Jan 13, 2011

web security- a technical paper by Rohith.O

WEB SECURITY: SAFE AT HANDS?



ROHITH.O

Abstract:

The paper discuss about the web security system available now a days around us. The paper briefly travels through the problems that a computer might have to face. One among it is web security. We discuss regarding the curative steps in case of other failures of computer system except web security. The paper clearly describes the intentions behind the security attacks, their method of approach, their traps and methods by which we can resist such traps. We discuss the world’s some of the common heard web threats and their method of approach towards the scenario. The paper discusses the latest available technical support regarding the web security, helping tips which one should never forget to use to secure themselves in avoiding the potential threats of web security.

Index terms:

Secure Sockets Layer, Cryptography, Symmetric key Algorithms, Secure Electronic Transactions.

  1. INTRODUCTION

In the modern era of computers and internet, the security to internet is a relevant issue to be watched out. Internet have become a part of life for majority of this world with in these decade. Hence an issue which affects all around the world as far as an computer world is concerned may be web security. From the moment of creation of computer softwares, many brain have been worked in a similar manner to crack it down. Similarly Internet is also been prone to plenty of such threats available now a days. The recent detection of Bom sabado virus in social community website ‘orkut’ is one of such instants , which show the threat posed by an user in utilizing the day today’s web. The only thing which keep alive such manipulation is the cyber law.Internet is believed to be full of anarchy and a system of law and regulation therin seems contradictory . However , cyberspace is being governed by a sytem of law and regulation called Cyber law. Cyber law is a generic term which refers to all the legal and regulatory aspects of internet and the issues concerning any activity of netizens and others, in cyberspace comes within the ambit of Cyberlaw . The growth of Electronics commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure .


In spite of these strict and hard laws of cyber wing , the hackers and cracker’s activities have never gone below a limit and hence comes the necessity of self defense. For every action on the internet , we should be aware of the problems behind the screen. The main reason for the web hacking is the unawareness of users about the techniques and lack of experience in detecting the traps. So we here discuss , the main problems faced by the user, the actions to secure the web use, the actions which should be avoided to be safe etc. The currently available technologies can secure widerange of security threats and hence clearly help us in being safe, but at the same time there are many other techniques by which we can secure our part of web.



  1. DATA WAREHOUSING


  1. Computer security: Basic issues


To begin with web security, we must be aware of the potential threat, a system is subjected to. The security of hardware and software using locks or tags are the first priority. Secondly, preventing damage through system failure (software or hardware) and preventing damage through malicious intentional actions (security attacks, theft). The recent sensational Bom sabado virus belongs to this category of action. The threats to a system includes power outage, corrupted disks, hard drive crashes, at the hardware side and Software crash, Software does not perform as intended/desired at the software side.

Some of the possible methods to cure the intensity of such risks include keeping up back up process before the risk. The back up process include Level-zero backup (copy of the original system when first installed), Full backup (copy of every file on the computer), Incremental backup (copy of all modified files).

Security risks have greatly increased due to the Internet; no computer is an island. We focus on security issues related to the Internet, but this will also include basic security for the user’s computer.

  1. Attacker’s aim & target


An attacker, who breaks the web security of system, definitely will be aiming a task. Here we would like to coin the term hackers and crackers, rather than attacker’s in general sense. The crackers are the malicious programmers who break into secure systems whereas Hackers are more interested in gaining the knowledge about computer systems and possibly using this knowledge for playful pranks. The pejorative sense of hacker is becoming more prominent largely because the popular press has co-opted the term to refer to individuals who gain unauthorized access to computer systems for the purpose of stealing and corrupting data. Now a day’s among professional programmers, depending on how it used ,the term can be either complimentary or derogatory ,although it is developing an increasingly derogatory connotation .Some of such possible target include: Scanning the system for confidential documents, corrupt information on the computer, Modify the operating system by creating security loopholes, steal credit card numbers etc. The information so gained may be utilised for a bargain, make profit, or can be used to create a lot of agonies in future. The attacker can even block access the user’s interface. So the data stored in any PC becomes a source of market for attackers.

  1. Mistakes left by users


The common mistakes committed by user at web are used greatly by the hackers. The user must be very well aware of such mistakes before practicing web security techniques. When we use a website of an unauthorized dealer for setting up an account with an online shop, purchasing tickets via the web, even simple demographic information may be sufficient for identification (e.g. ZIP-code + birthday). Further, various applications and network programs create log files of various activities the user performs. This property of applications can be used to keep track of a user and his activities, which in turn will benefit the hackers. There are many other applications available in web where files on remote web server, contain the details, whenever a page is downloaded. Many other secured systems like Mail logs created by mail server at least contain to address and from address, which are all useful data for a good hacker. The cookie containing the details of the server is a potential threat for an user and an additional bonus for hackers. Now a days , the common web bugs can be simply programmed in HTML, which are capable of alerting a specified web server every time the page is viewed. This is useful for gathering visitor’s statistics , but when used by hackers ,the mission changes. Using these bugs, they are capable of reading e-mails, send personal information encoded in URL.


