1. What is brute force attack?
- A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
- In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
- Brute force attacks may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network security. An attack of this nature can be time- and resource-consuming.
- An example of a type of brute force attack is known as a dictionary attack, which might try all the words in a dictionary.
Brute force explanation with example
We have 3 wheels to turn, each wheel has values from 0-9.
Therefore the smallest number is 000 and the largest number is 999, so there are 1000 possible combinations to unlock this lock.
An attacker with a brute force approach will try to manually try out all the possible combinations to unlock this lock.
# One disadvantage of this method is that it is really slow, to solve this we can use a dictionary attack.
A dictionary attack will try out all the combinations in a list, rather than trying out all possible combinations. Consider my Password is 1234, this is one of the most common passwords found and I am having a list with the top 1000 common passwords, so my password can be hacked in seconds.
2. Discuss different types of attacks that can occur in an organization.
An
attack is a deliberate act or action that takes advantage of a
vulnerability to compromise a controlled system. It is accomplished by a
threat agent that damages or steals an organization's information or
physical asset.
Types of Attacks
- Attacks on confidentiality, integrity, availability.
- Brute force attack: A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
- Timing Attack: A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by studying how long it takes the system to respond to different inputs.
- Sniffers: Sniffing is a process of monitoring and capturing all data packets passing through a given network.
- Denial of Service - It prevents the normal use of communication facilities. This attack may have a specific target.
3. Describe discretionary policies for Biba model.
The
Biba model is a hierarchical security model designed to protect system
assets (or objects) from unauthorized modification, which is designed to
protect system integrity. In this model, subjects(users) and
objects are associated with ordinal integrity levels where subjects can
modify objects only at a level equal to or below its own integrity
level.
Discretionary policies
1. Access Control Lists:
it used to determine which subjects can access which objects. The
access control list can then be modified by the subjects with the
correct privileges.
2. Object Hierarchy:
integrity can be enforced by using an object’s hierarchy. With this
method, there is root and objects that are ancestors to the root. To
access a particular object, the subject must have the observe privileges
to those objects and all the other ancestor objects all the way up to
the root.
3. Ring: it numbers the rings
in the system with the lower number being a higher privilege. The
access modes of the subject must fall within a certain range of values
to be permitted to access an object.
4. What is phishing? Give an example.
- Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details.
- it is carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
- Phishing is an example of social engineering techniques used to deceive users.
Types of Phishing
- Mass Phishing (Deceptive Phishing) – Mass, large-volume attack intended to reach as many people as possible
- Spear Phishing – Targeted attack directed at specific individuals or companies using gathered information to personalize the message and make the scam more difficult to detect
- Whaling (CEO Fraud) – Type of spear phishing attack that targets “big fish,” including high-profile individuals or those with a great deal of authority or access
- Clone Phishing(pharming) – Spoofed copy of a legitimate and previously delivered email, with original attachments or hyperlinks replaced with malicious versions, which is sent from a forged email address. so it appears to come from the original sender or another legitimate source
- Advance-Fee Scam- Requests the target to send money or bank account information to the cyber-criminal
Example of phishing
An
email or message asking to go to a certain hyperlink, and to enter a
person's credentials or sensitive information is an example of phishing.
The website will look like an authentic website but the URL will be
different.
5. Differentiate between polymorphic and metamorphic worm.
Polymorphic worms and metamorphic worms are used synonymously but they vary due to their respective unique engines.
A metamorphic worm
is a worm that can reprogram itself. With each infection, it rewrites
its code, making it appear different, but the main functionality of the
worm doesn’t change. This change of code is done using a metamorphic
engine. This ability to morph itself makes detecting these worms
harder.
A polymorphic worm can transform a
program into a version consisting of different code but having the same functionality.
Encryption is generally employed here; encrypting the payload with different keys can
generate many worm variations. A decryption module has to be prepended before the
payload.
6. How do you reduce the impact of XSS vulnerabilities?
Cross-site
scripting (XSS) is a code injection security attack targeting web
applications. we can reduce the impact of XSS vulnerabilities by,
• If Cookies Are Used:
▫ Scope as strict as possible
▫ Set ‘secure’ flag
▫ Set ‘HttpOnly’ flag
On the client, consider disabling JavaScript (if possible) or use something like
the No Script Firefox extension.
