Write about the Project Report for IT Security.
Social Engineering refers to the art that includes the manipulation of the users in such a manner that they end up giving their confidential information to the malevolent entities. The information that the attackers may try to retrieve through these attacks may vary and it involves tricking the users such that they give out details such as user credentials, payment details and likewise.
There are various social engineering techniques that the attackers make use of in order to retrieve confidential information from the users. One of the most common techniques is the phishing scams in order to obtain the personal information from the users. Phishing refers to the malicious activity of sending fraudulent emails to the customers in order to retrieve personal information from them by tricking the users. Embedded links and suspicious URLs are also used in order to execute the phishing attacks. Another form of social engineering attacks is pretexting in which the attackers create a fabricated scenario in order to obtain the personal information from the users. These attacks are used to acquire sensitive as well as non-sensitive information from the users. Baiting is another social engineering technique that is executed in order to gain personal information from the users. This attack is similar to the phishing attacks; however, these attacks make use of an offer or a product to attract the users. Quid pro quo attacks are also the social engineering attacks in which the attackers promise the users to provide them an advantage or benefit in exchange of the information that they acquire from the users. Tailgating is also one of the most common social engineering techniques in which an unauthorized entity gains entry in to an authenticated area through illegal methods.
There are numerous prevention mechanisms that may be used in order to prevent the social engineering attacks. The first and the foremost mechanism are to be aware of the social engineering attacks and their techniques. The users shall seek information regarding the attack types and techniques to prevent the execution of these attacks. Also, the users must never share their personal information with any party over the network. There are certain classes of information that the attackers target upon which include the demographic details of the users, payment information, user credentials and likewise. The users must make sure that they understand these information types and keep them protected. Organizations must also carry out trainings and awareness sessions for the users in order to make them aware about the common social engineering techniques and measures to detect and prevent the same. It is also extremely necessary to keep the software and systems up to date in order to avoid the specific types of attacks that are common to a certain version of the software or the system. Two-fold authentication along with blocking of malicious URLs and links shall be done with the aid of enhanced authentication measures and the use of firewalls (Alheyasat, 2015).
Social engineering attacks are on an increasing pace in the current scenario. As per the trends, it has been observed that the frequency of these attacks will increase in the coming days as the attackers will have newer forms of access points and increased number of users over the network. It is required for the users to have a certain technical knowledge on the security attacks in order to keep their information safe and secure at all times. Also, there are enhanced privacy policies that are required to be set up in order to avoid any of the malicious entry in to the system.
Cryptography is a technique that leads to the enhancement of secure communication over the network by making use of various techniques and one of the techniques is encryption of information. Encryption of information refers to the process of converting an information piece in to the secure form which is known as encrypted form which can only be decoded or decrypted with the help of a key which may be public, private or shared in nature.
There are broadly two types of encryption techniques that have been created. One of the techniques is the symmetric encryption and the other technique is the asymmetric encryption. Symmetric key encryption is the type of encryption that makes use of a common key for the encryption as well as decryption of the information. The encrypted text is referred as the cipher text in the terminology of cryptography. Some of the examples of symmetric key encryption include Data Encryption Standard (DES), Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), Blowfish, Twofish and many more. In these cryptography algorithms, a private key is used for converting the plain text in to the cipher text which is referred as encryption of information and the same key is used for converting the cipher text to the plain text which is known as decrypting the information. Most of the symmetric key algorithms make use of block cipher i.e. in these algorithms blocks of data are encrypted rather than one bit at a time.
Asymmetric encryption algorithms on the other hand make use of different keys for the encryption and decryption of information. The interdependency in this case enhances the security of the information that is transmitted over the network. Some of the common asymmetric encryption algorithms include Diffie-Hellman Key Exchange, RSA algorithm (Rivest, Shamir and Adleman), hash functions and many more. Hash algorithms that come under the asymmetric encryption algorithms return a value on the basis of the hash function that is applied. If there is any change in the data or information that is transmitted over the network, the hash value is also modified.
