Domain - 5

Chapter Five:

1. Attack Types DDos, Spoofing, Port scanning, Man in Middle, Logic Bomb, Spyware, Botnets
2. Message Integrity, authenticity & confidentiality
3. Public key Infrastructure – Hemang Doshi
4. Digital Signature, Digital Certificat, Symmetric Encription, SSL – Hemang Doshi
5. Anti-spam filtering method e.g rules, check-sum, Heuristic, Static.

Shahed Bhai:

6. Encryption type – elliptic curve, RSA

7. Corporate PKI function/ role -
8. Data security on transmission – IP Security tunnel..etc.
9. SSL – self signed/expired marits/ demarits & how SSL works
10. IDS IPS er kaj ki ?? – egulo koi thake..FW er pore na age?
11. Statistical based IDS ki?
12. Node authentication
13. Digital signature/ public key encryption – function and advantages scopes
14. Identity of a sender can be ensured by Digital Certificate
15. VOIP traffic security
16. Secure communication within small group – Web of Trust … (need to know Kerberos,
key distribution centre)
17. Honey pot
18. Anti-spam filtering method
19. Data gram protocol
20. Session border controller
21. Data loss prevention tool
22. Software as a model (SaaS)
23. Cyber security important (pharming, phising, ..
24. Evasdroping – encyptre data not able to read..but traffic analysis can read
25. Protocol security – vulnerability in protocol…so service need to be closed.
26. Various Firewall types – application/screened subnet / packet filtering/circuit level
27. Neural network advantages
28. Elliptical curve cryptography
29. Web security – java servlet
30. Reference Monitor Concept of OS
31. Data Diddling / inherent Risks
1. Attack Types DDos, Spoofing, Port scanning, Man in Middle, Logic Bomb, Spyware, Botnets,
eavesdropping, masquerading, Brute force attack,

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,

making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target
with traffic, or sending it information that triggers a crash.

A spoofing attack is when a malicious party impersonates another device or user on a

network in order to launch attacks against network hosts, steal data, spread malware or
bypass access controls.
• Scammers use spoofing to pose as a bank, business, or government agency in order
to trick people into giving up personal or financial information.
• There are several different types of spoofing attacks that malicious parties can use
to accomplish this. – ARP spoofing, DNS Spoofing & IP Address Spoofing

Sniffing
Sniffing means to illegally listen into another's conversation.

Is packet sniffing detectable?

If the system runs the sniffer, its interface will be in promiscuous mode. The test works like
this: Send a ping with the correct IP address into the network but with a wrong mac
address. ... the sniffing host does the sniffing with an interface that has TCP/IP enabled, and
thus is able to answer the ICMP packet.

A port scan attack

A port scan attack, therefore, occurs when an attacker sends packets to your machine,
which can vary the destination port. The attacker can use this to find out what services you
are running and to get a pretty good idea of the operating system you have.

• Deny Port Scan?? - Enable only the traffic you need to access internal hosts —
preferably as far as possible from the hosts you're trying to protect — and deny
everything else.

In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack

where the attacker secretly relays and possibly alters the communications between two
parties who believe that they are directly communicating with each other.

man-in-the-middle attack normally do spoofing to get inside and sniffing to listen .

Spoofing and Sniffing are types of cyber attacks. In simple words, Spoofing means to
pretend to be someone else. Sniffing means to illegally listen into another's conversation.

Logic Bomb - A logic bomb is a piece of code inserted into an operating system or software
application that implements a malicious function after a certain amount of time, or specific
conditions are met. Logic bombs are often used with viruses, worms, and trojan horses to
time them to do maximum damage before being noticed.
Spyware is unwanted software that infiltrates your computing device, stealing your internet
usage data and sensitive information. Spyware is classified as a type of malware —
malicious software designed to gain access to or damage your computer, often without your
knowledge.

A botnet is a collection of internet-connected devices infected by malware that allow

hackers to control them. Cyber criminals use botnets to instigate botnet attacks, which
include malicious activities such as credentials leaks, unauthorized access, data theft and
DDoS attacks

Eavesdropping - An eavesdropping attack, which are also known as a sniffing or snooping

attack.

Masquerading - A masquerade attack is an attack that uses a fake identity, which

means it is spoofing.??

