By Ms.

Riya Malukani

It uses various authorization methods to make sure that only valid users and programs have access to information resources. Problem in client Server Network security: Physical security holes: Unauthorized physical access.(tampering file etc).of Software security holes : badly written program are compromised(eg. rlogin,sendmail)

Inconsistent usage holes results when a system administrator assembles a combination of hardware and software such that the system is seriously flawed from security point of view.

Trust-Based security : Trust every one and do nothing for extra protection. It is possible not to provide access restriction of kind to assume that all users and trustworthy and competent in their use of shared network. Security Through obscurity: The notion that any network can be secure as long nobody outside its management group is allowed to find out anything about operational details and users are provided information on need-toknow basis. Hiding account password in binary files Password schemes: Erect a first level barrier to accidental intrusion. Biometric Systems. Finger print, palm print , retinal pattern, signature verification or voice recognition.

Threat to Local computing environment Software agent and malicious code threat: Virus: A code segment that replicate by attaching copies of itself to existing executable(.EXE files).The new copy of the virus is executed when user execute host Trojan Horse: A program that perform a desired task but also includes unexpected (and undesirable) function. Worm. A self-replicating program that is selfcontained and does not require a host program. A program create a copy of itself and causes it to execute.

Threats to server Hackers : Unauthorized access to large number of system.

Firewall: Method of placing a device (a computer or router) between the network and internet to control and monitor all traffic between the outside world and the local network.
Firewalls

Internet

Working filtration Availability: Software. Hardware.

Data Security: Eg..Risk to credit card Packet sniffing: unauthorized network monitoring

Threat Message confidentiality : It is important for uses involving sensitive data. Such as credit card numbers. Other sensitive data: such as employee records , government files and social security number. The environment must be protected. after successful delivery it must remove from public environment.

Business transaction require that their contents remain unmodified during transport. In other words, information must have the same content and organization must be sent. It must be clear no one has added ,deleted or modified any part of the messages.

For Ecommerce, It is important that client authenticate themselves to servers that server authenticate to clients, that both authenticate each other. Authentication is a mechanism whereby the receiver of transaction or message. E.g. of authentication is cryptography.