Question

In: Computer Science

In class we discussed Transitive Trust. And we covered so many different types of attacks. Do...

In class we discussed Transitive Trust. And we covered so many different types of attacks. Do you think that there may be an attack on Trust? Explain your answer.

Solutions

Expert Solution

In the computer security, transitive trust refers to a two-way relationship which is automatically created between parent and child domains and it determines how much implied security trust Party A gives to Party B when acting on behalf of Party A to Party C. Party A expects Parties B and C to use the same security policies and effort as it would use itself in all instances. When a new domain is created, it shares resources with its parent domain by default, enabling an authenticated user to access resources in both the child and parent.

Most of the Internet's security is built around reputation and trust, for example, relying on certificates to encrypt and authenticate. Certificates rely on the exchange of public data keys, generated by top-secret private keys, to ensure safe communications. As the network security appliance sits between business computers and the Internet, this chain of trust is broken since all data must pass through it. The business uses this security appliance to intercept and scan all communications for IP misuse. This makes certificate verification quite impossible, because the device also has to decrypt and then re-encrypt secure transmissions. To do so it uses its own private keys, which are trusted by each of its protected computers, to replace the Internet site's identifying certificate with one provided by the security device. This security flaw also makes user-led client-side attacks more difficult to detect in the case of transitive trust.

Client-side attacks occur when a user download an image, open a link, install an update that will then run the malicious code in their machines. The client-side attacks require user interaction. Most firewalls are far more restrictive inbound compared to outbound; they were designed to mitigate server-side attacks originating from untrusted networks. But they often fail to prevent client-side attacks. Allows an attacker to execute scripts in the victim's web browser. This attack is used to intercept user sessions, deface websites, insert hostile content, conduct phishing attacks, and takes over the user's browser by using scripting malware. All web application frameworks are vulnerable to this exploit. The exploit typically uses HTML or JavaScript, but any scripting language, including VBScript, ActiveX, Java, or Flash, supported by the victim's browser is a potential target for this attack.

The following types of attacks are considered client-side attacks:

  • Content Spoofing
  • Cross-site scripting (XSS)

venereology answered 7 months ago
Next > < Previous

Related Solutions

At least three different types of influence the gating of ion channels. (a)What are the types discussed in class?
At least three different types of influence the gating of ion channels.  (a)What are the types discussed in class?  (b)Select on type and describe it using a specific example. You may use an example not covered in lecture/textbook.
Familiarize yourself with the different IT threats types discussed in the class by exploring relevant official...
Familiarize yourself with the different IT threats types discussed in the class by exploring relevant official websites on the internet to distinguish among them, and collect information about recent threats and attacks of each type. Q.2 Discuss the ethics of hiring well-known hackers to identify software security vulnerabilities before having the software released. Consider both pros and cons of such practice. Q.3 Design a security education program for a company employees to educate and motivate them to understand and follow...
In class, we discussed different ways to calculate the return or yield on a money market...
In class, we discussed different ways to calculate the return or yield on a money market financial instrument. We started with Holding Period Return (simple interest) and worked through Bank Discount Yield, Money Market 360-day Yield, Money Market 365-day Yield, and APY. (Formulae provided, below.) We showed that using the same inputs for current price and maturity value, you could get different answers for each quotation method. Explain the three issues behind why the quotation methods yield different results.            ...
We discussed four types of market failures in class. List two types of market failures, give...
We discussed four types of market failures in class. List two types of market failures, give an example of market or type of product for which this failure is likely to exist, give an example of a solution, and state whether it is an incentive compatible approach or a command-and-control approach.
San Jose State University has experienced many different types of assaults and attacks over the recent...
San Jose State University has experienced many different types of assaults and attacks over the recent years. Protecting students on campus day and night should be the main concern of the university. Risky Business believes that this is due to the poor lighting on campus to ensure that students feel safe. We believe that motion activated lighting on campus and in the parking garages will deter potential threats. Our project will dive into the scope baseline, project cost, and critical...
What is p53? Why do so many different types of cancer involve p53? What happens to...
What is p53? Why do so many different types of cancer involve p53? What happens to a cell that is carrying damaged DNA if both of its TP53 alleles become inactivated? What are the various functions of P53?
Given there are many tools to estimate benefits, of the three different methods we discussed in...
Given there are many tools to estimate benefits, of the three different methods we discussed in class (CVM, TCM, hedonic pricing), indicate: a. Which are revealed preference and which are stated preference methods? b. Which method would you use to capture existence/intrinsic value of, for example, an endangered species or an old growth forest? c. Which method would you use to evaluate the services provided by green spaces, recreational areas or national parks? d. Which method would you use to...
As we look at different types of writing in this class, there are standard skills that...
As we look at different types of writing in this class, there are standard skills that are transferable between papers. After doing your reading for this session, discuss at least two skills that are transferable whether writing a response paper, a literary analysis, an essay, or a research paper. How will you continue to develop these skills?
In the article Changing Minds that we discussed in class: 1) What made BP's turnaround so...
In the article Changing Minds that we discussed in class: 1) What made BP's turnaround so successful? 2) Why was "reengaging the work force so important? Draw on examples from what you learned in class so far this semester https://drive.google.com/file/d/1mq4VMFCnTZ0AwSc2T5uDveVdM1qq_z0W/view?ts=5aae7832
There are many types of attacks, that hackers will use to gain information or to get...
There are many types of attacks, that hackers will use to gain information or to get ​into a network. Name three types of attacks, what the attacks do and how the attackers use them to gain information or access to your networks.
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT