Web Security

Web security refers to the protection of data as it travels across the

internet or within a network. It plays a vital role in safeguarding
websites, web applications, and the servers they run on from malicious
attacks, data breaches, and unauthorized access. With cyberattacks
becoming more sophisticated and frequent, ensuring strong web security is
more critical than ever.
According to recent studies, over 85% of websites are vulnerable to at
least one form of attack, highlighting the urgent need for robust security
measures.

Web Security?
Web security is about keeping websites, servers, users, and devices safe
from cyberattacks that come through the internet. These attacks can
include things like viruses, fake emails (phishing), and other harmful
activities that can steal or leak important information.
To stay protected, web security uses different tools and methods, such as
firewalls, systems that block suspicious activity, filters that block
dangerous websites, and antivirus software. It also covers the security
of Web Apps, APIs, and cloud systems to keep everything running safely
online.
For example- when you are transferring data between client and web
server and you have to protect that data, that security of data is your web
security.

Best Practices for Securing Your Website

 Keep Software Updated: Regularly update all software to fix known
vulnerabilities and prevent exploits by hackers.
 Beware of SQL Injection: Prevent attackers from injecting malicious
queries into your database by using parameterized queries and input
validation.
 Prevent Cross-Site Scripting (XSS): Sanitize user input to block
scripts that could run in users’ browsers and steal sensitive data.
 Limit Error Messages: Avoid exposing system details in error
messages. Keep messages generic to prevent attackers from gaining
insight.
 Validate User Input: Perform input validation on both client and
server sides to block malformed or malicious data.
 Use Strong Passwords: Enforce complex password policies to protect
against brute-force attacks—include uppercase, lowercase, numbers,
and symbols.
 Implement HTTPS: Secure your website with HTTPS to encrypt data
during transmission and prevent interception.
 Enable Two-Factor Authentication (2FA): Add an extra layer of
security by requiring a second form of verification beyond a password.
 Access Control: Restrict access based on user roles and use the
principle of least privilege to minimize risk.
 Monitor and Log Activity: Keep logs of access and actions on your
site to detect suspicious behavior and audit breaches.
 Use Modern and Secure Tech Stacks: Build websites using updated
and secure frameworks like the MEAN
stack (MongoDB, [Link], Angular,[Link]) for better performance,
scalability, and built-in security features.
Major Cyber Threats Impacting Web Security
The internet is a powerful tool, but it also opens the door to serious
security threats. From ransomware attacks to phishing scams, staying
informed is the first step to staying protected.
 Ransomware
 SQL Injection
 Phishing
 Viruses and worms
 Spyware
 Cross-site scripting (XSS)
 Code Injection
 Denial of Service
Note: If you want to more learn about Cybersecurity Threats
then check out our Top 10 Cybersecurtiy Threats 2025.

Latest Trends in Web Security

In today’s digital landscape, cybersecurity is evolving rapidly to counter
increasingly advanced threats. Cybercriminals are growing smarter by the
day, leading to a rise in data breaches through phishing attacks,
ransomware, social engineering, and IoT-based threats. These attacks can
result in serious consequences, including financial loss, reputational
damage, and legal implications.
As a result, it has become crucial for both individuals and organizations to
stay up-to-date with the latest cybersecurity technologies. Proactively
adapting by implementing smarter technologies, stronger access controls,
and improved development practices is essential. These modern
approaches help prevent cyberattacks, safeguard sensitive data, ensure user
safety, and maintain the integrity of business operations.
Here are some of the key trends shaping the future of web security.
 AI and Machine Learning in Cybersecurity: Use smart algorithms to
quickly detect and respond to threats in real time.
 Zero Trust Security Model: Never automatically trust; always verify
every user and device before granting access.
 Secure DevOps (DevSecOps): Build security into every step of
software development to catch issues early.
 IoT Security: Protect connected devices to prevent them from becoming
weak points in the network.
Top Web Security Tools for Developers and Security
Experts
To effectively protect web applications, it’s important to use the right tools
and resources. These tools help identify security issues, defend against
attacks, and improve overall system safety. Whether you're a developer,
tester, or security professional, the following resources can support strong
web security practices.
 OWASP ZAP: A free, open-source tool used to find security flaws in
web applications.
 Burp Suite: A powerful platform for analyzing and testing web
application security.
 Cloudflare: Offers protection against DDoS attacks and enhances
performance with CDN services.
 SSL Labs: Evaluates the security of your SSL/TLS setup and provides
a detailed report.
 Snyk: Detects vulnerabilities in open-source libraries and helps fix
them quickly.

