New threats and attacks on the World Wide Web

Mannheim Univ.
IEEE Security and Privacy Magazine (Impact Factor: 0.96). 04/2006; DOI: 10.1109/MSP.2006.46
Source: IEEE Xplore

ABSTRACT Ten years ago, very few networks had a firewall; today, they're ubiquitous. The newest target is the workstation: client-side attacks have increased because direct attacks on servers aren't so easy any more. Moreover, as new defenses are raised, information flows are increasingly embedded into Web applications, making them extremely valuable as well, and, thus, the next target. This article describes some of these new threats

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Due to the impact of the rapid popularization of Internet and e-commerce, most organizations and enterprises take great effort to protect their information systems against malicious attacks and invasions. The firewall is the most familiar method among relevant technologies for Internet security. However, the firewall systems in use today are either application software or utilities running on the personal computers or network nodes. It is very inconvenient to implement and manage the conventional firewalls. In order to make the management and construction of them easier without disrupting the existing network topology, we implement an embedded and distributed firewall system to safeguard the Internet. In this way, we combine the functions of the firewall and a central security policy server into an embedded system, which can be realized as a network interface card.
    International Journal of Future Generation Communication and Networking. 04/2009;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Learning IT Security in a classroom setting has often been a frustrating endeavor for both instructors and students alike. From our experience, traditional instructional methods like direct instruction and lectures though widely used and effective in most other areas have significant shortcomings when applied in IT security learning. In this paper, we shall propose an alternative approach to learning and teaching IT Security called Honeynet Learning which uses the Honeynet as a tool and resource to augment both student and instructor learning. This approach will incorporate the learning concepts that we feel is important to promote learning in IT Security namely discovery, feedback and "real world" experience. Aside from this, we shall be illustrating an actual methodology built upon these concepts that can be applied in the typical IT Security course.
    SIGCSE Bulletin. 01/2006; 38:110-114.
  • Source


Available from