Describe about Information Security, Social Engineering and Problems occur with social engineering?
Security is mainly concerned about the fact whom to trust. It is important to know about when to keep trust and to ignore. It often happens that someone told his personal information to someone else while communicating, though keeping trust on the websites or social media is not safe due to the intruders, who hack the website form the middle of the conversation or some time it may happen that the device is being used for the communication is not legitimate.
Generally the user with less knowledge of online scams and also the users, who newly stepped into the social sites, may face the problem caused by the hackers, intruders. Users, who have the less knowledge about the security tools, which are most applicable for their device even can easily keep their faith over the online friends and the online media to reach friends and family can become the victim of the social engineering.
Information security is nothing but the method of securing data, giving protection to data’s confidentiality, availability and the integrity of information. There are few key information security concepts which are involved in the process of securing data, Such as-
Access: Access ca referred as a object’s capacity to use, modify, manipulate or can affect another object. A legitimate user can have the authorized access to the system, where the illegal user do not have authorized access to the system and its data.
Assets: Assets can be referred as the resources that have gained the focus to get protection. Assets can be the physical devices in use or the information about the websites, it can be the person with expertise and it may be the computer system or other physical object.
Attack: Attack can be referred as the intentional or unintentional act of damaging physical system or the confidential data.
Exploit: This technique is use to take advantage of a system. The threat agents may cause the unethical access of the data for their personal gain.
Exposure: It is a condition of the system or the system component, when the system is vulnerable enough to welcome the hacker.
Loss: A single event of damage caused by the unauthorized discloser or the modification.
Security profile: The total set of security measures and the control including awareness, training, policy and technology that need to be implemented in order to give protection.
Threat: Threat can be the person, object, or those entities that can cause danger to the assets.
Threat agent: Threat agent can be identified as the component of threat. E.g. a hacker is a threat agent (Axelrod, Bayuk and Schutzer, 2009).
Vulnerability: Vulnerability can be referred as the weakness in system.
Social Engineering is a attractive method to manipulate people, so that they can give their confidential data, such as, their user name, password, bank details. The information types, which are mainly concern of these kinds of hackers, can vary. When an individual is targeted, the criminals usually try to tick a person to access his computer secretly by motivating him to download some malicious software into their system. All these information give privilege to the hackers to access personal data as well as control over victim’s computer.
Criminals keep using tactics on social engineering, as it is easiest one to exploit someone’s natural tendency to trust then it makes the way to hack the software or the whole system (Katsikas and Gritzalis, 2006).
Security is mainly concerned about the fact whom to trust. It is important to know about when to keep trust and to ignore. It often happens that someone told his personal information to someone else while communicating, though keeping trust on the websites or social media is not safe due to the intruders, who hack the website form the middle of the conversation or some time it may happen that the device is being used for the communication is not legitimate.
As a common social engineering attack it may appear as message or as a mail form a legitimate user, where a criminal manages to socially engineer one person’s email id and password and have access to his personal contact list in mailing account. In this the hackers have control over the email account and send messages to all of his friend’s social pages (Cheswick and Bellovin, 1994).
When a hacker does social engineering and sends message to other person’s account, then that person may be asked for some verification by clicking on the link. After clicking on the link, it may ask for the personal information. The link location may seem very legitimate with the contents, logo. Some time all content the link is containing may be copied from some legitimate site, so it also looks legitimate. If someone trusts this link, they are asked to provide information (Zelkowitz, 2004).
While phishing is concerned, there are several types of phishing, such as-
Baiting: Baiting happens when an attacker intentionally leaves his physical device totally malware-affected at such a place, where it sure to be found. When finder picks up that device and loads these devices onto his computer, the user keep installing the malware in absence of its awareness.
Phishing: Phishing take place when a malicious third party sends a fraudulent message or mail cloaked as a legitimate message or email. It often act as a coming from trusted source. This message is intended to trap the recipient to install the malware on his system or device or ask some financial information (Katsikas and Gritzalis, 2006).
Pretexting: Pretexting takes place, when one party gives false information about them to another party in order to take the original information about the recipient.
Quid pro quo: A quid pro quo happens when attacker ask for the personal information in exchange of credentials. For example, attackers may ask for the exchange of credentials with some attractive gifts.
Spam: Spam is generally an unwanted junk message or mail.
