CIS-221

ASSIGNMENT#1
[Simranpreet kaur] [300200432]

1. What is the difference between a threat agent and a threat?

ANS. A threat can take many forms and is not always a malicious individual — it can also be
external or internal factors such as natural disasters, or even a sudden change in the market.
A threat agent, on the other hand, is someone who causes harm to an object and/or person for
their own benefit. For example, an intruder who has just broken into your home could be
considered both a threat agent and an external factor if they are looking for something of
value or are only interested in perpetuating crime in your neighborhood.

The difference between threats and agents is that threats typically manifest as events while
agents could manifest as people, objects, conditions (weather), or forces (time).

2. What is the difference between vulnerability and exposure?

ANS. Vulnerabilities, which are the things that put the system at risk; and,    Exposure, which
is what is done to stop something from happening in the first place.    Vulnerabilities are
threats that can happen, such as an insider threat (such as a disgruntled employee who may
want to take down your network).   Exposure can be anything from someone taking
photographs at your event to some criminal hacking your website. If you look at
vulnerabilities in people or their surroundings, there is always a risk involved.

3. What type of security was dominant in the early years of computing?

ANS. When security was discussed in the early days of computing, it mostly concerned the
physical security of the computers rather than the data or connections.
4. What are the three components of the C.I.A. triangle? What are they used for? Give
examples to justify your answer.

ANS. The three components of the C.I.A. triangle in information security are confidentiality,
integrity, and availability. They are all used for different things depending on the type of
security measure, but they work together to provide a desired level of service in a secure
system.

One example where high availability is necessary is with emergency services such as 911 for
emergency sheltering or hospitals, which are required to be available with no interruption at
all times in order to maintain an adequate level of service and public safety. For example, one
hospital found that its's phone system was shutting down twice a day for several minutes at a
time, which in turn completely stopped the emergency room from being able to receive and
dispatch ambulances. After fixing the high availability problem, the hospital was able to
provide uninterrupted service for its patients.

Another example where integrity is needed is with the secure transfer of personal information
such as bank account numbers and social security numbers. In order for this information to be
useful to another person, it needs to be unaltered by hackers or other nefarious individuals.
Otherwise, it cannot really be relied upon.

Confidentiality is also a very important part of security, and it is needed with information
such as secret military plans, the identities of undercover agents, and other sensitive data that
could cause harm if released to the public. All three components work together to provide a
secure system that can be used without worry.
5. If the C.I.A. triangle is incomplete, why is it so commonly used in security? Give
your opinion by giving the example and suggest the solution.

ANS. A security event is the situation in which there is an alarming event that jeopardizes the
privacy, integrity, or availability of an organization’s information assets. When a security
event occurs, it has urgent needs for attention and action. It might have implications for one or
more people's lives and health. The C.I.A triangle helps identify what to do with regards to
evaluating a security incident response plan or formulating one from scratch in order to
provide an effective response mechanism for companies having limited resources as well as
individuals who have no immediate access to substantial confidential company information.

The security triangle forms the basis of a C.I.A. incident response methodology. This model
has been extensively used in many different industries for different reasons and it is
extensively used in the software industry, as well as other industries, to help shape their
response to security incidents of all kind. Security responses are made easier through a
structured planning process and also offered greater assurance of success by using it as a
blueprint for incident response procedures.

The security triangle is made up from three essential parts:

1) Confidentiality

2) Integrity

3) Availability.
The C.I.A triangle is a valuable framework for incident response planning as well as
analyzing the effectiveness of an existing plan.

The security event is analyzed to determine if an attack or incident has occurred in one or
more of the three areas, and if it has which area was compromised by it.

6. Describe the critical characteristics of information. How are they used in the study of
computer security?

ANS. Accuracy, authenticity, availability, confidentiality, integrity, possession, and utility are
the seven essential qualities of information. All these play important parts in figuring out how
safe information can be. For example, the more flaws there are in data, the less reliable and
valuable it is to the user. 

1. Accessibility permits legitimate users to obtain information in the proper format and to do
so without hindrance.

2. Information that is accurate is error-free and meets the end user's expectations.

3. The attribute or state of being true or original, as opposed to a copy or fabrication, is what
characterizes information authenticity. The same condition in which information was created,
placed, saved, or transferred is considered to be the state in which it is authentic.

4. Information is considered confidential when it can only be disclosed to approved parties or

systems.
5. Integrity is kept when something is whole and uncorrupted.

6. Utility: a trait or condition that makes information valuable for a certain goal or outcome.

7. Possession: Regardless of its format or other features, information is considered to be in

one's possession if it is obtained.

7. Identify the six components of an information system. Which are most directly
affected by the study of computer security? Which are most commonly associated
with its study?

ANS. 1) Data Communication

2) Hardware

3) Software

4) Management of Technology (This can be broken down into three groups: culture, policies,
and procedures. This is the most directly affected by the study of computer security.)

5) Technical Security Measures

6) Physical Security Measures (This is most commonly associated with its study).

The six components of an information system are Data Communication, Hardware, Software,
Management of Technology (culture, policies and procedures), Technical Security Measures
and Physical Security Measures. The component that is most directly affected by the study of
computer security are management of technology; meanwhile it is most commonly associated
with its study in technical security measures.