Comparison of Top Web Security Tools

Secure Socket Layer (SSL)
SSL or Secure Sockets Layer, is an Internet security protocol that encrypts
data to keep it safe. It was created by Netscape in 1995 to ensure privacy,
authentication, and data integrity in online communications. SSL is the
older version of what we now call TLS (Transport Layer Security).
Websites using SSL/TLS have "HTTPS" in their URL instead of "HTTP."

Working of SSL
 Encryption: SSL encrypts data transmitted over the web, ensuring
privacy. If someone intercepts the data, they will see only a jumble of
characters that is nearly impossible to decode.
 Authentication: SSL starts an authentication process called a
handshake between two devices to confirm their identities, making sure
both parties are who they claim to be.
 Data Integrity: SSL digitally signs data to ensure it hasn't been
tampered with, verifying that the data received is exactly what was sent
by the sender.
Importance of SSL
Originally, data on the web was transmitted in plaintext, making it easy for
anyone who intercepted the message to read it. For example, if someone
logged into their email account, their username and password would travel
across the Internet unprotected.
SSL was created to solve this problem and protect user privacy. By
encrypting data between a user and a web server, SSL ensures that anyone
who intercepts the data sees only a scrambled mess of characters. This
keeps the user's login credentials safe, visible only to the email service.
Additionally, SSL helps prevent cyber attacks by:
 Authenticating Web Servers: Ensuring that users are connecting to the
legitimate website, not a fake one set up by attackers.
 Preventing Data Tampering: Acting like a tamper-proof seal, SSL
ensures that the data sent and received hasn't been altered during transit.
Secure Socket Layer Protocols
1. SSL Record Protocol
2. Handshake Protocol
3. Change-Cipher Spec Protocol
4. Alert Protocol
SSL Record Protocol

SSL Record provides two services to SSL connection.

 Confidentiality
 Message Integrity
In the SSL Record Protocol application data is divided into fragments. The
fragment is compressed and then encrypted MAC (Message Authentication
Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5
(Message Digest) is appended. After that encryption of the data is done and
in last SSL header is appended to the data.

Handshake Protocol
Handshake Protocol is used to establish sessions. This protocol allows the
client and server to authenticate each other by sending a series of messages
to each other. Handshake protocol uses four phases to complete its cycle.
 Phase-1: In Phase-1 both Client and Server send hello-packets to each
other. In this IP session, cipher suite and protocol version are
exchanged for security purposes.
 Phase-2: Server sends it certificate and Server-key-exchange. The
server end phase-2 by sending the Server-hello-end packet.
 Phase-3: In this phase, Client replies to the server by sending it
certificate and Client-exchange-key.
 Phase-4: In Phase-4 Change Cipher Spec occurs and after this the
Handshake Protocol ends.

SSL
Handshake Protocol Phases diagrammatic representation

Change-Cipher Protocol

This protocol uses the SSL record protocol. Unless Handshake Protocol is
completed, the SSL record Output will be in a pending state. After the
handshake protocol, the Pending state is converted into the current state.
Change-cipher protocol consists of a single message which is 1 byte in
length and can have only one value. This protocol's purpose is to cause the
pending state to be copied into the current state.
Alert Protocol

This protocol is used to convey SSL-related alerts to the peer entity. Each
message in this protocol contains 2 bytes.

The level is further classified into two parts:

Warning (level = 1)
This Alert has no impact on the connection between sender and
receiver. Some of them are:
 Bad Certificate: When the received certificate is corrupt.
 No Certificate: When an appropriate certificate is not available.
 Certificate Expired: When a certificate has expired.
 Certificate Unknown: When some other unspecified issue arose in
processing the certificate, rendering it unacceptable.
 Close Notify: It notifies that the sender will no longer send any
messages in the connection.
 Unsupported Certificate: The type of certificate received is not
supported.
 Certificate Revoked: The certificate received is in revocation list.
Fatal Error (level = 2):
This Alert breaks the connection between sender and receiver. The
connection will be stopped, cannot be resumed but can be restarted. Some
of them are :
 Handshake Failure: When the sender is unable to negotiate an
acceptable set of security parameters given the options available.
 Decompression Failure: When the decompression function receives
improper input.
 Illegal Parameters: When a field is out of range or inconsistent with
other fields.
 Bad Record MAC: When an incorrect MAC was received.
 Unexpected Message: When an inappropriate message is received.
The second byte in the Alert protocol describes the error.