“Spoofing is a specific type of cyber-attack in which someone attempts to use

a computer, device, or network to trick other computer networks
by masquerading as a legitimate entity.”

Brute force attack - A Brute Force Attack is the simplest method to gain access to a
site or server (or anything that is password protected). It tries various combinations
of usernames and passwords again and again until it gets in.

War-driving:
Wardriving is the practice of physically searching for unsecured wireless networks or
networks that can easily be compromised.

Wardriving is the act of searching for Wi-Fi networks from a moving vehicle. It involves
slowly driving around an area with the goal of locating Wi-Fi signals. This may be
accomplished by an individual or by two or more people, with one person driving and others
searching for wireless networks.

War-walking: same thing like wardriving. Here target is the mall, hotels, city streets, but
walking with device instead of driving a car.
2. Message Integrity
Message integrity means that a message has not been tampered with or altered. The most
common approach is to use a hash function that combines all the bytes in the message with
a secret key and produces a message digest that is difficult to reverse

Authenticity
Message authentication or data origin authentication is a property that a message has not
been modified while in transit (data integrity) and that the receiving party can verify the
source of the message.

Confidentiality
It means that the content of a message when transmitted across a network must remain
confidential, i.e. only the intended receiver and no one else should be able to read the
message.

Nonrepudiation is the assurance that someone cannot deny something. Typically,

nonrepudiation refers to the ability to ensure that a party to a contract or a communication
cannot deny the authenticity of their signature on a document or the sending of a message
that they originated. To repudiate means to deny.
3. Digital Signature, Digital Certificate, Symmetric Encription, SSL – Hemang Doshi
Question: Uporer dui khetrei tahole msg er hash na kore 1st receiver er public key diye
encrypt korte hobe -> then msg er hash korte hobe -> then sender er private key diye again
encrypt korte hobe.
Public Key Infrastructure

PKI (or Public Key Infrastructure) is the framework of encryption and cybersecurity
that protects communications between the server (your website) and the client (the
users). It works by using two different cryptographic keys: a public key and a private
key. ... This protects the user's information from theft or tampering.

Where is PKI being used?

In addition to email and access to network resources, PKI can also be used for corporate
databases, signatures of electronic documents and such forms protection as messaging
protect, protect mobile devices, USB protection, Windows Server Update Services, Active
Directory, etc.

Public Key Infrastructure (PKI) uses a combination of asymmetric and symmetric processes.
An initial “handshake” between communicating parties uses asymmetric encryption to
protect the secret key which is exchanged to enable symmetric encryption.
4. Anti-spam filtering method e.g rules, check-sum, Heuristic, Static.

5. IPS – Honeypot, Honey Net

What does honeypot mean in security?

A honeypot is a decoy computer system for trapping hackers or tracking unconventional or
new hacking methods. Honeypots are designed to purposely engage and deceive hackers
and identify malicious activities performed over the Internet.

Multiple honeypots can be set on a network to form a honeynet.

How honeypot Works:

A honeypot is a fake target that is deliberately placed on your PC or network to distract
hackers and keep them away from your confidential files. The attacker will then spend their
time trying to access this vulnerable PC rather than target the real devices on your network

6. IDS: How nural network used to detect intrusion.

 **Neural Network is something like statistical based IDS. But they can read and learn Pattern
and they are self-educated. So if the pattern is not readable or recognized, then it may not
be workable. [my thought]

Firewall:
7. Chain of custody of Data
Extra:

What is elliptic curve cryptography used for?

Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve
theory that can be used to create faster, smaller, and more efficient cryptographic keys. ... The
technology can be used in conjunction with most public key encryption methods, such as RSA, and
Diffie-Hellman.

RSA algorithm. ... RSA (Rivest–Shamir–Adleman) is an algorithm used by modern computers to

encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that
there are two different keys. This is also called public key cryptography, because one of the keys can
be given to anyone.

Data diddling is a type of cybercrime in which data is altered as it is entered into a computer system,
most often by a data entry clerk or a computer virus.

Example: Entering data incorrectly, deleting data, or changing data (data diddling).

Web security – java servlet - ???

Data Security on Transmission- IP Security Tunnel

(Remote user communication)

To secure communication with remote users, install a virtual private network (VPN), which encrypts
all the data sent between its users.

