You are placing an order with an online retailer. To complete a purchase, your w

Question

You are placing an order with an online retailer. To complete a purchase, your web browser sends a single encrypted, authenticated message to the web site, consisting only of the following information: a) your credit card information, b) the item number and quantity being ordered.

A. Say an adversary is sitting between you and the retailer, with the ability to intercept traffic and send messages. Describe an attack the adversary could carry out to “max out” your credit card. What type of attack is this?

B. What could the retailer do to prevent this attack, simply by changing what data is sent in the single encrypted, authenticated message?

Explanation / Answer

DDOS attack:

DDOS attack means Distributed Denial Of Service attacks.we know that in todays world more number of websites and web based applications are increased in number and costs of attacks that specifically target the vulnerabilities of the systems.in this type of attacks firstly we should know about the category of DOS and DDOS attacks.they are most costly cyber crimes.

Here DOS is nothing but Denial Of Service attack.name it says that it renders a website unavailable to users.In this type of attack perpetrator(harmful man) use a single internet connection to do a software vulnerability or flood the target with fake requests and finally cause the site is made unavailable to the users.and prevent it from responding to requests from the legitimate users.

In the same way if the attack can cause from multiple conneted devices that are distributed across the internet,then it will be known as Distributed Denial of Service attack,or DDOS attack.

the retailer will take the following steps to prevent this type of attacks:

1.DDOS protection and mitigation service:

E-commerce sites should turn to cloud-based DDOS protection and should manage the DNS services.the cloud based approach will help to sharpen the operational costs even in the largest and most complex attacks.a managed cloud-based DNS hosting service can help deliver 100 percent DNS resolution.

make sure you or whoever is hosting your site is backing it up and has a disaster recovery plan."results from a recent study by carbonite revealed businesses have big gaps in their data backup plans putting them at risk for losing valuable information in the instance of power outrage ,hardware failure or even a virus",says David Friend,CEO of carbonite.

2.the person who is hosting your site is backing it up and has a disaster recovery plan.make sure your site is properly protected ,back it up regularly or make sure your hosting service is doing so.

3.perform regular PCI scans:performing regular quarterly PCI scans using some services lessen the risk that your E-commerce plaform is vulnerable to hacking attempts.

4.layer your security:just increase the layers of security to keep your business safe from cyber criminals.add extra layers of security to the website and applications such as contact forms ,login boxes and search queries.these methods will help your site protected from application level attacks namely SQL injections and cross-site scripting(XSS).

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.