OpenSSL

Data storage on personal computers is inherently insecure as authentication and file access control are handled by the host operating system. These security provisions can be bypassed if another operating system is used on the same personal computer. To address this problem, file encryptors, disk encryptors and file system encryptors were developed, each with its drawbacks. By combining the strengths of file encryptors and file system encryptors, these drawbacks can be overcome. To achieve this, a user space file system library must be used. The file system must also have its own authentication and authorization routines to provide uniform access across multiple operating systems. This paper describes the design and development of such a file system for Linux using the FUSE library and the OpenSSL library. The design for this file system was mathematically modelled and formally verified using Alloy analyser. The file system requires the user to provide user name and password for authentication. Each file is encrypted using a separate key to provide security against cryptanalysis. This key is encrypted using the owner's private key to allow for change of ownership. The password is used to decrypt the user's private key. The developed file system was tested for authentication and access control successfully. The optimal performance of the file system was perceived at file sizes between 1 kilobyte and 256 megabytes. The performance degradation due to encryption was also measured and found to be within usable limits. This stackable file system can be used on all Unix clones that have FUSE and OpenSSL libraries.

Heartbleed, a big Open Secure Socket Layer (OpenSSL) vulnerability appeared on the web on 7th April 2014. This highly risked vulnerability enabled attackers to remotely read protected memory contents from Hyper Text Transfer Protocol
Secure (HTTPS) sites. In this paper, the authors will review
and analyze Heartbleed vulnerability effects on secured websites, a year later (April 2015). To accomplish this, we conducted an analysis on a dataset of 100 Italian public and private sector websites like banks, stock exchanges, Cloud Organizations and services on HTTPS websites, thereby obtained that only 1% of the websites show the vulnerability. However, new vulnerabilities as Padding Oracle on  Downgraded Legacy Encryption (POODLE) & Factoring Attack on RSA-Export Keys (FREAK) affect a lot of websites, particularly the websites used as point of accesses of Italian telematics process. We concluded the paper with the analysis of the Cloud risks that are very harmful for the Cloud customers as well as the Cloud venders due to Heartbleed attack

OpenSSL mainly used for cryptography library which provides execution of SSL and TSL in opensource. As we all know that OpenSSL is used by around 60% of web servers present in the world. In current time information system security implementation recommendation used to find out the threat or securities vulnerabilities on the basis of processes, users and infrastructure. Due to the presence of different types of threats, it is necessary to make different secure pieces of the information system. Due to the rise in complexity of IT system security the role of IT governance play a major role in the mechanism of IT governance. There are so many different IT frameworks nowadays mainly used to provide better and secure information system to the organizations. As we know that any framework of IT control framework is explained as “ A known system of control management which covers complete internal control of any organization. Normally there are three types of control framework according to the research of Nicho(2008). In this report, we will be analysis all the threats and analysis using diagrams and will be discussing how organization code of ethics and security policies does apply and what the security policies that organization should apply on their information system to mitigate the risks and important factors which can affect to your organization. Hackers create fake accounts in order to inflate clicks, likes, and shares on social media so as to manipulate the user to believe in a perception. Attackers usually use software to create a function to automatically spread malicious links. A kind of Operational threat that occurs when an entire system or a part of the system fails. Spyware as the name suggests spies on the user and collects account details such as username, passwords and sends it to the hackers. Use of Anti-Phishing tool can help a lot in mitigating this type of attack. Use of firewalls, keeping information masqued are some other preventive measures. Periodic system checkups must be performed so as to avoid system failures. Also, Errors must be clearly mitigated by personal alertness. The major concept behind the implementation of OpenSSL is to organize the information system security according to the needs of the users which going to fulfill the objectives of organization business.  Whereas when data passes over the network then it will be sent over the SSL. Here in this report, we are going to discuss OpenSSL, its type, encryption algorithms, learn different way through which attacker exploit the network and how to deal with it.

Data storage on personal computers is inherently insecure as authentication and file access control are handled by the host operating system. These security provisions can be bypassed if another operating system is used on the same personal computer. To address this problem, file encryptors, disk encryptors and file system encryptors were developed, each with its drawbacks. By combining the strengths of file encryptors and file system encryptors, these drawbacks can be overcome. To achieve this, a user space file system library must be used. The file system must also have its own authentication and authorization routines to provide uniform access across multiple operating systems. This paper describes the design and development of such a file system for Linux using the FUSE library and the OpenSSL library. The design for this file system was mathematically modelled and formally verified using Alloy analyser. The file system requires the user to provide user name and password for aut...