1.

Explain the meaning of the following terms: -

Vishing

Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone
in an attempt to scam the user into surrendering private information that will be used for identity
theft.

Baiting

As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity.
They lure users into a trap that steals their personal information or inflicts their systems with
malware.

Pretexting

Here an attacker obtains information through a series of cleverly crafted lies. The scam is often
initiated by a perpetrator pretending to need sensitive information from a victim so as to perform
a critical task.

The attacker usually starts by establishing trust with their victim by impersonating co-workers,
police, bank and tax officials, or other persons who have right-to-know authority. The pretexter
asks questions that are ostensibly required to confirm the victim’s identity, through which they
gather important personal data.

Pentesting.

A penetration test, colloquially known as a pen test, is an authorized simulated cyber-attack on a

computer system, performed to evaluate the security of the system.[1][2] The test is performed to
identify both weaknesses (also referred to as vulnerabilities), including the potential for
unauthorized parties to gain access to the system's features and data,[3][4] as well as strengths,
[5] enabling a full risk assessment to be completed.

sniffing

Sniffing is a process of monitoring and capturing all data packets passing through given network.
Sniffers are used by network/system administrator to monitor and troubleshoot network traffic.
Attackers use sniffers to capture data packets containing sensitive information such as password,
account information etc. Sniffers can be hardware or software installed in the system. By placing
a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze
all of the network traffic.

Pretexting

Pretexting, the human equivalent of phishing, is when a hacker creates a false sense of trust
between themselves and the end user by impersonating a co-worker or a figure of authority well
known to an end user in order to gain access to login information. An example of this type of
scam is an email to an employee from what appears to be the head of IT Support or a chat
message from an investigator who claims to be performing a corporate audit.

Quid Pro Quo

Similar to baiting, quid pro quo involves a hacker requesting the exchange of critical data or
login credentials in exchange for a service. For example, an end user might receive a phone call
from the hacker who, posed as a technology expert, offers free IT assistance or technology
improvements in exchange for login credentials. Another common example is a hacker, posed as
a researcher, asks for access to the company’s network as part of an experiment in exchange for
£100. If an offer sounds too good to be true, it probably is quid pro quo.

Piggybacking: Piggybacking, also called tailgating, is when an unauthorized person physically

follows an authorized person into a restricted corporate area or system. One tried-and-true
method of piggybacking is when a hacker calls out to an employee to hold a door open for them
as they’ve forgotten their RFID card. Another method involves a person asking an employee to
“borrow” his or her laptop for a few minutes, during which the criminal is able to quickly install
malicious software.

Tailgating also called Piggybacking.

This when an unauthorized person physically follows an authorized person into a restricted
corporate area or system. One tried-and-true method of piggybacking is when a hacker calls out
to an employee to hold a door open for them as they’ve forgotten their RFID card. Another
method involves a person asking an employee to “borrow” his or her laptop for a few minutes,
during which the criminal is able to quickly install malicious software.

ROC curve (Receiver operating characteristic curve)

It is a graph showing the performance of a classification model at all classification thresholds.

The curve plots two parameters: -
 i. True positive rate
ii. False positive rate.

Non-Repudiation

Non-repudiation means to ensure that a transferred message has been sent and received by the
parties claiming to have sent and received the message. Nonrepudiation is a way to guarantee
that the sender of a message cannot later deny having sent the message and that the recipient
cannot deny having received the message.

Nonrepudiation can be obtained through the use of:

Digital signatures- function as a unique identifier for an individual, much like a written signature.

Confirmation services -- the message transfer agent can create digital receipts to indicated that
messages were sent and/or received.

Timestamps - Timestamps contain the date and time a document was composed and proves that a
document existed at a certain time.

Spoofing

Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from

an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in
communication mechanisms that lack a high level of security

2. Discuss the OSI Model in relation to computer security. Indicate the threats
associated with every later and how to mitigate them.

The Physical Layer

The first layer of the OSI model is related to the physical devices that run a network – power
boxes, routers and modems, endpoints, et-cetera. Attackers targeting this layer could cause a
disruption of service through power interruption, disconnection, physical damage, or outright
theft.