Salient Features of Secure Socket Layer

 The advantage of this approach is that the service can be tailored to the
specific needs of the given application.
 Secure Socket Layer was originated by Netscape.
 SSL is designed to make use of TCP to provide reliable end-to-end
secure service.
 This is a two-layered protocol.
Versions of SSL
SSL 1 - Never released due to high insecurity
SSL 2 - Released in 1995
SSL 3 - Released in 1996
TLS 1.0 - Released in 1999
TLS 1.1 - Released in 2006
TLS 1.2 - Released in 2008
TLS 1.3 - Released in 2018

SSL Certificate
SSL (Secure Sockets Layer) certificate is a digital certificate used to secure
and verify the identity of a website or an online service. The certificate is
issued by a trusted third-party called a Certificate Authority (CA), who
verifies the identity of the website or service before issuing the certificate.
The SSL certificate has several important characteristics that make it a
reliable solution for securing online transactions :
 Encryption: The SSL certificate uses encryption algorithms to secure
the communication between the website or service and its users. This
ensures that the sensitive information, such as login credentials and
credit card information, is protected from being intercepted and read by
unauthorized parties.
 Authentication: The SSL certificate verifies the identity of the website
or service, ensuring that users are communicating with the intended
party and not with an impostor. This provides assurance to users that
their information is being transmitted to a trusted entity.
 Integrity: The SSL certificate uses message authentication codes
(MACs) to detect any tampering with the data during transmission. This
ensures that the data being transmitted is not modified in any way,
preserving its integrity.
 Non-repudiation: SSL certificates provide non-repudiation of data,
meaning that the recipient of the data cannot deny having received it.
This is important in situations where the authenticity of the information
needs to be established, such as in e-commerce transactions.
 Public-key cryptography: SSL certificates use public-key
cryptography for secure key exchange between the client and server.
This allows the client and server to securely exchange encryption keys,
ensuring that the encrypted information can only be decrypted by the
intended recipient.
 Session management: SSL certificates allow for the management of
secure sessions, allowing for the resumption of secure sessions after
interruption. This helps to reduce the overhead of establishing a new
secure connection each time a user accesses a website or service.
 Certificates issued by trusted CAs: SSL certificates are issued by
trusted CAs, who are responsible for verifying the identity of the
website or service before issuing the certificate. This provides a high
level of trust and assurance to users that the website or service they are
communicating with is authentic and trustworthy.
In addition to these key characteristics, SSL certificates also come in
various levels of validation, including Domain Validation (DV),
Organization Validation (OV), and Extended Validation (EV). The level of
validation determines the amount of information that is verified by the CA
before issuing the certificate, with EV certificates providing the highest
level of assurance and trust to users. For more information about SSL
certificates for each Validation level type, please refer to Namecheap.
Overall, the SSL certificate is an important component of online security,
providing encryption, authentication, integrity, non-repudiation, and other
key features that ensure the secure and reliable transmission of sensitive
information over the internet.

Types of SSL Certificates

There are different types of SSL certificates, each suited for different needs:
 Single-Domain SSL Certificate: This type covers only one specific
domain. A domain is the name of a website, like
[Link]. For instance, if you have a single-domain SSL
certificate for [Link], it won't cover any other
domains or subdomains.
 Wildcard SSL Certificate: Similar to a single-domain certificate, but it
also covers all subdomains of a single domain. For example, if you
have a wildcard certificate for *.[Link], it would cover
[Link], [Link], and any other
subdomain under [Link].
 Multi-Domain SSL Certificate: This type can secure multiple
unrelated domains within a single certificate.
These certificates vary in scope and flexibility, allowing website owners to
choose the appropriate level of security coverage based on their needs.
SSL certificates have different validation levels, which determine how
thoroughly a business or organization is vetted:
 Domain Validation (DV): This is the simplest and least expensive
level. To get a DV certificate, a business just needs to prove it owns the
domain (like [Link]).
 Organization Validation (OV): This involves a more hands-on
verification process. The Certificate Authority (CA) directly contacts
the organization to confirm its identity before issuing the certificate.
OV certificates provide more assurance to users about the legitimacy of
the organization.
 Extended Validation (EV): This is the most rigorous level of
validation. It requires a comprehensive background check of the
organization to ensure it's legitimate and trustworthy. EV certificates
are recognized by the green address bar in web browsers, indicating the
highest level of security and trustworthiness.
These validation levels help users understand the level of security and trust
they can expect when visiting websites secured with SSL certificates.

