18. Common Types of Attacks Connection Fails Organizational Attacks Restricted Data Accidental Breaches In Security Automated Attacks Attackers Viruses, Trojan Horses, and Worms Denial of Service (DoS) DoS
22. Challenges When Implementing Security Attacker needs to understand only one vulnerability Defender needs to secure all entry points Attackers have unlimited time Defender works with time and cost constraints Attackers vs. Defenders Security vs. Usability Secure systems are more difficult to use Complex and strong passwords are difficult to remember Users prefer simple passwords Do I need security… Security As an Afterthought Developers and management think that security does not add any business value Addressing vulnerabilities just before a product is released is very expensive
23.
24.
25.
26.
27. Secure Communication How SSL Works The user browses to a secure Web server by using HTTPS The browser creates a unique session key and encrypts it by using the Web server’s public key, which is generated from the root certificate The Web server receives the session key and decrypts it by using the server’s private key After the connection is established, all communication between the browser and Web server is secure 1 2 3 4 Web Server Root Certificate Message Secure Web Server HTTPS Secure Browser 1 2 3 4