Assignment No. 04 CS507- Information Systems Idea solution by admin dua waqar Vuaskari team www.vuasakri.

com
Question: A famous boutique in Lahore is going to launch a website to introduce online shopping facility for its customers. What kind of preventive measures can be adopted to save the website from the expected threats? Also explain the technique used to make your electronic documents (such as email, text files) secured? [10 marks] Answer: As organizations move more business processes online, protecting the confidentiality and privacy of the information used during these processes is essential. Because many automated processes rely on electronic documents that contain mission-critical, personal, and sensitive information, organizations must make significant investments to properly protect these documents. Stop the Hack and Secure Your Website in 10 Best Methods If you are a business owner, then you must know how important it is for you to have your own website. You can use it to be able to reach as many target customers as possible. After all, they are located in almost many parts of the world. You can display all your products and services in your website. But do you know that they can be a great area for hackers to play on? So how can you protect your website against hacking? 1. Protect your files with passwords. Surely, your website will contain scripts, database, and files that are not meant to be shared publicly but for perhaps the search engine bots. To avoid having anyone getting hold of them, it may be ideal to protect them with password. However, you have to make sure that these are very hard to decipher. This is because they can simply make use of password-

deciphering software. You can combine alphanumeric characters and exhaust all the character limits as much as possible. 2. Secure your e-mail address. There may be times when you will be receiving an e-mail address courtesy of your online business form. There are even others who will send a message directly into your mailbox. This may mean that spammers have got hold of your contact information perhaps in the Web or from someone else. To prevent this, you can make use of software that will split your e-mail address. It will then very hard for spamming software to read. You can also just add an E-mail Us link into your website or an image which can be clicked and allow your customers to send an e-mail right away. Theres no need to reveal the e-mail address. 3. Dont leave e-mail addresses anywhere. Perhaps youre thinking of marketing your website in forums and other public online networks. This is okay; however, you have to be very cautious. Hackers and spammers are very much interested of your e-mail address. You can make use of a bogus one, and simply add a link of your website in the signature. 4. Secure your source code. There are hackers who are interested in getting your source code to either destroy it or to build a website clone. Thats why it is very important that you can protect it against such individuals. You can make use of scripts that will allow your source code to remain hidden to Internet users. Or you can simply make use of external CSS sheets as well as files for Javascript. 5. Check for software patches. If you have been using some software in building or maintaining your website, make sure that you constantly update all of your files. This may be because the older ones can no longer protect your website from hackers and spammers. 6. Sign up for updates. Majority of the product and software updates may only be announced in their respective websites. This is to encourage their customers to continuously be up-to-date too of any new products that they are currently introducing into the market. To avoid the hassle, sign up using one secure e-mail address in all of their newsletters. If you receive any updates, make sure you take time in reading them.

7. Add a robot.txt. This is a special instruction you will give to search engines who may be visiting your webpages. You can instruct them to only index those files that are meant for users. You can also direct them to not index any that are only meant for webmasters. These may include files and images. 8. Check the permissions you may have set for your uploaded files. This is to prevent any hacker from getting access into your important and confidential files. You can confirm it by selecting CHMOD for your files located in the web hosting server. Otherwise, if you arent sure, then you can simply verify it from your webmaster. 9. Take away old or unnecessary files. Its normal for search engines to keep files from your website, especially if they are being indexed. However, if you remove them from the server, then no one can access them anymore. It will not be obtainable for hackers and spammers. 10. Know your server. Your server is very essential as you basically keep all of your files there, and it will cause your website to run smoothly. Intruders, on the other hand, can add virus or malware into your system, thereby causing damage into your website. If you are running it on your own, you must know your server properly. This way, you can set the right security and permission level for your site. How to provide persistent document security A signicantly more effective solution for protecting an electronic document is to assign security parameters that are an integral part of the document itself. The following criteria dene persistent document security: CondentialityWho should have access to the document? AuthorizationWhat permissions does the user have for working with the document? AccountabilityWhat has the recipient done with the document? IntegrityHow do you know if the document has been altered? AuthenticityHow do you know where the document came from? Non-repudiationCan the signatory deny signing the document? Access Controls

These controls establish the interface between the would-be user of the computer system and the computer itself. These controls monitor the initial handshaking procedure of the user with the operating system. For example when a customer enters the card and the pin code in an automatic teller machine (ATM), the access controls are exercised by the system to block unwanted or illegitimate access. The identity of the user needs to be established before granting access. The user should be given access to the nature and kind of resources he is entitled to access. Actions taken by users to have access beyond the limits defined should be blocked and recorded.

Cryptography In literal terms, cryptography means science of coded writing. It is a security safeguard to render information unintelligible if unauthorized individuals intercept the transmission. When the information is to be used, it can be decoded. The conversion of data into a secret code for the secure transmission over a public network is called cryptography.

Encryption & Decryption Cryptography primarily consists of two basic processes. These processes are explained through a diagram. Encryption the process of converting data into codes (cryptograms) Decryption the process of decoding the code arrived at data actually encrypted Access controls focus on the correct identification of the user seeking permission to access the system. There can be various sources of identifying and authenticating the user. What a user remembers name, birthdates, password What a user possesses badge, plastic card What a user is personal characteristics Biometrics Identification of an individual through unique physical characteristics is proving to be quite safe and secure for allowing access. The study of personal characteristics has been extensively used for identification purposes.

Most commonly, following personal physical characteristics are covered, Finger print Hand print Voice Print Facial profiling measuring distance between various points on face Iris/retinal recognition eye patterns