Filtering for XSS
The
easiest form of cross-site scripting vulnerability elimination would be
to pass all external data through a filter. Such a filter would remove
dangerous keywords, for example, the infamous <script> tag,
JavaScript commands, CSS styles, and other dangerous HTML markups (such
as those that contain event handlers.
Escaping from XSS
Escaping
is the primary means to avoid cross-site scripting attacks. When
escaping, you are effectively telling the web browser that the data you
are sending should be treated as data and should not be interpreted in
any other way. If an attacker manages to put a malicious script on your
page, the victim will not be affected because the browser will not
execute the script if it is properly escaped. In HTML, you can escape
dangerous characters by using HTML entities, for example, the &#
sequence followed by its character code.
7. Describe frame spoofing with a neat diagram.
Frame Spoofing
Premature Termination of connections
➢ A number of management frames used in 802.11 wireless LANs such as the Beacon, Association and Authentication frames.
➢ A station needs to authenticate and then associate with an Access Point (AP) before they can exchange data frames with each other.
➢ Each party can, at any point in time, terminate the connection by transmitting a Deauthentication frames.
➢ The recipient of a management frame relies on the sender address field in the frame to identify the originator of the message.
However, an attacker can spoof the sender address in the frame. For example, he can fabricate a de-authentication frame with
Sender Address = Sataion_27
Receiver Address = AP
➢ The address used are 48-bit MAC address. When the AP receives the above frame, it thinks that Station_27 wishes to terminate the existing connection to itself. The AP sets the state of the connection between itself and Station_27 to be “Unauthenticated and Unassociated”
➢ Station_27 would have to go through the time-consuming process of re-associating itself to the AP if it wished to resume the communication. The attacker could repeatedly transmit such Deauthentication frames to the AP thus effectively slowing down or even preventing communication between Station_27 and AP.
8. Describe the security enhancements present in UMTS.
The
Universal Mobile Telecommunications System (UMTS), based on the GSM
standards, is a mobile cellular system of the third generation that is
maintained by 3GPP (3rd Generation Partnership Project).
- Mutual Authentication: provides enhanced protection against false base station attacks by allowing the mobile to authenticate the network.
- Data Integrity: provides enhanced protection against false base station attacks by allowing the mobile to check the authenticity of certain signalling messages.
- Network to Network Security: Secure communication between serving networks.
- Flexibility: Security features can be extended and enhanced as required by new threats and services.
- Longer key length: Key length is 128 as against 64 bits in GSM.
- Wider security scope: Security is based within the RNC rather than the base station.
9. What is SOAP binding? Explain with the help of an HTTP message.
- SOAP (Simple Object Access Protocol) bindings are mechanisms which allow SOAP messages to be effectively exchanged using a transport protocol.
- Most SOAP implementations provide bindings for common transport protocols, such as HTTP or SMTP.
- HTTP is synchronous and widely used. A SOAP HTTP request specifies at least two HTTP headers: Content-Type and Content-Length.
Example:
Example code
<binding name="Hello_Binding" type="tns:Hello_PortType">
<soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/ >
<operation name="sayHello">
<soap:operation soapAction="sayHello"/>
<input>...
10. List the security threats in RFID based identification and tracking systems.
- Man-in-the-Middle Attack: A man-in-the-middle attack happens during the transmission of a signal. The hacker listens for communication between a tag and reader and then intercepts and manipulates the information. The hacker diverts the original signal and then sends false data while pretending to be a normal component in the RFID system.
- Denial of Service: A Denial of Service attack is the broad concept of an RFID system failure that is associated with an attack. These attacks are usually physical attacks like jamming the system with noise interference, blocking radio signals, or even removing or disabling RFID tags.
- Power Analysis: Power analysis attacks can be mounted on RFID systems by monitoring the power consumption levels of RFID tags.
- Eavesdropping: Eavesdropping, like it sounds, occurs when an unauthorized RFID reader listens to conversations between a tag and reader then obtains important data.
11 a) What is role based access control. Illustrate with suitable example the concept of role inheritance.
- Role-based access control (RBAC) is an approach to restricting system access to authorized users.
- It s a policy-neutral access-control mechanism defined around roles and privileges.
- RBAC can be used to facilitate administration of security in large organizations with hundreds of users and thousands of permissions.
- The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments.
