Module 5

Module 5
Appication layer protocol

Domain Name System

The client/server programs can be divided into two categories: those that can be directly used by the
user, such as e-mail, and those that support other application programs. The Domain Name System
(DNS) is a supporting program that is used by other programs such as e-mail. The DNS client
program sends a request to a DNS server to map the e-mail address to the corresponding IP address.
Eg mgu.ac.in
NAME SPACE
The names assigned to machines must be carefully selected from a name space with complete
control over the binding between the names and IP addresses. In other words, the names must
be unique because the addresses are unique. A name space that maps each address to a unique
name can be organized in two ways: flat or hierarchical.
Flat Name Space
In a flat name space, a name is assigned to an address. A name in this space is a sequence of
characters without structure. The main disadvantage of a fiat name space is that it cannot be
used in a large system such as the Internet because it must be centrally controlled to avoid
ambiguity and duplication.
Hierarchical Name Space
In a hierarchical name space, each name is made of several parts. The first part can define the
nature of the organization, the second part can define the name of an organization, the third
part can define departments in the organization, and so on. In this case, the authority to assign
and control the name spaces can be decentralized. A central authority can assign the part of
the name that defines the nature of the organization and the name of the organization.

FILE TRANSFER
Transferring files from one computer to another is one of the most common tasks expected
from a networking or internetworking environment.
File Transfer Protocol (FTP)
It is the standard mechanism provided by TCP/IP for copying a file from one host to another.
FTP differs from other client/server applications in that it establishes two connections
between the hosts. One connection is used for data transfer, the other for control information
(commands and responses). Separation of commands and data transfer makes FTP more
efficient.
FTP uses two well-known TCP ports: Port 21 is used for the control connection, and port 20
is used for the data connection. The control connection remains connected during the entire
interactive FTP session. The data connection is opened and then closed for each file
transferred. It opens each time commands that involve transferring files are used, and it closes
when the file is transferred. In other words, when a user starts an FTP session, the control

1
 Module 5

connection opens. While the control connection is open, the data connection can be opened
and closed multiple times if several files are transferred.
SMTP
Simple Mail Transfer Protocol (SMTP) is the standard protocol for email services on a
TCP/IP network. SMTP provides the ability to send and receive email messages.
SMTP is an application-layer protocol that enables the transmission and delivery of email
over the Internet. SMTP is created and maintained by the Internet Engineering Task Force
(IETF).
SMTP Fundamentals

SMTP is an application layer protocol. The client who wants to send the mail opens a TCP
connection to the SMTP server and then sends the mail across the connection. The SMTP
server is always on listening mode. As soon as it listens for a TCP connection from any
client, the SMTP process initiates a connection on that port After successfully establishing
the TCP connection the client process sends the mail instantly.
SMTP Protocol
The SMTP model is of two type :
1. End-to- end method
2. Store-and- forward method
The end to end model is used to communicate between different organizations whereas the
store and forward method are used within an organization. A SMTP client who wants to send
the mail will contact the destination’s host SMTP directly in order to send the mail to the
destination. The SMTP server will keep the mail to itself until it is successfully copied to the
receiver’s SMTP.
HTTP
HTTP means HyperText Transfer Protocol. HTTP is the underlying protocol used by
the World Wide Web and this protocol defines how messages are formatted and transmitted,
and what actions Web servers and browsers should take in response to various commands.
For example, when you enter a URL in your browser, this actually sends an HTTP command
to the Web server directing it to fetch and transmit the requested Web page. The other main
standard that controls how the World Wide Web works is HTML, which covers how Web
pages are formatted and displayed.
Basic Features
There are three basic features that make HTTP a simple but powerful protocol:
 HTTP is connectionless: The HTTP client, i.e., a browser initiates an HTTP request
and after a request is made, the client waits for the response. The server processes the
request and sends a response back after which client disconnect the connection. So
client and server knows about each other during current request and response only.
Further requests are made on new connection like client and server are new to each
other.
 HTTP is media independent: It means, any type of data can be sent by HTTP as
long as both the client and the server know how to handle the data content. It is
required for the client as well as the server to specify the content type using
appropriate MIME-type.
 HTTP is stateless: As mentioned above, HTTP is connectionless and it is a direct
result of HTTP being a stateless protocol. The server and client are aware of each
other only during a current request. Afterwards, both of them forget about each
other. Due to this nature of the protocol, neither the client nor the browser can retain
information between different requests across the web pages.
Basic Architecture

2
 Module 5

The following diagram shows a very basic architecture of a web application and depicts
where HTTP sits:

Client
The HTTP client sends a request to the server in the form of a request method, URI, and
protocol version, followed by a MIME(Multipurpose Internet Mail Extinsion: an internet
standard for sending character and other type messages)-like message containing request
modifiers, client information, and possible body content over a TCP/IP connection.
Server
The HTTP server responds with a status line, including the message's protocol version and a
success or error code, followed by a MIME-like message containing server information,
entity meta information, and possible entity-body content.
NETWORK SECURITY
A threat is an act or object that poses a danger to computer assets. Threats can be classified into two :
 Physical threats Natural phenomena like earthquake,stome,electrical shutdown, theft etc.
 Logical threats  hacking, eavesdropping, phishing, personal/financial information piracy
etc.
Security threats & measures are classified into three:
1. Client level
2. Communication channel level
3. Server level
CLIENT THREATS AND SECURITY
E-commerce has to ensure the following customer security
1. Privacy
2. Integrity
3. Authentication
4. Non- repudiation
5. Fail proof
CLIENT THREATS
Client threats can be defined as any possible alterations of communication, processing and
analysis of communications, other than what is originally meant for at user’s level.
Several threats are:
1. Malicious code:any program that causes damage to the system. It can both affect server and
client.
2. Viruses A computer virus is a program designed to harm or cause harm on an infected
computer. Its spreads through e-mail attachments, portable devices, websites containing
malicious scripts and file downloads.
Types of viruses
Worm :- This program is very similar to a virus and has the ability to self-replicate leading
to negative effects on your computer.
Trojans:-Trojans can illegally trace important login details of users online.
Resident Viruses
This type of virus is a permanent which dwells in the RAM memory. From there it can
overcome and interrupt all of the operations executed by the system: corrupting files and
programs that are opened, closed, copied, renamed etc.

3
 Module 5

File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM
extension). When one of these programs is run, directly or indirectly, the virus is activated,
producing the damaging effects it is programmed to carry out.
Logic Bombs
They are not considered viruses because they do not replicate.Their objective is to destroy
data on the computer once certain conditions have been met. Logic bombs go undetected until
launched, and the results can be destructive.
Active content
Active content contains programs that trigger automatic actions on a Web page without the
user's knowledge or consent. Active content is also known as mobile code.
macro virus
A macro virus is a computer virus that "infects" a Microsoft Word or similar application and
causes a sequence of actions to be performed automatically when the application is started or
something else triggers it.
Client level security
1. Encryption
Encryption is the most effective way to achieve data security. The translation of data into a
secret code. To read an encrypted file, you must have access to a secret key or password that
enables you to decrypt it. Unencrypted data is called plain text , encrypted data is referred to
as cipher text.
There are two main types of encryption: asymmetric encryption (also called public-key
encryption) and symmetric encryption.
Symmetric encryption/ Private-key encryption
A cryptographic system that uses two keys -- a public key known to everyone and a private or
secret key known only to the recipient of the message. When John wants to send a secure
message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private
key to decrypt it.
An important element to the public key system is that the public and private keys are related
in such a way that only the public key can be used to encrypt messages and only the
corresponding private key can be used to decrypt them.
Asymmetric (or public-key) encryption
A type of encryption where the same key is used to encrypt and decrypt the message. This
differs from symmetric (or public-key) encryption, which uses one key to encrypt a message
and another to decrypt the message.
2. Digital certificate
In cryptography, a public key certificate (also known as a digital certificate or identity
certificate) is an electronic document used to prove ownership of a public key. The certificate
includes information about the key, information about its owner's identity, and the digital
signature of an entity that has verified the certificate's contents are correct
Communication channel threads
Secure communication is when two entities are communicating and do not want a third
party to listen in. For that they need to communicate in a way not susceptible to
eavesdropping .
Cyber security
Cyber security is the body of technologies, processes and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access.
Computer security or IT security, is the protection of information systems from theft or
damage to the hardware, the software, and to the information on them, as well as from
disruption or misdirection of the services they provide.
Security threats
Any act or object that poses a danger to computer assets is known as a threats. It can be
classified into two:

