Hest A
Internet Protocol and Security
Internet Protocols
} The Internet protocols are the world's most popular open-
system (nonproprietary) protocol suite.
> They can be used to communicate across any set of
interconnected networks.
> The Internet protocols consist of a suite of communication
protocols, of which the two best known are the
Transmission Control Protocol (TCP) and the Internet
Protocol (IP).
> The Internet protocol suite not only includes lower-layer
protocols (such as TCP and IP), but it also specifies common
applications such as electronic mail, terminal emulation,
and file transfer.
14-May-1914-May-19
Internet Protocols
> The Internet Protocols are tre method or protocols by
which data is sent from ane computer to another on
the Internet.
> Each computer (known as a host) on the Internet has at
least one unique address that uniquely identifies it from all
other computers on the Internet,
> When you send or receive data the message gets divided
into little chunks called packets. Each of these packets
contains both the sender's address and the receiver's
address.
Internet Protocols
> The Main Functions of Protocols are :
“Compressing the Data
“Deciding how the data is to be sent
“Addressing the data
Deciding how to announce sent and received data
identifying Errors14-May-19
computer within its immediate neighborhood or domain.
> That gateway then forwards the packet directly to the
computer whose address is specified,14-May-19
ositayers TCP Layers TPP Potocls
‘Appleton Layer
Presematon Layer] | Applicaton Layer Telvet_ | SuTP
Session Layer
Transponttayer | | Tonspor Layer
erworkLayer | | Network Layer
Nemork terface
ayer
n host solely based on
the unique address known as IP addresses available in the
packet headers.
® Internet Protocol is connectionless and unreliable
protocol. It ensures no guarantee of successfully
transmission of date.14-May-19
+ +
10101100,00010000,11111119,00000001
Cao
B bits
32 bits (4 bytes)
> This scheme limits the address space to 4,29,49,67,296 (2)
addresses.
> Each datagram has two components: @ header and a
payload. Header includes source & destination IP address,
and other metadata needed to route and deliver the
cunnf@tagram. The payload is the data that is transported.14-May-19
Transmission Control Protocol (TCP)
> Transmission Control Protocol iTCP) corresponds to the
Transport Layer of OS! Model.
® TCP isa connection oriented protocol and offers end-to-end
packet delivery.
® It acts as back bone for connection.
> It exhibits the following key features:
“TCP Is a reliable and connection oriented protocol.
‘TCP offers connection oriented end-to-end packet delivery.
TCP ensures reliability by sequencing bytes with a forwarding
acknowledgement numberthat indicates to the destination
the next byte the source exzect to receive.
‘it retransmits the bytes not acknowledged with in specified
time period.
> TOP offers:
Stream Data Transfer.
“Reliability.
Efficient Flow Control
“Full-duplex operation.
Multiplexing.14-May-19
data at same speed, therefore, TCP needs buffers for
storage at sending and receiving ends.
& Bytes and Segments : At transport layer groups the bytes
into a packet. This packet is called segment. Before
transmission of these packets, these segments are
encapsulated into an IP datagram.
process-2 and gets Its
both the two directions.
Reliable Service : For sake of reliability, TCP uses
acknowledgement mechanism.14-May-19
amount of data at one time.
} UDP provides protocol port used i.e. UDP message contains
both source and destination port number, that makes it
possible for UDP software at the destination to deliver the
message to correct application program.
“SFTP establishes two different connections: one Is for
data transfer and other is for control information.
“Control connection is made between control
processes while Data Connection is made between
Data Transfer Process
“SFTP uses port 21 for the control connection and Port
20 for the data connection.14-May-1914-May-19
Hyper Text Transfer Protocol (HTTP)
> HTTP is a communication protocol. It defines mechanism
for communication betwee browser and the web server.
It is also called request and response protocol because
the communication between browser and server takes
place in request and resporse pairs.
¥ HTTP Request comprises of lines which contains:
*PRequest line
“Header Fields
“Message body
> Key Points
“The first line Le. the Request line specifies the request
method I.e. Get or Post.
“The second line specifies the header which indicates
the domain name of the server from where index.htm
is retrieved.
¥ HTTP Response: Like HTTP request, HTTP response also
has certain structure, HTTP response contains:
“Status line
*pHeaders
“Message body
10systerns.
> This massive increase in the uptake of eCommerce has led
to a new generation of associated security threats, but any
e-Commerce system must meet integral requirements to
protect from threats.
displayed on a web site or transmitted/received over the
internet has not been altered in any way by an
unauthorized party
> Authenticity : ability to identify the identity of a person
or entity with whom you are dealing on the Internet.
Both sender and recipient must prove their identities to
each other.
14-May-19
atare available only to those authorized to view them
> Availability : ability to ensure that e-Commerce site
continues to function as intended.
‘servers such as banks, credit card payment
gateways, large online retailers and popular social
networking sites.
¥ Today, most challenging aspect is phishing. Phishing is the
criminally fraudulent process of attempting to acquire
sensitive information such as usernames, passwords and
credit card details, by masquerading as a trustworthy
swan SQtity in an electronic communication.
14-May-19
1214-May-19
7 Security Issues in E-Commerce
4, Environment
> Social engineering is the art of manipulating people into
performing actions or divulging confidential information.
Social engineering techniques include pretexting (where
the fraudster creates an invented scenario to get the
victim to divulge informaticn), Interactive voice recording
(IVR) or phone phishing (where the fraudster gets the
victim to divulge sensitive information over the phone)
and baiting with Trojans ho'ses (where the fraudster
‘paits’ the victim to load malware unto a system).
> Social engineering hes beccme a serious threat to e-
commerce security since it's difficult to detect and to
combat as it involves ‘human’ factors which cannot be
sxnyaPatched akin to hardware or software.
if Security Issues in E-Commerce
\ 4. Environment
> With increasing technical knowledge, and its widespread
availability on the internet, cr minals are becoming more and
more sophisticated in the deceptions and attacks they can
perform. Novel attack strategies and vulnerabilities only really
become known once a perpetrator has uncovered and,
exploited them
> There are multiple security strategies which any e-commerce
provider can instigate to radure the rick of attack and
compromise significantly.
> Awareness of the risks and the implementation of multi-
layered security protocols, de-ailed and open privacy policies
and strong authentication and encryption measures will go a
long way to assure the consumer and insure the risk of
promise is kept minimal.
aston ra
13