Professional Documents
Culture Documents
Server threats
Web-server threats, commerce server threats, database threats, and common gateway interface threats
can have security holes and bugs. If someone obtains user authentication information, then he or she can
masquerade as a legitimate database user and reveal private and costly information.
Password hacking The simplest attack against a password-based system is to guess a password.
Unwanted Programmes
Adware Calls for unwanted pop-up ads
Spyware Can be used to obtain information, such as a users keystrokes, e-mail, IMs, etc.
Credit card information can be stolen, deterring online purchases. Hackers target credit
card files and other customer information files on merchant servers and use the stolen data
to establish credit under false identities.
Spoofing (Pharming) and Spam (Junk) Websites
Spoofing Presenting oneself by using a fake e-mail address or masquerading as
someone else.
Spam Using domain names similar to legitimate one, then redirecting traffic to spammer redirection
domains.
DoS and DDoS Attacks
Denial of Service (DoS) attack Hackers flood a website with useless traffic to inundate and overwhelm
network.
Distributed Denial of Services (DDoS) attack Hackers use numerous computers to attack
the target network from numerous launch points.
Poorly designed server and client software With increased complexity of software
programmes, this has led to an increase in vulnerabilities which hackers can exploit.
Digital signatures provide the requirement for authentication and integrity. A sending
message is run through a hash function and new value is generated as a message
digest. The message digest and the plain text is encrypted with the recipients public
key. The recipient then decrypts the message using his private key and verifies the
message using the supplied hash algorithm. Digital certificates are also used for
security purposes. Certificate Authority (CA) issues an encrypted digital certificate to
an applicant that contains the applicants public key and other identification
information. An algorithm provides the capability to generate and verify signatures.
Signature generation makes use of private key to generate a digital signature.
Secure Socket Layer (SSL)
SSL was developed to provide secure communication between web servers and
clients. SSL is widely used on the Internet especially in interactions that involve
exchanging of confidential information such as credit card numbers. It also provides
authentication to both parties to secure communication. SSL provides point to point
security. The message is encrypted only during transmission over the network and
other security mechanisms are required to handle security of the messages in an
application or disk.
Authentication
SHA-1 is used to generate a 160 bits hash code of the sending message. Then, the
hash code is encrypted using senders private key and the result is appended to the
message. The receiver decrypts the hash code by senders public key. The
receiver generates a new hash code for the message and compares it with the
decrypted hash code. If both hash codes are same then the message is authentic.
Confidentiality
A message is combined with 128 bits session key for the sending. The message is
encrypted using 3DES with the session key which is encrypted using the
recipients public key and appended to the sending message. The receiver uses its
private key to decrypt and recover the session key which it is also used to decrypt
the sending message.