Information Security Important Unit 1&2

Information Security ETCS401 2023 


Q State the difference between vulnerability and exposure.

Vulnerability: Weakness or flaw in a system, process, or application that can be exploited by an attacker to compromise the confidentiality, integrity, or availability of information or systems.

Exposure: State of being accessible to potential attackers or threats, refers to the situation where a system or asset can be accessed, viewed, or modified by unauthorized parties.

Therefore, vulnerability is a weakness that can be exploited by an attacker, while exposure refers to the state of being accessible to potential attackers or threats.



Q A social engineer gains access to your colleague's username and password through a phishing attack. Which security property has been compromised and why?

Security Property Compromised: Confidentiality

Reason: The compromise of confidentiality has occurred as the social engineer has gained access to the colleague's username and password through a phishing attack, and can potentially access sensitive data or systems that the colleague has access to. This has resulted in the unauthorized disclosure of sensitive information to an unauthorized party, violating the confidentiality property of information security.




Q. An organization stores its offline backup media in the same secured zone as the server.. What risk is the organization running and why?

The organization is running the risk of losing its backup data in case of a security breach or disaster. Storing offline backup media in the same secured zone as the server makes it susceptible to the same risks that the server is exposed to, such as theft, natural disasters, or cyber attacks. In the event of a security breach or disaster, both the server and the backup data can be lost, resulting in the loss of critical business data.




Q. Explain the difference between a polymorphic virus and a metamorphic virus.

Polymorphic viruses are viruses that can change their code or signature to evade detection by antivirus software. They achieve this by using encryption and other techniques to modify their code every time they replicate themselves. On the other hand, metamorphic viruses can completely rewrite their code to avoid detection by antivirus software. They use advanced techniques such as code obfuscation, code transformation, and virtualization to transform their code and prevent detection.



Q. Do you think "Indian Evidence Act" is adequate to handle digital evidence? Explain.

The Indian Evidence Act was enacted in 1872, long before the advent of digital evidence. While the act has been amended over the years, it may not be entirely adequate to handle digital evidence. Digital evidence presents unique challenges such as authenticity, integrity, and admissibility, which may require different approaches and procedures compared to traditional evidence. There is a need for specialized rules and regulations to handle digital evidence, and the Indian legal system is yet to develop a comprehensive framework to deal with this.



Q. Describe how a man-in-the-middle attack may be performed on a Wi-Fi network and the consequences of such an attack.

In a man-in-the-middle (MITM) attack on a Wi-Fi network, an attacker intercepts the communication between two parties and relays the messages between them. The attacker can capture sensitive data such as login credentials, credit card details, or other sensitive information. The attacker can also modify or inject malicious data into the communication, leading to further exploitation or unauthorized access to the network. The consequences of such an attack can be severe, including financial losses, identity theft, and reputational damage. To prevent such attacks, it is important to use secure Wi-Fi protocols such as WPA2 and to use VPNs when accessing sensitive information over public Wi-Fi networks


Q. Consider an ecommerce website that includes the notion of a shopping cart." Customers visiting the site put items in their shopping cart and click on Checkout to pay for the items. Suppose that every time a user clicks on add-to-cart, the server sends all of the associated details (item name, price, quantity) in its reply, incorporating them into a hidden HTML. form field. When the user finally clicks on Checkout. all of the previously bought items are sent to the server. The server then joins them together into a list and presents the user with the corresponding total amount for payment. Is this design vulnerable to the DoS attack you sketched above? Explain why or why not.

The design described is vulnerable to a type of DoS attack known as a "slowloris" attack. In this type of attack, an attacker establishes a large number of connections to the server but sends data very slowly or not at all, essentially tying up server resources and preventing legitimate users from accessing the server.

In the case of the ecommerce website, an attacker could potentially add a large number of items to their shopping cart, one at a time, and then not complete the checkout process. Since the server is sending all of the details associated with each item in its reply, this could tie up server resources and make it difficult or impossible for other users to access the website.

Therefore, this design is vulnerable to a DoS attack and measures should be taken to prevent such attacks, such as limiting the number of connections per IP address or implementing server-side rate limiting.



Q. In the context of access control, what is the difference between a subject and an object?

A: In access control, a subject is an active entity that is attempting to access a resource, while an object is a passive entity that is being accessed. Subjects are typically users, processes, or devices that request access to objects, which are typically files, directories, or other system resources. Access control mechanisms determine whether the subject has the necessary privileges to access the object.


