Wireless LANs

• —IEEE ratified 802.11 in 1997- —Also known as Wi-Fi.
• —Wireless LAN at 1 Mbps & 2 Mbps. -WECA (Wireless Ethernet Compatibility Alliance) promoted Interoperability.
• —Now Wi-Fi Alliance —802.11 focuses on Layer 1 & Layer 2 of OSI model. -Physical layer —Data link layer

802.11 Components

—Two pieces of equipment defined:

• —Wireless station —A desktop or laptop PC or PDA with a wireless NIC. —
• Access point —A bridge between wireless and wired networks —Composed of —Radio —Wired network interface (usually 802.3) —Bridging software —Aggregates access for multiple wireless stations to wired network.

802.11 modes

• —Infrastructure mode
• —Ad-hoc mode

There were 3 basic security for environment wifi :-

• Authentication – Provide security service to identify consumer identity communicate.
• Integrity – To be sure message unmodified during transaction between wifi clients and access point.
• Confidentiality – To provide privacy are achieved by a network wired.

WEP

• WEP stands for Wired Equivalent Privacy. This encryption standard was the original encryption standard for wireless. As its name implies, this standard was intended to make wireless networks as secure as wired networks.

WPA

• Wi-Fi Protected Access (WPA) is a software/firmware improvement over WEP. All regular WLAN-equipment that worked with WEP are able to be simply upgraded and no new equipment needs to be bought. WPA is a trimmed-down version of the 80.211i security standard that was developed by the Wi-Fi Alliance to replace WEP. The TKIP encryption algorithm was developed for WPA to provide improvements to WEP that could be fielded as firmware upgrades to existing 802.11 devices. The WPA profile also provides optional support for the AES-CCMP algorithm that is the preferred algorithm in 802.11i and WPA2.

TKIP

• This stands for Temporal Key Integrity Protocol and the acronym is pronounced as tee-kip. This is part of the IEEE 802.11i standard. TKIP implements per-packet key mixing with a re-keying system and also provides a message integrity check. These avoid the problems of WEP.

Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security.

Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and mitigation strategy. OWASP Top 10 has become an industrial norm is assessing Web Applications.

Electronic Mail Security (Email)

• An e-mail is a message made up of a string of ASCII characters in a format specified by RFC 822
• Two parts, separated by blank line:
• The header: sender, recipient, date, subject, delivery path,
• The body: containing the actual message content.

Security provided in E-mail

• Confidentiality
• Data origin authentication
• Message integrity
• Non-repudiation of origin
• Key management

MIME – means Multipurpose Internet Mail Extensions, and refers to an official Internet standard that specifies how messages must be formatted so that they can be exchanged between different email systems. MIME is a very flexible format, permitting one to include virtually any type of file or document in an email message. Specifically, MIME messages can contain text, images, audio, video, or other application-specific data.

Web Security

• Web security includes:Security of server, Security of client, Network traffic security between a browser and a server
• SSL/TLS
• SSH
• SET

Biometrics is the science and technology of measuring and analyzing biological data. In information technology, biometrics refers to technologies that measure and analyze human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes.

Verification vs Identification

• Verification (one-to-one comparison) –confirms a claimed identity
• Identification (one-to-many comparison) – establishes the identity of a subject from a set of enrolled persons

Biometric Identifiers

• Universality
• Uniqueness
• Stability
• Collect ability
• Performance
• Acceptability
• Forge resistance

OSI Model Reference

• The International Standards Organization (ISO) Open Systems Interconnect (OSI) Reference Model defines seven layers of communications types, and the interfaces among them.
• Each layer depends on the services provided by the layer below it, all the way down to the physical network hardware, such as the computer’s network interface card, and the wires that connect the cards together.

Model OSI

• Application
• Presentation
• Session
• Transport
• Network
• Data Link
• Physical

Type And Source of Network Threats

• Denial of services
• Unauthorized Access

Firewalls

As we’ve seen in our discussion of the Internet and similar networks, connecting an organization to the Internet provides a two-way flow of traffic. This is clearly undesirable in many organizations, as proprietary information is often displayed freely within a corporate intranet (that is, a TCP/IP network, modeled after the Internet that only works within the organization).

In order to provide some level of separation between an organization’s intranet and the Internet, firewalls have been employed. A firewall is simply a group of components that collectively form a barrier between two networks.

Terms specific to firewalls and networking:

• Bastion host
• Router
• Access Control List (ACL)
• Demilitarized Zone (DMZ)
• Proxy

Level of Database Security

There are four level of database security such as :

• Physical security – protection of personnel, hardware, programs, networks, and data from physical circumstances
• Operating system security – use of an access control matrix, capability list and accessor list
• DBMS security – protection mechanisms and query modification
• Data encryption – –such as RSA scheme and data encryption standard

Database Integrity

Data integrity means that the data in the database is complete and consistent both at its creation and at all times during use.

Three basic types of database integrity constraints are:

• Entity integrity, allowing no two rows to have the same identity within a table.
• Domain integrity, restricting data to predefined data types, e.g.: dates.
• Referential integrity, requiring the existence of a related row in another table, e.g. a customer for a given customer ID

Security methods in operating systems

• Separation – Keeping one user’s object separate from other users
• Can occur in several ways (Rushby & Randell)

There have a several level of protection :

• No protection
• Isolation
• Share all or share nothing
• Share via access limitation
• Share by capabilities
• Limit use of an object
• Granularity of protection

Operating system basic security is closely integrated to general OS design . Before any fine grained access control is possible, users must be reliably authenticated . A number of schemes are available for user authentication