Spear Phishing: In this method of phishing, a modified approach is used for an organization or individual. In these kinds of cases attacker tries to revel personal information to a specific organization, so that they can obtain the trade secrets or the financial data (Kirkby, 2001).
Tailgating: When an unauthorized party keeps following another legitimate party into an secured and verified location, usually for stealing the confidential information and the valuable property.
Those people who take bait may become the victim with wicked software that is able to generate numbers of exploits against their contact and their personal information. It may cause to lose money without receiving the purchased items (Lai, 2012).
It sometime happens that there are such proposals online to fasten the speed of the operating or to fix the bugs of the operating system for free. The moment someone gives response to these trap, become victim of exploitation.
There are several of social engineering attacks. In a single attack may hacker can give someone experience of exploits in multiple forms. Then the criminal sell the information to others, so that other person can use the information to exploit that person, even friends and friends’ of friends of that person can be affected to (Merkow and Breithaupt, 2000).
To be aware of these attacks, an online user may flow some basic advices, to not to become victim of these kinds of attacks (Oriyano, 2013).
Generally the user with less knowledge of online scams and also the users, who newly stepped into the social sites, may face the problem caused by the hackers, intruders. Users, who have the less knowledge about the security tools, which are most applicable for their device even can easily keep their faith over the online friends and the online media to reach friends and family can become the victim of the social engineering (Peltier, Peltier and Blackley, 2005).
Attackers are increasing these days along with their increasing threats of social engineering, which is going beyond the targeted employees and trying to trap the employees to give up their information (Vacca, 2007).
Cryptography system has much significance with predetermined functionality. Cryptography is mainly use to convert the plain text into cipher text (Phoha, 2002). Different stages of cryptography system is-
Sender sends data as plain text, which is readable and can be modified by the sender, receiver and everyone else. When data passes through the encryption algorithm, there will be an application of encryption key. At the sender end, sender’s public key and receiver’s private will be used to encrypt the data. After this process the data become cipher text. When the cipher text arrives to the intended user, the receiver uses sender’s public key to decrypt the text. Sender’s public key will be known to everyone (Preetham, 2002).
Numbers of cryptographic standards are there. There are standard protocols and algorithm to build popular application, which attracts a huge amount of cryptanalysis.
Wi-Fi protected Access, which known as WAP and better than WEP. It is a pre-standard and partial version of 802.11i.
MD5 standard: MD5 is method of encryption, where the plain text is converted in cipher text. The security of MD5 hash function is compromised severely. MD5 algorithm takes message as input. Messages are of different length (as per requirement) and generate an output of 128 bit “messages digest” or “finger print” of the input (Reddy and Padmavathamma, 2007).
The intention behind the application of this security algorithm is to compress a large file in a secure manner before the encryption with a private key under a public key cryptosystem (PGP).
A DNS amplification attack is the popular form of DDoS (Distributed Denial of Service) attack. In this case attackers use open DNS servers, which is publicly accessible by the attackers to flood a under fire system with DNS response traffic. The primary method in this attack is to send an open DNS server a lot of DNS lookup request. Where server gives IP address to the client assuming it a legitimate user but in the middle way, the fraud one get all the response and the legitimate one keeps starving for its turn. Lastly the DNS pool is empty enough to give response to the requests (Shim et al., 2000).
The attacking method is closely related to open recursive resolvers, but it seems to be more difficult to mitigate. In this it is the reason why delay should focus on using the Response Rate Limiting to give restriction on the amount of traffic.
Rate limiting is mostly used on the ISP’s router, which is used to connect the home network to the WWW (World Wide Web). If someone is experiencing a flood attack, which is saturating the internet link may not that scenario where rate limiting will work for the improvement of the scenario. Rate limiting restricts the huge amount of outbound traffic. For example, if someone is victim of Smurf attack, he or she can use the rate limiting as a solution for short span of time to limit the traffic flood that he is sending to the attacker’s network (St. Denis and Johnson, 2007).
c) Causes behind giving protection to the community problem due to the DDoS attack:
As far as the DDoS attacks are concerned, attackers can easily achieve control of the infected bots to initiate the attack. They even amplify the attacks by exploiting the vulnerable areas in public services. This public services use the UDP (user datagram protocol) such as Network time protocol or the Domain name system services. Due to all these reason DDoS attacks are difficult to manage, due to its high capital costs of building infrastructure of attack mitigation and also the lack of proficiency in operating protected network. These are the reason why it is not only confined within the individual victims firms, but a community problem to deal (Stewart, 2011).
