CS507_IDEA SOLUTION
Question:
A famous boutique in Lahore is going to launch a website to introduce online shopping facility for its customers.
What kind of preventive measures can be adopted to save the website from the expected threats?
Answer:
• Keep the password secret – do not reveal it to anyone
• Do not write it down – if it is complex, people prefer to save it in their cell phone memory, or
write on a piece of paper, both of these are not preferred practices.
• Changing password regularly – Passwords should be associated with users not machines.
Password generation program can also be used for this purpose.
• Be discreet – it is easy for the onlookers to see which keys are being used, care should be taken while entering the password.
• Do not use obvious password – best approach is to use a combination of letters, numbers,
upper case and lower case. Change passes word immediately if you suspect that anyone else
knows it
There is not asingle control available to cater for the risk of vulnerabilities associated with web (Internet). Someof the solutions are:
• Firewall Security Systems
• Intrusion Detection Systems
• Encryption
build firewalls as one means of perimeter security for their networks. Likewise, this same principle holds true for very sensitive or critical systems that need to be protected from entrusted users inside the corporate network
Generally, most organizations can follow any of the two philosophies
Deny-all philosophy -- which means that access to a given recourses will be denied unless
a user can provide a specific business reason or need for access to the information
resource.
• Accept All Philosophy -- under which everyone is allowed access unless someone can
provide a reason for denying access.
Intrusion Detection Systems (IDS)
Another element to securing networks is an intrusion detection system (IDS). IDS is used in
complement to firewalls. An IDS works in conjunction with routers and firewalls by monitoring
network usage anomalies. It protects a company's information systems resources from external aswell as internal misuse.
• Signature-based: These IDS systems protect against detected intrusion patterns. The
intrusive patterns they can identify are stored in the form of signatures.
• Statistical-based: These systems need a comprehensive definition of the known and
expected behaviour of systems.
• Neural networks: An IDS with this feature monitors the general patterns of activity and
traffic on the network and creates a database.
Web Server Logs
System and network logs can alert the Web administrator that a suspicious
event has occurred and requires further investigation. Web server software can provide additional
log data relevant to Web-specific events. If the Web administrator does not take advantage of these capabilities, Web-relevant log data may not be visible or may require a significant effort to access.
Also explain the technique used to make your electronic documents (such as email, text files) secured? [10 marks]
.
Biometrics
Identification of an individual through unique physical characteristics is proving to be quite safe
and secure for allowing access. The study of personal characteristics has been extensively used
for identification purposes. Biometrics can be defined as study of automated methods for
uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.
Passwords
"Password is the secret character string that is required to log onto a computer system, thus
preventing unauthorized persons from obtaining access to the computer. Computer users may
password-protect their files in some systems."
Cryptography
In literal terms, cryptography means science of coded writing. It is a security safeguard to render
information unintelligible if unauthorized individuals intercept the transmission. When the
information is to be used, it can be decoded. "The conversion of data into a secret code for the
secure transmission over a public network is called cryptography.
--
●●Gяєу_Fєяяy ●●
--
We say, "Be one as Pakistani Nation and grow up for Pakistan's Future". Wish you all the best. Join www.vuaskari.com,
To post to this group, send email to vuaskari_com@googlegroups.com
Visit these groups:
This (Main) Group:http://groups.google.com/group/vuaskari_com?hl=en?hl=en
MIT/MCS Group: http://groups.google.com/group/vu_askarimit?hl=en?hl=en
HRM Group: http://groups.google.com/group/askari_hrm?hl=en?hl=en
Banking Group: http://groups.google.com/group/askari_banking?hl=en?hl=en
Management: https://groups.google.com/group/vuaskari_mgt?hl=en
Marketing: https://groups.google.com/group/vuaskari_mkt?hl=en
MIS Group: http://groups.google.com/group/askari_mis?hl=en
No comments:
Post a Comment
Please Comment About my Work