  1. Methods of security



Web security has not been arised as a major issue due to its safe methods in tackling the hackers. Having the basic knowledge of how the hackers sneak into our system, we can prevent them doing so by following a custom when utilizing the web. First among such custom is to pick up a good password and not writing it down. A password is better if we add some non guessable random alphabets, in both small case and capital cases and includes some sort of numbers into it.

The writing down of a password can adversely affect an user if a physical theft or leaves a chance for others to read out the password, and hence the security is at stake.


Authentication is the term which describes the authority of user to use an application. This authentication can be of different types: What you know, Where you are, what you are, what you have. The type what you know may consist of different passwords and secret keys one know, by which the application can verify the authenticity. The type where you are consist of verifying the IP address at which the application been accessed and hence the unauthorized user from other IP address can be restricted .The type what you are consist of biometric transfer of data which clearly authenticate the user. The fingerprint sensors, face detectors, voice detectors are some biometric standards that keep alive this type of authentication. The type what you have may ask for secure tokens for confirming the authenticity. If any of these trustable authentications are utilized then the chances been hacked or cracked can be reduced.

Some of the after control options after the authentication are to lock the system after three consecutive failure of authentication, removal of easy-guessable passwords .Now on analyzing some of recent developments regarding the password stealing is common password by teacher-Used by students to get their credit score information. The most unfortunate part of such password stealing is the cash theft by an English accountant uses co-workers’ password to steal $17 million for gambling. Again in another case, Helpdesk employee uses passwords of accredit card data base to sell credit reports to Nigerian scammers.



  1. Preventive measures


Now by knowing this much about web security, we should be cautious of variety of items going around us and will be managing them in a different manner. So here we try to analyze many of such situations where we should utilize our knowledge on field of web security. First among them is to avoid spam and junk mails. Users in modern era are unaware of such mails and discard the security. Further, e-mail address of a particular user should be known to only his genuine friends/users, never try to put your e-mail address on your home page. Taking out e-mail id out of online directories would be another safe task to compete hacking. Next, one should always maintain awareness while using public mailing lists and try not to post to public mailing lists. Picking of an unusual username, which the hacker’s can’t guess from your blog/website would be another safe move.

Now to analyze whether an e-mail is spam or not, plenty of soft wares are available now a days in web. For instant: Al technology, confirmation e-mails etc. These antispam services helps one to keep safe the mailing part on the web. Antispam softwares does the same function as there in the web, but it runs on the computer and mail stays where it belongs, and hence system is also secured of such junk mails and its consequences. As we discussed earlier, cookies are a threat to user at some instants, we can utilize the browser options to refuse cookies and perform the surfing. This however is going to help you in diverting from the path of being hacked. Further, secure E-mail senders should maintain a custom to send encrypted messages before the actual sending of safe documents. This ensures the safe traversal of data among the sender and receiver.

Now the safest methods to protect our IP address been hacked include anonymous browsing. Using of a public terminal like that of a public library or internet cafe will always help in securing our IP address of personal systems. since being a public terminal ,the hackers can’t keep track of a particular system and its IP address for securing data and being a common terminal ,ensures ,the user don’t keep much of secured data in such systems .As discussed , the use of anonymous web browsing services will definitely benefit an user in working as proxy servers, and hence security is ensured.


Recent development in the field of Web security includes the introduction of Secure Sockets layer. It uses a cryptographic protocol for sending information over the web. Using this technology , comes to its best when used with web pages :https://…… Browsers will tell whether the current page/ document is “secure”. This would be helpful for those who use credit cards for booking flights etc., since they can understand the potential threat behind the web pages utilizing this SSL technology.


Now on getting professional to computer science and engineering field, we have secured encoding and decoding process. Use of symmetric key for encoding and decoding the content is highly recommended. The availability of large number of possible keys makes it difficult to crack. Further this encoding ensures high level of secrecy. For instant,

Using an 80 – bit key, and assuming that 1 million kegs per second can be searched out, it will take approximately 38 billion years to try all keys. This is something out of human capability and hence so secured.

The common algorithms used for this purpose include DES, Blowfish, RC2, RC4, and RC5.


Another recent introduction into the field of web security is Secure Electronic Transactions (SET).This is an open encryption and security specification designed to protect credit card transactions on the internet. This has highly been useful for e-marketing and hence transactions can be securely satisfied. Using this technology, many of the important threats to web security is solved, including Confidentiality of Information, Cardholder account authentication, Merchant authentication.


In spite of all these available technology now a days , still we can see plenty of hackers and crackers attacking the cyber community, creating a lot of troubles , looting of money from banks, corporate transactions been freeze, creation of new virus and such junk mails been increasing in today’s scenario. This ensures a statement ‘There is no perfect security.’ But it doesn’t mean we can be safe, still, we can be aware of the security risks, and of some of the ways to improve security.


  1. REFERENCES



1. Computer Science And Engineering Archive- Amrita Digital Library

http://vidya/cs/main/computer/

2. An overview on c++ ,Sumita Arora

3. IP Security: A Brief Survey, Raj jain

4. www.wikipedia.org

5. www.google.com

6. Authentication and Access Control

7. National level Technical Symposium, kancheepuram