Professional Documents
Culture Documents
Vishing
Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone
in an attempt to scam the user into surrendering private information that will be used for identity
theft.
Baiting
As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity.
They lure users into a trap that steals their personal information or inflicts their systems with
malware.
Pretexting
Here an attacker obtains information through a series of cleverly crafted lies. The scam is often
initiated by a perpetrator pretending to need sensitive information from a victim so as to perform
a critical task.
The attacker usually starts by establishing trust with their victim by impersonating co-workers,
police, bank and tax officials, or other persons who have right-to-know authority. The pretexter
asks questions that are ostensibly required to confirm the victim’s identity, through which they
gather important personal data.
Pentesting.
sniffing
Sniffing is a process of monitoring and capturing all data packets passing through given network.
Sniffers are used by network/system administrator to monitor and troubleshoot network traffic.
Attackers use sniffers to capture data packets containing sensitive information such as password,
account information etc. Sniffers can be hardware or software installed in the system. By placing
a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze
all of the network traffic.
Pretexting
Pretexting, the human equivalent of phishing, is when a hacker creates a false sense of trust
between themselves and the end user by impersonating a co-worker or a figure of authority well
known to an end user in order to gain access to login information. An example of this type of
scam is an email to an employee from what appears to be the head of IT Support or a chat
message from an investigator who claims to be performing a corporate audit.
Similar to baiting, quid pro quo involves a hacker requesting the exchange of critical data or
login credentials in exchange for a service. For example, an end user might receive a phone call
from the hacker who, posed as a technology expert, offers free IT assistance or technology
improvements in exchange for login credentials. Another common example is a hacker, posed as
a researcher, asks for access to the company’s network as part of an experiment in exchange for
£100. If an offer sounds too good to be true, it probably is quid pro quo.
Non-Repudiation
Non-repudiation means to ensure that a transferred message has been sent and received by the
parties claiming to have sent and received the message. Nonrepudiation is a way to guarantee
that the sender of a message cannot later deny having sent the message and that the recipient
cannot deny having received the message.
Digital signatures- function as a unique identifier for an individual, much like a written signature.
Confirmation services -- the message transfer agent can create digital receipts to indicated that
messages were sent and/or received.
Timestamps - Timestamps contain the date and time a document was composed and proves that a
document existed at a certain time.
Spoofing
2. Discuss the OSI Model in relation to computer security. Indicate the threats
associated with every later and how to mitigate them.
The first layer of the OSI model is related to the physical devices that run a network – power
boxes, routers and modems, endpoints, et-cetera. Attackers targeting this layer could cause a
disruption of service through power interruption, disconnection, physical damage, or outright
theft.
To protect this layer, employ security staff, video and audio surveillance, and access control.
The Data Link Layer
The data link layer is responsible for managing the packets of information that are sent across a
physical network. Designed for functionality and practicality before security, there are multiple
protocols in this layer that are vulnerable – and since it’s often neglected when seeing to
information security, the layer’s a prime target. Some modes of attack you’ll need to guard
against include MAC address spoofing, VLAN circumvention, and ARP Cache Poisoning.
To protect this layer, filter MAC addresses, don’t rely solely on VLANs for security, and make
sure any wireless applications have encryption and authentication baked in.
The network layer is probably the layer you’ve already done the most work securing, as controls
at this layer include routing policy, firewalls, and ARP/broadcast monitoring.
To protect, just make sure you’re not reliant upon addressing for resource identification, and that
you’re aware of attempts to spoof any IP addresses or network routes.
The transport layer is a bit unusual in that it communicates directly with lower layers in the OSI
model, ensuring the reliable transmission of data streams between them. The Transport Control
Protocol and the User Datagram Protocol are both essential components of this layer – and they
can also be used by an attacker to infiltrate or block off your network.
Ensure your firewall has rules to limit specific transmission protocols and that you’re regularly
monitoring said firewall is essential.
The session layer manages communication between endpoints. It comprises the protocols
responsible for handling network sessions – like the network layer, there’s a good chance you’ve
at least a few security controls in place at this level.
Password encryption, authentication protocols, and limitation on brute-forcing attempts are all
security measures you’ll want in place here to protect against spoofing, information leakage, and
session hijacking.
The Presentation Layer
The presentation layer is basically what it sounds like – it ‘presents’ information to the user at an
endpoint, transferring data between the application layer (the layer at which the user interacts)
and the other network layers.
Savvy users can abuse Unicode vulnerabilities at this level to break into your network, and
someone looking to deny service can make an attack through making unexpected input.
Separation of user input and program control is essential, and constant sanity checks are a must.
The application layer includes features such as the GUI and high-level application functions. It’s
the most open-ended of all the layers, and hence the most difficult to protect – especially with the
advent of SaaS applications on mobile devices.
Sandboxing. This ensures that potentially-vulnerable applications don’t have access to sensitive
data.
Malware scans. Ransomware is on the rise, and malicious software remains one of the chief
modes of attack by cyber-criminals.
Hashing is the practice of using an algorithm to map data of any size to a fixed length.
Whereas encryption is a two-way function, hashing is a one-way function.
Salting is a concept that typically pertains to password hashing. Essentially, it’s a unique
value that can be added to the end of the password to create a different hash value. This
adds a layer of security to the hashing process, specifically against brute force attacks.
(9
Marks)
6. Discuss the concept “granularity” in authorization with the terms fine and coarse
granularity in mind. (6 Marks)
Granularity in authorization means the level of details used to put on authorization rules
for evaluating a decision to grant or deny the access.
Fine grain granularity is where if business needs require more details regarding end
user/actor, current environment conditions (time, date) etc. to grant the access then it is
more granular and fine-grained authorization.
The access is governed on the basis of role associated to the user and not based on any
other user specific details or environmental conditions etc. As per above rules the user
with appropriate roles can access the resource irrespective of any other conditions.
Use 1 Allow the subject to use the object without modifying the object
Dynamic Modes:
Grant 1 Allow the subject to grant any static access mode to any other subject.
Revoke 1 Allow the subject to revoke a granted static access mode from a subject
Delegate 2 Allow the subject to grant the grant privilege to other subjects.
How It works.
A client node sends a SYN data packet over an IP network to a server on the same or an external
network. The objective of this packet is to ask/infer if the server is open for new connections.
The target server must have open ports that can accept and initiate new connections. When the
server receives the SYN packet from the client node, it responds and returns a confirmation
receipt – the ACK packet or SYN/ACK packet.
The client node receives the SYN/ACK from the server and responds with an ACK packet.
Upon completion of this process, the connection is created and the host and server can
communicate.
Client Server
SYNC
SYN-ACK
ACK
Time Time
d. Computational,
Also called practical security. Measures the amount of computational effort
required to defeat a system using the best-known attacks.
e. Adhoc Security.
Also known as heuristic security. This is where a variety of convincing arguments
that every successful attack requires more resources than the ones available to an
attacker.
–Unforeseen attacks remain a threat.