This document is a submission by Vijayananda D Mohire for their Master of Technology degree from Karnataka State Open University. It contains Mohire's responses to 10 assignment questions on the topics of e-commerce, m-commerce, and network security. The assignment aims to evaluate Mohire's understanding of these subjects in partial fulfillment of the requirements for their MTech degree.
Vulnerabilities detection using attack recognition technique in multi-factor ...TELKOMNIKA JOURNAL
Authentication is one of the essentials components of information security. It has become one of the most basic security requirements for network communication. Today, there is a necessity for a strong level of authentication to guarantee a significant level of security is being conveyed to the application. As such, it expedites challenging issues on security and efficiency. Security issues such as privacy and data integrity emerge because of the absence of control and authority. In addition, the bigger issue for multi-factor authentication is on the high execution time that leads to overall performance degradation. Most of existing studies related to multi-factor authentication schemes does not detect weaknesses based on user behavior. Most recent research does not look at the efficiency of the system by focusing only on improving the security aspect of authentication. Hence, this research proposes a new multi-factor authentication scheme that can withstand attacks, based on user behavior and maintaining optimum efficiency. Experiments have been conducted to evaluate this scheme. The results of the experiment show that the processing time of the proposed scheme is lower than the processing time of other schemes. This is particularly important after additional security features have been added to the scheme.
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
In the current digital landscape, cybercriminals continually evolve their techniques to execute successful attacks on businesses, thus posing a great challenge to information technology (IT) professionals. While traditional cybersecurity approaches like layered defense and reactive security have helped IT professionals cope with traditional threats, they are ineffective in dealing with evolving cyberattacks. This paper focuses on the need for a proactive cybersecurity culture among IT professionals to enable them combat evolving threats. The paper emphasis that building a proactive security approach and culture can help among IT professionals anticipate, identify, and mitigate latent threats prior to them exploiting existing vulnerabilities. This paper also points out that as IT professionals use reactive security when dealing with traditional attacks, they can use it collaboratively with proactive security to effectively protect their networks, data, and systems and avoid heavy costs of dealing with cyberattack’s aftermaths and business recovery.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
I am Nihal Jani from ahmedabad, Sakar English School. I was searching for a good ppt on slideshare on cyber terrorism, but couldn't find one. So I made one instead and am posting it to benifit other people like me...
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
Final Project of the System and Enterprise Security course of the Master Degree in Engineering in Computer Science at University of Rome "La Sapienza".
The report explain which are the goals of Penetration Testing introducing three different attacks (Brute Force, SQL Injection and Command Injection), how to set up a virtualized lab using the Damn Vulnerable Web Application (DVWA) VM.
Vulnerabilities detection using attack recognition technique in multi-factor ...TELKOMNIKA JOURNAL
Authentication is one of the essentials components of information security. It has become one of the most basic security requirements for network communication. Today, there is a necessity for a strong level of authentication to guarantee a significant level of security is being conveyed to the application. As such, it expedites challenging issues on security and efficiency. Security issues such as privacy and data integrity emerge because of the absence of control and authority. In addition, the bigger issue for multi-factor authentication is on the high execution time that leads to overall performance degradation. Most of existing studies related to multi-factor authentication schemes does not detect weaknesses based on user behavior. Most recent research does not look at the efficiency of the system by focusing only on improving the security aspect of authentication. Hence, this research proposes a new multi-factor authentication scheme that can withstand attacks, based on user behavior and maintaining optimum efficiency. Experiments have been conducted to evaluate this scheme. The results of the experiment show that the processing time of the proposed scheme is lower than the processing time of other schemes. This is particularly important after additional security features have been added to the scheme.
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
In the current digital landscape, cybercriminals continually evolve their techniques to execute successful attacks on businesses, thus posing a great challenge to information technology (IT) professionals. While traditional cybersecurity approaches like layered defense and reactive security have helped IT professionals cope with traditional threats, they are ineffective in dealing with evolving cyberattacks. This paper focuses on the need for a proactive cybersecurity culture among IT professionals to enable them combat evolving threats. The paper emphasis that building a proactive security approach and culture can help among IT professionals anticipate, identify, and mitigate latent threats prior to them exploiting existing vulnerabilities. This paper also points out that as IT professionals use reactive security when dealing with traditional attacks, they can use it collaboratively with proactive security to effectively protect their networks, data, and systems and avoid heavy costs of dealing with cyberattack’s aftermaths and business recovery.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
I am Nihal Jani from ahmedabad, Sakar English School. I was searching for a good ppt on slideshare on cyber terrorism, but couldn't find one. So I made one instead and am posting it to benifit other people like me...
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
Final Project of the System and Enterprise Security course of the Master Degree in Engineering in Computer Science at University of Rome "La Sapienza".
The report explain which are the goals of Penetration Testing introducing three different attacks (Brute Force, SQL Injection and Command Injection), how to set up a virtualized lab using the Damn Vulnerable Web Application (DVWA) VM.
