Application Security

BitLocker is an operating system-level extension to Vista that combines on-disk encryption and special key management techniques. The data and the operating system installation are both protected by two-factor authentication, specifically, a hardware key used in conjunction with a long passphrase.

An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications.

Polymorphic malware is harmful, destructive or intrusive computer software such as a virus, worm, Trojan or spyware that constantly changes (“morphs”), making it difficult to detect with anti-malware programs. Evolution of the malicious code can occur in a variety of ways such as filename changes, compression and encryption with variable keys.

SSI injection is a form of attack that can be used to compromise Web sites that contain SSI (server-side include) statements. An SSI is a variable value such as a “Last modified” date that a server can place in an HTML file. Before sending the file to the requestor, the server searches the file for CGI (common gateway interface) environment variables and inserts the appropriate values in the places where “include” statements appear. In SSI injection, the variable values are modified by an external hacker. This can allow the hacker to add, alter or delete HTML files on the server. It can also make it possible for the hacker to gain access to server resources.

Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other. In a network environment, the client authenticates the server and vice-versa. In this way, network users can be assured that they are doing business exclusively with legitimate entities and servers can be certain that all would-be users are attempting to gain access for legitimate purposes. Mutual authentication is gaining acceptance as a tool that can minimize the risk of online fraud in e-commerce.
Close Menu