Information security is used to describe the tasks of protecting information in a digital form. To better understand the concepts of information security, you should be familiar with the key characteristics of information, which are expressed in the C.I.A triad characteristics.
Your answer:
Integrity – This is one of the property of the guarding of information systems against the modification of information or destruction (Jouini, Rabai and Aissa 2014). This property also ensures the accuracy of information, non-repudiation and the authenticity of information. This property within the context of information systems should refer to the method of ensuring that the data is accurate, real and thus safeguard the systems from any form of modification of data from unauthorized users.
Confidentiality – This property defines the act of preservation against unauthorized form of access and disclosure of information. This property also defines the protection of proprietary information and personal privacy. The main aim of confidentiality would be meant for ensuring that the primary information should be hidden from the unauthorized people, the principle of confidentiality dictates the fact that the information should be solely viewed by those people who would have the right privileges (Von Solms and Van Niekerk 2013).
Availability – This property defines the reliable and timely access of information. This also defines the proper use of information. The property of availability also depicts the defending of various resources and information systems in order to ensure reliable and timely access to information. The aspect of availability of information within the information systems would refer to the ability of the user for accessing information or any form of resources within a specified location (Demchenko et al. 2013).
The availability of data within an information system should be ensured with the help of storage that might be set in a local format or they can even be gathered from an offline facility. Hence, the availability of information should be achieved at all times for the proper benefit of the users (Ren et al. 2015).
Question 2
Security experts have discovered that many Internet of Things (IoT) devices including routers, DVRs and cameras could be potentially recruited into botnet because of a malicious software program Mirai, which emerged in 2016 and possibly becomes one of the biggest IoT-based malware threats. Hackers could use such malware to scan insecure Linux-based connected devices, enslave them into a botnet network, and used that to launch massive DDoS attacks to make internet outage, such as an attack on 20 September 2016 on computer security journalist Brian Krebs’s website, an attack on French web host OVH and the October 2016 Dyn cyberattack.
Your answer:
The basic steps for launching a DDoS attack are:
(“The Mirai Botnet: All About the Latest Malware DDoS Attack Type | Corero”, 2018)
The strategies for the prevention of botnets are being set by the Corero SmartWall Threat Defense System (TDS). The Security Operations Team has a deep experience for dealing with the attacks and thus be able to mitigate the attacks (Ullah, Khan and Aboalsamh 2013).
The hackers who were responsible for the attack made use of malware for scanning connected computing devices that were operated on Linux platform. These hackers were mainly categorized as black and white hackers.
Question 3
Integrity protection is used to guard against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.
MD5 |
SHA1 |
SHA256 |
|
shattered-1.pdf |
|||
shattered-2.pdf |
Explain why the Hash algorithm SHA256 is more secure than MD5 and SHA1;
Your answer:
MD5: ee4aa52b139d925f8d8884402b0a750c
SHA1: 38762CF7F55934B34D179AE6A4C80CADCCBB7F0A
SHA256: 2bb787a73e37352f92383abe7e2902936d1059ad9f1ba6daaa9c1e58ee6970d0
For shatterd-2.pdf:
MD5: 5bd9d8cabc46041579a311230539b8d1
SHA1: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a
SHA256: d4488775d29bdef7993367d541064dbdda50d383f89f0aa13a6ff2e0894ba5ff
An attacker might be able to implement a malicious file within the system in order to penetrate or gain access to the backup systems that would mainly rely on SHA1 hash algorithm for the purpose of checking of the integrity of the data and deliver a form of malicious update to their clients that would use the SHA1 in order to verify the file that is meant to be updated. They are also meant to attack and thus decrypt the encrypted form of connection within a particular website where the browser of the user would be making use of the SHA1 algorithm.
In order to demonstrate the success of the algorithm, Google had published two unique forms of Portable Document Format (PDF) files that would have identical form of SHA1 hash function. Google would recommend every user who would make use of SHA1 for switching to the SHA256 or SHA3 that possess strong form of cryptographic hash functions. The software and operating systems mostly depend on SHA1 for the purpose of verification of the integrity of files while distributing updates to their users within ISO checksums.
Question 4:
RSA is an algorithm to encrypt and decrypt messages. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described RSA in 1978. A user of RSA creates and then publishes the product of two large prime numbers along with an auxiliary value as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message. However, with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.
Complete the following tasks:
Your answer:
The use of digital signatures are meant to validate the integrity and availability of any form of electronic data. In order to create a digital signature, the software meant for signing would create a one way hash of the data that would be meant for signing. The private key would then be used in order to encrypt the hash. The encrypted form of hash with the additional form of other information such as the hashing algorithm is known as the digital signature.
