الخميس، 29 نوفمبر 2012

Secure Socket Layer (SSL)


Secure Socket Layer (SSL) is a security protocol that was developed by Netscape Communications Corporation, along with RSA Data Security, Inc. The Primary goal of the SSL protocol is to provide a private channel between communicating applications, which ensures privacy of data, authentication of the partners, and integrity. The Secure Socket Layer (SSL) technology was used for the websites or web applications which need more security.


Schematic representation of the SSL handshake ...
 SSL handshake protocol with two way authentication with certificates. (Photo credit: Wikipedia)

 

Secure Socket Layer (SSL) is composed of two layers:


  • At the lower layer, a protocol for transferring data using a variety of predefined cipher and authentication combinations, called the SSL Record Protocol.
  • On the upper layer, a protocol for initial authentication and transfer of encryption keys, called the SSL Handshake Protocol.

An SSL session is initiated as follows:


  • On the client (browser), the user requests a document with a special URL that starts with https: instead of http: either by typing it into the URL input field, or by clicking the link. For example the major search engines like Google, Yahoo, Bing and other money transactions websites uses Secure Socket Layer (SSL).The client computers which do not installed the Secure Socket Layer (SSL) certificates on their computer unable to browse those sites.
  • The client code recognizes the SSL request and establishes a connection through TCP port 443 to the SSL code on the server.
  • The client then initiates the SSL handshake phase, using the SSL Record Protocol as a carrier. At this point, there is no encryption or integrity checking built into the connection.

The Secure Socket Layer (SSL) Protocol addresses the following security issues:


  • Privacy: After the symmetric key is established in the initial handshake, the messages are encrypted using this key.
  • Integrity: Messages contain a message authentication code (MAC) ensuring the message integrity.
  • Authentication: During the handshake, the client authenticates the server using an asymmetric or public key. It can also be based on certificates. SSL requires that each message is encrypted and decrypted and therefore has a high performance and resource cost.

Secure Socket Layer (SSL) Protocol


The SSL protocol is located at the top of the transport layer. SSL is also a layered protocol itself. It simply takes the data from the application layer, re-formats it, and transmits it to the transport layer. SSL handles a message as follows.

The sender performs the following tasks

  • Takes the message from upper layer.
  • Fragments the data to manageable blocks.
  • Optionally compress the data.
  • Applies a message authentication code (MAC)
  • Encrypts the data.
  • Transmits the result to the lower layer.

 The receiver performs the following tasks.


  • Takes the data from lower layer.
  • Decrypts.
  • Verifies the data with the negotiated MAC key.
  • Decompress the data if compression was used.
  • Reassembles the message.
  • Transmits the message to the upper layer.


An SSL session works in different states. These states are session and connection states. The SSL handshake protocol coordinates the states of the client and the server. In addition, there are read and write states defined to coordinate the encryption according to the change Cipher Spec messages.


Change Cipher Spec Protocol


The change Cipher Spec protocol is responsible for sending change Cipher Spec messages. At any time, the client can request to change current cryptographic parameters such as the handshake key exchange. Following the change Cipher Spec notification, the client sends a handshake key exchange and if available, certificate verify messages, and the server sends a change Cipher Spec message after processing the key exchange message. After that, the newly agreed keys will be used until the next change Cipher Spec request. The change Cipher Spec message is sent after the hello messages during the negotiation.


SSL handshake protocol


The SSL handshake protocol allows the client and server to determine the required parameters for and SSL connection such as protocol version, cryptographic algorithms, optional client or server authentication, and public key encryption methods to generate shared secrets. During this process, all handshake messages are forwarded to the SSL record layer to be encapsulated into special SSL messages. Figure below illustrates an SSL handshake process.



Secure Socket Layer (SSL)



SSL record protocol


After the master key has been determined, the client and server can use it to encrypt application data. The SSL record protocol specifies a format for these messages in general, they include a message digest ensure that they have not been altered and the whole message is encrypted using a symmetric cipher.



Other Internet security methods are: Transport Layer Security (TSL), Pretty Good Privacy (PGP) and Firewall, I will post about them later. Keep following this blog.



You Might also view the following Related Posts

For more Posts: Click Here

Internet Security & IP Security (IPSec)


English: Encapsulating one IP packet in anothe...
English: Encapsulating one IP packet in another IP packet (Photo credit: Wikipedia)
Internet Security is the securing web server and client (browser) from the possible attacks over the Wide Area Networks or Internet. Internet security is a type of Computer Security or the network Security. It includes mainly specific security protocols like IPSec (Internet Security Protocol), SSL (Secure Socket Layer) or TSL (Transport Layer Security). Internet Security also describes about PGP (Pretty Good Privacy) which is designed to create authenticated and confidential e-mails. It also discuss about Firewalls and Antivirus Programs.