4
 Module 5

1. Passive threats à the monitoring and recording of data while the data are being
transmitted over a communication ,by an unauthorized user is called passive threats.
2. Active threatsà it involves the alteration of digital data or generation of spurious
data, by an attacker.
Another classification of security threats
 Tricking the shopper: It is also known as social engineering techniques, some are easiest
and most profitable attacks are based on tricking the shopper . These attacks involve surveillance
of the shopper's correlated tasks, collecting information to use against the shopper.
For eg. The attacker may contact the shopper pretending to be a representative from a site visited
and extract information. Phishing is the common method of tricking.
 Snooping the shopper's computer
Millions of computers are added to the Internet every month. Most users' knowledge of security
vulnerabilities of their systems is vague at best. Additionally, software and hardware vendors, in
their quest to ensure that their products are easy to install, will ship products with security
features disabled. In most cases, enabling security features requires a non - technical user to read
manuals written for the technologist. The confused user does not attempt to enable the security
features. This creates a treasure trove for attackers.
 Sniffing the network
In this scheme, the attacker monitors the data between the shopper's computer and the server. He
collects data about the shopper or steals personal information, such as credit card numbers. There
are points in the network where this attack is more practical than others.
 Phishing
Phishing is a fraudulent attempt, usually made through email, to steal your personal information.
The act of sending an email to a user, falsely claiming to be an established legitimate enterprise in
an attempt to scan the user into surrendering private information that will be used for identity
theft.
Phishing email will typically direct the user to visit a website where they are asked to update
personal information, such as a password, credit card, social security, or bank account numbers,
that the legitimate organization already has. The website, however, is bogus and will capture and
steal any information the user enters on the page.
 Guessing passwords
Another common attack is to guess a user's password. This style of attack is manual or automated.
Manual attacks are laborious, and only successful if the attacker knows something about the
shopper. For example, if the shopper uses their child's name as the password. Automated attacks
have a higher likelihood of success, because the probability of guessing a user ID/password
becomes more significant as the number of tries increases. Tools exist that use all the words in
the dictionary to test user ID/password combinations, or that attack popular user ID/password
combinations. The attacker can automate to go against multiple sites at one time.
 Using known server bugs :
The attacker analyzes the site to find what types of software are used on the site. He then proceeds
to find what patches were issued for the software. Additionally, he searches on how to exploit a
system without the patch. He proceeds to try each of the exploits. The sophisticated attacker finds
a weakness in a similar type of software, and tries to use that to exploit the system. This is a
simple, but effective attack.
 Denial of service attacks(DOS) :
It is one of the most common malicious attacks on a communication network. This type of attack
is designed to bring down a network by flooding it with unnecessary traffic. Although a DoS
attack does not usually result in the theft of information or other security loss, it can cost the
target person or company a great deal of time and money. Typically, the loss of service is the
inability of a particular network service, such as e-mail, to be available or the temporary loss of
all network connectivity and services. A denial of service attack can also destroy programming
and files in affected computer systems. In some cases, DoS attacks have forced Web sites
accessed by millions of people to temporarily cease operation.
 Using server root exploits

5
 Module 5

Root exploits refer to techniques that gain super user access to the server. This is the most coveted
type of exploit because the possibilities are limitless. When you attack a shopper or his computer,
you can only affect one individual. With a root exploit, you gain control of the merchants and all
the shoppers' information on the site.
SERVER LEVEL THREATS & SECURITY
Server is a system that responds to requests across a computer network to provide or help to
provide a network services. E- Commerce servers are a vital component that runs the entire
virtual store. It plays a vital role in the interaction between the electronic merchant and the
online shopper. So the security threats and measures to be taken at server level to ensure
smooth functioning of E-Commerce.
Server Security Threats
A person who may access to the server might attack the following server programs :-
 The web server and its software.
 Backend programs like database
 Common Gateway Interface(CGI) program
 Other utility programs
Different threats
1. Database threats: Database is used to store data on tabular form in computer. It hold valuable
information, attack on them are particularly troubling. Database that fail to store
username/password in a secure manner or fail to enforce privileges can be attacked. During an
attack, information may be moved to a less protected level of the database, giving full attack.
The theft of confidential, technological information results in damage to a customer or client.
2. CGI threats: CGI implements the transfer of information from a Web server to another
program. Defective or malicious CGI scripts that are used in web servers can access or
destroy sensitive information.
3. Buffer overflow: Buffer is an area of memory set aside to hold data read from a file or
database. Buffer is needed for storing information at the time of input/output operation.
Buffer overflow can be either from a faulty program or as part of an attack which result in a
computer crash.
Server Security measures
Highly effective security measures are needed when it comes to the server.
1. Access Control & authentication: Who is responsible to control and for what purpose they
access to the server should be checked. Authentication to web server is done by digital
certificate and signature.
2. Security level: Web server running on most machines can be set to run at various
privilege levels. This privilege fixes the accessibility of information in the server. The
highest one allows access to any part of the system, including sensitive’s areas.
3. Username and passwords: Username are stored in clear text and passwords are encrypted
text. When you enter the password, it is encrypted and compared with the passwords in
the server. We can prevent the access of certain system files and folders by providing
privilege to the user.
4. Firewalls: A computer firewall is a software program that prevents unauthorized
access to or from a private network. Firewalls are tools that can be used to
enhance the security of computers connected to a network, such as LAN or the
Internet. They are an integral part of a comprehensive security framework for your
network.
Firewall
Firewalls absolutely isolates your computer from the Internet using a “wall of
code” that inspects each individual “packet” of data as it arrives at either side of
the firewall — inbound to or outbound from your computer — to determine
whether it should be allowed to pass or be blocked.