Example:
An
organization assigns a role-based access control role to every
employee; the role determines which permissions the system grants to the
user, like you can designate whether a user is an administrator, a
specialist, or an end-user, and limit access to specific resources or
tasks.
b) Differentiate between Discretionary and Role based access control.
Discretionary Access Control (DAC)
- The owner of a protected system or resource sets policies defining who can access it.
- DAC can involve physical or digital measures, and is less restrictive than other access control systems, as it offers individuals complete control over the resources they own.
- It is less secure because associated programs inherit security settings and allow malware to exploit them without the knowledge of the end-user.
- You can use RBAC to implement DAC.
Role-based access control (RBAC)
- Is a mechanism that restricts system access.
- It involves setting permissions and privileges to enable access to authorized users.
- Most large organizations use role-based access control to provide their employees with varying levels of access based on their roles and responsibilities.
- This protects sensitive data and ensures employees can only access information and perform actions they need to do their jobs.
c) Briefly discuss Mandatory access control implemented in a typical secure operating System.
- MAC is considered the most secure of all access control models.
- In MAC, central authority regulates access rights based on multiple levels of security.
- Only users or devices with the required information security clearance can access protected resources.
- Access rules are manually defined by system administrators and strictly enforced by the operating system or security kernel.
- Organizations with varying levels of data classification, like government and military institutions, typically use MAC to classify all end users.
- You can use role-based access control to implement MAC.
12 a) Demonstrate Chinese wall security model with neat diagram.
The
Chinese Wall model is a security model that concentrates on
confidentiality and finds itself application in the commercial world.
The model bases itself on the principles defined in the Clark Wilson
security model.The Chinese Wall model was introduced by Brewer and Nash
in 1989.According to the model, subjects are only granted access to data
that is not in conflict with other data they possess.
b) Classify each of the following as a violation of confidentiality, integrity, availability or some combination thereof. Also, justify your answer.
i. John copies Mary's homework.
Confidentiality- Copyng the data s violation of confidentiality.
ii. Pau[ clashes Linda's system
Availability- Ths crashing causes unavailability of the system to Linda.
iii. Carol changes the amount of Angelo's check from 100 to 1000
Integrity- The data on the check got changed which data integrity violation.
iv. Gina forges Roger's signature on a deed.
Integrity- Violation of Integrity by unauthorized signature.
13 a) Interpret about the star property in Bell -LaPadula model.
b) Write Windows access control algorithm.
14 a) How Buffer OverFlow (BOF) vulnerability makes software insecure. Explain different ways in which BOF exploitations occur.
- A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer ( Buffers are areas of memory set aside to hold data) than the buffer can handle.
- The extra information, which has to go somewhere, can overflow into adjacent memory space, corrupting or overwriting the data held in that space.
- This overflow usually results in a system crash, but it also creates the opportunity for an attacker to run arbitrary code or manipulate the coding errors to prompt malicious actions.
The techniques to exploit a buffer overflow vulnerability vary by architecture, by the operating system and by memory region.
- Stack-based exploitation
- Heap-based exploitation: A buffer overflow occurring in the heap data area is referred to as a heap overflow.
- Barriers to exploitation: Manipulation of the buffer, which occurs before it is read or executed, may lead to the failure of an exploitation attempt. These manipulations can mitigate the threat of exploitation, but may not make it impossible.
b) Explain XSS vulnerabilities.
- Cross-site scripting (XSS) is a type of security vulnerability, typically found in web applications.
- XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
- A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
- XSS effects vary in range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site.
- Cross-site scripting attacks use known vulnerabilities in web-based applications, their servers, or the plug-in systems on which they rely.
- Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site.
15 a) Describe Kermack-McKendrick Model of worm propagation.
Kermack-McKendrick Model
The model consists of three compartments:
- The number of susceptible (S)
- The number of infectious (I)
- The number of recovered individuals (R)
The model consists of a system of three coupled nonlinear ordinary differential equations,
where,
# N - the total population
# t - time
# S(t) - the number of susceptible people
# I(t) - the number of people infected
# R(t) - the number of people who have recovered and developed immunity to the infection
# beta is the infection rate
# gamma is the recovery rate
b) Explain any two categories of topological worms.
Email-Worm
- An Email-Worm (also known as a mass-mailer or less commonly, an Internet worm) is a type of worm that distributes copies of itself in infectious executable files attached to fake email messages.
- Email-Worm typically arrives as executable files attached to fake email messages.