11What is Security 1.1 Introduction The central role of co.docxmoggdede
1
1
What is Security? 1.1 Introduction
The central role of computer security for the working of the economy, the defense of the country, and the protection of our individual privacy is universally acknowledged today. This is a relatively recent development; it has resulted from the rapid deployment of Internet technologies in all fields of human endeavor and throughout the world that started at the beginning of the 1990s. Mainframe computers have handled secret military information and personal computers have stored private data from the very beginning of their existence in the mid-1940s and 1980s, respectively. However, security was not a crucial issue in either case: the information could mostly be protected in the old-fashioned way, by physically locking up the computer and checking the trustworthiness of the people who worked on it through background checks and screening procedures. What has radically changed and made the physical and administrative approaches to computer security insufficient is the interconnectedness of computers and information systems. Highly sensitive economic, financial, military, and personal information is stored and processed in a global network that spans countries, governments, businesses, organizations, and individuals. Securing this cyberspace is synonymous with securing the normal functioning of our daily lives.
Secure information systems must work reliably despite random errors, disturbances, and malicious attacks. Mechanisms incorporating security measures are not just hard to design and implement but can also backfire by decreasing efficiency, sometimes to the point of making the system unusable. This is why some programmers used to look at security mechanisms as an unfortunate nuisance; they require more work, do not add new functionality, and slow down the application and thus decrease usability. The situation is similar when adding security at the hardware, network, or organizational level: increased security makes the system clumsier and less fun to use; just think of the current airport security checks and contrast them to the happy (and now so distant) pre–September 11, 2001 memories of buying your ticket right before boarding the plane. Nonetheless, systems must work, and they must be secure; thus, there is a fine balance to maintain between the level of security on one side and the efficiency and usability of the system on the other. One can argue that there are three key attributes of information systems:
Processing capacity—speed
Convenience—user friendliness
Secure—reliable operation
The process of securing these systems is finding an acceptable balance of these attributes. 1.2 The Subject of Security
Security is a word used to refer to many things, so its use has become somewhat ambiguous. Here we will try to clarify just what security focuses on. Over the years, the subject of information security has been considered from a number of perspectives, as a concept, a function, and ...
Cyber Security Engineer: How to Build a Rewarding CareerFredReynolds2
Recently, there has been a significant surge in interest surrounding cybersecurity. Organizations of all kinds are seeking cybersecurity professionals to handle their extensive data needs. With numerous roles available at various expertise levels, the demand for cyber security engineers is particularly high.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
In fact, the application of physical security as to
pass or prohibit pass is satisfactory for a variety of applications,
but it is inappropriate for specific applications. The areas that
need to be surveyed without interaction of human is one example.
The fields and areas which are subjective to territory activities is
another example. In many places in the world, bombing can
explode buildings, lives, facilities, and so many others. In such
cases we need to manage the situation remotely. We need a
physical access control detection system that can survey the field
without human direct intervention. Such system can intervene
electronically to detect the parameters needed to decide the
appropriate actions.
In this paper, a new approach for providing the parameters
needed for decision maker, in such situations, is presented, it is
the three dimension-based physical access control detection
system, with the parameters; the nature, the location, and the
time. The approach depends on defining three parameters, which
are the nature of the passing object, the location of the object in
the protected area, and the time in which the object is placed in
that location. This approach depends basically on the sensor
network and immune system combined with a central system that
can receives a signal with such parameters to allow decision
maker enough information for decision making. The new
approach has been presented including the capabilities and
architecture.
NexGen Solutions for cloud platforms, powered by GenQAIVijayananda Mohire
This is our next generation solutions powered by emerging technologies like AI, quantum computing, Blockchain, quantum cryptography etc. We have various offers that can help improved productivity, help automate and improve ease of doing business. We offer cloud based solutions and have a Hub to interface major cloud platforms.
More Related Content
Similar to MTech - E-Commerce, M-Commerce & Network Security_Assignment
11What is Security 1.1 Introduction The central role of co.docxmoggdede
1
1
What is Security? 1.1 Introduction
The central role of computer security for the working of the economy, the defense of the country, and the protection of our individual privacy is universally acknowledged today. This is a relatively recent development; it has resulted from the rapid deployment of Internet technologies in all fields of human endeavor and throughout the world that started at the beginning of the 1990s. Mainframe computers have handled secret military information and personal computers have stored private data from the very beginning of their existence in the mid-1940s and 1980s, respectively. However, security was not a crucial issue in either case: the information could mostly be protected in the old-fashioned way, by physically locking up the computer and checking the trustworthiness of the people who worked on it through background checks and screening procedures. What has radically changed and made the physical and administrative approaches to computer security insufficient is the interconnectedness of computers and information systems. Highly sensitive economic, financial, military, and personal information is stored and processed in a global network that spans countries, governments, businesses, organizations, and individuals. Securing this cyberspace is synonymous with securing the normal functioning of our daily lives.
Secure information systems must work reliably despite random errors, disturbances, and malicious attacks. Mechanisms incorporating security measures are not just hard to design and implement but can also backfire by decreasing efficiency, sometimes to the point of making the system unusable. This is why some programmers used to look at security mechanisms as an unfortunate nuisance; they require more work, do not add new functionality, and slow down the application and thus decrease usability. The situation is similar when adding security at the hardware, network, or organizational level: increased security makes the system clumsier and less fun to use; just think of the current airport security checks and contrast them to the happy (and now so distant) pre–September 11, 2001 memories of buying your ticket right before boarding the plane. Nonetheless, systems must work, and they must be secure; thus, there is a fine balance to maintain between the level of security on one side and the efficiency and usability of the system on the other. One can argue that there are three key attributes of information systems:
Processing capacity—speed
Convenience—user friendliness
Secure—reliable operation
The process of securing these systems is finding an acceptable balance of these attributes. 1.2 The Subject of Security
Security is a word used to refer to many things, so its use has become somewhat ambiguous. Here we will try to clarify just what security focuses on. Over the years, the subject of information security has been considered from a number of perspectives, as a concept, a function, and ...