There are various differences in the two encryption algorithms that are used for cryptography. Apart from the difference in the use of keys between the two types of encryption algorithms, asymmetric algorithms put a higher computational burden as compared to its counterpart. The major ability of the asymmetric algorithm is that it has the capability to create a secure medium over the non-secure or less secure channel. Symmetric algorithms on the other hand are extremely fast in nature as they make use of a common key for encryption as well as decryption of algorithm. The ease of implementation is also higher in the case of symmetric algorithms as compared to the asymmetric algorithms.
Cryptography is an essential technique that is being used by the users and organizations all across the globe. The encryption algorithms that have been defined under cryptography ensure that information that is shared and transmitted over the network is kept secure and protected and the properties of the information such as its confidentiality, privacy and integrity are not violated. Also, there is a lot of research work that is being done in this field in order to devise the new mechanisms of information security and advanced cryptography is being applied across the several channels to make sure that the information security is enhanced. Symmetric key algorithms as well as asymmetric key algorithms are the two types that come under the umbrella of cryptography and have their own sets of pros and cons. It is required to investigate the suitable encryption type that shall be applied for the security of information. In the present times, big intelligence tools such as data mining and analytics tools are also being used for the detection of activities on the network (Harale, & Meshram, 2016).
There is a lot of information that is exchanged over the network on a daily basis. This information may fall in various categories such as private, confidential, sensitive, public and likewise. There are a lot many information and network security attacks that have been created that impact the properties of the information in a negative manner. These attackers or intruders gain an unauthorized entry in to the secure channels in order to violate the information properties.
Intrusion Detection systems are the automated tools that are used to detect the activity of the intruders on a particular network or system. These create alerts to the system experts in case an entry is made by the intruder or any of such attempts is made. There are also various reports that can be extracted from these tools in terms of the data logs, activity logs and likewise.
Network Intrusion Detection is the type of intrusion detection systems in which activity on a particular network is detected by the tool. The intrusion detection systems are installed for every single node segment that is present in a network. This tool is therefore responsible for tracking and monitoring the entire network traffic for all the nodes that are present in a particular network. It also does not involve the need to install the software across all the nodes and there is easy to install and involves lesser costs as well. These intrusion detection systems are created in such a manner that these are not dependent upon the operating system for deployment and functioning. The feature and ability make these systems easy to deploy. There are numerous network security attacks that have been created by the attackers such as denial of service attacks, distributed denial of service attacks, man in the middle attack, spoofing attacks and many more. Network based intrusion detection systems keep a track of the entire network activity and have therefore been successful in controlling and preventing the network attacks on a particular network. Also, these systems work in the real-time and therefore are efficient of detecting the network activities and malevolent activities in the real-time.
Organizations and individual users have recently inclined towards the deployment of the network intrusion detection systems in their architecture in order to avoid and prevent the network attacks. Also, these systems have experienced a lot of advancement and innovation in the recent times and have become efficient to put a check on the network attacks. There are scenarios that have been observed in which the attackers sit on the network in an unauthorized manner and capture the network activity which is later misused by the attackers. Network based intrusion detection systems ensure that such entities are detected and removed from the network. There are also several network security protocols that have been developed and can be tested with the help of network based intrusion detection systems. In such cases, dummy data is passed on to the network to perform some illegal or malicious activity which is then detected by the network based intrusion detection systems. The testing process provides the network experts with an overview of the ability of the system along with the areas of improvements under the same. There are numerous algorithms that are used in the network based intrusion detection systems to make sure that any of the network security attack does not go undetected and is prevented in a timely manner.
References
Alheyasat, O. (2015). Examination expertise sharing in academic social networks using graphs: the case of ResearchGate. Contemporary Engineering Sciences, 8, 137-151. https://dx.doi.org/10.12988/ces.2015.515
Harale, N., & Meshram, D. (2016). Data Mining Techniques for Network Intrusion Detection and Prevention Systems. International Journal Of Innovative Research In Computer Science & Technology, 175-180. https://dx.doi.org/10.21276/ijircst.2016.4.6.3
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download