You are placing an order with an online retailer. To complete a purchase, your w

Question

You are placing an order with an online retailer. To complete a purchase, your web browser sends a single encrypted, authenticated message to the web site, consisting only of the following information: a) your credit card information, b) the item number and quantity being ordered.

A. Say an adversary is sitting between you and the retailer, with the ability to intercept traffic and send messages. Describe an attack the adversary could carry out to “max out” your credit card. What type of attack is this?

B. What could the retailer do to prevent this attack, simply by changing what data is sent in the single encrypted, authenticated message?

Explanation / Answer

A. It is an DDOS attack, which means Distributed Denial of Service and targets the vulnerebilities of the system. Where the the websites and web based applications are increased and the cost of attacks also increased in targetting these systems.

Denial of Service - here the attacker use a single system or single internet connection to make the software vulnerability or targetting the system with the maximum fake requests and causing the site to be made available to the users and also avoiding the requests in responding from the authorised users.

With the help of this multiple connected devices are distributed across the internet which is called as DDOS.

B. Prevention steps

1. DDoS protection and mitigation service

2. Make sure about backup process and disaster recovery plan

3. Perform PCI scans regularly

4. Provide strong security layer

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.