Cyber Security Engineer: How to Build a Rewarding CareerFredReynolds2
Recently, there has been a significant surge in interest surrounding cybersecurity. Organizations of all kinds are seeking cybersecurity professionals to handle their extensive data needs. With numerous roles available at various expertise levels, the demand for cyber security engineers is particularly high.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
In fact, the application of physical security as to
pass or prohibit pass is satisfactory for a variety of applications,
but it is inappropriate for specific applications. The areas that
need to be surveyed without interaction of human is one example.
The fields and areas which are subjective to territory activities is
another example. In many places in the world, bombing can
explode buildings, lives, facilities, and so many others. In such
cases we need to manage the situation remotely. We need a
physical access control detection system that can survey the field
without human direct intervention. Such system can intervene
electronically to detect the parameters needed to decide the
appropriate actions.
In this paper, a new approach for providing the parameters
needed for decision maker, in such situations, is presented, it is
the three dimension-based physical access control detection
system, with the parameters; the nature, the location, and the
time. The approach depends on defining three parameters, which
are the nature of the passing object, the location of the object in
the protected area, and the time in which the object is placed in
that location. This approach depends basically on the sensor
network and immune system combined with a central system that
can receives a signal with such parameters to allow decision
maker enough information for decision making. The new
approach has been presented including the capabilities and
architecture.
NexGen Solutions for cloud platforms, powered by GenQAIVijayananda Mohire
This is our next generation solutions powered by emerging technologies like AI, quantum computing, Blockchain, quantum cryptography etc. We have various offers that can help improved productivity, help automate and improve ease of doing business. We offer cloud based solutions and have a Hub to interface major cloud platforms.
This is our project work at our startup for Data Science. This is part of our internal training and focused on data management for AI, ML and Generative AI apps
This is our contributions to the Data Science projects, as developed in our startup. These are part of partner trainings and in-house design and development and testing of the course material and concepts in Data Science and Engineering. It covers Data ingestion, data wrangling, feature engineering, data analysis, data storage, data extraction, querying data, formatting and visualizing data for various dashboards.Data is prepared for accurate ML model predictions and Generative AI apps
Considering the need and demand for high quality digital platforms that can help clients to get the most of the newer technology, we have proposed an IT Hub that allows for rapid on boarding of clients to various modules on a need basis, allowing them to subscribe to modules they need only. We have various modules.
This document offers a high level overview of our IT Hub that offers various modules allowing for clients to onboard faster and get the benefits of a large set of vendor products, tools, IDE related to AI, Quantum and Generative AI technologies.
This is my hands-on projects in quantum technologies. These are few of the key projects that I worked with that demonstrates my skills in using various concepts, tools, IDE and deriving the solutions by using quantum principles like superposition, and entanglement along with quantum circuits in realizing the concepts
This is my journey taken from year 2012 on wards, after graduation in my MS with major in AI. I have taken various certification courses, trainings, hands-on labs; few key ones are from Google, and Microsoft.
Agricultural and allied industries play a vital role in the progress of a nation and sustainable economic growth. Farmers play a vital role in this progress. Their hard work and efforts need to be praised and possibly offer them various tools and digital assets that can automate some of their various repetitive tasks such as back office operations, crop monitoring, and post-harvesting routines that might divert the attention of farmers from their core job.
We, at Bhadale IT have developed various products and services that are revolutionary and can offer effective solutions with our industrial partnerships with digital technology leaders like Intel and Microsoft. We have drafted this solution brief to illustrate our products and service offerings for the agricultural industry. We can tailor make highly customized solutions to meet individual project and farmer needs that can include use of various technologies like artificial intelligence, machine learning, data science and related machinery like drones and geo-spatial datasets and various information that can offer precise farming techniques and use of technology in improving production, improvised use of fertilizers, organic farming and reduced crop loss due to rodents, insects and regional diseases.
The focus of this solution is for farmers to adopt and migrate to digital cloud platform to Microsoft Azure that can boost quality and quantity of crop production and improve their supply chain and offer faster and mature downstream business operations.
This is our cloud offerings based on our partnership and relationship with Intel and Microsoft. We offer highly optimized Intel motherboards, memory, and software stack that is best suited for Azure cloud platform and can handle various types of models (IaaS, PaaS, SaaS) and Azure workloads in the public or private cloud.
Explore the fundamentals of GitHub Copilot and its potential to enhance productivity and foster innovation for both individual developers and businesses. Discover how to implement it within your organization and unleash its power for your own projects.
In this learning path, you'll:
Gain a comprehensive understanding of the distinctions between GitHub Copilot for Individuals, GitHub Copilot for Business, and GitHub Copilot X.
Explore various use cases for GitHub Copilot for Business, including real-life examples showcasing how customers have leveraged it to boost their productivity.
Receive step-by-step instructions on enabling GitHub Copilot for Individuals and GitHub Copilot for Business, ensuring a seamless integration into your workflows.
Practical ChatGPT From Use Cases to Prompt Engineering & Ethical ImplicationsVijayananda Mohire
This journey provides learners with a thorough exploration of ChatGPT, starting with an introduction to large language models and their capabilities, the series progresses through practical applications, advanced techniques, industry impacts, and important ethical considerations. Each course aims to equip learners with an in-depth understanding of the model, its functionality, and its wide-ranging applications.
