CS507 Assignment No. 4 solution

No Comments

Question:
A famous boutique in Lahore is going to launch a website to introduce online shopping facility for its customers.What kind of preventive measures can be adopted to save the website from the expected threats?
Also explain the technique used to make your electronic documents (such as email, text files) secured? [10 marks]




Due Date:
Your assignment must be uploaded/submitted before or on 28th June 2011


SOLUTION:



As organizations move more business processes online, protecting the
privacy of the information used during these processes is essential. Because many confidentiality and automated processes rely on electronic documents that contain mission-critical, personal, and sensitive information, organizations must make significant investments to properly protect these documents.
Stop the Hack and Secure Your Website in 10 Best Methods
If you are a business owner, then you must know how important it is for you to
own website. You can use it to be able to reach as many target customers ashave your
possible.
After all, they are located in almost many parts of the world. You can display all your
products and services in yo ur website. But do you know that they can be a great
area for
hackers to play on? So how can you protect your website against hacking?
1.
Protect your files with passwords
. Surely, your website will contain scripts,
database, and files that are not meant to be shared publicly but for perhaps the
search engine bots. To avoid having an yon e getting hold of them, it may be ideal
to protect them with password. However, you hav e to make sure th at these are
ver y hard to decipher. This is because they can simply make use of passworddeciphering
software. You can combine alphanumeric characters and exhaust all
the character limits as much as possible.
2.
Secure your e-mail address
. There may be times when you will be receiving an
e-mail address courtesy of your online business form. There are even others who
will send a message directly into your mailbox. This may mean th at spammers
have got hold of your contact information perhaps in the Web or from someone
else. To prevent this, you can make use of software that will split your e-mail
address. It will then very hard for spamming software to read. You can also just
add an E-mail Us link into your website or an image which can be clicked and
allow your customers to send an
e-mail
right away. There’s no need to reveal the
e-mail address.


3.
Don’t leave e-mail addresses anywhere
. Perhaps you’re thinking of mark eting
your website in forums and other public online networks. This is okay; however,
you have to be very cautious. Hackers and spammers are very much interested of
your e-mail address. You can make use of a bogus one, and simply add a link of
your website in the signature.
4.
Secure your source code
. There are hackers who are interested in getting your
source code to either destroy it or to build a website clone. That’s why it is very
important that you can protect it against such individuals. You can make use of
scripts that will allow your source code to remain hidden to Internet users. Or you
can simply make use of external CSS sheets as well as files for Javascript.
5.
Check for software patches
. If you have been using some software in building or
maintaining your website, make sure that you constantly update all of your files.
This may be because the older ones can no longer protect your website
from
hackers
and
spammers
.
6.
Sign up for updates
. Majority of the product and software updates may only be
announced in their respective websites. This is to encourage their customers to
continuously be up-to-date too of an y new products that they are currently
introducing into the market. To avoid the hassle, sign up using one secure e-mail
address in all of their newsletters. If you receive any updates, make su re you take
time in reading them.
7.
Add a robot.txt.
This is a special instruction you will give to search engines who
may be visiting your webpages. You can instruct them to only index those files
that are meant for users. You can also direct them to not index an y that are only
meant for webmasters. These may include files and images.
8.
Check the permissions you may have set for your uploaded files.
This is to
prevent any hacker from getting access into your important and confidential files.
You can confirm it by selecting CHMOD for your files located in the web hosting
server. Otherwise, if you aren’t sur e, then you can simply verify it from you r
webmaster.
9.
Take away old or unnecessary files.
It’s normal for search engines to keep files


from your website, especially if they are being ind exed. However, if you remove
them from the server, then no one can access them anymore. It will not be
obtainable for hackers and spammers.
10.
Know your server
. Your server is very essential as you basically keep all of you r
files there, and it will cause your website to run smoothly. Intruders, on the other
hand, can add virus or
malware
into your system, thereby causing damage into
your website. If you are running it on your own, you must know your server
properly. This way, you can set the right security and permission level for your
site.
How to provide persistent document security
A significantly more effective solution for protecting an electronic document is to
assign
security parameters that are an integral part of the document itself. The following
criteria
define persistent document security:
Confidentiality—Who should have access to the document?
Authorization—What permissions does the user have for working with the
document?
Accountability—What has the recipient done with the document?
Integrity—How do you know if the document has been altered?
Authenticity—How do you know where the document came f rom?
Non-repudiation—Can the signatory deny signing the document?
Access Controls
These controls establish the interface between the would-be user of the computer
system
and the computer itself. These controls monitor the initial handshaking procedure of
the
user with the operating system. For example when a customer enters the card and
the pin
code in an automatic teller machine (ATM), the access controls are exercised b y
the
system to block unwanted or illegitimate access.
The identity of the user needs to be established before granting access. The user
should
be given access to the nature and kind of resources he is entitled to access. Actions
taken
by users to have access beyond the limits defined should be blocked and recorded.
Cryptography
In literal terms, cryptography means science of coded writing. It is a security
safeguard to
render information unintelligible if unauthorized individuals intercept the
transmission.
When the information is to be used, it can be decoded. “The conversion of data into
a secret


code for the secure transmission over a public network is called cryptography.”
Encryption & Decryption
Cryptography primarily consists of two basic processes. These processes are
explained
through a diagram.
Encryption – the process of converting data into codes (cryptograms)
Decryption – the process of decoding the code arrived at data actually encrypted
Access controls focus on the correct identification of the user seeking permission to
access
the system. There can be various sources of identifying and authenticating the user.

What a user remembers – name, birthdates, password

What a user possesses – badge, plastic card

What a user is – personal characteristics
Biometrics
Identification of an individual through unique physical characteristics is proving to be
quite safe and secure for allowing access. The study of p ersonal characteristics has
been
extensively used for identification purposes.
Most commonly, following personal physical ch aracteristics are covered,
• Finger print
• Hand print
• Voice Print
• Facial profiling – measuring distance between various points on face
• Iris/retinal recognition – eye patterns


Next PostNewer Post Previous PostOlder Post Home

0 comments

Post a Comment