Are SSL and TLS the Same thing?

SSL is the direct predecessor of TLS (Transport Layer Security). In 1999,
the Internet Engineering Task Force (IETF) proposed an update to SSL.
Since this update was developed by the IETF without Netscape's
involvement, the name was changed to TLS. The changes between the last
version of SSL (3.0) and the first version of TLS were not significant; the
name change mainly signified new ownership.
Because SSL and TLS are so similar, people often use the terms
interchangeably. Some still call it SSL, while others use "SSL/TLS
encryption" since SSL is still widely recognized.

Check SSL Version

SSL (Secure Sockets Layer) hasn't been updated since SSL 3.0 back in
1996 and is now considered outdated. It has known vulnerabilities, so
security experts advise against using it. Most modern web browsers no
longer support SSL.
TLS (Transport Layer Security) is the current encryption protocol used
online. Despite this, many still refer to it as "SSL encryption," causing
confusion when people look for security solutions. Nowadays, any vendor
offering "SSL" is likely providing TLS protection, which has been the
standard for over 20 years. The term "SSL protection" is still used widely
on product pages because many users still search for I
Secure Electronic Transaction (SET) Protocol
Secure Electronic Transaction or SET is a security protocol designed
to ensure the security and integrity of electronic transactions conducted
using credit cards. Unlike a payment system, SET operates as a security
protocol applied to those payments. It uses different encryption and
hashing techniques to secure payments over the internet done through
credit cards. The SET protocol was supported in development by major
organizations like Visa, Mastercard, and Microsoft which provided its
Secure Transaction Technology (STT), and Netscape which provided
the technology of Secure Socket Layer (SSL).

SET protocol restricts the revealing of credit card details to merchants

thus keeping hackers and thieves at bay. The SET protocol includes
Certification Authorities for making use of standard Digital Certificates
like X.509 Certificate.
Before discussing SET further, let's see a general scenario of electronic
transactions, which includes client, payment gateway, client financial
institution, merchant, and merchant financial institution.

Requirements in SET: The SET protocol has some requirements to

meet, some of the important requirements are:
 It has to provide mutual authentication i.e., customer (or cardholder)
authentication by confirming if the customer is an intended user or
not, and merchant authentication.
 It has to keep the PI (Payment Information) and OI (Order
Information) confidential by appropriate encryptions.
 It has to be resistive against message modifications i.e., no changes
should be allowed in the content being transmitted.
 SET also needs to provide interoperability and make use of the best
security mechanisms.
Participants in SET: In the general scenario of online transactions,
SET includes similar participants:
[Link] - customer
[Link] - customer financial institution
[Link]
[Link] - Merchant financial
[Link] authority - Authority that follows certain standards and
issues certificates(like X.509V3) to all other participants.
SET functionalities:
 Provide Authentication
o Merchant Authentication - To prevent theft, SET allows
customers to check previous relationships between merchants and
financial institutions. Standard X.509V3 certificates are used for
this verification.
o Customer / Cardholder Authentication - SET checks if the use of
a credit card is done by an authorized user or not using X.509V3
certificates.
 Provide Message Confidentiality: Confidentiality refers to
preventing unintended people from reading the message being
transferred. SET implements confidentiality by using encryption
techniques. Traditionally DES is used for encryption purposes.
 Provide Message Integrity: SET doesn't allow message
modification with the help of signatures. Messages are protected
against unauthorized modification using RSA digital signatures with
SHA-1 and some using HMAC with SHA-1,
Dual Signature: The dual signature is a concept introduced with SET,
which aims at connecting two information pieces meant for two
different receivers :
Order Information (OI) for merchant
Payment Information (PI) for bank
You might think sending them separately is an easy and more secure
way, but sending them in a connected form resolves any future dispute
possible. Here is the generation of dual signature:
Where,

