Win a copy of Rust Web Development this week in the Other Languages forum!

Isuru Samaraweera

Ranch Hand
+ Follow
since Jun 23, 2009
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Isuru Samaraweera

Hi All,

According to this article encrypting the transport layer increases the probability of a DOS attack?

http://defensesystems.com/Articles/2013/12/19/DOS-attacks-complexity.aspx?Page=2


See the excerpt

The Internet has also become more sensitive to privacy and security, which has lead to encryption technologies such as Secure Sockets Layer/Transport Layer Security to encrypt data transmitted across a network. While the data can be transported with confidence, the trade-off is that encrypted traffic requires extra processing power, which means a device encrypting traffic typically will be under a greater load and, therefore, will be unable to process as many requests, leaving the device more susceptible to a DoS attack.


Can some body assert this?

Thanks,
Isuru
Hi Rahul,
Thanks for the reply and it makes sense.

How about Denial of service attacks?Are you aware of any kind of DOS attack conducted simply because transport layer is not encrypted?

Or

Is it fair to say "Encrypting the transport layer prevents DOS attacks" ? Or there is no relationship at all.

Please explain

Thanks,
Isuru
Hi All,
Can somebody explain if there is relationship between encrypting the transport layer and session hijacking?

Does encrypting transport layer eliminate the vulnerability to session hijacking?

Thanks,
Isuru
Thanks Jeanne for the reply
Hi Ulf,
Thanks for the reply.Lets converge to Jaxws and Http as the solution and wrap this thread.

Many thanks for the input.

Thanks,
Isuru
Hi Ulf,

Enabling https definitely slow down the application call.So message level security+http should provide adequate security and better performance over jaxws + https.

Thanks,
Isuru
Hi All,

If B2B webservices integration has to be done asynchronously and securely Cant we only rely on JAXWS and HTTP assuming message level security is applied?

Or do we need to go for jaxWS and HTTPS to achieve both transport level and message level security?


As per my understanding you can reduce some overhead by only allowing message level security through Jaxws and Http.

Please clarify.

Thanks,
Isuru