# IP Security (IPSec)


IP Security (IPSec) is collection of protocols designed by Internet Engineering Task Force (IETF) to provide security for a packet at the network level. It helps to create authenticated and confidential packets for the IP layer. IPSec operates in one of the following two modes.


i) Transport Mode


In this mode, IPSec protects what is delivered from the transport layer to the network layer. i.e. the transport mode protects the network layer payload, the payload to be encapsulated in the network layer. This mode does not protect the IP header, i.e. it protects only the packet from the transport layer. In this mode, the IPSec header and trailer are added to the information coming from the transport layer. The IP header is added later. This mode is normally used when we need host-to-host protection of data. The sending host uses IPSec to authenticate and / or encrypt the payload delivered from the transport layer. The receiving host uses IPSec to check the authentication and / or decrypt the IP Packet and deliver it to the transport layer.


ii) Tunnel Mode

 

Internet Security & IP Security



Tunneling or encapsulation is a common technique in packet-switched networks. It consists of wrapping a packet in a new one. That is, a new header is attached to the original packet. The entire original packet becomes the payload of the new one, as shown in Figure. In this mode, IPSec protects the entire IP Packet. It takes an IP packet including the header, applies IPSec security methods to the entire Packet, and then adds a new IP header. The new IP header has different information than the original IP Header.

In general, tunneling is used to carry traffic of one protocol over a network that does not support that protocol directly. For example, NetBIOS or IPX can be encapsulated in IP to carry it over a TCP/IP WAN link. In the case of IPSec, IP is tunneled through IP for a slightly different purpose: To provide total protection, including the header of the encapsulated Packet. Tunneling requires intermediate processing of the original packet while en-route. The destination specified in the outer header, usually and IPSec firewall of router, receives the tunneled packet, extracts the original packet, and sends it to the ultimate destination. The processing cost is compensated by the extra security. A notable advantage of IP tunneling is the possibility to exchange packets with private IP addresses between two intranets over the public Internet, which requires globally unique addresses.


The IPsec framework has three main components, Authentication Header(AH), Encapsulating Security Payload (ESP) and Internet Key Exchange (IKE).


Authentication Header (AH)


AH is used to provide integrity and authentication of IP datagrams. Replay protection is also possible. Although its usage is optional, the replay protection service must be implemented by any IPsec compliant system. The services are connectionless, they work on a per-packet basis. AH is used in two modes, transport mode and tunnel mode.


Encapsulating Security Payload (ESP)

 

English: IP packet with IPsec ESP
English: IP packet with IPsec ESP  (Photo credit: Wikipedia)
ESP is used to provide integrity check, authentication and encryption to IP datagrams. Optional replay protection is also possible. These services are connectionless, in that they operate on a per-packet basis. Encryption can be selected independently of other services. It is highly recommended that, if encryption is enabled, integrity check and authentication be turned on. Like AH, ESP can be used in two ways: Transport mode and tunnel mode.


Internet Key Exchange Protocol (IKE)


The internet Key Exchange (IKE) framework, previously referred to as ISAKMP/Oakley, supports automated negotiation of security Associations, and automated generation and refresh of cryptographic keys. The ability to perform these functions with little or no manual configuration of machines is a critical element to any enterprise-scale IPsec deployment. Internet security association and key management protocol (ISAKMP) is a framework that defines the management of security associations (negotiable, modify, delete) and keys, and it also defines the payloads for exchanging key generation and authentication data. Internet Key exchange (IKE) is a protocol that uses parts of ISAKMP and the Oakley and SKEME key exchange protocols to provide management of keys and security associations for the IPsec AH and ESP protocols and ISAKMP itself.


# Secure Socket Layer (SSL)




You Might also view the following Related Posts 

For more Posts: Click Here

الأربعاء، 28 نوفمبر 2012

Solved MCQ of System Analysis and Design Set-3


 Q.1 A ……………… system in no more than idea.
A) Conceptual
B) Logical
C) Physical
D) None

Q.2 Design Phase consists of …………………….
1.       Identity the functions to be performed
2.       Design the input/output and file design
3.       Defining basic parameters for system design
A) 1 & 2
B) 2 & 3
C) 1 & 3
D) 1, 2 & 3


Q.3 A context diagram
A) Describes the context of a system
B) is a DFD which gives an overview of the system
C) is a detailed description of a system
D) is not used in drawing a detailed DFD

Q. 4 HIPO stand for
A) Hierarchy input process output
B) Hierarchy input plus output
C) Hierarchy plus input process output
D) Hierarchy input output Process

Q.5 Statement of scope and objectives, opportunities and performance criteria ………….
A) Problem definition
B) System analysis
C) System Design
D) Documentation