What is IP Sec tunnel?

IPsec is a framework of related protocols that secure communications at the network or packet
processing layer. It can be used to protect one or more data flows between peers. IPsec enables
data confidentiality, integrity, origin authentication and anti-replay

What is IP tunneling used for?

An IP tunnel is an Internet Protocol (IP) network communications channel between two networks. It
is used to transport another network protocol by encapsulation of its packets.

Identification of a sender can be ensured by Digital Certificate?

Digital certificate is issued by a trusted third party which proves sender's identity to the receiver
and receiver's identity to the sender.
SSL – self signed/expired marits/ demarits & how SSL works

What is the advantage of SSL certificate?

Benefits of Securing Website with SSL Certificate. SSL stands for Secure Socket Layers and is a public
key infrastructure that uses the RSA method of encryption and authentication via security
certificates. It helps to establish a secure connection between the client and the server through the
secure protocol HTTPS.

What is the risk of self-signed certificates?

Risk of Using Self-Signed on Public Sites

The security warnings associated with self-signed SSL Certificates drive away potential clients for
fear that the website does not secure their credentials. Both brand reputation and customer trust
are damaged.

What's the problem with using self-signed SSL certificates?

The biggest problem with a self-signed certificate, is a man-in-the-middle attack. Even if you are
100% sure that you are on the correct website and you completely trust the site (your email server
for example), you could have someone intercept the connection and present you with their own
self-signed certificate.

Self-Signed SSL Certificates aren't a viable security solution for data ... The online
security of customers should be one of the main priorities.

VOIP traffic security

two major security weaknesses are tied specifically to VoIP.

- The first is that of phone service disruption. Yep, VoIP is susceptible to denial of service just
like any other system or application.
- VoIP is as vulnerable as the most timing-sensitive applications out there.

Reference Monitor Concept of OS

What is the role of reference monitor?

Reference monitor. In operating systems architecture, a reference monitor is a secure, always-used

and fully-testable module that controls all software access to data objects or devices. The reference
monitor verifies the nature of the request against a table of allowable access types for each process
on the system.
Anti-spam filtering method

Data gram protocol

What is UDP used for?

UDP (User Datagram Protocol) is an alternative communications protocol to Transmission
Control Protocol (TCP) used primarily for establishing low-latency and loss-tolerating
connections between applications on the internet

Session border controller

What is the function of session border controller?

A Session Border Controller (SBC) is a network function which secures voice over IP (VoIP)
infrastructures while providing interworking between incompatible signaling messages and
media flows (sessions) from end devices or application servers.

Data loss prevention tool

What is a data loss prevention policy?

A data loss prevention policy defines how organizations can share and protect data. It guides
how data can be used in decision making without it being exposed to anyone who should
not have access to it. Data loss prevention is broadly defined as technology or processes
that: Identifies confidential data.

What are data loss prevention tools?

Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data
is not lost, misused, or accessed by unauthorized users. ... DLP also provides reporting to
meet compliance and auditing requirements and identify areas of weakness and
anomalies for forensics and incident response.

Cyber security important (pharming, phising, ..)

Pharming is a cyber attack intended to redirect a website's traffic to another, fake site.
Pharming can be conducted either by changing the hosts file on a victim's computer or by
exploitation of a vulnerability in DNS server software.

Pharming is also known as “phishing without a lure”.

Eavesdropping – encrypted data not able to read, but it can read traffic analysis.

Protocol security – any vulnerability in protocol is found, so service need to be

closed/stopped.
Access Control

What is fine grained access control?

With Fine-Grained Access Control, each data item has its own access control policy. This type of
access control is typically used in cloud computing, where often a large quantity of data types and
data sources may be stored together but each data item must be accessed based on different
criteria.

What does Network Access Control do?

Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint
security technology (such as antivirus, host intrusion prevention, and vulnerability assessment),
user or system authentication and network security enforcement.

How does challenge response authentication work?

Challenge-response authentication uses a cryptographic protocol that allows to prove that the user
knows the password without revealing the password itself. ... It then computes the response by
applying a cryptographic hash function to the server challenge combined with the user's password.
What is the purpose of a challenge response mechanism?

Challenge-response authentication is a type of authentication method used to prove the identity of a

user or other entity requesting access to a computer, network or other network resource.