This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Your system is only as secure as the people who use it. If a shopper chooses a weak password, or does not keep their password confidential, then an attacker can pose as that user. This is significant if the compromised password belongs to an administrator of the system. In this case, there is likely physical security involved because the administrator client may not be exposed outside the firewall. Users need to use good judgment when giving out information, and be educated about possible phishing schemes and other social engineering attacks.
Secure Socket Layer (SSL)
Secure Socket Layer (SSL) is a protocol that encrypts data between the shopper's computer and the site's server. When an SSL-protected page is requested, the browser identifies the server as a trusted entity and initiates a handshake to pass encryption key information back and forth. Now, on subsequent requests to the server..
A firewall is like the moat surrounding a castle. It ensures that requests can only enter the system from specified ports, and in some cases, ensures that all accesses are only from certain physical machines.
A common technique is to setup a demilitarized zone (DMZ) using two firewalls. The outer firewall has ports open that allow ingoing and outgoing HTTP requests. This allows the client browser to communicate with the server.
Firewalls and honey pots
3) Threats drivers
Threat Analysis - determine the level and types of attacks reasonably expected and experienced on client security and server security tthreats.
Snooping the shopper's computer
Millions of computers are added to the Internet every month. Most users' knowledge of security vulnerabilities of their systems is vague at best. Additionally, software and hardware vendors, in their quest to ensure that their products are easy to install, will ship products with security features disabled. In most cases, enabling security features requires a non-technical user to read manuals written for the technologist.
Â Sniffing the network
In this scheme, the attacker monitors the data between the shopper's computer and the server. He collects data about the shopper or steals personal information, such as credit card numbers.
Another common attack is to guess a user's password. This style of attack is manual or automated. Manual attacks are laborious, and only successful if the attacker knows something about the shopper. For example, if the shopper uses their child's name as the password.
Some other Examples
Denial of service'
Elevation of privilege
Â 4) Regulatory drivers
The term used to prevent the of information to unauthorized individuals or systems.
Eg:-A credit card transaction trough the Internet requires the card number to transaction
from Customer to merchant and from merchant to transaction processing Network. This system confidentiality data encrypting the card number during transmission (In databases,
log files, backups, printed receipts, and so on), restricting access to The places it stored.
If any unauthorized party gain card number any way, lost confidentiality.
The information integrity means that data cannot be modified unauthorized. Although it can be viewed as a special case of Consistency .Integrity is violated that message is actively modified in transit. Information security systems provide message integrity in data addition confidentiality.
Those who have any information system to serve it purpose, to be information must be available when it is needed. This means that computing systems used store and process the information, the security controls are used to protect it, and communication channels used access it must functioning correctly. The High availability systems target to available all times, prevents service destruction due to power failure, hardware failures, and system upgrades. Ensuring availability involves preventing to denial-of-service attacks.
In the process of computing, e-Business and information security is necessary to ensure the data, transactions, communications or documents (electronically or physical) are genuine. It is most important for authenticate to validate that both parties involved are who they come as they are.
In the law of non-repudiation implement to intention fulfill their obligations to implies
that one party of a transaction cannot having received a transaction no other party
deny having sent a transaction. E-commerce uses such as digital signatures and
encryption to authenticity and non-repudiation. Discussion any five regulatory
1. Symmetric algorithms (block ciphers and stream ciphers)
With Symmetric algorithms cryptographyis a single key is used for both encryption
and decryption. As acording to above diagram the sender uses the key (some set of rules)
to encrypt the plaintext and sends it ciphertext to receiver. The receiver apply the the
same key (or rule) decrypt the message and rearrage to the plaintext.single key is used
for both ways, symmetric encryption. is also called Secret Key Cryptography
Symmetric algorithms operate in one of several modes
Electronic Codebook (ECB) mode
Cipher Block Chaining (CBC) mode
Cipher Feedback (CFB) mode
Output Feedback (OFB)
2. Asymmetric algorithms (public key ciphers)
Asymmetric algorithms is the most significant new development in
cryptography in the last 300-400 years. Modern Asymmetric algorithms was first
called by Stanford University professor Martin Hellman and graduate student
Whitfield Diffie in 1976. This system secure communication over a non-secure communications channel without having share a secret key.
