Data security generally suffers from packet sniffing. Sniffing attack begin when a computer is compromised to sharing some data or program. Cracker starts to install packet sniff into data that monitors the networks sniffer program to attack on network traffic, telnet, FTP, or rlogin sessions: session that legitimate user initiate to gain access to another system. The session contains the login ID, password and name of the person that are logging into other machines, all this type of necessary information a sniffer needs to login into machine.
Threats to message security fall into three categories:
Message confidentiality means when a message passes between client and the server on a public network, third parties can view and intercept this data. Confidentiality is important for user sensitive data such as credit card number. This requirement will be amplify when some other types of data such as employee records, government files and social security number, begin traversing the nature.
Content of transaction must be unmodified during transport. It must be clear that no one has added, delete or modified any part of the message. Error detection codes or checksum, sequence number, and various encryption techniques are methods to ensure integrity of information. Sequence number prevents recording, loss or replaying of message by an attacker. Encryption technique such as digital Signature can detect modification of a message.
Message Sender authentication:
It is important that clients authenticate themselves to servers and servers authenticate to clients in many e-commerce application. It means both the parties have to authenticate to each other. Authentication in e-commerce requires the users to prove his or her identify for each requested service. Third party authenticate services must exist within a distribution network environment where a sender cannot be trusted to identification itself correctly to a receiver. Digital certificate used for this purpose.
Mr Vinay Bhardwaj
Assistant Professor, MSIT