Question

You have recently joined Star Technical Solutions as an information security officer.
The company has been using SSL in a business-to-business environment for a
number of years. Despite the fact that there have been no compromises in security,
you want to use another protocol which offers stronger security than SSL. Which
protocol is similar to SSL but offers stronger security? Justify your answer by
comparing the features of SSL and your proposed protocol in a tabular form.

b) One of your friends is concerned that attackers could be exploiting a vulnerability in
software to gain access to resources that the user normally would be restricted from
accessing. In this regard he/she has asked for your help. Identify the type of attack
for which your friend is worried and propose a solution.

Answer 1

The Answer is TLS(Transport Layer Security), the protocol which is similar to SSL but provides more security.

SSL	TLS
Secure Socket Layer	Transport Layer Security.
Used in the verification of complex certificates.	Used in the verification of simple certificates.
Ad hoe Message Authentication.	Standard message Authentication.
SSL is less secured as compared to TLS.	TLS is more secure as compared to SSL. But still, it is vulnerable to attacks like BEAST and POODLE.
It has no certificate Alert Message.	It replaces the alert message with several other alert messages.

b) Privilege Escalation is the type of attack where attackers may exploit the vulnerability in the software in order to gain access to resources that the user is often denied access to.

Remedial solutions are as follows:

i) Try to use different and secure passwords and change them from time to time to avoid hacking or attacks.

ii) Maintain two-factor authentication especially using sensitive data in software.

iii) Store sensitive data on the server-side rather than on the client-side.

iv) Keep the plan in tracts or updated.

v) Encrypt the information to be sent to the server-side and secure it with a digital signature.

THUMBS UP IF YOU LIKE IT !