Red Hat Enterprise Linux (RHEL) and Hybrid Cloud Infrastructure. Products that are developed for multi-cloud hybrid platform enabling seamless integration and portability of workloads across Red Hat and partner Infrastructure, public and private clouds.
Learners will be exposed to the foundations of Red Hat, Red Hat Enterprise Linux (RHEL) portfolio including Hybrid Cloud Infrastructure, how to identify target customers, distinguish Red Hat solutions from the competition, review key use cases, align to the sales conversation framework for positioning the solutions, and much more!
Upon completing this learning path, learners will receive the Red Hat Sales Specialist - Red Hat Enterprise Linux accreditation and be prepared to advance to the Red Hat Sales Specialist - Red Hat Enterprise Linux II learning path
This is my annual learning at Red Hat related to accreditation and courses at Red Hat partner training portal.
Learners will be exposed to the foundations of Red Hat, Red Hat Enterprise Linux (RHEL) portfolio including Hybrid Cloud Infrastructure, how to identify target customers, distinguish Red Hat solutions from the competition, review key use cases, align to the sales conversation framework for positioning the solutions, and much more!
Generative AI is a cutting-edge technology that will transform nearly every business function, ranging from content creation and product design, to improving customer experience and marketing new ideas. While the benefits of Generative AI are immense, the technology has its limitations and poses some ethical considerations. In this Journey, learners of all levels will develop a shared understanding of what Generative AI is, the guardrails for use and identify of how to use, build and experiment with the technology in a responsible manner. Learners will also develop skills for leading through this disruption with empathy, while cultivating the human skills to sustain the transformation
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
1. E-Commerce, M-Commerce &
Network Security
(Assignment –I)
Submitted in partial fulfilment of the requirements for the degree of
Master of Technology in Information Technology
by
Vijayananda D Mohire
(Enrolment No.921DMTE0113)
Information Technology Department
Karnataka State Open University
Manasagangotri, Mysore – 570006
Karnataka, India
(2010)
3. MT23C-I
3
CERTIFICATE
This is to certify that the Assignment-I entitled E-Commerce, M-Commerce &
Network Security, subject code: MT23C submitted by Vijayananda D Mohire having
Roll Number 921DMTE0113 for the partial fulfilment of the requirements of Master
of Technology in Information Technology degree of Karnataka State Open
University, Mysore, embodies the bonafide work done by him under my
supervision.
Place: ________________ Signature of the Internal Supervisor
Name
Date: ________________ Designation
5. MT23C-I
5
Preface
This document has been prepared specially for the assignments of M.Tech – IT II
Semester. This is mainly intended for evaluation of assignment of the academic
M.Tech - IT, II semester. I have made a sincere attempt to gather and study the
best answers to the assignment questions and have attempted the responses to
the questions. I am confident that the evaluator’s will find this submission
informative and evaluate based on the provide content.
For clarity and ease of use there is a Table of contents and Evaluators section to
make easier navigation and recording of the marks. Evaluator’s are welcome to
provide the necessary comments against each response; suitable space has been
provided at the end of each response.
I am grateful to the Infysys academy, Koramangala, Bangalore in making this a big
success. Many thanks for the timely help and attention in making this possible
within specified timeframe. Special thanks to Mr. Vivek and Mr. Prakash for their
timely help and guidance.
Candidate’s Name and Signature Date
9. MT23C-I
9
Question 1 What is the need of Securing?
Answer 1
Few reasons for the need of security is to avoid:
Damage of computer systems
Damage of internal data
Loss of sensitive information to hostile parties
Damage to reputation of company
Monetary damages
Security is a continuous process of protecting an object from unauthorized
access. It is as state of being or feeling protected from harm. That object in
that state may be a person, an organization such as a business, or property
such as a computer system or a file. Security comes from secure which
means, according to Webster Dictionary, a state of being free from care,
anxiety, or fear.
An object can be in a physical state of security or a theoretical state of
security.
In a physical state, a facility is secure if it is protected by a barrier like a fence,
has secure areas both inside and outside, and can resist penetration by
intruders. This state of security can be guaranteed if the following four
protection mechanisms are in place: deterrence, prevention, detection, and
response.
• Deterrence is usually the first line of defense against intruders who may try to
gain access. It works by creating an atmosphere intended to frighten intruders.
Sometimes this may involve warnings of severe consequences if security is
breached.
• Prevention is the process of trying to stop intruders from gaining access to
the resources of the system. Barriers include firewalls, demilitarized zones
(DMZs), and use of access items like keys, access cards, biometrics, and
others to allow only authorized users to use and access a facility.
• Detection occurs when the intruder has succeeded or is in the process of
gaining access to the system. Signals from the detection process include
10. MT23C-I
10
alerts to the existence of an intruder. Sometimes these alerts can be real time
or stored for further analysis by the security personnel.
• Response is an after effect mechanism that tries to respond to the failure of
the first three mechanisms. It works by trying to stop and/or prevent future
damage or access to a facility.
Evaluator’s Comments if any:
Question 2 What are the threats and vulnerabilities?
Answer 2
Threats:
A threat can be any person, object, or event that, if realized, could
potentially cause damage to the LAN. Threats can be malicious, such as the
intentional modification of sensitive information, or can be accidental, such
as an error in a calculation, acts of nature.
