these procedures.
– Take advantage of new technologies
• Compression
• Optical storage
– Clear recovery procedures
4
Firewalls
• Necessary for Enterprise and service providers,
Small offices, and consumers having access to
Internet.
• Design Goals of a Firewall:
– Control the traffic from inside to outside and vice
versa.
– Establish local security policies.
– Avoid penetration through simplicity.
• Clear set of rules
• Easily maintained
• Assigned responsibilities
5
Firewalls
• Firewalls can be Classified in:
– Packet Filtering Router
– Circuit-Level Gateways
– Application-Level Gateways
• Proxy Servers
6
Firewalls
Packet Filtering Router
• Applies a set of rules to all incoming packets
• Filtering rules are based on the fields of the
packet.
7
Firewalls
Circuit-Level Gateway
• Establishes connections between users on
the outside and users on the inside.
• No direct end-to-end links, TCP
redirection.
• Does not provides network-layer services.
8
Firewalls
• Multilevel Firewalls
– Based on fact that intruder can be repelled
by multiple layers of defense or at least
slowed down.
9
Firewalls
Application-Level Gateway
• Establishes connections at the application
level.
• Stricter security than packet filtering.
• Proxy servers are functionally similar.
• Proxy servers also act as cache servers to
enhance performance.
10
Security Audit
• Security audits feature
– Top-Down interviews
– Identification of deviation from existing
policies.
– Analysis using proven security practices
methodology (SPM).
• Many companies outsource audits.
– Based on costs
– Based on skills
11
Security Levels
• Security of the Organization
– Select the right solution
– Intrusion detection
• Security of the Client
– Protection at the browser
– Protection through virtual private network
• Security of the Third Party
– Distributed Denial Of Service Attacks (DDOS)
– Filtering outbound traffic
12
Security Levels - Clients
• Connections to the Internet are not
anonymous.
– Privacy issues
• Transactions may leave residual
information.
– Caching
– Cookies
– Log
13
Security Levels - Clients
• Countermeasures in Netscape & Internet
explorer
14
Directory Services
• Definition
– A network service that identifies all resources on a
network and makes them accessible to users and
applications.
• Standards
– X.500 is an ISO and ITU standard that defines how
global directories should be structured. X.500
directories are hierarchical
– LDAP was conceived of as a way to simplify access
to a directory service that was modeled according to
the X.500 standards. LDAP has emerged as the
solution needed to make global directory services a
reality.
15
Directory Services
• Current products
– Number based on Lightweight Directory
Access Protocol (LDAP)
– CP: Injoin Directory Server v3.X
– NETSCAPE: iPlanet Directory Server 4.11
– NOVELL: NDS eDirectory Version 8.X
– ORACLE: Oracle Internet Directory 2.X
– Microsoft Active Directory Service
16
Directory Services
• Single Sign-On
– A user needs only one user ID and password, which
eliminates the security headaches and vulnerabilities
associated with multiple IDs/passwords.
– Frees security administrators from the mundane task
of assigning passwords
– Single Sign-On should work across all platforms,
databases, and applications and includes out-of-thebox support for third-party technologies such as
Authentication, PKI, and smart cards.
17