P2P Worms
- P2P Worms spread via peer-to-peer file-sharing networks (such as Kazaa, EDonkey, FastTrack, etc.).
- Most of these worms work in a relatively simple way, to get onto a P2P network, all the worm has to do is, copy itself to the file-sharing directory, which is usually on a local machine.
- The P2P network does the rest, when a file search is conducted, it informs remote users of the file and provides services making it possible to download the file from the infected computer.
16 a) Explain how can you detect and prevent SQL Injection vulnerabilities.
SQL Injection (SQLi) is a type of injection attack that makes it possible to execute malicious SQL statements.
- The only efficient way to detect SQL Injections is by using a vulnerability scanner, often called a DAST tool (dynamic application security testing).
- Input validation - The validation process is aimed at verifying whether or not the type of input submitted by a user is allowed. Input validation makes sure it is the accepted type, length, format, etc. Only the value which passes the validation can be processed.
- Parametrized queries - Parameterized queries are a means of pre-compiling a SQL statement so that you can then supply the parameters in order for the statement to be executed. This method makes it possible for the database to recognize the code and distinguish it from input data.
- Escaping - Always use character-escaping functions for user-supplied input provided by each database management system (DBMS). This is done to make sure the DBMS never confuses it with the SQL statement provided by the developer.
b) Name any worm that exploited buffer overflow vulnerability. Explain its characteristics.
Code
Red was a computer worm that exploited buffer overflow vulnerability.
It did this by using a long string of the repeated letter 'N' to
overflow a buffer, allowing the worm to execute arbitrary code and
infect the machine with the worm.
Characteristics
- It often uses a computer network to spread itself, relying on security failures on the target computer to access it.
- It will use this machine as a host to scan and infect other computers.
- Computer worms use a recursive method to copy themselves without host programs and distribute themselves and then controlling and infecting more and more computers in a short time.
- Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
17 a) Explain link level security provided by Bluetooth.
- In link-level security, a device starts security procedures before any physical link is established.
- In this mode, authentication and encryption are used for all connections to and from the device.
- The authentication and encryption processes use a separate secret link key that is shared by paired devices, once the pairing has been established.
- The link key is generated for the first time when two devices communicate.
- Two devices communicating for the first time will go through an initialization phase, they will be “associated” at that point.
- The link key generation begins when the user enters identical PINs into both devices, which the devices use to generate their secret link keys.
- One of Bluetooth's security strengths is that in subsequent communications between devices, the link key is never transmitted outside of the device.
- The link key is simply used in cryptographic algorithms to generate matching sequences.
b) Describe entity authentication and key agreement in GSM Networks.
18 a) How security is implemented in online credit card payment systems?
b) What are the main concerns involved in online credit card payment systems?
19 a) Explain MAC generation and encryption in CCMP.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
b) Explain any two technologies for web services.
XML
- XML is a markup language. With a markup language, we can structure a document using tags, using XML, we can customize the tags also.
- Each bit of information in a document is defined by tags without the overload of formatting present in HTML.
- This type of representation is suitable for application-to-application communication.
- Another feature of XML is that the vocabulary can be extended. Vocabulary refers to the types of tags used to structure a document in XML.
- XML supports multichannel portal applications
SOAP
- The Simple Object Access Protocol is a standard protocol that provides a definition for XML-based information exchange by means of XML messages.
- SOAP provides a paradigm for allowing different programs, running in different or the same operative system to communicate with each other using a transport protocol (mainly HTTP) and XML based structures.
- SOAP is a lightweight protocol that provides a message exchange pattern for structured information in a decentralized, distributed environment; it defines an extensible messaging framework based on XML to provide a message construct (SOAP messages) which can be exchanged over different underlying protocols. This framework is independent of any programming model and other implementation semantics.
SOAP Message Structure
The following block depicts the general structure of a SOAP message −
<?xml version = "1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV = "http://www.w3.org/2001/12/soap-
envelope"
SOAP-ENV:encodingStyle = "http://www.w3.org/2001/12/soap-encoding">
<SOAP-ENV:Header>
...
...
</SOAP-ENV:Header>
<SOAP-ENV:Body>
...
...
<SOAP-ENV:Fault>
...
...
</SOAP-ENV:Fault>
...
</SOAP-ENV:Body>
</SOAP_ENV:Envelope>