Security threats to the availability, confidentiality and integrity/non-
repudiation state of computer and network assets may involve physical
actions or cyber actions. Physical threats include natural threats (e.g., flood
and lightning) and man-made threats (e.g., physical break-in to destroy or
take away computers and network devices).
Cyber security threats can be characterized by many factors such as
motive, objective, origin, speed, means, skill, resource, and so on. For
example, there may be a political motive for the massive destruction of
computer and network assets at a national level, a financial motive for
gathering and stealing information at the corporate level, and a personal
motive for overcoming the technical challenge to vandalize or gain access
to a computer and network system. Objectives can vary from gathering or
11. MT23C-I
11
stealing information to gaining access, disrupting or denying service, and
modifying or deleting data. In general, a threat can come internally or
externally. An internal threat or insider threat comes from a source which
has access rights but abuses them. An external threat comes from a source
which is not authorized to access a computer and network system. Some
attacks are scripted and automatically executed with little human
intervention, producing a machine speed of attack execution, whereas other
attacks are performed through manual interactions with a computer and
network system and thus proceed slowly. An attacker can have no
sophisticated skills and little resources but simply execute a downloaded
attack script. Nation- or organization-sponsored attacks can use
sophisticated skills and knowledge about computers and networks with
unlimited resources.
Vulnerability:
Vulnerabilities are weaknesses in a LAN that can be exploited by a threat.
For example, unauthorized access to the LAN could occur by an outsider
guessing an obvious password. The vulnerability exploited is the poor
password choice of the user.
Each computer or network asset has a limited service capacity, an inherent
vulnerability which exposes them to denial of service attacks through
flooding. Moreover, most system and application software, which enables
users to operate computers and networks, is large in size and complex in
nature. Large-scale, complex software presents considerable challenges in
specification, design, implementation, testing, configuration, and operation
management. As a result, system software and application software is often
released without being fully tested and evaluated as free from errors, due to
the complexity of large-scale software. Errors can also be made by system
administrators when they configure software.
Symantec Corporation has a software product, called Vulnerability
Assessment (VA), which uses host-based audits to check the security
settings of a host computer for vulnerabilities or uses a network scanner to
check remote computers for vulnerabilities. The VA defines the following
vulnerability classes to indicate the types of errors which produce the
vulnerabilities:
_ boundary condition error;
12. MT23C-I
12
_ access validation error;
_origin validation error;
_ input validation error;
_ failure to handle exceptional conditions;
_ race condition error;
_ serialization error;
_ atomicity error;
_ environment error;
_ configuration error;
_ design error;
_ unknown.
Evaluator’s Comments if any:
Question 3 What are the firewall Components?
Answer 3
Firewalls can be composed of software, hardware or most commonly, both.
A firewall is hardware, software, or a combination of both that monitors and
filters traffic packets that attempt to either enter or leave the protected private
network. It is a tool that separates a protected network or part of a network,
and now increasingly a user PC, from an unprotected network – the “bad
network” like the Internet. In many cases the “bad network” may even be part
of the company network. By definition, a “firewall,” is a tool that provides a
13. MT23C-I
13
filter of both incoming and outgoing packets.
The primary components of a firewall are:
1. Network policy
2. Advanced authentication mechanisms
3. Packet filtering, and Application gateways
Network policy:
There are two levels of network policy that directly influence the design,
installation and use of a firewall system. The higher level policy (Services
access policy) is an issue-specific, network access policy that defines those
services that will be allowed or explicitly denied from the restricted network,
how these services will be used, and the conditions for exception to this
policy. The lower level policy (Firewall design policy) describes how the firewall
will actually go about restricting the access and filtering the services what were
defined in the higher level policy.
Advanced authentication:
Advanced authentication measures such as smartcards, authentication tokens,
biometrics, and software based mechanism are designed to counter the
weakness of traditional passwords. While the authentication techniques vary,
they are similar in that the passwords generated by advanced authentication
devices cannot be reused by an attacker who has monitored a connection.
Ex.: One time passwords.
Packet filtering, and Application gateways
IP Packet filtering is done using a packet filtering router designed for filtering
packets as they pass between the router’s interfaces. A packet filtering router
usually can filter IP packets based on some or all of the following fields:
Source IP address
Destination IP address
TCP/UDP source and destination ports
To counter some of the weakness associated with packet filtering routers,
firewalls need to use software applications to forward and filter connections for
services such as TELNET and FTP. Such an application is referred to as a
proxy service, while the host running the proxy service is referred to as an
application gateway.
14. MT23C-I
14
Evaluator’s Comments if any:
Question 4 Explain VPN?
Answer 4
A VPN is the extension of a private network that encompasses links across
shared or public networks such as the Internet. A VPN enables you to send
data between two computers across a shared or public internetwork in a
manner that emulates the properties of a point-to-point private link. In
essence, it makes the remote computer virtually part of the private network by
making an encrypted tunnel through the public Internet. The act of configuring
and creating a VPN is known as virtual private networking.
To emulate a point-to-point link, data is encapsulated, or wrapped, with a
header that provides routing information, allowing the data to traverse the
shared or public transit internetwork to reach its endpoint. To emulate a private
link, the data being sent is encrypted for confidentiality. Packets that are
intercepted on the shared or public network are indecipherable without the
encryption keys. The portion of the connection in which the private data is
encapsulated is known as the tunnel. The portion of the connection in which
the private data is encrypted is known as the VPN connection. Figure 1 shows
the VPN connection.