The cryptosystem based on RSA public key and the scheme of digital signature are widely being deployed in the recent times. Hence, these have become as the essential form of building blocks in order to create the emerging form of infrastructure based on the public key (Singh 2013). There are various form of electronic transactions that have also embraced this form of technology for the purpose of associating documents, perform different form of internet based transactions, with the help of the true originator in order to ensure the property of integrity.
p = 3, q = 11, e = 7, m = 5
n = p * q = 3 * 11 = 33
f (n) = (p-1) * (q-1) = 2 * 10 = 20
Hence, we would need to compute d = e-1 mod f (n) with the help of the backward substitution of GCD algorithm:
According to GCD:
20 = 7 * 2 + 6
7 = 6 * 1 + 1
6 = 1 * 6 + 0
Therefore, we have:
1 = 7 – 6
= 7 – (20 – 7 * 2)
= 7 – 20 + 7 * 2
= -20 + 7 * 3
Thus we obtain d = e-1 mod f (n) = e-1 mod 20 = 3 mod 30 = 3
Hence, the public key is {7, 33} and the private key is {3, 33}.
The weaknesses of the digital signatures could be compensated with the proper use of the private key that should be kept in a secured manner. Digital signatures should provide a higher level of authenticity as it does not ensure the confidentiality of data. Hence, there should be other proper methods of encryption and decryption that should be needed to be implemented (Tsai, Lo and Wu 2014).
Question 5:
Moving toward a more secure web from HTTP to HTTPS is a well-known Google initiative. Early 2018, a proposal was posted by Emily Schechter (product manager of Chrome Security) to mark all HTTP pages as definitively “not secure” and remove secure indicators for HTTPS pages.
Complete the following tasks:
Your answer:
HTTP (Hyper Text Transfer Protocol) is a form of protocol that would permit the users of World Wide Web in order to transfer information such as text, images, video, music and other form of files that are kept on the web pages. The HTTP is mainly used for accessing HTML pages and various other form of resources that could be easily accessible with the use of HTTP. It is also a form of request-response protocol within the model of client-server computing.
HTTPS (Hyper Text Transfer Protocol Secure) is a form of protocol that makes use of an encrypted form of HTTP connection within the transport layer security. When the clients would exchange some form of private information with a server, it would be needed to be secured for the purpose of prevention against any form of issue based on hacking. Hence, the HTTPS protocol was introduced for the purpose of allowance of authorization and secured form of transactions (Naylor et al. 2014).
The disadvantages of the migration from HTTP to HTTPS are:
Reference
Demchenko, Y., Grosso, P., De Laat, C. and Membrey, P., 2013, May. Addressing big data issues in scientific data infrastructure. In Collaboration Technologies and Systems (CTS), 2013 International Conference on (pp. 48-55). IEEE.
Deshmukh, R.V. and Devadkar, K.K., 2015. Understanding DDoS attack & its effect in cloud environment. Procedia Computer Science, 49, pp.202-210.
Durumeric, Z., Ma, Z., Springall, D., Barnes, R., Sullivan, N., Bursztein, E., Bailey, M., Halderman, J.A. and Paxson, V., 2017, February. The security impact of HTTPS interception. In Proc. Network and Distributed System Security Symposium (NDSS).
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.
Kolias, C., Kambourakis, G., Stavrou, A. and Voas, J., 2017. DDoS in the IoT: Mirai and other botnets. Computer, 50(7), pp.80-84.
Korol, M., Slesarev, V.V. and Nechai, N.M., 2014. Search Engine optimization.
Narteh, B., 2015. Perceived service quality and satisfaction of self-service technology: The case of automated teller machines. International Journal of Quality & Reliability Management, 32(4), pp.361-380.
Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munafò, M., Papagiannaki, K. and Steenkiste, P., 2014, December. The cost of the S in HTTPS. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies (pp. 133-140). ACM.
Ren, Y.J., Shen, J., Wang, J., Han, J. and Lee, S.Y., 2015. Mutual verifiable provable data auditing in public cloud storage.
Rewagad, P. and Pawar, Y., 2013, April. Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 437-439). IEEE.
Roshdy, R., Fouad, M. and Aboul-Dahab, M., 2013. Design and Implementation a New Security Hash Algorithm Based on MD5 and SHA-256. International Journal of Engineering Sciences & Emerging Technologies, 6(1), pp.29-36.
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).
The Mirai Botnet: All About the Latest Malware DDoS Attack Type | Corero. (2018). Retrieved from https://www.corero.com/resources/ddos-attack-types/mirai-botnet-ddos-attack.html
Tsai, J.L., Lo, N.W. and Wu, T.C., 2014. Weaknesses and improvements of an efficient certificateless signature scheme without using bilinear pairings. International Journal of Communication Systems, 27(7), pp.1083-1090.
Ullah, I., Khan, N. and Aboalsamh, H.A., 2013, April. Survey on botnet: Its architecture, detection, prevention and mitigation. In Networking, Sensing and Control (ICNSC), 2013 10th IEEE International Conference on (pp. 660-665). IEEE.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.
Wang, B., Zheng, Y., Lou, W. and Hou, Y.T., 2015. DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks, 81, pp.308-319.
Zheng, M., Sun, M. and Lui, J., 2013. Droidanalytics: a signature based analytic system to collect, extract, analyze and associate android malware. arXiv preprint arXiv:1302.7212.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order formOnce we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignmentAs soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download