Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Consider the following threats to Web security and describe how each is countere

ID: 3688140 • Letter: C

Question

Consider the following threats to Web security and describe how each is countered by a particular feature of SSL.

a. Man-in-the-middle attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client.

b. Password sniffing: Passwords in HTTP or other application traffic are eavesdropped.

c. IP spoofing: Uses forged IP addresses to fool a host into accepting bogus data.

d. IP hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.

e. SYN flooding: An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the “half-open connection” around for a few minutes. Repeated SYN messages can clog the TCP module.

Explanation / Answer

a)..Man-in-the-middle attack:
1.Domain name in client certificate matches the domain name of the server itself.
2.This step makes sure that the server is in the same network address specified by domain name in the certificate.
3.This step alone protects from this attack although it is not part of Secure Socket Layer.

b.)..Password sniffing:
1.The application message is encrypted by using any of the encrypting algorithm so the password transmission is protected.
2.password is transmitted in an encrypted form after recieve at other end it decrypts

c.)..IP spoofing:
1.This will still work if application authenticates based on IP address.
2.In this case Secure Socket Layer may not authenticate the client.
3.IP address is not part of Secure Socket Layer authentication scheme.

d.)..IP hijacking:
1.If the IP hijacking occurs after the handshake policy, the attacker will not have the encryption key.
2.The tempering would be detected and connection would be dropped.
3.If the attack occurs during the handshake, it will not work, since application password involved in authentication.

e.)..SYN flooding:
1.Secure Socket Layer does not protect SYN flooding. This attack occurs at the TCP(transmission control protocol).
2.Secure Socket layer is in on top of TCP.

Related Questions

Consider the following test for genetic linkage between two genes designated Gen
Question #173703
Consider the following test for genetic linkage between two genes designated Gen
Question #225366
Consider the following test signal: 2(t) = sin(2n( 1000)t) + sin(2n( 1100)t) + s
Question #2084993
Consider the following test signal: 2(t) = sin(2n( 1000)t) + sin(2n( 1100)t) + s
Question #3860408
Consider the following tetrahybrid cross between AaBbCCDD and AaBbCcDd. What pro
Question #14382
Consider the following tetrahybrid cross in pea plants: TtRrwAa x ItRcYvaa Assum
Question #183208
Consider the following the code segment that shuffles a deck of cards. the code
Question #3867197
Consider the following the code. import javax.swing.*; import java.awt.*; import
Question #666954

Navigate

Previous
Consider the following threats to Web security and describe how each is countere
Next
Consider the following threats to Web security and describe how each is countere