The objectives of computer security research and development include developing methods
for assessing, measuring and modeling computer security based on a systems approach. This
is one of the few areas where commonality in field of computing between academia,
information technology (IT) companies, and the military exists.

Computer Security is a rapidly growing category that emphasizes engineering solutions to

address real-world threats. Computer Security seeks to solve problems like how to measure
security performance; how to manage vast amounts of data; how data are processed so they
can be interpreted accurately; how to negotiate with and defend against attacks by malicious
cyber-actors; how to monitor what is happening inside a system so it can be properly
managed; and many other technical issues.

The computer security domain is broad in scope and includes sub-topics, such as:

While computer security policy is concerned with the policies and procedures used to secure
computer systems and data, it also includes research into surveying the vulnerabilities of
existing data infrastructures to determine if they can be attacked, or determining which major
techniques of attack are most likely to succeed against them.

Computer security is one of the few areas in which academics, IT companies, and the military
have common interests: among other things these groups share a common interest in
protecting sensitive data from unauthorized access.
Computer security is an important, growing field that is relevant to everyone. Computer
security includes techniques, strategies and technologies in the areas of computer architecture,
software development (including programming languages), network architecture and design,
operating system design, data storage devices and networks (including wireless networking)
as well as related hardware and software products.

Today, computer security issues are not limited to providing confidentiality, integrity and
availability in such environments as government facilities (military bases), corporate or
institutional desktops or servers but also controls for Internet content. Special consideration
must be given to the confidentiality of information that is most likely to be considered
confidential by both the organization's users and their competitors.

8. Which paper is the foundation of all subsequent studies of computer security? ((You
will get to know this when you read the chapter-1Whiteman)

ANS. The Rand Report, R-609, sponsored by the Department of Defense paper, is the
foundation of all subsequent studies of computer security.

The Rand Corporation was commissioned in 1967 to assess the potential for long-term
damage to American national security from the loss or misuse of information and data stored
in new computer systems under development or within a few years from introduction. The
focus was on military data that would be stored in digital form (in contrast with paper files).

R-609: Security Measures for Handling Information Systems and Computers contained
recommendations including careful evaluation before accepting computers into operational
use. The report also proposed special training programs for those who are familiar with an
operating system but not familiar with its administrative operations.
 9. Why is the top-down approach to information security superior to the bottom-up
approach?

ANS. A top-down approach to information security is more effective than a bottom-up

approach because it analyzes and addresses the risks in the most important parts first, which
results in valuable time saved from reoccurring efforts. A bottom-up approach, on the other
hand, starts with addressing less critical systems and will likely never reach high risk
components of your system. If a threat was able to penetrate into your system via weak points
at a low level without being detected, then you can expect that there were weaknesses found
in higher level systems as well. A top-down approach will give you peace of mind that all
levels are secured appropriately and therefore investments made at lower levels won't be
wasted.

A bottom-up approach also increases the likelihood that a threat was detected and addressed
by an anomaly in the system. An anomaly is anything that doesn't look right or appears
different than what is expected. An anomaly may be noticed and reported by technical staff,
but that generally doesn't happen until the damage has already been done. Anything unusual is
problematic though. Even something typical is problematic if it's never used in your
environment or if there are unacceptable business consequences for not using it. The bottom-
up approach tends to fall prey to these types of hazards, which allows a malicious actor to
become more successful at hiding their true motive, causing them to become more dangerous
as an adversary.

10. Why is a methodology important in the implementation of information security?

How does a methodology improve the process?

ANS. The word “methodology” is often used to describe a set of steps, processes, or procedures
that have been organized and optimized to help solve a problem. With regards to information
security, these sets of instructions allow you to follow best practices and mitigate risk for the
protection of your company’s security.

In many ways, a methodology provides guidance on how you should go about implementing an
information security program. It is not an enforcement or one-step process but rather something
that helps provide order and structure during the process.

we'll take a look at three commonly used methods for implementing security and how they can
be improved. Our example methodology will be based on the CISSP certification examination.

Security Requirements Analysis Methodology

Most security-related positions are assigned responsibility for determining what information
must be protected and how to do it. These roles include auditors, compliance officers,
information security officers (ISOs), risk managers, and others. Unfortunately, these people will
often run into a series of conflicting requirements laid out by management that are sometimes
impossible to resolve and end up with a large number of confusing documents containing
contradictory statements—and most likely without any actionable plans to achieve the results
specified in the documents.

To solve this problem, a team is assigned the task of writing a plan that can be approved by
management and which provides guidance on how security requirements will be satisfied. The
resulting methodology, usually referred to as a "security plan," gives direction and structure to
the plans that are written by individual project teams.

For example, imagine you are tasked with creating an information security plan for your
company’s operations. You realize that you must protect against hackers who may want to
infiltrate your system in order to steal intellectual property (IP). You also want to ban all
employees from accessing certain sensitive files on the network.

Like many things in life, this is not as simple as it sounds. All of this must be done in a cost-
effective manner that is sustainable over time. This is where the methodology comes in.

The steps you should follow are:

1. Determine what information has value to the company, and then rank it in order of
importance.

2. Make sure that all employees are aware of their responsibilities with regards to handling
information securely and know how to access sensitive data on the network (e.g., via secure
remote access).