Q. What do you understand by the authentication security in mobile devices? Explain the Push and Pull attack.

A: Authentication security in mobile devices is a mechanism to verify the identity of the user and prevent unauthorized access. The Push attack is a type of authentication attack in which an attacker sends a fake message to a user's device that appears to come from a legitimate source, asking for the user's authentication credentials. The user unknowingly enters their credentials, allowing the attacker to gain access to the device. The Pull attack is another type of authentication attack in which an attacker intercepts a legitimate message containing the user's authentication credentials, such as a one-time password, and uses the intercepted credentials to gain access to the user's device.



Q. What are the different types of digital analysis that can be done over the captured forensic evidence?

A: Digital analysis techniques are used to analyze the digital evidence that has been captured in a forensic investigation. There are several types of digital analysis that can be performed, including:

File system analysis - examining file systems and data structures to identify files and other artifacts that may be relevant to the investigation.
Network analysis - analyzing network traffic to identify communication patterns and potential security breaches.
Memory analysis - analyzing the contents of a system's memory to identify running processes, open files, and other relevant information.
Malware analysis - analyzing malware to determine its behavior and potential impact on a system.
Email analysis - analyzing email messages to identify sender and recipient information, as well as any attachments or embedded files.



Q. Describe the three main concerns with the use of passwords for authentication. Explain what is meant by a social engineering attack on a password.

A: The three main concerns with the use of passwords for authentication are:

Weak passwords - passwords that are easy to guess or crack.
Password reuse - using the same password across multiple accounts.
Password sharing - sharing passwords with others, intentionally or unintentionally.

A social engineering attack on a password involves tricking a user into revealing their password through psychological manipulation. This can take many forms, such as impersonating an authority figure, creating a sense of urgency or panic, or exploiting a user's trust. Social engineering attacks are often successful because they rely on human psychology rather than technical vulnerabilities.


Q. Describe packet sniffing and packet spoofing attacks.

A: Packet sniffing is a technique used to capture network traffic and analyze it to extract information such as usernames, passwords, and other sensitive data. It involves intercepting network packets and examining their contents. Packet sniffing can be done using specialized tools or software that allows an attacker to monitor network traffic.

Packet spoofing is a technique used to inject fake network packets into a network in order to impersonate a legitimate user or device. Spoofed packets can be used to carry out various attacks, such as denial of service (DoS) attacks, man-in-the-middle attacks, or session hijacking. Spoofed packets can be created using specialized software or by modifying existing packets.




Comments

Post a Comment

Popular posts from this blog

Wireless Communication MID TERM 2022

Image
 Note : questions may repeat from mid term examination so be prepared list various design issues for wireless network Wireless networks can have a number of design issues, including: Interference: Interference from other wireless networks and electronic devices can negatively impact the performance of a wireless network. Range: The range of a wireless network is limited and can be impacted by obstacles such as walls and furniture. Bandwidth: Wireless networks must share bandwidth with other devices on the same frequency, which can lead to congestion and slow speeds. Security: Wireless networks are inherently less secure than wired networks, as wireless signals can be intercepted more easily. Power Management: Wireless devices rely on batteries and need to be designed with power management in mind to conserve energy and extend battery life. Roaming: Roaming from one access point to another can cause connection issues and interruptions in network coverage. Handoff: The process...
Read more

Wireless Communication Important Notes

Image
  NOTE : Click on the image to see clear ! (Get Set Study) Wireless Communication Q. Evolution of mobile radio communication?                                    Q. FDMA, TDMA, CDMA Call Hand off Process Fading and its types GSM Architecture                               Communcation System Advatanges
Read more

Mobile Computing | Unit 3 & 4

Image
 GGSIPU | B.TECH | 8th Semester | Mobile Computing | Unit 3 & 4 Unit 3 a) Discuss Mobile IP. What are modifications in TCP for Mobile environment? Mobile IP is a protocol that allows mobile devices to maintain connectivity while moving across different networks. It enables seamless mobility by assigning a unique IP address to the mobile device, which remains constant regardless of its location within the network. Mobile IP consists of three main entities: the mobile node (MN), the home agent (HA), and the foreign agent (FA). The MN is the mobile device itself, while the HA and FA are network entities responsible for managing the movement of the MN. The HA acts as the anchor point for the MN and is responsible for maintaining its permanent IP address, known as the home address. Whenever the MN moves to a foreign network, it registers its temporary care-of address with the FA in that network. The FA then forwards packets destined for the MN to its current care-of address. Now,...
Read more