3. Un-keyed algorithms (Arbitrary length hash functions
Un-keyed algorithms also called message digests and one-way encryption,
This use no key instead, a fixed-length hash value is plaintext that to be recovered.
Hash algorithms commanly used digital fingerprint of a file's contents, to ensure the file
has not been intruder or virus. Hash also commonly many operating systems use to
encrypt passwords. Hash provide a measure integrity of the file.
1. Buffer overflow
The buffer overflow is a program that process store more data into the buffer to hold. Then buffers are created to contain redundent amount of data.The extra information that can overflow into adjacent buffers.The corrupting or overwriting the data held in them accidentally through programming errors.The buffer overflow increas common type of security attack on data integrity. In the buffer overflow attacks extra data may contain codes designed to specific actions.In the instructions on attack computer that damage the user's files and change data.disarrange the confidential information. The Buffer overflow attacks are created using C programming language supplied by the framework and poor programming supplied the vulnerability.
In July 2000, the first vulnerability to buffer overflow attack was discovered in
Microsoft Outlook and Outlook Express. That programming flaw make possible
attacker to compromise the integrity of the specific target .The computer simply send e-mail message. Its Unlike typical e-mail virus, users canot protect them by not opening attached files.In this type of Vanarability user did not even have to open the message to enable the attack. The certain programs' message header had a defect senders to overflow the area with extra data, which allowed to execute whatever type of code they recipient's computers Because of this process as soon as the recipient downloaded the message from the server, buffer overflow attack was very difficult to defend. But Microsoft has since created a patch to eliminate and reduce vulnerability.
Choice of programming language
Chosen of a programming language have a Significant effect on the occurrence
of buffer overflows. The most popular languages are C and C++ have vast body of software having been written in these languages. C and C++ are no built-in protection against accessing or overwriting data in any part of memory; The most specific, they do not check data written to a buffer is within that buffer. However the standard C++ libraries provide many ways to safe buffering data and techniques to avoid buffer overflows..
Use of safe libraries
The buffer overflows problems common in the C and C++ languages.Because they
are low level representation of buffers as contain data types. Buffer overflows has
been avoided by maintaining a high degree of correctness in code The buffer management. It has also been recommended to avoid standard library functions
that are not bounds checked.
Buffer overflow protection
The PointGuard was proposed as compiler-extension prevent attackers for being able
to reliably manipulate pointers and addresses. This approach works by having the compiler add code to automatically encode pointers before and after used. Because the attacker does not know what value will be used to encode/decode the pointer, It cannot prevent overwrites it with a new value.But PointGuard never released,Microsoft implemented a similar approach with Windows XP SP2 and Windows Server 2003 SP.
Executable space protection
The space protection in to buffer overflow protection and prevents execution of code on the stack. The attacker may use buffer overflows to insert code into the memory of the program, but with the space protection, any attempt to execute code will cause an exception.
Addressspace layout randomization
In ASLR computer security feature will involves arranging positions of key data areas, The base of the executable and position of libraries and stack, randomly process in address space.
Deep packet inspection
The deep packet inspection (DPI) detect the network parameter, Basic remote attempts buffer overflows by use of attack signatures and heuristics.They are able to block packets whic signature known attack., long series of No-Operation instructions is detected, these are once used when the location of the variable.
2. Denial of Service (DOS) attacks
The denial of service attack is one of the best examples of impacting site availability. It involves getting the server to perform a large number of mundane tasks, exceeding the capacity of the server to cope with any other task. For example, if everyone in a large meeting asks you your name all at once, and every time you answer, they ask you again. You have experienced a personal denial of service attack. To ask a computer its name, you use ping. DoS attack. The smart hacker gets the server to use more computational resources in processing the request than the adversary does in generating the request.
Types of vanarability with DOS Attack
Slow the network performance as usual (opening files or accessing web sites)
Particular web site is unavailable.
web site access gets inability.
Received Spam e-mails amount is increase this type attack is called e-mail bomb.
Countermeasures for DOS Attack
Firewall and router filtering
Firewall as a Relay
Firewall as semi-transparent Gateway
Disable broadcast amplification
Operating system improvements
Well-Known DoS Attacks
Land: In Land attacks
Ping of Death
SSH Process Table
802.11 wireless network
In year 1997 the Institute of Electrical and Electronics Engineers (IEEE) was created the First WLAN stranderd. This family consists of a series of over -the -air modulation techniques.That stranderd was called 802.11. This was olny supported Maxximum network bandwidth of 2 Mbps. Its too slow for most applications.So this reson 802.11 products are no longer manifactured.
