UNIT-4

WHAT IS SET? EXPLAIN KEY FEATURES OF SECURE ELECTRONIC TRANSACTIONS (SET)

 SET stands for Secure Electronic Transactions.
 It is an open standard protocol developed in the 1990s by major credit card companies,
including Visa and Mastercard, to provide a secure method for conducting electronic
transactions over the Internet.
 The primary objective of SET was to ensure the confidentiality and integrity of sensitive
payment information during online transactions
Requirements in SET: The SET protocol has some requirements to meet, some
of the important requirements are:
 It has to provide mutual authentication i.e., customer (or cardholder)
authentication by confirming if the customer is an intended user or not,
and merchant authentication.
 It has to keep the PI (Payment Information) and OI (Order Information)
confidential by appropriate encryptions.
 It has to be resistive against message modifications i.e., no changes
should be allowed in the content being transmitted.
 SET also needs to provide interoperability and make use of the best
security mechanisms.

Key features of SET include:

1. Encryption: SET utilizes strong encryption techniques to protect sensitive

information, such as credit card numbers, throughout the transaction process.
Encryption ensures that the data exchanged between the customer, merchant,
and payment gateway remains secure and cannot be easily intercepted or
accessed by unauthorized parties.
2. Digital Certificates: SET relies on digital certificates to verify the identities of the
parties involved in a transaction. Digital certificates are issued by trusted
certification authorities and contain cryptographic keys that enable secure
communication between the customer, merchant, and payment gateway. These
certificates are used to authenticate the participants and ensure the integrity of
the transaction.
3. Dual-key Cryptography: SET employs a dual-key or asymmetric cryptography
approach, which means that two different keys are used for encryption and
decryption. The customer's browser generates a unique session key for each
transaction, which is used to encrypt the payment information before sending it to
the merchant. The merchant, in turn, uses their private key to decrypt and process
the payment.
 4. Digital Signature: SET incorporates digital signatures to provide non-repudiation,
ensuring that neither the customer nor the merchant can deny their involvement
in a transaction. Digital signatures are created using the customer's private key
and attached to the payment message. The merchant can verify the signature
using the customer's public key, establishing the authenticity of the transaction.
5. Secure Electronic Transaction Protocol: SET defines a specific protocol for the
exchange of payment information between the various entities involved. This
protocol ensures that the transaction details are securely transmitted and that
each party performs the necessary cryptographic operations to maintain the
security of the transaction.
6. Payment Gateway Integration: SET integrates with payment gateways, which
act as intermediaries between the merchant and the financial institution. Payment
gateways are responsible for securely transmitting the encrypted payment
information to the appropriate financial institution for authorization and
settlement.

DEFINE SSL AND EXPLAIN THE CONCEPTS USED IN SSL?

 SSL stands for Secure Sockets Layer.
 It is a cryptographic protocol that provides secure communication over the Internet.
 SSL ensures the confidentiality, integrity, and authenticity of data transmitted between
a client (e.g., a web browser) and a server (e.g., a website) by encrypting the data and
verifying the identity of the server.
 It lies btween application layer and transport layer of TCP/IP protocol

SSL Protocol Stack:

Handshake Protocol:
Handshake Protocol is used to establish sessions. This protocol allows the client
and server to authenticate each other by sending a series of messages to each
other. Handshake protocol uses four phases to complete its cycle.

 Phase-1: In Phase-1 both Client and Server send hello-packets to each

other. In this IP session, cipher suite and protocol version are exchanged
for security purposes.
 Phase-2: Server sends his certificate and Server-key-exchange. The
server end phase-2 by sending the Server-hello-end packet.
 Phase-3: In this phase, Client replies to the server by sending his
certificate and Client-exchange-key.
 Phase-4: In Phase-4 Change-cipher suite occurs and after this the
Handshake Protocol ends.

Change-cipher Protocol:
 This protocol uses the SSL record protocol.
  Unless Handshake Protocol is completed, the SSL record Output will be in a
pending state. After the handshake protocol, the Pending state is
converted into the current state.
Change-cipher protocol consists of a single message which is 1 byte in
length and can have only one value.
 This protocol’s purpose is to cause the pending state to be copied into the
current state.
Alert Protocol:
1. In this protocol alert related to SSL are sent to clients
2. It has 2 bytes
3. Byte 1- can have value as 1 or 2
-1 represents warnings and 2 represents fatal error
4. Byte 2 – it specify the type of error

SSL Record Protocol:

 SSL Record provides two services to SSL connection.
 Confidentiality
 Message Integrity
 In the SSL Record Protocol application data is divided into fragments.
 The fragment is compressed and then encrypted MAC (Message
Authentication Code) generated by algorithms like SHA (Secure Hash
Protocol) and MD5 (Message Digest) is appended.
 After that encryption of the data is done and in last SSL header is
appended to the data.

FAIREWALL ITS CHARACTERSTICS AND DESIGN PRINCIPLE WITH TYPES

 A Firewall is a hardware or software to prevent a private computer or a
network of computers from unauthorized access,
 it acts as a filter to avoid unauthorized users from accessing private
computers and networks.
  It is a vital component of network security.
 It is the first line of defense for network security. It filters network packets
and stops malware from entering the user’s computer or network by
blocking access and preventing the user from being infected.

