This preview shows page 1. Sign up to view the full content.
Unformatted text preview: am Tan and Carson Woo 13 BUSI 335 Copyright © 2009-10 Y.M. Cheung, William Tan and Carson Woo Intranet Security Issues 14 Extranet
• An extension of an Intranet into the public domain
• Built for company partners such as customers, suppliers, and Firewalls can be defeated. vendors • Example: Tax News Network (http://www.taxnews.com/tnn_public) An attacker can assume a false
identify such as a false IP address. by PricewaterhouseCoopers • Requires user authentication in order to access all or part of the
Intranet of an organization • What is the difference between user authentication and basic What are additional layers of defense? password protection? Access limits through password control
BUSI 335 Proxy servers Copyright © 2009-10 Y.M. Cheung, William Tan and Carson Woo 15 BUSI 335 Copyright © 2009-10 Y.M. Cheung, William Tan and Carson Woo 16 User Authentication vs.
Basic Password Protection (cont’d) User Authentication vs.
Basic Password Protection • Password Protection • Authentication is the process of determining whether – Step 1: An unknown visitor requests a password on the
Web by supplying his/her personal information
– Step 2: A Web server receives and processes the
request someone is, in fact, who it is declared to be. • Passwords can often be stolen, accidentally revealed,
or forgotten. • The use of digital certificates issued and verified by a – Step 3: A password is generated by the Web server
and sent to the visitor by e-mail Certificate Authority (CA) as part of a Public Key
Infrastructure is considered likely to become the
standard way to perform authentication on the
Internet. – Assumption: The visitor is honest about his/her
information • User Authentication What is a Public Key? – The identity of the visitor is well determined
BUSI 335 Copyright © 2009-10 Y.M. Cheung, William Tan and Carson Woo 17 BUSI 335 Copyright © 2009-10 Y.M. Cheung, William Tan and Carson Woo Secret-Key Encryption Public-Key Encryption Sec...
View Full Document
This document was uploaded on 03/04/2014 for the course COMM 335 at UBC.
- Spring '12