Hest A Internet Protocol and Security Internet Protocols } The Internet protocols are the world's most popular open- system (nonproprietary) protocol suite. > They can be used to communicate across any set of interconnected networks. > The Internet protocols consist of a suite of communication protocols, of which the two best known are the Transmission Control Protocol (TCP) and the Internet Protocol (IP). > The Internet protocol suite not only includes lower-layer protocols (such as TCP and IP), but it also specifies common applications such as electronic mail, terminal emulation, and file transfer. 14-May-1914-May-19 Internet Protocols > The Internet Protocols are tre method or protocols by which data is sent from ane computer to another on the Internet. > Each computer (known as a host) on the Internet has at least one unique address that uniquely identifies it from all other computers on the Internet, > When you send or receive data the message gets divided into little chunks called packets. Each of these packets contains both the sender's address and the receiver's address. Internet Protocols > The Main Functions of Protocols are : “Compressing the Data “Deciding how the data is to be sent “Addressing the data Deciding how to announce sent and received data identifying Errors14-May-19 computer within its immediate neighborhood or domain. > That gateway then forwards the packet directly to the computer whose address is specified,14-May-19 ositayers TCP Layers TPP Potocls ‘Appleton Layer Presematon Layer] | Applicaton Layer Telvet_ | SuTP Session Layer Transponttayer | | Tonspor Layer erworkLayer | | Network Layer Nemork terface ayer n host solely based on the unique address known as IP addresses available in the packet headers. ® Internet Protocol is connectionless and unreliable protocol. It ensures no guarantee of successfully transmission of date.14-May-19 + + 10101100,00010000,11111119,00000001 Cao B bits 32 bits (4 bytes) > This scheme limits the address space to 4,29,49,67,296 (2) addresses. > Each datagram has two components: @ header and a payload. Header includes source & destination IP address, and other metadata needed to route and deliver the cunnf@tagram. The payload is the data that is transported.14-May-19 Transmission Control Protocol (TCP) > Transmission Control Protocol iTCP) corresponds to the Transport Layer of OS! Model. ® TCP isa connection oriented protocol and offers end-to-end packet delivery. ® It acts as back bone for connection. > It exhibits the following key features: “TCP Is a reliable and connection oriented protocol. ‘TCP offers connection oriented end-to-end packet delivery. TCP ensures reliability by sequencing bytes with a forwarding acknowledgement numberthat indicates to the destination the next byte the source exzect to receive. ‘it retransmits the bytes not acknowledged with in specified time period. > TOP offers: Stream Data Transfer. “Reliability. Efficient Flow Control “Full-duplex operation. Multiplexing.14-May-19 data at same speed, therefore, TCP needs buffers for storage at sending and receiving ends. & Bytes and Segments : At transport layer groups the bytes into a packet. This packet is called segment. Before transmission of these packets, these segments are encapsulated into an IP datagram. process-2 and gets Its both the two directions. Reliable Service : For sake of reliability, TCP uses acknowledgement mechanism.14-May-19 amount of data at one time. } UDP provides protocol port used i.e. UDP message contains both source and destination port number, that makes it possible for UDP software at the destination to deliver the message to correct application program. “SFTP establishes two different connections: one Is for data transfer and other is for control information. “Control connection is made between control processes while Data Connection is made between Data Transfer Process “SFTP uses port 21 for the control connection and Port 20 for the data connection.14-May-1914-May-19 Hyper Text Transfer Protocol (HTTP) > HTTP is a communication protocol. It defines mechanism for communication betwee browser and the web server. It is also called request and response protocol because the communication between browser and server takes place in request and resporse pairs. ¥ HTTP Request comprises of lines which contains: *PRequest line “Header Fields “Message body > Key Points “The first line Le. the Request line specifies the request method I.e. Get or Post. “The second line specifies the header which indicates the domain name of the server from where index.htm is retrieved. ¥ HTTP Response: Like HTTP request, HTTP response also has certain structure, HTTP response contains: “Status line *pHeaders “Message body 10systerns. > This massive increase in the uptake of eCommerce has led to a new generation of associated security threats, but any e-Commerce system must meet integral requirements to protect from threats. displayed on a web site or transmitted/received over the internet has not been altered in any way by an unauthorized party > Authenticity : ability to identify the identity of a person or entity with whom you are dealing on the Internet. Both sender and recipient must prove their identities to each other. 14-May-19 atare available only to those authorized to view them > Availability : ability to ensure that e-Commerce site continues to function as intended. ‘servers such as banks, credit card payment gateways, large online retailers and popular social networking sites. ¥ Today, most challenging aspect is phishing. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy swan SQtity in an electronic communication. 14-May-19 1214-May-19 7 Security Issues in E-Commerce 4, Environment > Social engineering is the art of manipulating people into performing actions or divulging confidential information. Social engineering techniques include pretexting (where the fraudster creates an invented scenario to get the victim to divulge informaticn), Interactive voice recording (IVR) or phone phishing (where the fraudster gets the victim to divulge sensitive information over the phone) and baiting with Trojans ho'ses (where the fraudster ‘paits’ the victim to load malware unto a system). > Social engineering hes beccme a serious threat to e- commerce security since it's difficult to detect and to combat as it involves ‘human’ factors which cannot be sxnyaPatched akin to hardware or software. if Security Issues in E-Commerce \ 4. Environment > With increasing technical knowledge, and its widespread availability on the internet, cr minals are becoming more and more sophisticated in the deceptions and attacks they can perform. Novel attack strategies and vulnerabilities only really become known once a perpetrator has uncovered and, exploited them > There are multiple security strategies which any e-commerce provider can instigate to radure the rick of attack and compromise significantly. > Awareness of the risks and the implementation of multi- layered security protocols, de-ailed and open privacy policies and strong authentication and encryption measures will go a long way to assure the consumer and insure the risk of promise is kept minimal. aston ra 13