3. Establish procedures for handling sensitive information, including what can be accessed by
whom, how to dispose of it safely (i.e., via shredding), and how sensitive information is moved
from place to place on the network .

11. Which members of an organization are involved in the security system development
life cycle? Who leads the process?

ANS. UPPER MANAGEMENT

A senior executive, often called the champion, leads the project by promoting it and
securing its financial, administrative and company-wide backing. The success of an initiative
relies on a champion's ability to communicate. They must communicate to the right people in
order to gain company-wide support in an objective way. Communicating with stakeholders is
a crucial part of bringing your innovation to life.

12. How can the practice of information security be described as both an art and a
science? How does security as a social science influence its practice?
 ANS. First security is a science that relies on applied skills and knowledge in fields like
computer science, mathematics, psychology, cybersecurity and software engineering. There
are many methods for achieving the goal of information security but ultimately the process is
about learning how to apply various kinds of tools and technologies. It's important to note that
information security is not a field where you can just "learn it from scratch" since there are so
many aspects involved; as such, becoming an expert requires years of practice and learning
new things.

It's safe to say that information security is an art. There are no clear-cut rules for how to install
various security mechanisms and everything is situational. However, there are some basic
steps that can help you secure your company or yourself and even reduce the risks of certain
types of threat vectors. These include:

1) Install a firewall

2) Perform regular backups

3) Use least privilege access methods to protect user accounts, like LDAP and Kerberos
authentication

13. Who is ultimately responsible for the security of information in the organization?

ANS. The Chief Information Security Officer (CISO) can be considered one of the most
important members of staff for an organization.

The CISO of an organization is the head of information security for a company. The CISO will
oversee all aspects of information security, from data loss prevention to software development.
They are responsible for implementing the policies and processes in place to ensure an
organisation’s information assets are secure. The CISO also helps to define the security strategy
and make sure it is implemented on a day-to-day basis. It is therefore important that the CISO
has this role as a priority if they are to be successful in ensuring their organisation’s information
assets are secure.
he CISO manages the business’s information security, as well as its workflows. The CISO is also
in charge of setting up and maintaining the policy for the organisation. This can sometimes mean
that both the CISO and Head of Information Security are two hats that need to be worn at once.

CISO is responsible for protecting the business from medium to large scale cyber-attacks by
providing related tools, tools that can help prevent some attacks from happening in the first
place. This can include simple but effective things such as having adequate training and
mentoring on topics such as security awareness as a new employee or something more technical
like white-hat hacking.

14. What is the relationship between the MULTICS project and the early development
of computer security?

ANS. The "Multi-Programming/Time-sharing System" (MULTICS) was developed in the

early 1960s by Seymour Cray and his colleagues at Control Data Corporation (CDC). This
project started out as an experiment with just one computer, which employed time-sharing
methods to allow multiple users to run simultaneous programs.

As computers became more powerful and had the capability to process large amounts of data,
the MULTICS project evolved into many versions that could house thousands of users with
their own workstations. It was eventually abandoned in 1981 when it became clear it was cost
prohibitive for CDC or any other company.

The Internet and computers in general have given rise to many security issues, but the
MULTICS project was designed with this in mind. The MULTICS computer was designed to
prevent anyone other than the system administrator from doing anything that would not be
allowed by the operating system. The most important component of this is the "hierarchical
file system", which allows a file to be moved between directories (and attached to any number
of other files) without knowing where it actually resides on disk. Because of this security
feature, each user knows only his or her own directory and can only access programs stored
there.
15. How has computer security evolved into modern information security?

ANS. The physical location of a system was protected using badges, keys, and facial
recognition as part of computer security. The information itself, as well as the hardware used
to transmit and store it, needs to be safeguarded in order to guarantee complete security. This
necessity led to the development of information security.

16. Who should lead a security team? Should the approach to security be more
managerial or technical?

ANS. A security leader is a project manager that has been trained for and appointed to the role
of overseeing all things security related. The projects and tasks assigned to them include
designing, planning, implementing and improving security. These leaders are transferred from
team to team as needed. Their main goal is to make sure that their teams are operating
smoothly within corporate policies after the implementation of advanced tools.

A project manager, who may be a departmental line manager or staff unit manager, would
lead the security team on projects and tasks. Working with the team, they would expose
themselves to new technologies and tools in order to make sure that everything is done
according to corporate standards.

17. Explore and research the different types of cyber attacks that have happened in the
recent times. You have to brief out one case study:
1. Give title to the case study
2. Type of attack
3. The type of industry or organization
4. What are the various incidents that led this to happen this attack?
5. What are the other important things that you find while researching for the case
study.
6. Summarize the incident with marking the important points of the case study.

California University Cyber Attack

On June 1, the University of California, San Francisco (UCSF) was assaulted by the
Netwalker criminal group.

Computers were disconnected by IT professionals in an effort to stop the infection from

spreading.

Additionally, a tip from an anonymous source allowed BBC News to track the ransom
talks in real time on the dark web.

Cybersecurity experts claim that these conversations are currently taking place all over
the world - sometimes for considerably higher sums - despite the FBI, Europol, and the
UK's National Cyber Security Centre's advise.

In the previous two months, Netwalker alone has been connected to at least two further
ransomware assaults on universities.