To protect this layer, employ security staff, video and audio surveillance, and access control.
The Data Link Layer

The data link layer is responsible for managing the packets of information that are sent across a
physical network. Designed for functionality and practicality before security, there are multiple
protocols in this layer that are vulnerable – and since it’s often neglected when seeing to
information security, the layer’s a prime target. Some modes of attack you’ll need to guard
against include MAC address spoofing, VLAN circumvention, and ARP Cache Poisoning.

To protect this layer, filter MAC addresses, don’t rely solely on VLANs for security, and make
sure any wireless applications have encryption and authentication baked in.

The Network Layer

The network layer is probably the layer you’ve already done the most work securing, as controls
at this layer include routing policy, firewalls, and ARP/broadcast monitoring.

To protect, just make sure you’re not reliant upon addressing for resource identification, and that
you’re aware of attempts to spoof any IP addresses or network routes.

The Transport Layer

The transport layer is a bit unusual in that it communicates directly with lower layers in the OSI
model, ensuring the reliable transmission of data streams between them. The Transport Control
Protocol and the User Datagram Protocol are both essential components of this layer – and they
can also be used by an attacker to infiltrate or block off your network.

Ensure your firewall has rules to limit specific transmission protocols and that you’re regularly
monitoring said firewall is essential.

The Session Layer

The session layer manages communication between endpoints. It comprises the protocols
responsible for handling network sessions – like the network layer, there’s a good chance you’ve
at least a few security controls in place at this level.

Password encryption, authentication protocols, and limitation on brute-forcing attempts are all
security measures you’ll want in place here to protect against spoofing, information leakage, and
session hijacking.
The Presentation Layer

The presentation layer is basically what it sounds like – it ‘presents’ information to the user at an
endpoint, transferring data between the application layer (the layer at which the user interacts)
and the other network layers.

Savvy users can abuse Unicode vulnerabilities at this level to break into your network, and
someone looking to deny service can make an attack through making unexpected input.

Separation of user input and program control is essential, and constant sanity checks are a must.

The Application Layer

The application layer includes features such as the GUI and high-level application functions. It’s
the most open-ended of all the layers, and hence the most difficult to protect – especially with the
advent of SaaS applications on mobile devices.

Measures you can take to significantly reduce your risk of attack:

Sandboxing. This ensures that potentially-vulnerable applications don’t have access to sensitive
data.

Malware scans. Ransomware is on the rise, and malicious software remains one of the chief
modes of attack by cyber-criminals.

Review and test application code.

3. Explain the difference between a memory token and a smart token.

4. The following are password attacks:

a. Brute Force Attack
A brute force attack, also known as an exhaustive search, is a cryptographic hack that
relies on guessing possible combinations of a targeted password until the correct
password is discovered. The longer the password, the more combinations that will need to
be tested.
b. Dictionary Attack
A dictionary attack is a method of breaking into a password-protected computer or
server by systematically entering every word in a dictionary as a password. A
dictionary attack can also be used in an attempt to find the key necessary to decrypt
an encrypted message or document.
 c. Key Logger Attack
A keylogger is any piece of software or hardware that has the capability to intercept
and record input from the keyboard of a compromised machine without the user’s
knowledge. The keylogger can either store the recorded data locally or send it to a
remote PC controlled by the attacker.
d. Offline Detection
e. Rainbow Table
A rainbow table is a precomputed table for reversing cryptographic hash functions,
usually for cracking password hashes. Tables are usually used in recovering a
password (or credit card numbers, etc.)
f. Social Engineering
Social engineering is an attack vector that relies heavily on human interaction and
often involves manipulating people into breaking normal security procedures and
best practices in order to gain access to systems, networks or physical locations, or
for financial gain.
g. Spoofs and Trojans
Spoofing is a technique used to gain unauthorized access to computers, whereby the
intruder sends messages to a computer with an IP address indicating that the
message is coming from a trusted host.
A spoofing attack is when a malicious party impersonates another device or user on
a network in order to launch attacks against network hosts, steal data, spread
malware or bypass access controls.
h. Traffic Interception
This has been the biggest weakness of network TCP/IP tools like Telnet or Remote
Access Utilities and SNMP. Traffic monitoring tools are avenues for password
hacking as packets sniffers and similar tools may be used to intercept passwords as
they are transmitted across a network in an unencrypted or clear text form.
(16 Marks)
5. Describe the difference between encryption, hashing and salting.
Encryption is the practice of scrambling information in a way that only someone with a
corresponding key can unscramble and read it.

