8/7/2019 Ganesh Engg College
1/26
Network Security and Network Security andWeb ServicesWeb Services
Sivappriya.S2nd Year CSE
Ganesh Engineering College
8/7/2019 Ganesh Engg College
2/26
Th e Network Security on web
services h as become mandatory dueto h acking process
Th ere are many kinds of h ackingtech nologies available. I will s h ow you avideo about a person h acking a trafficsignal. He h acks t h e traffic signal andch anges it into h is required signal. Th isvideo is taken from you tube
8/7/2019 Ganesh Engg College
3/26
8/7/2019 Ganesh Engg College
4/26
Threats:
Illicit Activities
H ackers : enjoy intellectual challenges of
overcoming software limitations andhow to increase capabilities of systems
Crackers : illegally break into other
people s secure systems and networksCyber Terrorists : threaten and attack
other people s computers to further asocial or political agenda
8/7/2019 Ganesh Engg College
5/26
8/7/2019 Ganesh Engg College
6/26
21 January 2003
Two years jail for UK virus writer who infected 27,000 PCs
Simon Vallor , the twenty-two year old web designer fromNorth Wales who, in December 2002, pleaded guilty to writingand distributing three computer viruses, was today sentencedat Southwark Crown Court, London to a two year custodialsentence. His viruses - Gokar , Redesi and Admirer wereproven to have infected 27,000 PCs in 42 countries.
Source: www.sophos.com
8/7/2019 Ganesh Engg College
7/26
Threats:
Illicit Activities
Malware Writers : responsible for the
creation of malicious softwareSamurai : hackers hired to legally enter
secure computer/network environments
Phreakers : Focus on defeating telephonesystems and associated communicationtechnologies
8/7/2019 Ganesh Engg College
8/26
Threats:Illicit Activities
Phishing : sending out scam e-mails withthe criminal intent of deceit and extortion.
Spam : unsolicited and/or undesired bulk e-mail messages, often selling a product
Zombie Computers: Yours?
I will explain the above terms bit detail.
8/7/2019 Ganesh Engg College
9/26
R eal Time A n alysis
Spam
8/7/2019 Ganesh Engg College
10/26
Z o mbie B otnet
A computer is hacked in such a way that all the activities
the hacker want to perform will be done via yourcomputer on other PC. This computer is called Zombie. A botnet's originator can control the group remotely, andusually for nefarious purposes such as the sending of
mass spam.
Source: www.wikipedia.org
8/7/2019 Ganesh Engg College
11/26
P hishi ng
Phishing is a technique used by strangersto "fish" for information about you,information that you would not normallydisclose to a stranger, such as your bankaccount number , PIN, and other personalidentifiers. These messages often containcompany/bank logos that look legitimate
and use flowery or legalistic languageabout improving security by confirmingyour identity details. Ex ample E mails From ICICI willcome as ICICIe, Paypal.
8/7/2019 Ganesh Engg College
12/26
P hishi ng example
8/7/2019 Ganesh Engg College
13/26
8/7/2019 Ganesh Engg College
14/26
Malware Types Viruses:
Conceal themselvesInfect computer systemsReplicate themselves
Deliver a payload
8/7/2019 Ganesh Engg College
15/26
Wo rms:Programs that are capable of
independently propagatingthroughout a computernetwork.
They replicate fast andconsume large amounts of the host computers memory.
Malware Types
8/7/2019 Ganesh Engg College
16/26
Tr oj a n Ho rses:Programs that contain hidden
functionality that can harmthe host computer and thedata it contains.
.
Malware Types
8/7/2019 Ganesh Engg College
17/26
S o ftware B o mbs:Time Bombs - triggered by a
specific time/dateLogic Bombs - triggered by a
specific event Both are introduced some time
before and will damage thehost system
Malware Types
8/7/2019 Ganesh Engg College
18/26
Threats:
DEF
ACING WE
BS ITE
S
H ackers can leave their graffiti ( Drawing
Messages etc..) on other people swebsites. Below sites were hacked longtime back.FBI and CIANASABritish Labour and Conservative PartiesNew York Times
8/7/2019 Ganesh Engg College
19/26
8/7/2019 Ganesh Engg College
20/26
Bigg est Threat: Said to be onBanks.
G ood Ex ample for t h e Network security andweb service I feel is t h e banking sector
securities Normally all t h e banks h ave websitesecurity, Initially I will e x plain t h e type of
focus t h ey give on Web security.
8/7/2019 Ganesh Engg College
21/26
All the banks have website security, Initially I willexplain the type of web security.The username and password for accessing the bankwebsites.Password encryption.Password length: ie the number of character used
for the passwords.Password Strength: combination of Characters,Numbers, Special characters.Password expiry after 30 days, Need to change thepassword every 30 days.We can also see some websites are using Keyboardsecurity( example mashreq) this security is goodenough. This is given because even when a useruses the keyboard hardware and the computer canhacked.
8/7/2019 Ganesh Engg College
22/26
Ex ample of a B ank S h owing t h e
Virtual keyboard for security.
8/7/2019 Ganesh Engg College
23/26
Now bankers areissuing Secure IDCard.
This card has adigital display,this has a 6 digit password
numbers. And thisnumber changesevery 60 seconds.
8/7/2019 Ganesh Engg College
24/26
U sually everyone usewww i.e. h ttp port 80ie user friendly, Soh ackers target t h esekinds of Protocol, nowsecured websites are
being usedh
ttps 443for security reasons.U sually w h ile openingth is kind of securewebsite t h ere is a
warning message tocontinue.
8/7/2019 Ganesh Engg College
25/26
It's h ard to know w h o you can trust on t h eInternet. Is t h at really my bank's website I'mviewing t h roug h my browser? Is t h ere a real
business be h ind t h at site. How do I know I'm
looking at t h e rig h t website? Internet Ex plorer 8supports t h e new Ex tended Validation SSL(Secure Socket Layer) certificates to h elp users
better answer t h ese questions and see identity
information for websites . B elow screen s h ot willh elp you to know if really a website can be trustedor not
8/7/2019 Ganesh Engg College
26/26
G reen Colour indicates t h is is a
secured website.