A frequently asked questions (FAQ) link, an offer for a "free" sample of their software,
and a live-chat option are all present on the dark web homepage of this company.

However, there is also a timer counting down to a point at which the hackers must either
increase the ransom demand or erase the malware-encrypted data.

On June 5, UCSF received the following message after being instructed to log in through
email or a ransom note left on compromised computer displays.

The institution requested more time and that information about the intrusion be taken
down from Netwalker's public blog six hours later.

The hackers then wanted $3 million after noting that UCSF generated billions every year.
The UCSF representative, who might be an outside expert negotiator, pleaded with them
to take $780,000, saying the coronavirus outbreak had been "financially catastrophic" for
the university.

After a day of back-and-forth discussions, UCSF claimed it had gathered all available
funds and could pay $1.02 million; however, the thieves wouldn't accept anything less
than $1.5 million.

A few hours later, the university returned with information on how it had managed to
secure additional funding and a final offer of $1,140,895.

Then, on the following day, the decryption software was transmitted to UCSF along with
the transfer of 116.4 bitcoins to Netwalker's digital accounts.

In the midst of attempting to restore all impacted systems, UCSF is currently supporting
the FBI in its investigations.

It advised BBC News: "The encrypted data is crucial to some of the research projects we
do as a university committed to the common good.

"In order to obtain a tool to decrypt the encrypted data as well as the return of the
information they stole, we were forced to make the tough decision to pay a portion of the
ransom, almost $1.14 million

It is incorrect to presume that all of the claims and declarations made throughout the talks
are true.

However, Jan Op Gen Oorth from Europol, which oversees the No More Ransom
initiative, argued that victims shouldn't pay the ransom because doing so funds criminals
and motivates them to carry with their unlawful acts.

Instead, they ought to call the police and report it so that authorities can stop the criminal
enterprise.
The cyber-security firm Emsisoft's Brett Callow, a threat analyst, stated: "Organisations
in this situation are without a good alternative.

"Even if they comply with the request, they will only get a pinky-promise that the stolen
data will be erased.

But why would a cunning criminal organisation destroy information that it might
subsequently be able to profit from?

According to studies, criminal gangs are increasingly deploying technologies that may
access systems with a single download. Most ransomware attacks start with a booby-
trapped email. Cybersecurity specialists at Proofpoint report seeing more than one million
emails sent to businesses in the US, France, Germany, Greece, and Italy in just the first
week of this month alone, employing a range of phishing baits, including phoney Covid-
19 test results.

Data offline backups are suggested for organisations on a regular basis.

However, Ryan Kalember of Proofpoint stated: "For IT administrators, universities can

be difficult settings to defend.

"A culture of openness and information sharing, coupled with a student body that is
continually changing, can conflict with the rules and restrictions that are frequently
required to properly safeguard the users and systems from assault.""
18. Why is data the most important asset an organization possesses? What other assets
in the organization require protection?

ANS. Data is the most important asset to an organization. Data has become an indispensable
component of business and commerce. Data is key to keeping records and history, to
developing models for future happenings, and making decisions based on data that are no
longer merely guesses. To understand what data must be protected from other assets in the
organization: identify the information needs, value of access points, location of data storage
resources, privacy/security issues that need addressing. Once you have completed this task
then you will understand why data should be treated as a high-value asset for which protection
is necessary at all times and any time it may be vulnerable or threatened in any way.

19. Has the implementation of networking technology created more or less risk for
businesses that use information technology? Why?

ANS. The implementation of networking technology has created many new risks for
businesses that use information technology. The more complicated a system becomes, the
greater the number of points at which it can break down or be attacked.

So although networking technology is essential for running efficient global organizations, it

also creates a number of new risks, such as destruction or theft--both physical and virtual--of
data by hackers. It has also made data more vulnerable to corruption through human error. For
example, a network administrator might accidentally delete important files from servers if
they make an error in their operating systems configuration settings.

The proliferation of mobile devices, such as smartphones and tablet computers, has led to the
growth of wireless networking. This makes the security of data stored on mobile devices more
vulnerable to attack, which could result in significant data loss.
However, there are also benefits to using networking technology. For example, most modern
businesses have several servers that store data online for an organization's employees and
customers. If one of these servers fails, employees will not be able to easily contact their
customers or access their systems or files until it is repaired. With a backup server in place, it
can take over from the malfunctioning system without any disruptions to the business'
operation or its employees' work .

A good system administrator will be able to keep aware of the latest risks and work to protect
your organization from them. They are also likely to have access to very advanced security
systems that can respond automatically to situations of high risk, such as a sudden increase in
activity for no apparent reason. However, it is also up to the senior executives of an
organization to carry out regular risk assessments and ensure that the network administrator's
team has what it needs in terms of staff, training and state-of-the-art security systems to
protect the organization while continuing its day-to-day operations.

20. What is information extortion? Describe how such an attack can cause losses, using
an example except given in the chapter.

ANS. Information extortion is a criminal offence and it is often used in blackmail schemes.
The attacker gains access to information: personal, private or otherwise and then uses it to
extort the victim.