Q.6 Information can be categorized into …………….
1.       Environmental information
2.       Competitive information
3.       Government information
4.       Internal information
A) 1, 2 & 3
B) 1, 2 & 4
C) 2, 3 & 4
D) 1, 3 & 4

Q.7 System Development process is also called as ……………..
A) System Development Life Cycle
B) System Life Cycle
C) Both A and B
D) System Process Cycle

Q.8 The output of problem definition stage is ……………..
A) Master Development Plan
B) Terms of reference
C) Feasibility report
D) Final product

Q.9 Advantages of system flowcharts ………………….
A) Effective communication
B) Effective analysis
C) Queasier group or relationships
D) All A, B, C

Q.10 Based on the identification of objectives, input, output and file content, the vital document is called …
A) System Definition
B) System Document
C) System Requirement Document
D) System Subject

Q.11 A context diagram is used
A) as the first step in developing a detailed DFD of a system
B) in systems analysis of very complex systems
C) as an aid to system design
D) as an aid to programmer

Q.12 Which of the following is/are the sources for project requests?
A) Request from Department managers
B) Request from senior executives
C) Request from system Analyst
D) All of the above

Q.13 DDS stands for …………………
A) Data Data Systems
B) Data Digital System
C) Data Dictionary Systems
D) Digital Data Service

Q.14 ………….. Phase is a time consuming phase and yet a very crucial phase
A) Feasibility Study
B) Requirement Phase
C) Analysis Phase
D) Testing Phase

Q.15 A DFD is normally leveled as
A) It is a good idea in design
B) It is recommended by many experts
C) it is easy to do it
D) It is easier to read and understand a number of smaller DFDs than one large DFD

Q.16 ………………. is responsible for all aspects of data processing, operation research, organization and method, system analysis and design investments.
A) Management Services Director
B) Data Processing Manager
C) Computer Manager
D) Both B and C

Q.17 ……………… is a tabular method for describing the logic of the decisions to be taken.
A) Decision tables
B) Decision tree
C) Decision Method
D) Decision Data

Q.18 In ……………… system the interaction between various subsystems cannot be defined with certainty
A) Open System
B) Closed System
C) Deterministic System
D) Probabilistic System

Q. 19 State True or False.
1.       Term of reference is the final output of Feasibility Study
2.       Design specification report is the final output of System Analysis
A) 1-true, 2-true
B) 1-false, 2-true
C) 1-true, 2-false
D) 1-false, 2-false

Q.20 The key considerations involved in the feasibility analysis is include
i) Economical      ii) Technical         iii) Behavioral     iv) Personal
A) i, ii, iv              
B) i, ii, iii
C) ii, iii, iv
D) All of the above

Answers:
1.       A) Conceptual
2.       D) 1, 2 & 3
3.       B) is a DFD which .... of the system
4.       A) Hierarchy input process output
5.       A) Problem definition
6.       B) 1, 2 & 4
7.       A) System Development Life Cycle
8.       B) Terms of reference
9.       D) All A, B, C
10.   B) System Document
11.   A) as the first step ... DFD of a system
12.   D) All of the above
13.   C) Data Dictionary Systems
14.   C) Analysis Phase
15.   D) It is easier to ..... one large DFD
16.   A) Management Services Director
17.   A) Decision tables
18.   D) Probabilistic System
19.   D) 1-false, 2-false
20.   B) i, ii, iii

الثلاثاء، 27 نوفمبر 2012

Solved MCQ of System Analysis and Design Set-2


Q.1 ………… is a sort of blueprint of the system Development Effort.
A) MDP
B) DMP
C) MPD
D) DPM

Q. 2 Data store in a DFD represents.
A) a sequential file
B) a disk store
C) a repository of data
D) a random access memory


Q.3 …………… system consists of programs, data files and documentation
A) Conceptual
B) Logical
C) Physical
D) None of the above

Q.4 …………… is a good example of deterministic system.
A) Life cycle
B) Computer Program
C) Software Program
D) None of the above

Q.5 The main ingredient of the report documenting the ……………… is the cost benefit analysis.
A) System Analysis
B) Feasibility Study
C) System Analyst
D) System Design

Q.6  A data flow can
A) Only a data store
B) Only leave a data store
C) Enter or leave a data Store
D) Either enter or leave a data store but not both

Q.7  Changing the relationship with and services provided to customers in such a way that they will not think of changing suppliers is called ………….
A) Lock in customers
B) Lock out customers
C) Lock in competitors
D) Lock out competitors

Q.8  …………… can be defined as data that has been processed into a form that is meaningful to the recipient and is of real or perceived value in current or prospective decisions.
A) Information
B) Data collection
C) Internal data
D) Sample data