Figure 1 The VPN connection
VPN connections allow users working at home or on the road to connect in a
secure fashion to an organization’s remote server by using the routing
15. MT23C-I
15
infrastructure provided by a public internetwork (such as the Internet). From the
user’s perspective, the VPN connection is a point-to-point connection
between the user’s computer and an organization’s server. The nature of the
intermediate internetwork is irrelevant to the user because it appears as if the
data is being sent over a dedicated private link.
VPN technology also allows a corporation to connect to branch offices or to
other companies over a public internetwork (such as the Internet) while
maintaining secure communications. The VPN connection across the Internet
logically operates as a wide area network (WAN) link between the sites.
In both of these cases, the secure connection across the internetwork appears
to the user as a private network communication—despite the fact that this
communication occurs over a public internetwork—hence the name virtual
private network.
VPN technology is designed to address issues surrounding the current
business trend toward increased telecommuting and widely distributed global
operations, where workers must be able to connect to central resources and
must be able to communicate with each other.
To provide employees with the ability to connect to an organization’s
computing resources, regardless of their location, a corporation must deploy a
scalable remote access solution. Typically, corporations choose either a
department solution, where an internal information systems department is
charged with buying, installing, and maintaining an organization’s modem
pools and a private network infrastructure; or they choose a value-added
network (VAN) solution, where they pay an outsourced company to buy, install,
and maintain modem pools and a telecommunication infrastructure.
Neither of these solutions provides the necessary scalability, in terms of cost,
flexible administration, and demand for connections. Therefore, it makes sense
to replace the modem pools and private network infrastructure with a less
expensive solution based on Internet technology so that the business can
focus on its core competencies. With an Internet solution, a few Internet
connections through Internet service providers (ISPs) and VPN server
computers can serve the remote networking needs of hundreds or thousands
of remote clients and branch offices.
The security procedures that involve encryption are achieved through the use
of a tunneling protocol. There are two types of VPNs:
16. MT23C-I
16
Remote access which lets single users connect to the protected company
network and site-to-site which supports connections between two protected
company networks. In either mode, VPN technology gives a company the
facilities of expensive private leased lines at much lower cost by using the
shared public infrastructure like the Internet. See Fig. 2.
VPN technology is not new; phone companies have provided private shared
resources for voice messages for over a decade. However, its extension to
making
Figure 2 VPN Model
it possible to have the same protected sharing of public resources for data is
new. Today, VPNs are being used for both extranets and wide-area intranets.
Probably owing to cost savings, the popularity of VPNs by companies has been
phenomenal.
Evaluator’s Comments if any:
Question 5 Explain various methods of attacks?
17. MT23C-I
17
Answer 5
Whatever their motives, hackers have a variety of techniques in their arsenal
to carry out their goals. Let us look at some of them here.
Social Engineering: This involves fooling the victim for fun and profit. Social
engineering depends on trusting that employees will fall for cheap hacker
“tricks” such as calling or e-mailing them masquerading as a system
administrator, for example, and getting their passwords which eventually
lets in the intruder. Social engineering is very hard to protect against. The
only way to prevent it is through employee education and employee
awareness.
Impersonation is stealing access rights of authorized users. There are many
ways an attacker such as a hacker can impersonate a legitimate user. For
example, a hacker can capture a user telnet session using a network sniffer
such as tcpdump or nitsniff. The hacker can then later login as a legitimate
user with the stolen login access rights of the victim.
Exploits: This involves exploiting a hole in software or operating systems. As
is usually the case, many software products are brought on the market
either through a rush to finish or lack of testing, with gaping loopholes.
Badly written software is very common even in large software projects such
as operating systems. Hackers quite often scan network hosts for exploits
and use them to enter systems.
Transitive Trust exploits host-to-host or network-to-network trust. Either
through client-server three-way handshake or server-to-server next-hop
relationships, there is always a trust relationship between two network hosts
during any transmission. This trust relationship is quite often compromised
by hackers in a variety of ways. For example, an attacker can easily do an
IP-spoof or a sequence number attack between two transmitting elements
and gets away with information that compromises the security of the two
communicating elements.
Data Attacks: Script programming has not only brought new dynamism into
Web development, but it has also brought a danger of hostile code into
systems through scripts. Current scripts can run on both the server, where
they traditionally used to run, and also on the client. In doing so, scripts can
18. MT23C-I
18
allow an intruder to deposit hostile code into the system, including Trojans,
worms, or viruses.
Infrastructure Weaknesses: Some of the greatest network infrastructure
weaknesses are found in the communication protocols. Many hackers, by
virtue of their knowledge of the network infrastructure, take advantage of
these loopholes and use them as gateways to attack systems. Many times,
whenever a loophole is found in the protocols, patches are soon made
available but not many system administrators follow through with patching
the security holes. Hackers start by scanning systems to find those
unpatched holes. In fact, most of the system attacks from hackers use
known vulnerabilities that should have been patched.
Denial of Service: This is a favourite attack technique for many hackers,
especially hacktivists. It consists of preventing the system from being used
as planned through overwhelming the servers with traffic. The victim server
is selected and then bombarded with packets with spoofed IP addresses.
Many times, innocent hosts are forced to take part in the bombardment of
the victim to increase the traffic on the victim until the victim is
overwhelmed and eventually fails.