PI stands for payment information

OI stands for order information
PIMD stands for Payment Information Message Digest
OIMD stands for Order Information Message Digest
POMD stands for Payment Order Message Digest
H stands for Hashing
E stands for public key encryption
KPc is customer's private key
|| stands for append operation
Dual signature, DS= E(KPc, [H(H(PI)||H(OI))])
Purchase Request Generation: The process of purchase request
generation requires three inputs:
 Payment Information (PI)
 Dual Signature
 Order Information Message Digest (OIMD)
The purchase request is generated as follows:
Here,
PI, OIMD, OI all have the same meanings as before.
The new things are :
EP which is symmetric key encryption
Ks is a temporary symmetric key
KUbank is public key of bank
CA is Cardholder or customer Certificate
Digital Envelope = E(KUbank, Ks)
Purchase Request Validation on Merchant Side: The Merchant
verifies by comparing POMD generated through PIMD hashing with
POMD generated through decryption of Dual Signature as follows:

Since we used Customer's private key in encryption here we use KUC

which is the public key of the customer or cardholder for decryption 'D'.
Payment Authorization and Payment Capture: Payment
authorization as the name suggests is the authorization of payment
information by the merchant which ensures payment will be received by
the merchant. Payment capture is the process by which a merchant
receives payment which includes again generating some request blocks
to gateway and payment gateway in turn issues payment to the merchant.
The disadvantages of Secure Electronic Exchange: At the point when
SET was first presented in 1996 by the SET consortium (Visa,
Mastercard, Microsoft, Verisign, and so forth), being generally taken on
inside the following couple of years was normal. Industry specialists
additionally anticipated that it would immediately turn into the key
empowering influence of worldwide internet business. Notwithstanding,
this didn't exactly occur because of a few serious weaknesses in the
convention.
The security properties of SET are better than SSL and the more current
TLS, especially in their capacity to forestall web based business
extortion. Be that as it may, the greatest downside of SET is its intricacy.
SET requires the two clients and traders to introduce extraordinary
programming - - card perusers and advanced wallets - - implying that
exchange members needed to finish more jobs to carry out SET. This
intricacy likewise dialed back the speed of web based business
exchanges. SSL and TLS don't have such issues.
System Security
The security of a computer system is a crucial task. It is a process of ensuring the
confidentiality and integrity of the OS. Security is one of most important as well as
the major task in order to keep all the threats or other malicious tasks or attacks or
program away from the computer's software system.
A system is said to be secure if its resources are used and accessed as intended
under all the circumstances, but no system can guarantee absolute security from
several of various malicious threats and unauthorized access.

The security of a system can be threatened via two violations:

 Threat: A program that has the potential to cause serious damage to the system.
 Attack: An attempt to break security and make unauthorized use of an asset.
Security violations affecting the system can be categorized as malicious and
accidental threats. Malicious threats, as the name suggests are a kind of harmful
computer code or web script designed to create system vulnerabilities leading to
back doors and security breaches. Accidental Threats, on the other hand, are
comparatively easier to be protected against. Example: Denial of Service DDoS
attack.

Security can be compromised via any of the breaches mentioned:

 Breach of confidentiality: This type of violation involves the unauthorized
reading of data.
 Breach of integrity: This violation involves unauthorized modification of data.
 Breach of availability: It involves unauthorized destruction of data.
 Theft of service: It involves the unauthorized use of resources.
 Denial of service: It involves preventing legitimate use of the system. As
mentioned before, such attacks can be accidental in nature.
Security System Goal:
Henceforth, based on the above breaches, the following security goals are aimed:
1. Integrity:
The objects in the system mustn't be accessed by any unauthorized user & any
user not having sufficient rights should not be allowed to modify the important
system files and resources.
2. Secrecy:
The objects of the system must be accessible only to a limited number of
authorized users. Not everyone should be able to view the system files.
3. Availability:
All the resources of the system must be accessible to all the authorized users i.e.
only one user/process should not have the right to hog all the system resources.
If such kind of situation occurs, denial of service could happen. In this kind of
situation, malware might hog the resources for itself & thus preventing the
legitimate processes from accessing the system resources.
Threats can be classified into the following two categories:
1. Program Threats:
A program was written by a cracker to hijack the security or to change the
behavior of a normal process. In other words, if a user program is altered and
further made to perform some malicious unwanted tasks, then it is known as
Program Threats.
2. System Threats:
These threats involve the abuse of system services. They strive to create a
situation in which operating-system resources and user files are misused. They
are also used as a medium to launch program threats.
Types of Program Threats:

1. Virus:
An infamous threat, known most widely. It is a self-replicating and malicious
thread that attaches itself to a system file and then rapidly replicates itself,
modifying and destroying essential files leading to a system breakdown.

