Lecture 7 was discussed about Security in Applications. Email is shorthand meaning Electronic Mail. Computers use TCP/IP protocol suite to send email messages in the form of packets.
The security provided in email include:-
· Confidentiality
· Data origin authentication
· Message integrity
· Non – repudiation of origin
· Key management
Below is a figure that can show how the email transported.
Threat that enabled by email is disclosure of sensitive information. It is easier to distribute information by email than it is by paper and snail mail. The disclosure may be of personal, inappropriate, commercially sensitive or propriety information. This threat can lead to loss of repudiation and ultimately dismissal of staff. Another threat is exposure of systems to malicious code. Self- replicating code is embedded in email, exploits the features or vulnerabilities of email client. It often requires user interaction to propagate an email virus. The virus outbreaks can result in Denial of Service (DoS). Exposure of systems to DoS attacks is also a threat to email. Email server attached to network may be vulnerable to DoS attacks. In addition, spamming is a threat that enabled by email. Spam provides a cover for spreading of viruses, worms, Trojans, spyware, and phishing. PGP and S/MIME can be used to secure the email because their functions are encryption for non- repudiation / authenticity.
SSL/TLS is widely used in web browsers and servers to support ‘secure e-commerce’ over HTTP. Built into Microsoft IE, Netscape, Mozilla, Apache, IIS. SSH called Secure Shell provides security at Application layer. SSH only covers traffic explicitly protected. Applications need modification, but port forwarding eases some of this. In the other hand, SET is an open encryption and security specification designed to protect credit card transactions on the internet. HTTPS is Secure Hypertext Transfer Protocol. HTTPS is a communications protocol designed to transfer encrypted information between computers over the World Wide Web (WWW).
Biometrics is the science and technology of measuring and analyzing biological data. In information technology, biometrics refers to technologies that measure and analyze human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes. Static (physiological biometric) methods is authentication based on a feature that is always present but dynamic (behavioural biometric) methods is authentication based on a certain behavior pattern.
There are a number of advantages to this technology:
- Biometric identification can provide extremely accurate, secured access to information; fingerprints, retinal and iris scans produce absolutely unique data sets when done properly
- Current methods like password verification have many problems (people write them down, they forget them, they make up easy-to-hack passwords)
- Automated biometric identification can be done very rapidly and uniformly, with a minimum of training
- Your identity can be verified without resort to documents that may be stolen, lost or altered.
As a conclusion, I was learning about the security in applications and understand the importance of security in application.
No comments :
Post a Comment