Some of the most common reasons why these attackers might gain access to this valuable data
are via trojans, phishing emails and malware.
These attacks are very dangerous because they can result in a loss of money for the victim or
sometimes even physical danger for themselves and others. Some examples of loss include
financial (credit card details or sensitive bank account details), reputational (damage done to
their reputation), educational (sensitive student records) as well as other types of sensitive
data like medical records. This data can be very valuable, and the attackers can use it to extort
the victim.

This is a high risk crime and therefore needs to be handled carefully by law enforcement.

This type of crime is often difficult to identify because it can happen in a variety of different
ways. Sometimes the attacker may not get access initially, but still intend to extort the victim
later on. The attackers will use different methods to extort the information from each
individual victim. For example they might steal it, trick them into sending it through insecure
methods or threaten them with physical harm.

The most common way that these attacks are carried out is through the use of phishing emails.
These emails will often look legitimate, and the attacker can potentially get your banking
details or anything else that is valuable to them. If a victim falls for it and enters their details
then it doesn't matter how well protected their computer is because their information has
already been exposed. It can be very difficult to track down the attacker because they may be
in a different country from where you live, and therefore law enforcement won't be able to
find them easily.

21. Why do employees constitute one of the greatest threats to information security?
Any incident that you quote.
ANS. Organizations have to address a number of changes that are happening in the business
world, and information security is one such issue. Information security is not just about
technology; it pertains to all aspects of the company's operations and includes employees as
well. This means that any incident can refer back to employees as the potential source. As
such, employees are one of the greatest threats to information security, mainly because they
can potentially steal sensitive data or expose your organization's sensitive data in a number of
ways.

Employees can be a great source for security incidents because they are part of a company's
everyday operations. They handle, use, and store company information and can potentially get
it lost, exposed or stolen. Most employees are trained not to view information in the wrong
ways that may put the company at risk. This is done to keep them from taking actions that
could harm your organization or any other entity associated with it.

However, there have been incidents where employees have done exactly this by leaking
sensitive data to third-parties and exposing it online in many ways. It is not just about
individual employees though as there are some members of staff who belong to a group that is
dedicated to hacking into companies and stealing information.

In any case, an employee can expose sensitive data by simply losing it or having it stolen by a
cybercriminal. Even so, there are some common causes of security breaches that involve
employees:

22. What measures can individuals take to protect against shoulder surfing? Share any
real life incident.
ANS. Shoulder surfing is a term that describes the act of looking over your shoulder to see
what you are typing in a public space. Hackers can use this technique to steal usernames,
passwords, and credit card numbers. They do it by watching the information on the screen
rather than reading it directly off of the computer monitor.

As an individual there are ways you can protect yourself from shoulder surfing:

- Keep your password private

- Change your password frequently

- Do not memorize your password

- Use different passwords for different accounts

- Avoid using simple words that can be found in a dictionary (e.g., Horse) or made up (e.g.
belleV7)

- Use a password management tool (e.g., LastPass)

23. What is the difference between a skilled hacker and an unskilled hacker (other than
skill levels)? How does the protection against each differ?

ANS. A skilled Hacking can allow him/her to bypass security systems and make use of the
information that is being stolen. An unskilled hacker will try to steal as many data points as
they can but they will be easily detected and prevented by firewall software or good
awareness.
 An unskilled Hacker tries to take advantage of the weakness in system when it comes to high
sensitivity information, such as credit card info, passwords, or personal identification numbers
(PINs). These hackers are typically referred to as script kiddies because they used simple
scripts that are easy for anyone with a computer and internet access to use. They may also try
more intricate methods by using a program called "back-door" which allows them access
without authenticating themselves.

An unskilled hacker will typically find a vulnerable system and attempt to exploit it. They
may try to break through the firewall with a temporary IP address, or they may simply try
brute force attempts at the username/password combination. They typically don't know the
full capabilities of their victim's network, so they won't be able to get far before being caught.

24. What are the various types of malware? How do worms differ from viruses?

ANS. Computer malware is a code, sequence of instructions, or combination of both that can
get into a computer and disrupt the computer's normal operation. Malware includes worms,
trojan horses, rootkits and boot sector viruses. It is distinct from those forms of self-
replicating computer data known as virus hoaxes or pranks.

Malware comes in different types and different levels of severity. Some malware is light
enough to be easy to get rid of while other malware has more significant consequences for
your PC such as turning it into a bot for spamming out advertising or using it as part of an
attack network.

Worms can be very dangerous as they can infect thousands of computers in almost no time at
all to replicate themselves. They are relentless in their attempts to spread and sometimes even
leave malware behind after they have killed the system they are on. Viruses can be less
dangerous because they often require your interaction in order to get onto your computer
while worms can infect you without you knowing it.

Viruses can spread by themselves, but worms require a person or computer to infect your
system for them to multiply and infect other systems. You are still infected by the worm even
when you do not know it on your system. Trojans are similar to viruses in that they too can
spread without you knowing by exploiting vulnerabilities within the operating system. They
work by giving a user the impression that something is another program when in reality, it is
an unwanted application that wants to take control of your computer. Trojans can be used to
steal data, access data, and destroy data.

Trojan horses are programs that appear harmless but can harm your computer in ways that
viruses or worms can't. They may be disguised as a game, screensaver, or utility program but
will do something harmful when you disengage from it. It's important to know the warning
signs of a possible Trojan horse so that you never fall prey to one again.

25. Does the intellectual property owned by an organization usually have value? If so,
how can attackers threaten that value?

ANS. In layman's terms, an organization's intellectual property includes its culture and ideas.
Intellectual property is stored in databases and on systems and network drives where it is
easily accessible to employees on a daily basis by using the right software. It is also stored in
 company brochures or advertising campaigns so that consumers are aware of it and hopefully
become repeat customers or start using the products or services being offered by the company.
As an example, the US government probably has huge amounts of intellectual property stored
in databases because it has been in existence since 1789.

Intellectual property theft is taking place at an ever increasing rate. Businesses are feeling
pressured to protect their intellectual property from these threats. Usually, this is done through
the use of digital rights management (DRM) or encryption. However, these measures do not
really help protect as much as they once did because they often require paying for special
software or hardware and online services.

26. What are the types of password attacks? What can a systems administrator do to
protect against them?

ANS.

1)Brute-force attack. This technique attempts to crack passwords by guessing every possible
combination of characters in a system's password space.

Dictionary attack. A dictionary attack uses lists of words, each with an associated point value
assigned to it; frequently used words are worth more and less common words are worth less.

Rainbow table attack. Rainbow tables use pre-computed hashes that correspond to the clear
text input values and substitution variant values for a given password (e.g., "password" =>
"p@ssw0rd").

2) Dictionary attack: A dictionary attack uses common words in an attempt to unlock

accounts or services using a brute force method, but it will know which words it is using and
what their root word might be if they are uncommon choices. An example of this kind of
attack would be a person trying to get into a bank account by guessing words like "password",
"p@ssw0rd", or even "b@mb3r".
3) Rainbow table: A rainbow table is specifically used for cracking passwords that have
already been encrypted by other software. This is called a dictionary attack because it looks at
the encoded text and decodes it back into an understandable form.

Everyone knows that systems administrator's are supposed to protect passwords--unless they
don't. Here is a simple post that will show you how different parameters change the system
and will help you decide what to do.

1) Setting the system to have a blank password when accounts are created

2) Never using default account names ie admin, root, administrator

3) Never using default user names ie guest, visitor etc.

4) Requiring at least 15 character length for passwords and letters, numbers and symbols.

5) Requiring periodic changes in or adding of new password for account access.

6) Requiring at least 8 characters of alphanumeric based on OEs 'most secure password rule'.

7) Add a second factor of authentication as an extra security layer for older computers that
don't support Kerberos.

27. What is the difference between a denial-of-service attack and a distributed denial-of-
service attack? Which is more dangerous? Why?

ANS. In computer security, denial-of-service (DoS) or distributed denial-of-service (DDoS)

attack is an attempt to make a machine or network resource unavailable to its intended users.

A DoS attack is a type of cyberattack that disrupts normal operation, by flooding the target
with superfluous requests in order to consume the target's resources. This may include
consuming bandwidth, crashing services available at the target host, or exhausting
computational resources such as memory and disk space. From a single system it can spread
to other computers in a given geographical area by means of any routing protocol. DoS
attacks are often designed to render a computer or network resource unusable. Some examples
of this include sending a large number of fictitious data packets to a network, overloading that
network with traffic, or overwhelming the system with data from one or more external
sources. Sometimes referred to as "swatting", swatting is a form of DoS attack that involves
falsely reporting a serious crime such as rape, murder, or some other crime in order to
generate calls to the police and thereby generate significant media coverage. These reports are
sometimes made by means of spoofing, such as via email; thus they do not constitute true
crimes but are intended only to instill fear in the victim and his family members. In the case of
swatting, the intent is also to get a response from the victim that would result in embarrassing
media coverage.

DoS attacks are sometimes called distributed denial-of-service (DDoS) attacks because they
exploit weaknesses in a system's design or implementation. They are implemented through
various means such as sending large amounts of data to a target, overloading its resources by
consuming bandwidth, crashing services available at the target host, or exhausting
computational resources such as memory and disk space. These attacks are often designed to
render a computer or network resource unusable.

The DDoS attack is characterized by a very large number of packets sent to the same target,
so that it becomes overloaded, resulting in service interruption. Most common attacks are
made against websites, an increasing number of which are now running on public clouds.
These attacks may be controlled remotely through tools such as social engineering or spoofing
and can be coordinated using malicious software such as botnets. Other similar attacks such as
peer-to-peer DoS (P2DoS) and port scanning are also used to disrupt network services;
proxies, load balancers, firewalls and content filtering systems are used to protect against
P2DoS and port scanners.
28. For a sniffer attack to succeed, what must the attacker do? How can an attacker
gain access to a network to use the sniffer system?

ANS. An attacker begins with sniffing data packets within the local area network (LAN) -
typically on port 3100 - where they can intercept and analyze encrypted traffic on port 443.
An internal IT administrator then uses command-line interface tools to generate exploits that
are designed specifically for their environment. These exploits are saved as malicious scripts
which can be executed using Remote Desktop Protocol (RDP). If successful, the attacker is
able to gain access to network assets and data.

On the back end, this can be described as follows:

The entry point for an attacker initiating a sniffer attack is typically on port 3100 (TCP/IP) or
443 (HTTPS). From here, the attacker must figure out how to exfiltrate data from their sniffer
host and onto their target server hosting sensitive data. Some ways of doing so include using
client-side certificates and using encryption to protect sensitive information. The following
table clearly outlines the various methods that an attacker can choose from based on how they
are trying to exfiltrate data:

About 80% of all cyber-attacks begin with reconnaissance activities. Post reconnaissance, the
attacker needs to develop a plan to breach the targeted network. They then need to identify
weaknesses in the infrastructure and select the most appropriate point of entry. The following
steps outline this process:

The attacker uses all of the information gathered from reconnaissance, planning and selecting
an entry point, and finalizing an attack strategy. Once that is completed, it’s time for
execution.

Note: This step is optional when it comes to sniffer attacks as attackers can still carry out their
attacks without being inside the network.
After all of the preparations have been completed, it's time for a successful attack. The
attacker is then able to successfully breach the network and exfiltrate data using one of the
methods listed in the previous step.

Once the attacker has obtained access to a target server located in an internal network, they
can now use remote desktop protocol (RDP) to gain direct access to an application instance
and steal sensitive data. A successful attack could result in stealing information like
usernames, encrypted passwords, and software code from a web application or database.

29. What methods does a social engineering hacker use to gain information about a
user’s login id and password? How would this method differ if it were targeted
towards an administrator’s assistant versus a data-entry clerk?

ANS. A social engineering hacker usually tricks you into revealing your personal data. They
might call you on the telephone, fake an email from your bank, or do something similar to get
information from you. In some cases, they might send one of these messages to trick you into
downloading malware that could allow them access to your computer:

-"Hi there! I'm calling because some new security features just went live at (www.bank).com,
and we wanted to make sure that all our customers are updated."

-"Hi there! I'm calling because my account was hacked and now it's been locked down. Please
send me your login ID and password so that I can reset it."

- "I'm sorry to bother you, but our system has been hacked and we need to get some
information from you to fix the issue."

- "I'm calling because my account was hacked and I need to get some information from you."
- "My computer was hacked and I need to get some information from you so that I can change
my login. Please type in your password."

- "Thank you for choosing (bank). We have detected some unusual activity on your account,
and have locked your account down. Please go to www.yourbank.com/resetaccount at any
time in order to reset your password. This is a secure site, and the URL will begin with
https://".

You can also receive an email from someone who claims to be from your bank or another
institution you use. The email might say that the password on your account has expired, so
they need it. It might also ask you to click on a link to reset your password. When you follow
the instructions in the link, it might try to trick you into downloading malware that gives
access to your computer. In other instances, it might redirect you to a fake login page or
website pretending to be (www.yourbank) in the hope that you will enter your login
information. If they get access, they could change your passwords or take money from your
accounts.

The methods by which social engineers gather login ids and passwords depend on what type
of target they are trying to take control over. If their target is an administrator’s assistant, for
instance, then they may start by sending her emails with attachments containing malware in
order to infect her computer and scope out her email contacts. If their targets are data-entry
clerks, they may use more direct tricks to gather information. This includes phishing emails
and tricking employees into speaking on the phone with them.

Many people in the workplace have lists of email addresses and passwords, which could be
used to exploit them quickly (depending on how aware they are). These lists may be stored in
a file where all users’ information is stored. If the list is password-protected, then those who
should know it might not have access to it. For example, a data-entry clerk might be
responsible for updating a large database of employee contact information. Social engineers
may email information like their online banking details directly from a legitimate email
account, which can give them access to this information.

30. What is a buffer overflow, and how is it used against a Web server?

ANS. An unpatched buffer overflow is a phenomenon in which data written to a buffer may
overrun the boundaries of what's allowed. This overflow can lead to security vulnerabilities,
such as those created by using a buffer overflow bug to write malicious code.

Let's take an example from an actual exploit:

 Suppose you have a Web server running on port 8080 that listens for connections that
are sent by other servers and services on their corresponding port numbers. On your
system, you have installed Darren Kitchen’s “foo” package and configured it to listen
for connections on its default port number, 8080. You notice that the package’s port
number is used by a lot of other applications, and you want to change the port number
to something that isn't as common. You decide to change it to a number above 8000.

 To do this, you download and install the foo package again (assuming its installation
doesn't overwrite your existing files), but on this occasion configure it to use a
different port number: 9000. The next time you run the foo server, it runs on this
alternative port.
 Well, a few days later you notice that someone has hacked into your Web server and
written a back door script in the form of a.htaccess file (or equivalent) to your Web

 Well, if you configured the foo package to listen on port 9000 and a hacker noticed
that you intent to change that port number and wanted to take advantage of it, the
 hacker would have created the back-door script and then waited for you to restart the
service.

 When you restart the service, the foo package is installed again but this time it uses
port 9000 instead of 8080 as its default listening port.
 CGI app (common gateway interface), so that your server is now under the hacker's
control. How did this hacker find out about your Web server? The answer is you
logged into the Internet without using a secure protocol, such as https, and somebody
saw you do it and exploited your Web server.

 The problem with CGI scripts and buffer overflows is that CGI scripts are interpreted
in their entirety when they’re executed. This means they run whatever code they
contain—for example, a buffer overflow exploit—without checking whether all of it
will fit within the boundaries of what’s allowed.

