Network Security Project Report
Network Security Project Report Introduction The user saves their confidential data on web application on the basis of secure server. The server plays the trust maker in the case of web application. The unauthorized access to the website can misplace the trust of user. By which means data can be leaked from the server and actually there are lots of techniques in which theft can be performed on user data. As the with the technology the related issues are also increased. The server software can be exploiting by vulnerability. The database administrator manages the data in their best way. There has one question is arrived that if there are so much risk then how website prototype application and client-server architect is secure? So the answer is there is risk but that can be resolvable by implement some technology and proper awareness. The first step towards the data security is to store data only encryption whether it is related to user or other entity of the web application. It is promissory approach in securing user data and it ensures nobody can read or see user sensitive information from the server even after the server is hacked by the intruders or attackers. Because decryption key couldn’t be hacked by intruders if it accessing the server. In the current scenario, most of the web applications use the encryption of user data. Our application is privacy conscious. Any web application in client-server architecture generally faces issues one is functionality, efficiency and security. Security elapsed if there is compromised server which can affect indirectly client side code. The server needs to be not to interfere too much with the application. If the website provides data sharing between users than it must be develop with more security and awareness about the feature. It is crucial function, because sharing is complex issue in the implementation of security. This issue can be resolved using encryption of shared documents and document must be share via server. Network Security Project represents the way of building secure web application, in which the data will be stored in encrypted way on the server. It is the need of time that every application has to be protecting data in its own way, without solely depends on the server. But part of server requires to be fulfilling the minimum security criteria. The current influence in the web application lies to send data in JavaScript. Previously it was done using HTML. The sensitive data must be encrypted with the password and that password share with the other user. Another thing to consider is sometimes the attacked server can be victim of cheating in key distribution and management. There are many techniques and functions that can be implemented to protect data confidentiality. Now we will discuss about approached used for developing web applications, securing websites with un trusted servers and working on data that is saved in encrypted form.
Security of web application The first approach implements in website or web application security is to prevention from vulnerabilities. The vulnerability can have the many cause like bugs or present flaws present in the source code of the application. The last known vulnerability was found in the secure socket layer, is known as Heart bleed. SSL provides the security in terms of digital security. in simple words it ensures that user is connected to secure channel. These can be removing by the static assessment of the code. There is one thing more that is necessary to know that is catching of policy violations. It is done during the run time. The removal of these flaws is mandatory because the server compromised these types of security issues. There are many techniques which can be implemented to reduce the vulnerability for example the code written in JavaScript challenges the vulnerability for corrupting the application else it cannot able to draw the error in the application. If there is issue present in client side code, then there requires encryption. The new generation browser also provides security for the user database information. The browser encrypts the data when they send data to insecure server. Browser identified about the server on their defined algorithm and website code. But browser’s encryption is very simple; it only saves data from the online threats. it cannot tackle active attacks.
Case study to understand encryption- decryption in web application Let us consider example of Drop box. It is tool for storing files, media on the cloud and can be accessible from anywhere. The data encryption end to end and local decryption has been done in most application similar it. When a user connect once with the Drop box, it synchronies the all data and transfer it over in the encrypted connection. The encrypted connection requires so, user data will not be interfered by intruders. Drop box stores all the information in the encrypted form. The encrypted data is secured and locked to provide the security. This data is visible for the user, because use has the key to that virtual lock. Drop box also keeps the key to manage user files on their server. They manage user data in encrypted form. Drop box keeps the key for any surveillance or other law related issue, but technically it has private key to access the encrypted
information. When the user wants to download or view the file, Drop box uses the private key of user to decrypt the data for user system. This methodology is local encryption and decryption. It is also known as end to end decryption. In this methodology data is decrypted at the end user screen. Take the same example for the email scenario in which the email is sent in encrypted from the source and decrypted at the user system. The email service provider and the transmission cannot decrypted or view this message. This case study helps in the development of the secure system in which user data is saved in database in encrypt form and when user access that data, it is visible to it in decrypted format. (Howtogeek.com, 2015)
What is encryption? Encryption is done with the various mathematical operations on the data. It results the alternative form of data. The sequence in which operations applied on the data is called algorithm. The general form of data is known as plain text and the operated form of data is called cipher text. Encryption ensures the security of information. Even the intruder’s hack the information cannot able to get its right mean. The vice versa process on cipher text is known as the data decryption.