Characteristics of Firewall

1. Physical Barrier: A firewall does not allow any external traffic to enter
a system or a network without its allowance. A firewall creates a choke
point for all the external data trying to enter the system or network and
hence can easily block access if needed.
2. Multi-Purpose: A firewall has many functions other than security
purposes. It configures domain names and Internet Protocol (IP)
addresses. It also acts as a network address translator. It can act as a
meter for internet usage.
3. Flexible Security Policies: Different local systems or networks need
different security policies. A firewall can be modified according to the
requirement of the user by changing its security policies.
4. Security Platform: It provides a platform from which any alert to the
issue related to security or fixing issues can be accessed. All the queries
related to security can be kept under check from one place in a system
or network.
5. Access Handler: Determines which traffic needs to flow first according
to priority or can change for a particular network or system. specific
action requests may be initiated and allowed to flow through the
firewall.

FIREWALL DESIGN PRINCIPES

1. Developing Security Policy
 Security policy is a very essential part of firewall design.
 Security policy is designed according to the requirement of the company or client to
know which kind of traffic is allowed to pass.
 Without a proper security policy, it is impossible to restrict or allow a specific user or
worker in a company network or anywhere else.

2. Simple Solution Design

 If the design of the solution is complex.
 then it will be difficult to implement it.
 If the solution is easy. then it will be easier to implement it.
 A simple design is easier to maintain. we can make upgrades in the simple
design according to the new possible threats leaving it with an efficient but
more simple structure.
3-Choosing the Right Device
 Every network security device has its purpose and its way of
implementation.
 if we use the wrong device for the wrong problem, the network becomes
vulnerable.
 if the outdated device is used for a designing firewall, it exposes the
network to risk and is almost useless.
4-Layered Defense
 A network defense must be multiple-layered in the modern world because
if the security is broken, the network will be exposed to external attacks.
 Multilayer security design can be set to deal with different levels of threat.
5-Consider Internal Threats
While giving a lot of attention to safeguarding the network or device from
external attacks. The security becomes weak in case of internal attacks and
most of the attacks are done internally as it is easy to access and designed
weakly. Different levels can be set in network security while designing internal
security.
TYPES OF FIREWALLS

 There are mainly three types of firewalls, such as software firewalls, hardware
firewalls, or both, depending on their structure.

 Each type of firewall has different functionality but the same purpose.

 However, it is best practice to have both to achieve maximum possible protection.

 A hardware firewall is a physical device that attaches between a computer network

and a gateway.

 For example- a broadband router. A hardware firewall is sometimes referred to as

an Appliance Firewall.

 On the other hand, a software firewall is a simple program installed on a computer

that works through port numbers and other installed software.

 This type of firewall is also called a Host Firewall.

Packet-filtering Firewalls
  Packet filtering firewalls operate at the network layer (Layer 3) of the OSI model and
examine the headers of individual packets.
 They compare the source and destination IP addresses, port numbers, and protocols
against a set of predefined rules.
 Packets that meet the criteria defined in the rules are allowed, while others are
dropped.
 This type of firewall is efficient but lacks the ability to inspect packet contents or detect
more sophisticated threats.

Application-Level Gateways (Proxy Firewalls):

 Application-level gateways, also known as proxy firewalls, operate at the application
layer (Layer 7) of the OSI model.
 They act as intermediaries between clients and servers, intercepting and inspecting all
incoming and outgoing traffic.
 Proxy firewalls can provide more detailed inspection of packets, including content
filtering, protocol analysis, and deep packet inspection.
 They offer better security but may introduce some performance overhead due to the
additional processing required.
Host-Based Firewalls:
 Host-based firewalls are software-based firewalls installed directly on individual
computers or servers.
 They monitor and control network traffic specific to the host system, providing an
additional layer of protection.
 Host-based firewalls can be customized to allow or block specific applications or
services running on the host system, providing granular control over network access.

EXPLAIN SNMA ARCHITECTURE

The Simple Network Management Protocol (SNMP) architecture includes four layers.

As the following figure illustrates, the SNMP architecture includes the following layers:

 SNMP Network Managers

 Master agents
 Subagents
 Managed components

Figure 1. SNMP architecture

 A network can have multiple SNMP Network Managers.

 Each workstation can have one master agent. The SNMP Network Managers and
master agents use SNMP protocols to communicate with each other.
 Each managed component has a corresponding subagent and MIBs. SNMP does
not specify the protocol for communications between master agents and
subagents.
  SNMP network managers
An SNMP Network Manager is a program that asks for information from master
agents and displays that information.
You can use most SNMP Network Managers to select the items to monitor and the
form in which to display the information.

 Master agents
A master agent is a software program that provides the interface between an
SNMP Network Manager and a subagent.
 Subagents
A subagent is a software program that provides information to a master agent.
 Managed components
A managed component is hardware or software that provides a subagent. For
example, database servers, operating systems, routers, and printers can be
managed components if they provide subagents.
 Management Information Bases
A Management Information Base (MIB) is a group of tables that specify the
information that a subagent provides to a master agent. MIBs follow SNMP
protocols.

Strength of SNMP:
1. It is simple to implement.
2. Agents are widely implemented.
3. Agent level overhead is minimal.
4. It is robust and extensible.
5. Polling approach is good for LAN based managed object.
6. It offers the best direct manager agent interface.
7. SNMP meet a critical need.

Limitation of SNMP:
1. It is too simple and does not scale well.
2. There is no object orietned data view.
3. It has no standard control definition.
4. It has many implementation specific (private MIB) extensions.
5. It has high communication overhead due to polling