A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Shrivastava, S. C.
- A Frame Work for Code Injection Attack Investigation in Windows Environment
Authors
1 Department of Computer Science and Engineering, Maulana Azad National Institute of Technology, IN
Source
Networking and Communication Engineering, Vol 2, No 7 (2010), Pagination: 188-194Abstract
Cyber crime committed in web environment is assuming gargantuan proportion. Code injection attack is a type of multi step attack carried out by the suspicious user via entering vulnerable code into the web form or address bar of web browser. An attacker may post an interesting message by injecting malicious JavaScript code through browser entry point which gets stored into vulnerable web site. When a novice end user views the interesting posted message on vulnerable web site containing vulnerable code, his browser executes the malicious script, and his webpage containing session cookies redirected to attacker zone. Investigating Code Injection attacks at the attacker’s environment is a tedious job as the attacker may tamper the evidence after conducting the attack from his environment. In this paper possible Code Injection Attacks in windows environment are presented and new framework is proposed to investigate code injection attack efficiently, which captures attacker’s activities at server side instead of attacker’s environment.
Keywords
Cyber Forensic, Evidence Gathering, Input Attack, Web Server Log.
- Improving SSL Server Performance While Preventing DOS Attack Using Reverse SSL with Client Puzzle
Authors
1 Maulana Azad National Institute of Technology, Bhopal (M.P.), IN
2 Maulana Azad National Institute of Technology, Bhopal (M.P.), IN
Source
Networking and Communication Engineering, Vol 1, No 5 (2009), Pagination: 228-233Abstract
Secure communication is an intrinsic requirement of today’s world of on-line transactions. SSL and its variant TLS are most widely acceptable protocol to create secure connection between the client/server communicating applications. Although SSL provides confidentiality, integrity of data and authentication of the communicating parties but imposes overhead on web server to perform costly cryptographic operations. Therefore it degrades the secure server performance compare to an insecure web server. Moreover an attacker can take dvantage of this overhead and can run automated scripts to generate bulk of requests, each request requires server to perform some costly computation therefore cause denial of service attack on server. So DOS makes highly desirable to improve performance of the SSL handshakes. This paper focuses on Reverse SSL approach with client puzzle to improve server performance.Reverse SSL is an extension of SSL that alleviate the performance cost at server by exchanging role of client and server. Reverse SSL combined the client puzzle to prevent DOS attack. The purpose of paper is to show how the Reverse SSL with client puzzle can be implemented using openssl library and how it improves server performance while preventing the DOS attack.