Hashing is the practice of using an algorithm to map data of any size to a fixed length.
Whereas encryption is a two-way function, hashing is a one-way function.

Salting is a concept that typically pertains to password hashing. Essentially, it’s a unique
value that can be added to the end of the password to create a different hash value. This
adds a layer of security to the hashing process, specifically against brute force attacks.
(9
Marks)
6. Discuss the concept “granularity” in authorization with the terms fine and coarse
granularity in mind. (6 Marks)
Granularity in authorization means the level of details used to put on authorization rules
for evaluating a decision to grant or deny the access.

Fine grain granularity is where if business needs require more details regarding end
user/actor, current environment conditions (time, date) etc. to grant the access then it is
more granular and fine-grained authorization.

The access is governed on the basis of role associated to the user and not based on any
other user specific details or environmental conditions etc. As per above rules the user
with appropriate roles can access the resource irrespective of any other conditions.

7. Discuss the following Database Security Models:

a. Access Matrix Model
This model uses a matrix to represent two main entities that can be used for any security
implementation. The columns are represented by object and the rows are subjects. An
object can be a table, view, procedure, or any other database object a subject can be a
user, role, privilege, or a module. The intersection of a row and column is an
authorization cell, representing the access details on the object granted to the subject. The
authorization cell can be access, operation, or commands.

b. Access Modes Model (static and dynamic) (10 Marks)

This model is based on the take-grant model. The model uses the subject and object
entities as the main security entities, and it uses access modes to indicate the tasks that
the subject is allowed to perform on the objects. The access modes are divided into static
and dynamic modes. The level shown in the table is a numeric value to indicate the
degree of access.
Static modes

Access Level Description

Mode

Use 1 Allow the subject to use the object without modifying the object

Read 2 Allow the subject to read the contents of the object

Update 3 Allow the subject to modify the contents of the object

Create 4 Allow the subject to add instances to the object.

Delete 4 Allow the subject to remove instance of the object.

Dynamic Modes:

Access Level Description

Mode

Grant 1 Allow the subject to grant any static access mode to any other subject.

Revoke 1 Allow the subject to revoke a granted static access mode from a subject

Delegate 2 Allow the subject to grant the grant privilege to other subjects.

abrogate 2 Allow the subject to grant revoke privilege to another subject.

8. Using an illustration, describe the TCP handshakes. (4 Marks)

A three-way handshake is a method used in a TCP/IP network to create a connection between a
local host/client and server. It is a three-step method that requires both the client and server to
exchange SYN and ACK (acknowledgment) packets before actual data communication begins.

It is primarily used to create a TCP socket connection.

How It works.

A client node sends a SYN data packet over an IP network to a server on the same or an external
network. The objective of this packet is to ask/infer if the server is open for new connections.

The target server must have open ports that can accept and initiate new connections. When the
server receives the SYN packet from the client node, it responds and returns a confirmation
receipt – the ACK packet or SYN/ACK packet.

The client node receives the SYN/ACK from the server and responds with an ACK packet.

Upon completion of this process, the connection is created and the host and server can
communicate.
 Client Server
SYNC

SYN-ACK

ACK

Time Time

9. The models for evaluating security include the following:

a. Unconditional,
Also referred to as information-theoretic security. This evaluation model assumes
that the adversary has unlimited computational resources. Plaintext and ciphertext are
modelled by their distribution and its analysis is made by using probability theory.
–For encryption systems: perfect secrecy concept, and observation of the ciphertext
provides no information to an adversary.
b. complex theoretic,
c. Provable,
Prove security properties based on assumptions that it is difficult to solve a
well-known and supposedly difficult problem e.g. computation of discrete
logarithms, factoring.

d. Computational,
Also called practical security. Measures the amount of computational effort
required to defeat a system using the best-known attacks.

e. Adhoc Security.
Also known as heuristic security. This is where a variety of convincing arguments
that every successful attack requires more resources than the ones available to an
attacker.
–Unforeseen attacks remain a threat.