• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How does it work, being monitored by an eavesdropper?

 
Darya Akbari
Ranch Hand
Posts: 1855
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm reading the web app security chapter 12 from HFSJ and I wonder how it works being moitored by an eavesdropper in the sense of confidentiality and data integrity.

Can someone describe a scenario for an eavesdropper

Regards,
Darya
 
Mat Williams
Ranch Hand
Posts: 215
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Darya,

When you send information over the web what happens is that is bounces from computer to computer to computer to computer etc etc until it arrives at the destination.

At any one of the computers between where you are and the destination, someone may have put a program that listens for information passing through it and keeps a log of it. Then some nasty person reads that log, and if the information is not encrypted they can potentially gain access to private and confidential information. So there is the confidentiality component.

As for data integrity, it would also be possible to manipute the data as it goes through a computer on its way somewhere else. That is another nasty person may write a program that sits on a server and for every piece of information that goes throught it looks for the word Matthew and changes that to Wehttam. This is a silly example, but hopefully it gives you an idea.

Remember that for Data Integrity the information needs to be changed as it passes through, but for confidentiality, simply taking a log as it passes through, even if that log is not looked at straight away, is enough.

Mat
 
Darya Akbari
Ranch Hand
Posts: 1855
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mat,

thanks a lot for clarifying it .

Regards,
Darya
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic