CSnC Final prep

Q1.12:
“Previously when I had DSL and an old router at home, the wireless encryption didn’t work and I would
occasionally find unauthorized users on my network,” a reader told us. “I knew enough not to conduct
any sensitive business using the wireless connection, but did once make an online shopping transaction
using a credit card (I was being lazy). Within 2 days, there were fraudulent charges on my credit card.”
Make an educational guess what might happen and justify your answer.

 Unsecured Wi-Fi networks carry some danger if you enter sensitive information when connected
to them. While airport or hotel Wi-Fi can be convenient, precautions should be taken to protect
against losing credit card and other sensitive information. Furthermore, should "Free Public Wi-
Fi" show up on your device, it may actually be a hacker on a nearby smartphone or laptop
attempting to get unsuspecting users to sign on so they can steal your personal information.

How to prevent: Don't conduct sensitive business while connected to public networks. If you need to
access these networks, use a VPN. Otherwise, stick to trusted authenticated access points and Service
Set Identifiers or use your wireless cellular data connection.

Q1.13:
“My account was compromised by a brute force attack a while back when I was playing an online game,”
said a reader of the first edition. “In response I purchased an RSA token and linked my account to it, so
that even if my password was compromised again my account could never be fully accessed without the
token code.”

(a) Discuss why playing an online game might breach user accounts.

(b) Research the use of RSA tokens and explain whether using an RSA token would help secure user
accounts for playing online games.

Justify your answer?

a. Where there’s money, there are scammers. With more than 1 billion gamers actively
spending money not just on games, but in games, it’s no surprise that phishing scams
have become commonplace in gaming communities. One of the most prevalent phishing
tactics in gaming: account takeovers are often prompted by a risky link click on a gaming
forum, or a compromised account sending out phishing links to other users. Once the
hacker has control of the account, they can run up fraudulent charges to any attached
credit cards or, in some cases, sell the compromised account (particularly if it contains
valuable items or character skins).
 b. The RSA Security Token is a small device that, once activated, is unique to your account,
upgrading your login security to 'two-factor authentication. This two-factor
authentication is based on something you know (a password and PIN) and something
you have (an RSA Security Token). With the token enabled, every time you log in, you'll
be asked to enter your password and PIN and the numbers displayed on your RSA
Security Token. These numbers change every 60 seconds, helping to defend against
keyloggers and prevent unauthorized access to your account.

Q1.14:
A reader of the first edition reported the following social engineering attack happened to him:
“Sometime ago I received a random phone call from someone (later identified as a fraudster) who
wanted to speak to a senior person in my company. Caller: Hello. Can I speak with the head of
operations? (The fraudster did not mention a name, just a common job title, trying to sniff out a name
and email address from me if I mistakenly mentioned the name of the person.) Me: Can you please
mention the name of the person you intend to reach, as we have many operation departments and
heads around here (Baiting the fraudster)? Caller: I have lost the business card he gave me and can’t
remember the details. Can you be kind enough to give me the name, email address, or direct number of
one of the heads who might likely be in the same business meeting where I met the person I am trying
to reach? At this point the caller was suspicious enough that I transferred the call to my company’s
security investigative unit, which took it up from there.”

(a) Describe whether you have a similar procedure at work and how you think the procedure could be
improved.

(b) If you receive similar phone calls at home, what would you and should you do? Note that some
crooks may call you that your tax returns contained errors and you must call a certain number to clear it
up; otherwise, you will be in trouble. Others may change the content a little by, for example, telling you
that your neighbors reported to the police department that you did something wrong. Anyway, all they
try to get you to do is to call a certain number and then scare you to death so that you would provide
them information or give them money.

a. Yes, we do have a similar procedure at work this procedure can be made more secure by
adding the authentication of the caller. The caller would have to identify weather he is
related to company or not. This would help in being safe from scammers.
b. Be alert to the fact that scams exist. When dealing with uninvited contacts from people or
businesses, whether it's over the phone, by mail, email, in person or on a social networking site,
always consider the possibility that the approach may be a scam. Remember, if it looks too good
to be true, it probably is.

Know who you're dealing with. If you've only ever met someone online or are unsure of the
legitimacy of a business, take some time to do a bit more research. Do a Google image search on photos
or search the internet for others who may have had dealings with them? If a message or email comes
from a friend and it seems unusual or out of character for them, contact your friend directly to check
that it was really them that sent it.
Q1.15:
Baits are essential for a phishing attack to be successful. Baits are often presented in the form of email
messages and Websites that appear to be authoritative. Links contained in phishing messages are traps,
leading to Websites controlled by attackers. Discuss how to identify phishing messages and phishing
sites?

 A phishing attack is a fraudulent attempt to get sensitive information and steal user data such as
usernames, passwords, and/or credit card details. Basically, how it works, is an attacker will
create a fake email, website, log-in screen, text/instant message with the intent of duping you
into opening the message clicking a link and/or entering your personal information.
For example, an attacker might send out a fake email that looks to be from a legit source such as
a business, college, or social media site like Instagram, mentioning something about confirming
your password, credit card number, or other personal information. The link might then lead to a
fake, but realistic, looking web-page that may even mimic a legit web-page asking you to enter
your information. The link could also just open a malicious attachment that shoots a virus or
malware into your computer.

Q1.17:
Do you agree with the following rule of thumb when dealing with possible phishing emails: “If an email
comes from a company or individual I don’t recognize, I delete it. If it’s really important, they will call
me!” Justify your answer?

 The world is full of scammers and attackers who wants to gain access to your sensitive
information so that it can be used for their advantage. Yes if I don’t recognize the mail from a
company or an individual I will surely delete it because it might be a phishing attack. if the mail is
important to the individual or company they will reach out for me no matter what.

Q1.20:
“Port scans are very frequent on our network by outside and inside attackers,” a reader told us. “We
simply block repeat offenders.” Argue that this is a good solution. Can you think of a better approach to
counter port scans? Justify your answers?

 Yes blocking repeat offenders is a good solution but cybersecurity professionals can use the fact
that hackers usually probe networks for vulnerabilities using port scan attacks to set their
networks up to slow attackers down. By using firewalls to redirect open ports to “honeypots” or
empty hosts, you can turn a port scan that would take hackers just a few seconds in to a 7-hour
job. 

Q1.21:
Web servers are easy targets of DoS attacks. For example, attackers may bombard a Web server with a
large number of logins attempts in a short period of time, forcing the Web server to use up its
computing resources for checking passwords. Web servers may use a picture verification service as
follows: when receiving a login request, the Website opens a login page that will display, in addition to
the usual windows for entering user name and password, a few characters in different colors or shapes,
embedded in a small frame of colorful background and a window to enter these characters. To complete
the login procedure, the user must also type in these characters. If these characters are not entered
correctly, the Web server will not proceed to check the user name and password. This mechanism is
typically used to prevent automation of services the Website provides and level the playing field (e.g.,
Ticketmaster uses this service to prevent scalpers from using a program to purchase tickets).

Explain how automation of services could be used to launch DoS attacks, and why the picture-
verification mechanism may help stop DoS attacks?

 Given the criticality of the response time in DDoS Attack Prevention, shorter response time is
ensured by automation in comparison to traditional and manual attack prevention. The
response time with automation is 6 minutes on average as opposed to 35 minutes using
traditional methods!

 Based on historical data, signature, and behavior analysis, suspicious traffic is instantaneously
identified by the automated DDoS solution, even those missed by human experts.
 Automated defense systems can scale to monitor and effectively mitigate attacks.

 Automated solutions can access global threat data, IP blocklists, and DDoS weapon databases
in real-time and apply the same to intelligently block attacks.

Q1.22:
Reader of the first edition shared this experience with us: “I sometimes saw employees bringing in a
small personal switch and connecting it to the company LAN. Occasionally these switches would cause
broadcast storms that resulted in denial of service on the LAN. It was easy to find these switches using
tools such as wireshark and then remove them.” These are rogue switches. Explain how to use wireshark
to identify rogue switches?

 Wireshark is an open-source, free network packet analyzer, used to capture and analyze
network traffic in real-time. It's considered one of the most essential network security tools by
ethical hackers. In short, with Wireshark you can capture and view data traveling through your
network.

Chapter 2 QnA
Q2.2:
Let

IPkey(K) = 1101001110101100001011000111

0110101010100111100010011101,

Compute the DES subkey K1.

Q2.3:
Draw a block diagram of the DES encryption algorithm and a block diagram of the DES decryption
algorithm?

 DES encryption algorithm:

 DES decryption algorithm:

Q2.4:
Let M and K each be 64-bit binary strings, representing a plaintext message WHITEHAT and an
encryption key BLACKHAT. Each letter in the plaintext message is encoded using an 8-bit ASCII code by
adding a leading 0 to its 7-bit ASCII code. For example, the 7-bit ASCII code of letter W is 1010111 (see
Appendix A), and its 8-bit ASCII code is 01010111. Each letter in the encryption key is encoded using its
7-bit ASCII code, with an additional parity bit added at the end such that the total number of 1’s
(including the parity bit) is an even number. For example, the 7-bit ASCII code of letter B is 1000010 (see
Appendix A), and so B is encoded by 10000100. Carry out the first round of DES encryption. What is
L1R1?

Q2.8:

Chapter 3 QnA