Further, Types of computer viruses can be described briefly as follows:

- file/parasitic - appends itself to a file
- boot/memory - infects the boot sector
- macro - written in a high-level language like VB and affects MS Office files
- source code - searches and modifies source codes
- polymorphic - changes in copying each time
- encrypted - encrypted virus + decrypting code
- stealth - avoids detection by modifying parts of the system that can be used to
detect it, like the read system
call
- tunneling - installs itself in the interrupt service routines and device drivers
- multipartite - infects multiple parts of the system

2. Trojan Horse:
A code segment that misuses its environment is called a Trojan Horse. They
seem to be attractive and harmless cover programs but are really harmful hidden
programs that can be used as the virus carrier. In one of the versions of Trojan,
the User is fooled to enter confidential login details on an application. Those
details are stolen by a login emulator and can be further used as a way of
information breaches. One of the major as well as a serious threat or
consequences of the Trojan horse is that it will actually perform proper damage
once installed or run on the computer's system but at first, a glance will appear
to be useful software and later turns out to be maliciously unwanted one.

Another variance is Spyware, Spyware accompanies a program that the user has
chosen to install and download ads to display on the user's system, thereby
 creating pop-up browser windows and when certain sites are visited by the user,
it captures essential information and sends it over to the remote server. Such
attacks are also known as Convert Channels.

3. Trap Door:
The designer of a program or system might leave a hole in the software that only
he is capable of using, the Trap Door works on similar principles. Trap Doors
are quite difficult to detect as to analyze them, one needs to go through the
source code of all the components of the system. In other words, if we may have
to define a trap door then it would be like, a trap door is actually a kind of a
secret entry point into a running or static program that actually allows anyone to
gain access to any system without going through the usual security access
procedures.

4. Logic Bomb:
A program that initiates a security attack only under a specific situation. To be
very precise, a logic bomb is actually the most malicious program which is
inserted intentionally into the computer system and that is triggered or functions
when specific conditions have been met for it to work.
5. Worm:
A computer worm is a type of malware
that replicates itself and infects other computers while remaining active on
affected systems. A computer worm replicates itself in order to infect machines
that aren't already infested. It frequently accomplishes this by taking advantage
of components of an operating system that are automatic and unnoticed by the
user. Worms are frequently overlooked until their uncontrolled replication
depletes system resources, slowing or stopping other activities.
Types of System Threats -
Aside from the program threats, various system threats are also endangering the
security of our system:
1. Worm:
An infection program that spreads through networks. Unlike a virus, they target
mainly LANs. A computer affected by a worm attacks the target system and writes a
small program "hook" on it. This hook is further used to copy the worm to the target
computer. This process repeats recursively, and soon enough all the systems of the
LAN are affected. It uses the spawn mechanism to duplicate itself. The worm
spawns copies of itself, using up a majority of system resources and also locking out
all other processes.

The basic functionality of the worm can be represented as:

2. Port Scanning:
It is a means by which the cracker identifies the vulnerabilities of the system to
attack. It is an automated process that involves creating a TCP/IP connection to a
specific port. To protect the identity of the attacker, port scanning attacks are
launched from Zombie Systems, that is systems that were previously independent
systems that are also serving their owners while being used for such notorious
purposes.
3. Denial of Service:
Such attacks aren't aimed for the purpose of collecting information or destroying
system files. Rather, they are used for disrupting the legitimate use of a system or
facility.
These attacks are generally network-based. They fall into two categories:
- Attacks in this first category use so many system resources that no useful work can
be performed.

For example, downloading a file from a website that proceeds to use all available
CPU time.
- Attacks in the second category involve disrupting the network of the facility.
These attacks are a result of the abuse of some fundamental TCP/IP principles.
the fundamental functionality of TCP/IP.

Security Measures Taken -

To protect the system, Security measures can be taken at the following levels:
 Physical:
The sites containing computer systems must be physically secured against armed
and malicious intruders. The workstations must be carefully protected.
 Human:
Only appropriate users must have the authorization to access the system.
Phishing(collecting confidential information) and Dumpster Diving(collecting
basic information so as to gain unauthorized access) must be avoided.
 Operating system:
The system must protect itself from accidental or purposeful security breaches.
 Networking System:
Almost all of the information is shared between different systems via a network.
Intercepting these data could be just as harmful as breaking into a computer.
Henceforth, Network should be properly secured against such attacks.