Active Wiretap: In an active wiretap, messages are intercepted during
transmission. When the interception happens, two things may take place:
First, the data in the intercepted package may be compromised by
introduction of new data such as change of source or destination IP
address or the change in the packet sequence numbers. Secondly, data
may not be changed but copied to be used later such as in the scanning
and sniffing of packets. In either case, the confidentiality of data is
compromised and the security of the network is put at risk.
Evaluator’s Comments if any:
19. MT23C-I
19
Question 6 State the anti-virus technologies?
Answer 6
Five major Virus detection technologies:
Integrity checking( aka checksum)
Based on determining, by comparison, whether virus-attacked code
modified a program’s file characteristics. As it is not dependent on virus
signatures, this method does not require software updates at specific
intervals.
Interrupt monitoring: Attempts to locate and prevent a virus “interrupt calls”(
function requests through the system’s interrupts)
Memory detection: Depends on recognition of a known virus location and
code while in memory.
Signature scanning: Recognizes a virus unique “signature” a preidentified
set of hexadecimal code, making it highly successful at virus identification.
Heuristic/Rules based scanning: Faster than traditional scanners, method
uses a set of rules to efficiently parse through files and quickly identify
suspect code.
All above mentioned five technologies can usually perform on-access or
on-demand scans, for both network servers and work-stations. Today, all
effective products leverage a combination of above to manage virus threats.
Evaluator’s Comments if any:
20. MT23C-I
20
Question 7 What is IP address spoofing
Answer 7
The term IP address spoofing refers to the creation of IP packets with a
forged (spoofed) source IP address with the purpose of concealing the
identity of the sender.
Figure 3 shows a scenario of spoofing.
Figure 3 IP address spoofing
How Spoofing works:
The basic protocol for sending data over the Internet and many other
computer networks is the IP. The header of each IP packet contains, among
other things, the numerical source and destination address of the packet.
The source address is normally the address that the packet was sent from.
By forging the header so it contains a different address, an attacker can
make it appear that the packet was sent by a different machine. The
machine that receives spoofed packets will send response back to the
forged source address, which means that this technique is mainly used
when the attacker does not care about response or the attacker has some
way of guessing the response.
In certain cases, it might be possible for the attacker to see or redirect the
response to his own machine. The most usual case is when the attacker is
spoofing an address on the same LAN or WAN.
21. MT23C-I
21
Evaluator’s Comments if any:
Question 8 Describe digital Signature?
Answer 8
A digital signature or schema is a type of asymmetric cryptography used to
simulate the security properties of a handwritten signature on the paper.
Digital signature schemes normally provide two algorithms, one for signing
which involves the user’s secret key or private key, and one for verifying
signatures which involves the user’s public key. The output of the signature
process is called the “Digital signature”.
The idea of a digital signature is basically the same as that of a handwritten
signature, to authenticate the signer. It is used to authenticate the fact that
what has been promised by a signature can’t be taken back later. Like a
paper signature, the digital signature creates a legal and psychological link
between the signer of the message and the message.
Digital signature-based authentication is yet another authentication
technique that does not require passwords and user names. A digital
signature is a cryptographic scheme used by the message recipient and any
third party to verify the sender’s identity and/or message on authenticity. It
consists of an electronic signature that uses public key infrastructure (PKI) to
verify the identity of the sender of a message or of the signer of a
document. The scheme may include a number of algorithms and functions
including the Digital Signature Algorithm (DSA), Elliptic Curve Digital
Signature and Algorithm (ECDSA), account authority digital signature,
authentication function, and signing function.
A digital signature is defined as an encrypted message digest, by the private
key of the sender, appended to a document to analogously authenticate it,
just like the handwritten signature appended on a written document
22. MT23C-I
22
authenticates it. Just like in the handwritten form, a digital signature is used
to confirm the identity of the sender and the integrity of the document. It
establishes the nonrepudiation of the sender.
Digital signatures are formed using a combination of public key encryption
and one-way secure hash function according to the following steps :
The sender of the message uses the message digest function to
produce a message authentication code (MAC).
This MAC is then encrypted using the private key and the public key
encryption algorithm. This encrypted MAC is attached to the message
as the digital signature.
The message is then sent to the receiver. Upon receipt of the message, the
recipient then uses his or her public key to decrypt the digital signature.
First, the recipient must verify that the message indeed came from the
expected sender. This step verifies the sender’s signature. It is done via the
following steps:
The recipient separates the received message into two: the original
document and the digital signature.
Using the sender’s public key, the recipient then decrypts the digital
signature which results in the original MAC.
The recipient then uses the original document and inputs it to the hash
function to produce a new MAC.
The new MAC is compared with the MAC from the sender for a match.
If these numbers compare, then the message was received unaltered, the
data integrity is assured, and the authenticity of the sender is proven. See
Fig. 4 for the working of digital signature verification.
Because digital signatures are derived from the message as a digest which
is then encrypted, they cannot be separated from the messages they are
derived from and remain valid.
Since digital signatures are used to authenticate the messages and identify
the senders of those messages, they can be used in a variety of areas where
such double confirmation is needed. Anything that can be digitized can be
digitally signed. This means that digital signatures can be used with any kind
of message, whether it is encrypted or not, to establish the authenticity of
the sender and that the message arrived intact. However, digital signatures
cannot be used to provide the confidentiality of the message content.
23. MT23C-I
23
Figure 4 Verifying a Digital signature in Message Authentication
Among the most common digital signature algorithms in use today are the
Digital Signature Standard (DSS) proposed by NIST and based on the El
Gamal public key algorithm and RSA. DSS is faster than RSA.
