CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

1
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

• Mr. In-Seop Lee
• KT/ITU-T SG 2

2
Importance of Network Security
Background

• Explosive growth of computers and network
• To protect data and resources
• To guarantee the authenticity of data
• To protect systems

Security aspects
Security Attacks An action that compromise the
information Security Mechanism Design to
protect,prevent,recover from attacks Security
Service Enhance the security of data,systems
3
Relationship between security objectives
Treats
Security Requirements
Security services
Security algorithms
Security mechanisms
Security objectives
4
CONCERNS OF I/T EXECUTIVES
5
(No Transcript)
6
SECURITY THREATS
CONFIDENTIALITY
AVAILABILITY
INTEGRITY
AUTHENTICITY
7
SECURITY REQUIREMENTS
8
SECURITY SERVICES
Confidentiality
Protection of transmitted data
Authentication
Assuring that communication is authentic
Integrity
Assuring that message has originality
Non-repudiation
Preventing denying message
Access Control
Limit control the access
Availability
Automated or physical countermeasures
9
MODEL FOR NETWORK SECURITY
10
SIX LAYERSOF NETWORKSECURITY
11
INTERCEPTION
Interception
Interception of communications occurs where a
private communication between two or
more parties, sent via a communications handling
system, is covertly monitored in order to
understand the content.
Background
In most developed countries, interception of
communications is used by the law enforcement,
security and intelligence agencies in their work
against serious crime and threats to national
security, including terrorism.
12
INTERCEPTION
Role

• Interception plays a crucial role in helping law
• enforcement agencies to combat criminal
  activity
• It is also necessary to protect the human
  rights,
• that is,
• disproportionate, or unfettered, use of
  interception
• can have consequences for the rights of
• individuals

13
Secure E-CommerceEXAMPLE
Security Trust

• Internet intrinsic
• not possess an unique control
• world wide
• changing traditional paper-based transactions
• not offering an adequate protection,mechanisms

14
SECURE E-COMMERCESecurity Trust
For Buyer Merchant
Trust
Business Legal Relationships
IT Applications Systems
Correct Biz Legal trustworthy
Technical Protections
15
STRUCTURING SOLUTIONS
Trust
Third party Interactions
Fraud Controls
IT Infrastructure
International Legislation
Insurance
Technology Management Policy
16
TECHNICAL SOLUTIONS
Mechanisms - Verify the Actors Identity -
Authorize Access to Resources - Protect Privacy -
Keep Confident Sensitive Data

• Techniques
• - Firewall, SSL,VPN, IDS,
• - Authentication, Secure Applications
• (Web, DBMS, etc.),
• IPDR and Click Stream Analysis

Security Policy
17
OPEN PROBLEMS ofE-COMMERCE(credibility,efficienc
y,solvency)
Goods Quality Quantity After-sales
assistance Privacy Safeguard
Buyers Solvency
Business Risk Involved
Risk Related to the Purchase
18
TRUST SOLUTIONS
International Legislation
Customer Profile check
Payment Methods assessment
For Merchants to preserve the merchant public
reputation and credibility to guarantee the
payments to reduce the merchants economical
losses due to fraudulent orders.
Third Party Interactions
Insurance
19
TRUST SOLUTIONS
International Legislation
Product Quality
Product Delivery
For Buyers - verification of process control -
process based on information
Third Party Interactions
Insurance
20
RISK MANAGEMENT

• Managing risks
• - Scan environments identify risks
• Analyze risks prioritized
• Define the solution

21
Conclusions
Thank you very much !!!