Types of firewall:

6
 Module 5

A firewall is normally placed between the network gateway and server

1. Inside firewall: network and machines that are inside the company is protected by
this.
2. Outside firewall: protects the access between the company’s network and the external
network.
Functions of firewalls
 Protects from external insecure networks and service.
 Protection of vulnerable services.
 Controlled access to internal and intranet
 Usage statistics on network and even alarms if suspicious activity is noticed.
 Ensure internet work security and privacy.
Component of firewall:
 Network policy. Network access to a service can be allowed or denied. How it
is possible and the condition for exception from this policy.
 Advanced authentication mechanisms. Smart cards, authentication tokens etc.
 Packet filtering. Filtering of data packets on the basis of source IP, destination IP
etc.
 Application gateways. These are software application to forward and filter
connections for services such as Telnet and FTP.
Cryptography
Cryptography is a method of protecting information and communications through the use of
codes so that only those for whom the information is intended can read and process it. The
pre-fix "crypt" means "hidden" or "vault" and the suffix "graphy" stands for "writing."
The word "cryptography" is derived from the Greek kryptos, meaning hidden. The origin of
cryptography is usually dated from about 2000 B.C.,

In computer science, cryptography refers to secure information and communication

techniques derived from mathematical concepts and a set of rule-based calculations called
algorithms to transform messages in ways that are hard to decipher. These deterministic
algorithms are used for cryptographic key generation and digital signing and verification to
protect data privacy, web browsing on the internet and confidential communications such as
credit card transactions and email.

Cryptography techniques
Cryptography is closely related to the disciplines of cryptology and cryptanalysis. It includes
techniques such as microdots, merging words with images, and other ways to hide
information in storage or transit. However, in today's computer-centric world, cryptography
is most often associated with scrambling plaintext (ordinary text, sometimes referred to as
cleartext) into ciphertext (a process called encryption), then back again (known as
decryption). Individuals who practice this field are known as cryptographers.
Modern cryptography concerns itself with the following four objectives:
1. Confidentiality: the information cannot be understood by anyone for whom it was
unintended
2. Integrity: the information cannot be altered in storage or transit between sender and
intended receiver without the alteration being detected
3. Non-repudiation: the creator/sender of the information cannot deny at a later stage his or
her intentions in the creation or transmission of the information
4. Authentication: the sender and receiver can confirm each other's identity and the
origin/destination of the information
Procedures and protocols that meet some or all of the above criteria are known as
cryptosystems. Cryptosystems are often thought to refer only to mathematical procedures and

7
 Module 5

computer programs; however, they also include the regulation of human behavior, such as
choosing hard-to-guess passwords, logging off unused systems, and not discussing sensitive
procedures with outsiders.

Types of Cryptography

Cryptography is further classified into three different categories:

 Symmetric Key Cryptography (Private/Secret Key Cryptography)
 Asymmetric Key Cryptography (Public Key Cryptography)
 Hash Function
Symmetric Key Cryptography

Symmetric key cryptography is a type of cryptography in which the single common key is
used by both sender and receiver for the purpose of encryption and decryption of a
message. This system is also called private or secret key cryptography and AES
(Advanced Encryption System) is the most widely uses symmetric key cryptography.
The symmetric key system has one major drawback that the two parties must somehow
exchange the key in a secure way as there is only one single key for encryption as well as
decryption process.

Asymmetric Key Cryptography

Asymmetric Key Cryptography is completely different and a more secure approach than
symmetric key cryptography. In this system, every user uses two keys or a pair of keys
(private key and public key) for encryption and decryption process. Private key is kept as
a secret with every user and public key is distributed over the network so if anyone wants
to send message to any user can use those public keys.
Either of the key can be used to encrypt the message and the one left is used for
decryption purpose. Asymmetric key cryptography is also known as public key
cryptography and is more secure than symmetric key. RSA is the most popular and
widely used asymmetric algorithm.
Hash function

8
 Module 5

A Hash function is a cryptography algorithm that takes input of arbitrary length and gives
the output in fixed length. The hash function is also considered as a mathematical
equation that takes seed (numeric input) and produces the output that is called hash or
message digest. This system operates in one-way manner and does not require any key.
Also, it is considered as the building blocks of modern cryptography.
The hash functions works in a way that it operates on two blocks of fixed length binary
data and then generate a hash code. There are different rounds of hashing functions and
each round takes an input of combination of most recent block and the output of the last
round.