Question:
Threats to Web security
Consider the following threats to Web security and describe how each is countered by a particular feature of SSL.
a. Man-in-the-middle attack: An attacker interposes during key exchange, acting as the client to the server and the server to the client.
b. Password sniffing: Passwords in TTP or other application traffic are eavesdropped.
c. IP spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
d. IP hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.
e. SYN flooding: An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the â??half-open connectionâ? around for a few minutes. Repeated SYN messages can clog the TCP module.