Part - 3 Digital Signature • Signature is a proof that the document which is received is coming from that correct verified user/source. • In digital signatures, they are used to verify that the document received is coming from the correct authentic source. It is to be noted that digital signatures are mainly used for those documents for which maintaining their secrecy is not a priority. But maintaining the Authenticity is the priority. • In order to send a document, a software is used to produce a digital signature. The purpose of this software is to produce a hash value(or digest) of the document. • These days the most widely used software is SHA256 which is developed by National Security Agency (USA). • This software uses complex mathematical algorithms and transformations and then gives the hash value of the document. • This hash value is attached to the document and then the document is encrypted using Asymmetric key encryption. • At the receiver’s end, the document is decrypted and then the receiver can again find out the hash value of the same document using SHA256 software and when the hash value is found to be same then the receiver can be sure that the document has come from the right source. • So, now in the whole process of sending document using digital signatures there is still one problem that if someone who poses as the original sender and has access to their computers/systems can easily send the fraudulent document. • This is where digital certificates come in use. Digital Certificate • Authentication is the digital process of verifying that people or entities are whom or what they claim to be. • Digital certificate are in effect virtual fingerprints, or retinal scans that authenticate the identity of a person in a concrete, verifiable way. • A typical digital certificate is a data file or information, digitally signed and sealed by using RSA encryption techniques, that can be verified by anyone and includes the following : Digital Certificate (cont.) • Digital certificate: Digital document that includes: – Name of subject or company – Subject’s public key – Digital certificate serial number – Expiration date – Issuance date – Digital signature of certification authority (trusted third party institution) that issues certificate – Other identifying information • To create a digital certificate for an individual, the identity of the person, device, or entity that requested a certificate must be confirmed through combination of: – Personal Presence. – Identification document. • Various Certification Authorities are VeriSign, GlobalSign. • In India we have Controller of Certifying Authorities (CCA) and the Certifying Authorities (CAs); with CCA being at the root of the trust chain in India. HTTP • HTTP means HyperText Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Webservers and browsers should take in response to various commands. • For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page. • For example, "404 File Not Found" is a common HTTP status code. It means the Web server cannot find the file you requested. This means the webpage or other document you tried to load in your Web browser has either been moved or deleted, or you entered the wrong URL or document name. • Knowing the meaning of the HTTP status code can help you figure out what went wrong. On a 404 error, for example, you could look at the URL to see if a word looks misspelled, then correct it and try it again. HTTPS • HTTPS means Hyper Text Transfer Protocol Secure. • Basically, it is the secure version of HTTP. • Communications between the browser and website are encrypted by Transport Layer Security (TLS), or its predecessor, Secure Sockets Layer (SSL). Secure Sockets Layer (SSL) • It is introduced in 1995 by Netscape as a components of its popular Navigator browser and as a means of providing privacy with respect to information being transmitted between a user’s browser and the target server, typically that of a merchant. • It is used by the most companies to provide security and privacy and establishes a secure session between a browser and a server. Secure Sockets Layer (cont.) • A channel is the two way communication stream established between the browser and the server, and the definition of a channel security indicates three basic requirements: – The channel is reliable. – The channel is private. – The channel is authenticated. Secure Sockets Layer (cont.) • This encryption is preceded by a ‘data handshake’ and has two major phases: – The first phase is used to establish private communication. – The second phase is used for client authentication. • Limits of SSL: – While the possibility is less, successful cryptographic attacks made against these technologies can render SSL insecure. Secure Electronic Transaction (SET) • It is developed by Visa and Master card in 1996. • It is more secure protocol. • The difference between SET and widely used SSL is that SSL does not include customer certificate requiring special software called ‘digital wallet’ at the client site. • SSL is built into the browser, so no special software is needed. • It is build on reducing risk associated with merchant fraud, and ensuring that the purchaser is an authorized user of credit card. Secure Electronic Transaction (cont.)
• SET did not propagate as fast as most people
expected because of its complexity, slow response time, and the need to install the digital wallet into customer computer. • SET seek to bolster the confidence in the payment process by ensuring that merchant are authorized to accept credit card payment Limitations of SET and SSL • A downside of both SSL and SET protocols is that they both require to use cryptographic algorithms that place significant load on the computer systems involved in commerce transactions. • For the low and medium e-commerce applications, there is no additional server cost to support SET over SSL. • For the large and medium term e-commerce server application, support of SET requires additional hardware acceleration resulting in 5-6% difference in server cost. Firewalls • Software combination installed on a network to control packet traffic. • Provides a defense between the network to be protected and the Internet, or other network that could pose a threat • A firewall can be implemented in either hardware or software form, or a combination of both • Characteristics – All traffic from inside to outside and from outside to inside the network must pass through the firewall – Only authorized traffic is allowed to pass • Trusted networks are inside the firewall Types of Firewalls • Packet-filter firewalls – Firewalls that filter traffic based on the IP address • Gateway servers – Firewalls that filter traffic based on the application requested • In Windows and macOS, firewalls are built into the operating system. • Third-party firewall packages also exist, such as Zone Alarm, Norton Personal Firewall, Tiny, Black Ice Protection, and McAfee Personal Firewall. Personal Firewalls • A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. • A personal firewall differs from a conventional firewall in terms of scale. • A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects. VPN • A virtual private network is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely. VPN technology is widely used by various business organizations. • Because the traffic is encrypted between the device and the network, traffic remains private as it travels. An employee can work outside the office and still securely connect to the company’s network. Even smartphones and tablets can connect through a VPN. • This secure remote access provides a safe, secure way to connect users and devices remotely to network. IDS • Keeping your network safe from intrusion is one of the most vital parts of system and network administration and security otherwise it can lead potential downtime, data breaches, and loss of customer trust. • An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. • Intrusion detection systems are usually a part of other security systems or software, together with intended to protect information systems. Firewalls and antivirus or malware software are generally set up on each individual device in a network, but as organizations grow larger, more unknown or new devices start to connect. Firewalls and anti-malware software alone is not enough to protect an entire network from attack. They act as one small part of an entire security system. Comparison of IDS with Firewalls: • IDS and firewall both are related to the network security but an IDS differs from a firewall. Firewalls restrict access between networks to prevent intrusion and if an attack is from inside the network it doesn’t signal an alarm. An IDS describes a suspected intrusion once it has happened and then signals an alarm. IDS and IPS • An IDS is an intrusion detection system, not a system designed to respond to an attack. An IDS can be part of a larger security tool with responses and remedies, but the IDS itself is simply a monitoring system. • Another kind of system is the Intrusion Prevention System or IPS. An IPS is essentially an IDS combined with a response or control system. IDS doesn’t alter network packets as they come through, while the IPS will prevent the packet from being delivered based on the contents of the packet (e.g., if it sees the packet is malicious). Examples IDS • IDS for Windows – SolarWinds Security Event Manager – Snort – Suricata – OSSEC – Stealthwatch – TippingPoint • IDS for Mac – Suricata – Samhain – OSSEC – Stealthwatch – Zeek PKI • A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. • The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. • It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. • PKIs provide a framework that enables cryptographic data security technologies such as digital certificates and signatures to be effectively deployed on a mass scale. PKIs support identity management services within and across networks • Although a CA is often referred to as a "trusted third party," shortcomings in the security procedures of various CAs in recent years has jeopardized trust in the entire PKI on which the internet depends. If one CA is compromised, the security of the entire PKI is at risk. For example, in 2011, Web browser vendors were forced to blacklist all certificates issued by the Dutch CA DigiNotar after more than 500 fake certificates were discovered. • In 2017, Google engineers identified problems with certificates issued through Symantec's CA business, which led to subsequent distrust of all certificates issued by Symantec prior to the sale of its CA business to DigiCert last year.