Frequency Rate GHz
5GHz / 3.7GHz
Data Rate per Stream (Mbit/s)
6, 9, 12, 18, 24, 36, 48, 54
6, 9, 12, 18, 24, 36, 48, 54
Allowable MIMO streams (multiple-input and multiple-output)
OFDM-Orthogonal frequency-division multiplexing
OFDM-Orthogonal frequency-division multiplexing
DSSS-Direct-sequence spread spectrum
Approximate indoor range
35 m or 115 ft
38 m or 125 ft
Approximate outdoor range
190m or 390ft
140m or 460ft
Early 802.11a standard uses same data link layer protocol of OSI frame as the original standard, but an OFDM -Orthogonal frequency-division multiplexing in (physical layer). 802.11a frequency rates are 5 GHz band with a maximum up to 54 Mbit/s. However 2.4 GHz band is heavily used the point of being crowded. The significant advantage is unused 5 GHz band gives in 802.11a.And disadvantage is this high carrier frequency also brings a effective overall range of 802.11a is less than of 802.11b/gantage.802.11a has same or greater range due to less interference. Due to higher frequency 802.11a signals are more difficulty penetrating walls and other material obstructions.
When 802.11b was development, IEEE created a second edition standard to the original 802.11 standard called 802.11a.Because of 802.11b is much faster than did 802.11a, some Professional believe that 802.11a was created after 802.11b. The 802.11a also created at the same time. Due high cost, 802.11a is mostly found on business networks and 802.11b is most used to serves home market.
In out these 802.11a and 802.11b utilize different frequencies, and these two technologies are incompatible each other. Some market product vendors offer hybrid 802.11a/b network but these products implement the two standards each devices must use one or the other.
Pros of 802.11a - fast maximum speed; reguler frequencies prevent signal
interference from other devices.
Cons of 802.11a - highest cost; short range signal more easily obstructed
In ealy June 2003, the modulation standard was ratified as 802.11g. In 2002 and 2003, WLAN products supporting a newer standard called 802.11g emerged on the market.This is work 2.4 GHz band (like 802.11b), but uses same OFDM based transmission scheme such as used in 802.11a. It operates at a maximum physical layer bit rate of 54 Mbit/s.In exclusive of forward error correction codes andt 22 Mbit/s average throughput. 802.11g hardware is fully backwards compatible with 802.11b hardware and therefore is less legacy issues that reduce throughput when it compared to 802.11a by reduceing 21%.
The 802.11g was drafted in Nov of 2001. The 802.11g operates same frequence as 802.11b 802.11g devices bandwidth of maximum of 22Mbps and communicate at up to 54Mbps. 802.11g is sometimes called 'Turbo Mode' on some 802.11b cards.Like 802.11b,
802.11g also same interference and security issues.this operates at 2.4Ghz and may cause
problems with 2.4Ghz cordless telephones.
In 802.11g product communicates with 11Mbps 802.11b product, and drop down 11Mbps or less depending on the signal strength. In oder you purchase an 802.11g product for use with an 802.11b access point, it expect only 11Mbps.Eraly 802.11b, 802.11g devices suffer interference from other products operating in the 2.4 GHz band, for example wireless keyboards. 802.11g attempts to combine the best of both 802.11a and 802.11b.
Pros of 802.11g - fast maximum speed; signal range good and not easily
Cons of 802.11g - costs more than 802.11b; appliances may interfere on the
unregulated signal frequency
802.11 wireless network security issues
"Rogue" Access Points
Unauthorized Use of Service
Service and Performance Constraints
MAC Spoofing and Session Hijacking
Traffic Analysis and Eavesdropping
Higher Level Attacks
802.11 wireless network security prevention
Avoid using default values
Filtering MAC addresses
WEP - Wired Equivalent Privacy
All to-gether wireless LAN security can be challenging because of the press
has generated, all of the challeng are address by reasonable security precautions. Network designs are, continue to be affected by the new development of the new technologies and user demands.