There are two types of encryption algorithms on the basis of key. One is public key and second is symmetric key algorithm. Public key algorithm is also known as asymmetric key algorithm. Algorithm design principles-The idea is block encryption algorithm that capable of works on plain text of 64-bit with the length of 128 bit. The concept is mixing operations from different algebraic groups. Symmetric encryption- In this encryption methodology, single key is used for the encryption and decryption. In other words, encryption key is analyzed from the decryption key. Generally the both keys are identical for many cases. Symmetric key algorithm works in two ways. First is known as stream algorithm which works on single bit at a time. The other is block algorithm which works on group of bits. Identical key has one drawback that if the hackers get the key in transmission then it can decrypt and modify the key Asymmetric encryption-In this methodology, two keys is used. Public key used for encrypt the data that’s why it is known as public key encryption and private key used for the decrypt the data. It is more secure compare to symmetric key. In the web application the user data has been encrypted using public key and when user request for data, private key is sent to decrypt the data at user end. Transparent Data encryption – For the encryption of database of web application, transparent data encryption is used. For further security, log files of database are also encrypted. It is
methodology not technology. In this data encryption key (DEK) is used. DEK stored in the master database of the web application. It helps in the data recovery. Transparent data encryption is a perfect way of securing application database. In this methodology data is encrypt before it save in disk and decrypt on the user end. The encryption and decryption process has performed at the SQL layer of database. The SQL layer makes the database transparent for the application and database.
Database-level encryptionThis type of encrypted is performed for the user privacy. It ensures that the data which is stored will be saving in secure form thus no other can able to see the user credentials. This encryption is the part of the database design. In the database level encryption, encryption can be implemented to the selective fields only like particular table or particular row or column in database. Encryption of database may process some changes in the application development. It depends on the approach applied for the Database and encryption integration. It is always better to use full encryption rather than selective encryption for this purpose. Selective encryption doesn’t impact at the table level but may impact at the row and column approach.
Basically the security of encrypted data relies on three things which are applied encryption algorithm, encryption key size and its protection level. The AES advance encryption standard is termed as strong algorithm of encryption. It can be decrypted if the protection level chosen is inappropriate. For the database encryption, protection level plays important role because there is repetitive pattern i.e. common attributes value and identity. For the database context, database algorithm must be adequate. It matters because volume of data, updates and mutual attributes are part of database.
Key Management
The term key management is way through which generated cryptographic keys are managed. The key based cryptography protects the data as per the keys. The access restrictions and locations of keys also matters. In the case of database the key management is easy because the keys can be managed in restricted database table. The concept of master key lies here. All the cryptography keys will be managed by a single master key. Key management allows administrators to access the encrypt database. With this privileged accessibility, it can decrypt any user’ data. Thus to manage user privacy and resolve this problem, hardware security module is used. Hardware security module is cryptographic chipsets which are resist tamper. HSM stored encryption keys. Practically the encryption keys are stored by master key and the master key stored in the HSM. When local encryption or decryption performed, the keys are transformed by HSM dynamically. After the transformation, HSM cleans the server memory. The database management system also kept security module, by which user authentication and privilege for encrypt and decryption has been performed. Suppose a case where database is accessed by two authorities respectively DBA (Database administrator) and SA (system administrator). If there is conspiracy between them, the HSM will not disclose the encrypted keys to anybody. The database server memory is hardly exploited by the intruders.
Full document https://goo.gl/Pu6KZi Website: www.ozassignmenthelp.com.au Mail: help@ozassignmenthelp.com.au Contact No: +61-410 355 834, +61-450 214 312