Evaluator’s Comments if any:
Question 9 Explain the process of Risk Management?
Answer 9
Risk management is a systematic approach to determine appropriate corporate
security measures. How to address security, where to address security, and
the type and strength of security controls requires considerable thought.
Risk management is the act of examining the relative value of your assets and
then allocating your security resources based on the likelihood of the risk
24. MT23C-I
24
occurring and the value of the asset. Risk management helps you prioritize
your efforts and spending to secure your network
Figure 5 Risk Management plan
A risk is the possibility of suffering a loss, and the impact or extent of damage
that would result if the loss occurs. Risk management is the process of
identifying risks, analyzing the risks, and creating a plan to manage the risks.
There are two types of risk analysis:
Qualitative. Ranks risks according to their relative impact on business
operations. Qualitative analysis often requires you to estimate the
probability of a threat and the impact of the threat occurring on a scale
of 1 to 10. You then multiply the two numbers for the probability and
impact and use the product to rank the risk relative to other risks.
Quantitative. Places actual values on the probability and impact of
threats to determine how to allocate security resources. Although
quantitative risk analysis uses advanced financial accounting skills, it
remains an inexact science.
25. MT23C-I
25
Figure 6 Identify Risks
To identify threats to assets, you perform threat modeling. For each threat that
you identify, create a risk statement. Risk statements combine information
about a threat with information about the impact of the threat occurring.
Risk statements help you clearly state the risks that threaten your assets and
the consequences of a threat occurring so that you can design appropriate
security measures to reduce the risks. A single asset may have many risk
statements associated with it.
A risk statement contains three parts:
Condition. Generally an “if” clause about what happens if a threat
occurs.
Operations consequence. Describes the effects on IT operations of a
threat that occurs to an asset. The effects are also known as the mode
of failure.
Financial and business impact. Describes the effects on the organization
of a threat that occurs to an asset.
26. MT23C-I
26
Figure 7 Analyze risks
After you create risk statements for each risk, you can analyze the impact of
each risk in greater detail. Qualitative risk analysis uses a general ranking of
probability and impact to determine a relative rank of a risk. The following table
offers an example.
In this example, the threat of information disclosure is medium, but with a high
impact. By estimating probability and impact on a scale of 1 to 10 and
multiplying the two numbers, a relative rank of 45 is obtained. This information
can help security designers prioritize threats, although the value placed on
probability and impact is subject to debate.
27. MT23C-I
27
Figure 8 Plan for management of risks
To manage a risk, you can apply one of four general strategies:
Accept. You accept risk and do nothing proactive, with the exception of
making contingency plans. Consider acceptance if the ALE for an asset
is less than the value of the asset, and if the business impact is low.
Mitigate. You mitigate risk by proactively changing the asset’s exposure
to the risk or your organization’s reliance on the asset. Consider a risk
mitigation strategy if the ALE is less than the value of the asset, and you
can take proactive actions in advance. Mitigation is the primary risk
management strategy.
Transfer. You transfer risk by partially shifting the responsibility for the
risk to another party, such as insurance or managed services company.
Transfer is becoming an increasingly important strategy for security.
Avoid. You avoid risk by eliminating the source of the risk or the asset’s
exposure to the risk. This is an extreme reaction to risk and should only
be done when the severity of the impact of the risk outweighs the benefit
that is gained from the asset.
Evaluator’s Comments if any:
28. MT23C-I
28
Question 10 Explain IP Security and security structure?
Answer 10
IPSec is a suite of protocols for securing Internet Protocol (IP)
communications by authenticating and/or encrypting each IP packet in a
data stream. IPSec also includes protocols for cryptographic key
establishment.
IPSec operates at network layer 3 of the OSI model. Applications using IP
Sec have an advantage over using lower layer protocols that it doesn’t need
to be designed to use IPSec, whereas for protocols like SSL the App needs
to be designed to support it.
Security Architecture:
Figure 9 IP Sec elements
IPSec is implemented by a set of cryptographic protocols for
Securing packet flows
Mutual authentication and
Establishing cryptographic parameters
29. MT23C-I
29
The IPSec architecture uses the concept of security association as the basis
for building security functions into IP. A security association is simply the
bundle of algorithms and parameters (such as keys) that is being used to
encrypt and authenticate a particular flow in one direction. Therefore in a
normal bi-directional traffic, the flows are secured by a pair of security
associations.
In order to decide what protection is to be provided for an outgoing packet,
IPSec uses the Security Parameter Index( SPI), an index to the security
association database(SADB), along with the destination address in a packet
header, which together uniquely identify a security association for that
packet. A similar procedure is performed for an incoming packet, where
IPSec gathers decryption and verification keys from the security association
database.
For multicast, a security association is provided for the group, and is
duplicated across all authorized receivers of the group. There may be more
than one security association for a group, using different SPIs, thereby
allowing multiple levels and sets of security within a group. Indeed, each
sender can have multiple security associations, allowing authentication,
since a receiver can only know what someone knowing the keys sent the
data.
There are two modes of IPSec operations, transport mode and tunnel mode.
In transport mode only the payload (the data you transfer) of the IP
Packet is encrypted and/or authenticated.
In tunnel mode the entire packet (data plus the message headers) is
encrypted and/or authenticated.
Evaluator’s Comments if any: