1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.
SET stands for Secure Electronic Transaction. It is a protocol designed for secure credit and debit card transaction between customers and merchants. With this protocol, all messages including ordering and payment information are encrypted. As both parties using SET requires digital certificate, any modification of the data and information can be altered. As the merchants complete the transaction with the bank but not the customer directly, the privacy of customer is retained.
RSA 128-bit encryption is a encryption method for symmertic keys for the certificate issued to merchants and clients who uses SET for transactions.
RSA recommended that the 128-bits as a minimum symmetric security level till 2013 and beyond. This level requires the minimum RSA key size to be at 3072bits.
2. What can you find out about network and host-based intrusion detection systems?
Wikipedia (2009) stated that "A network intrusion detection system (NIDS) is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort."
It is found to be a packet level analyzer for intrusion.
Wikipedia (2009) stated that "A host-based intrusion detection system (HIDS) consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC."
It is found to be a application level analyzer for intrusion.
3. What is ‘phishing’?
Phishing is a kind of technique to collect victim's user name and password for criminal activities.
It always uses emails that pretent itself as an enterprise or organization and send to the users. The email mostly used to acknowledge the user to change his/her password with a specified web address that similar to the real address.
When user click on the web address provided by that email, it leads the user to a fake website, which look and feel as the real website to collect the personal information such as user name and password of a bank account. It usually lead financial loss on victim user. (webopedia, Wikipedia)
Reference:
Wikipedia (2009), Intrusion detection system, Retrieved 24 May 2009 from http://en.wikipedia.org/wiki/Intrusion-detection_system
Wikipedia (n.d.), Phishing, Retrieved 28 April 2009 from http://en.wikipedia.org/wiki/Intrusion-detection_system
webopedia (n.d.), All About Phishing, Retrieved 28 April 2009 from http://www.webopedia.com/DidYouKnow/Internet/2005/phishing.asp
Secure Electronic Transaction (SET), Retrieved 4 May 2009 from http://lyle.smu.edu/~nair/courses/7349/SET.ppt
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment