Scribd
Upload
82 views18 pages

Chapter 17 - Web Security

The document discusses various web security considerations including why security is important for websites, common threats like integrity issues, denial of service attacks and authentication vulnerabilities, and approaches to enhance web traffic security such as using IPsec, SSL/TLS, and embedding security services within specific applications. Web security is crucial as websites store sensitive data and are frequently targeted by hackers, malware, and other cyber threats.

Uploaded by

nsd8681
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
82 views18 pages

Chapter 17 - Web Security

The document discusses various web security considerations including why security is important for websites, common threats like integrity issues, denial of service attacks and authentication vulnerabilities, and approaches to enhance web traffic security such as using IPsec, SSL/TLS, and embedding security services within specific applications. Web security is crucial as websites store sensitive data and are frequently targeted by hackers, malware, and other cyber threats.

Uploaded by

nsd8681
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Topic: WEB SECURITY CONSIDERATIONS

• Introduction
• Why web security?
• Web security threads
• Web security traffic approaches
Contents • Conclusion
Introduction!
• The World Wide Web is
fundamentally a client/server
application running over the Internet
and TCP/IP intranets

• The www is used by business


government agencies and many other
individuals. But in reality the internet
and the web are extremely attacked
by threats
4

Why web security??


• Complex software hides many security faults. Web services are easy to
configure and manage but users are not known about the risk

• Lack of awareness in casual and untrained users about security risks


that exist

• Once the Web server is subverted, an attacker may be able to gain


access to data and systems not part of the Web itself but connected to
the server at the local site
5

Web security threats

There are two ways of grouping threats:


1. Passive attack and Active attack
And
2. Based on location of threats
6

Types of Security threats


There are four parameters: Integrity

• Integrity

• Confidentiality Web
Authentication
Denial of service
security

• Denial of service

• Authentication
Confidentiality
7

1.INTEGRITY
Threats:

• Modification of user data


• Modification of memory
• Modification of message traffic in
transit

Effects:

• Loss of information
• Compromise of machine
• Vulnerability to all other threats
8

Prevention measures:
• Cryptographic checksums

Example: Trojan horse


• A Trojan horse, or Trojan, is a type of
malicious code or software that looks
legitimate but can take control of your
computer
• A Trojan is designed to damage, disrupt,
steal, or in general inflict some other
harmful action on your data or network
9

2. CONFIDENTIALITY
Threats:
• Eavesdropping on the net
• Theft of data from client and server
• Information about network
configuration

Effects:
• Loss of information
• Loss of privacy
10

Prevention measures:
• Use Encryption, Web proxies

Example: Spyware
• Spyware is basically any technology
that helps gather information about a
computer user without their
knowledge.
• It infiltrates the computing device,
steals internet usage data and other
sensitive information.
11

3. DENIAL OF SERVICE (DoS)


Threats:
• Killing of user threads
• Flooding machine with bogus requests
• Filling up disk or memory

Effects:
• Disruptive
• Prevent user from getting work done
12

Prevention Measures:
• It is difficult to prevent

Example: Flooding attacks


• Flooding is the more common form
DoS attack.
• It occurs when the attacked system is
overwhelmed by large amounts of
traffic that the server is unable to
handle.
• The system eventually stops.
13

4. Authentication
Threats:
• Impersonation of legitimate users
• Data forgery

Effects:
• Misrepresentation of user
• Belief that false information is
valid
14

Prevention Measures:

• Use Cryptographic techniques

Example: Ransomware
• Ransomware is a type of malware
which restricts access to the computer
system that it infects, and demands a
ransom paid to the creator(s) of the
malware in order for the restriction to
be removed.
15

Web traffic security approaches:

IP Security (IPsec) :

• Transparent to end users and


applications
• Provides general purpose
solution
• IPsec includes filtering
capability
16

Secure Sockets Layer and Transport Layer Security:

• SSL/TLS could be provided as


part of the underlying protocol
suite
• Alternatively, SSL can be
embedded in specific packages
• Netscape and Microsoft Explorer
browsers come equipped with
SSL
Application Specific Security:
• Application specific security services
are embedded within particular
application
• Advantage is that service can be
tailored to the specific needs of a
given application
18

Conclusion
We can not achieve perfect security, but
with the help of assessment tools,
certification, licensing, and other means
for assessing and enhancing
professionalization, we can minimize
security hazards.

You might also like