Yes, Black hole routing has an effective impact against DDoS attacks. Black hole routing is known as the range of IP address or the IP address, which results the coming packets rather than being discarded, it protect the system resource for the wicked effects of DDoS. It also causes the packets to discard with malicious traffic attack (The Basics of Information Security, 2014).
Firewall is known as a security system in computing where it uses some protocols and packet filtering mechanism to give protection to the system, where the firewall is installed. It keeps users notified about malicious act going on behind the scene. Many hardware based firewall is also there which provide functionality to internal network, such as DHCP server for a network (Tipton and Krause, 2005).
|
Stateful packet inspection filtering |
Application Proxy filtering |
Network Address Translation |
|
|
Static packet filtering is replace by the stateful packet inspection filtering |
It filtering technique has come prior to the stateful packet filtering |
It stands between two parties and requires the client to initiate the session with the proxy, then the proxy creates a session with the destination |
In firewall NAT functionality is used in order to hide the original address of the protected hosts. |
|
Analysis of the packets are done in the application layer |
Only packet headers are checked |
Proxy server checks from layer 4 to layer 7 for the valid connection |
Its functionality is used in order to address the limited number of routable IPv4 address |
|
Stateful packet inspection is able to monitor the communication of the packets over the time span. |
Static packet filtering only operates as per the administrator defined rules |
As the client set the session with proxy, which in turn authenticate the other side connection (destination) before the creation of the session |
Routable IPv4 addresses are assigned to the organization or to the individuals for providing enough public address space with a reduced cost. |
Conclusion:
During early few years, Information security is directly a straight forward process of securing the physical components and the simple document checking scheme. The primary information security threat comes by physical theft of the devices or spying the data from the middle and damaging it.
Information security is nothing but the method of securing data, giving protection to data’s confidentiality, availability and the integrity of information. Security of information is needed at every phase of processing, storage and transmission. All these can be achieved by the technology, education, policy, training and awareness.
References
Axelrod, C., Bayuk, J. and Schutzer, D. (2009). Enterprise information security and privacy. Boston: Artech House.
Carlet, C. (2009). Editorial: Cryptography and Communications, Volume 1, Issue 1. Cryptogr. Commun., 1(1), pp.1-2.
Cheswick, W. and Bellovin, S. (1994). Firewalls and Internet security. Reading, Mass.: Addison-Wesley.
Katsikas, S. and Gritzalis, S. (2006). Security issues of IT outsourcing. Bradford, England: Emerald Group Pub.
Kirkby, A. (2001). Internet Trust And Security. Network Security, 2001(9), p.6.
Lai, C. (2012). Security Issues on Machine to Machine Communications. KSII Transactions on Internet and Information Systems.
Merkow, M. and Breithaupt, J. (2000). The complete guide to Internet security. New York: AMACOM.
Oriyano, S. (2013). Cryptography. New York: McGraw-Hill Education.
Peltier, T., Peltier, J. and Blackley, J. (2005). Information security fundamentals. Boca Raton, Fla.: Auerbach Publications.
Phoha, V. (2002). Internet security dictionary. New York: Springer.
Preetham, V. (2002). Internet security and firewalls. Cincinnati, Ohio: Premier Press.
Reddy, P. and Padmavathamma, M. (2007). An authenticated key exchange protocol in elliptic curve cryptography. Journal of Discrete Mathematical Sciences and Cryptography, 10(5), pp.697-705.
Shim, J., Shim, J., Qureshi, A. and Siegel, J. (2000). The international handbook of computer security. Chicago, Ill.: Glenlake Pub.
St. Denis, T. and Johnson, S. (2007). Cryptography for developers. Rockland, MA: Syngress Pub.
Stewart, J. (2011). Network security, firewalls, and VPNs. Sudbury, Mass.: Jones & Bartlett Learning.
The Basics of Information Security. (2014). Network Security, 2014(9), p.4.
Tipton, H. and Krause, M. (2005). Information security management handbook. [London]: Taylor & Francis e-Library.
Vacca, J. (2007). Practical Internet security. New York, NY: Springer.
Wright, O. (2014). Social Engineering. Engineering & Technology Reference.
Zelkowitz, M. (2004). Information security. Amsterdam: Elsevier Academic Press.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download