31. Write a short note on :

a. Phishing
The term "phishing" was coined in 1996 by computer hacker John Geer, and it
refers to the act of tricking someone into giving up their personal information,
which hackers could then use for identity theft or credit card fraud. Phishing is
the most common type of scam that takes place on the internet today and it’s
something that everyone should be mindful of when surfing online or handing
out personal information over email, phone, or text message.
b. Pretexting
Pretexting is the act of creating and using an untrue reason to get someone to do
something they otherwise wouldn’t. It can be as simple as requesting a meeting,
 or as complicated as impersonating someone you don’t know. There are many
ways to use pretexting. For example, marketing firms will often send out
“samples” or “price checks” in order to get your contact information for their
mailing list.
c. Social engineering
A social engineering hacker usually tricks you into revealing your personal data.
They might call you on the telephone, fake an email from your bank, or do
something similar to get information from you.
d. Operational security
Operational Security is the subfield of security that deals with how businesses and
organizations, in particular members or employees of those businesses and
organizations, operate themselves. It can be thought of as a specific form of
security intelligence - it helps organizations gain insight into, and protect against
threats from, operational technology.
e. CAPTCHAs
A Captcha stands for "Completely Automated Public Turing test to tell Computers
and Humans Apart. Captchas are a type of test which has to be passed in order to
confirm the content is not spam. They are usually used by websites when you
comment on the content or register with the site.
f. Cognitive psychology
Cognitive psychology is an emerging field that studies how people and animals
process information, learn from experience, and solve problems. It bridges the
gap between the cognitive studies of psychology and computer science.

For example, if you want to know about how computers store information in
units known as bits or bytes, then you are asking for a computer scientist. If you
want to know how people organize information in order to create meaning from
it - say an understanding that a sequence of words pertains to two different
subjects instead of one - then your quest goes into the realm of cognitive
psychology.
g. Behavioural economics or decision science
Behavioral economics is a field of study that applies principles of economics and
psychologies in order to explain the patterns observed in decisions and behaviors.
-Many things are viewed through the lens of behavioral economics because many
things fall under the area of decision making, including market decisions,
purchasing decisions, marketing strategies, job interviews, GPA calculations and
more.
h. dictionary attack, or more colloquially, password cracking)
The dictionary attack strategy of recovering plaintext consists of selecting
potential decryption keys, commonly words from a word list or sequence of
letters or numbers, and trying them as possible plaintext. For example, if their
compression algorithm uses any substrings in cleartext as well as their encryption
algorithm's key bits for each round's substitution boxes (S-boxes), then these
would be easy to find with minimal computational resources used.
i. Eavesdropping
Eavesdropping is the act of secretly listening to other people's conversations. It
usually involves spying on someone else without their knowing it. In computer
terms, eavesdropping is listening in on network packets and understanding what
they are carrying. For example, if a company was doing business with another
company through email, an eavesdropper would try to listen in on the email to
understand what was going on.
j. Shoulder surfing
Shoulder sniffing  is usually the result of an individual's curiosity or lack thereof.
They might see something interesting and just want to take a look or they could
be trying to access someone else's data without permission. For example, if
you're standing behind someone at your workplace who is using their computer
and you quickly move around them so that you can get a better view of what
they're doing on it, then this would qualify as shoulder sniffing.
k. Spear phishing.
 Spear phishing is a type of "phishing" or "spear fishing" attack in which
perpetrators send emails or make contact with someone over the phone
pretending to be someone they are not, often in order to gather sensitive
information such as passwords or other credentials.
l. Service denial attack
Service denial attack is a type of cyber attack that mainly targets critical system
services, usually because they are not properly secured. The goal is to overload
the service's resources in order to shut it down and thereby prevent access to the
system. This type of attack may occur when an attacker sends a large number of
requests to the service or when malware enters into a computer and generates
false requests.
m. Two-factor authentication,
Two-factor authentication is a method of verifying someone's identity online.
In computer, two-factor authentication often refers to using a hardware token (a
USB stick or token) in addition to one-time password codes sent via text message
or generated by software.
n. Skimmers
Skimmers is a type of malware that can steal credit card information. Skimmers
allow criminals to duplicate your cards and go on shopping sprees with your
stolen information. As the name implies, Skimmers lurks in places like ATMs, gas
pumps, and self-checkouts

32. There is a lot of work being done on phishing, but (as we discussed here) none of it is
no far a really convincing solution to the problem. We could do with some fresh
thinking. Are there any neat ways to combine things like passwords, CAPTCHAs,
images and games so as to provide sufficiently dependable two way authentication
between humans and computers? In general, are there any ways of making
middleperson attacks sufficiently harder that it doesn’t matter if the Mafia owns
your ISP?
ANS. Computer security experts need to step up their game when it comes to phishing. As we
discussed here, work on the problem is proliferating, but none of it is a really convincing
solution. We could do with some fresh thinking. Ideas for mechanisms that would be
appropriate for humans and computers to authenticate each other are always welcome.
Phishing has been around since the 90s, so there must be some neat ideas out there outside of
passwords; CAPTCHAs which slow everyone down just as well; images which can be faked
by bots in milliseconds and games which rely on databases. In general, are there any ways of
making middleman attacks sufficiently harder that it doesn’t matter if the Mafia owns your
ISP