Q.9  Increased volume of sales is an example of ………….…. Benefit. Reduction of bad debts is an example of ………..
A) Tangible, Intangible
B) Tangible, Tangible
C) Intangible, Tangible
D) Intangible, Intangible

Q.10  A data cannot flow between a store and
i) a store              ii) a process        iii) an external entity

A) i and iii
B) i and ii
C) ii and iii
D) ii

Answers:
1.       A) MDP
2.       C) a repository of data
3.       C) Physical
4.       B) Computer Program
5.       B) Feasibility Study

6.       C) Enter or leave a data Store
7.       A) Lock in customers
8.       A) Information
9.       D) Intangible, Intangible
10.   A) i and iii

الأحد، 25 نوفمبر 2012

Solved MCQ of System Analysis and Design Set-1

Q. 1 …………………………. is an important factor of management information system.
A) System
B) Data
C) Process
D) All

Q.2  Which are the following is / are the level(s) of documentation?
A) Documentation for management
B) Documentation for user
C) Documentation for data processing department
D) All of the above


Q.3 ………………………….. level supply information to strategic tier for the use of top management.
A) Operational
B) Environmental
C) Competitive
D) Tactical

Q.4  In a DFD external entities are represented by a
A) Rectangle
B) Ellipse
C) Diamond shaped box
D) Circle
Q.5  …………… can be defined as data that has been processed into a form that is meaningful to the recipient and is of real or perceive value in current or prospective decisions.
A) System
B) Information
C) Technology
D) Service
Q.6 Use the new system as the same time as the old system to compare the results. This is known as ……
A) Procedure Writing
B) Simultaneous processing
C) Parallel Operation
D) File Conversion

Q.7 Decision making model was proposed by ………………….
A) Harry Goode
B) Herbert A Simon
C) Recon Michal
D) None of this

Q.8 A data flow can
A) Only emanate from an external entity
B) Only terminate in an external entity
C) May emanate and terminate in an external entity
D) May either emanate or terminate in an external entity but not both

Q. 9 …………… can be defined as most recent and perhaps the most comprehensive technique for solving computer problems.
A) System Analysis
B) System Data
C) System Procedure
D) System Record

Q.10 SDLC stands for
A) System Development Life Cycle
B) Structure Design Life Cycle
C) System Design Life Cycle
D) Structure development Life Cycle



Answers:
1.       A) System
2.       D) All of the above
3.       D) Tactical
4.       A) Rectangle
5.       B) Information

6.       C) Parallel Operation
7.       B) Herbert A Simon
8.       C) May emanate and ………entity
9.       A) System Analysis
10.   A) System Development Life Cycle

Relational Database Management System (RDBMS)

      A relational database management system (RDBMS) is a database management system (DBMS) that is based on relational model. It is the information that is stored database is related to import and export information each other. It acts as an interface between the user and the data. It ensures that the data is kept in a compact and consistent format, and allow the user to ask a wide range of questions about the data. A DBMS can be described by the view of the data it presents to the user.

 Key terms used in RDBMS
Query: A query is a small command or program given to a database system instructing it how to manipulate some data from a database.

Example: SELECT * FROM tbl_std;

Relation: A relational database consists of a set of two-dimensional tables termed relations. All the data in the database is contained entirely within such tables. Each relation in the database has a unique name so that it can be identified.

Example: An example of relation is shown here. It relates the names of the students and the marks obtained by them.

Students name
Mathematics
Science
Jems
88
67
Nikki
68
69
Ram
82
87


Domain: A column of data from such a relation is called a domain. Thus a domain represents a "vertical slice “of a relation. Each domain in a relation has a unique name. A domain is constrained to hold one particular type of data.
Example: Using example of the above relation, the domain Mathematics is shown here.

Mathematics
88
68
82

Attribute: An attribute refers to a property of a particular domain, for instance its name. Another attribute is the type of data stored within that domain.

Example: In the above example of domain, the name of domain “Mathematics” and the data type i.e. “integer” is the attribute of that domain.

Tuple: A single row from a relation is termed a tuple. A tuple represents a "horizontal slice" of a relation.

Example: An example of single tuple from the above relation is shown below.

Students name
Mathematics
Science
Jems
88
67


Field: A single atomic item of data is termed a field. A field is represented by the intersection of a specific tuple with a specific domain.

Example: An example of single field from the above relation is shown below.

Jems

Schema: Schema defines the structure of a relation which consists of a fixed set of attribute domain pair.

Instance: An instance of a relation is a time varying set of tuples where each tuple consists of attribute value pairs.

Candidate Key: A candidate key is a set of attribute that form a super key but no proper subset of which is a super key.

Primary Key: A primary key is a candidate key chosen by database designer to identify tuples in a relation.