Cybersecurity concept discussion

Anonymous
timer Asked: Feb 22nd, 2019
account_balance_wallet $10

Question Description

just gothrough slides what i posted and am expecting atleast 300 words

the words should( thinking should be practical ) because my professor asking what you learned form slides.

choose one concept whatever it may be man in the browser ,key stroke logger ,page in middle you can choose any concept which is coverd in slides.

1 SECURITY IN COMPUTING, FIFTH EDITION Chapter 4: The Web—User Side From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 2 Chapter 4 Objectives • Attacks against browsers • Fake and malicious websites • Attacks targeting sensitive data • Injection attacks • Spam • Phishing attacks From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 3 Internet Usage • 1995 – <1% • 2005 – 1 Billion or ~16% • 2010 – 2 Billion or ~30% • 2014 – 3 Billion or ~41% • 2016 – 3.4 Billion or ~46% • http://www.internetlivestats.com/internet- users/ From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 4 Browser Vulnerabilities 1000 900 800 700 600 500 400 300 200 100 0 897 731 727 441 208 207 2008 2009 2010 2011 2012 2013 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 5 Browser Vulnerabilities From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 6 Browser Popularity From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 7 Browser Vulnerabilities From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 8 Browser Attack Types • Man-in-the-browser • Keystroke logger • Page-in-the-middle • Program download substitution • User-in-the-middle From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 9 Man-in-the-Browser Trojan that generally installed as a browser plug-in Browser encrypts User types Encrypted data transferred to bank BANK SilentBanker intercepts From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 10 Keystroke Logger • Hardware or software that records all keystrokes • May be a small dongle plugged into a USB port or can masquerade as a keyboard • May also be installed as malware • Not limited to browsers From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 11 Page-in-the-Middle • User is directed to a different page than believed or intended • Similar effect to a man-in-the-browser, where attacker can intercept and modify user input From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 12 Program Download Substitution • Attacker creates a page with seemingly innocuous and desirable programs for download • Instead of, or in addition to, the intended functionality, the user installs malware • This is a very common technique for spyware From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 13 User-in-the-Middle • Using click-bait to trick users into solving CAPTCHAs on spammers’ behalf From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 14 Successful Authentication • The attacks listed above are largely failures of authentication • Can be mitigated with • Shared secret • One-time password • Out-of-band communication • Common examples of these mechanisms are SecurID tokens, Google Authenticator, and text message codes. Driver signing is an example of using such techniques to mitigate local malware. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 15 Fake Website From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 16 Fake Code From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 17 Tracking Bug Web bugs Florist 1 Targeted ad A tiny image served up from one provider (“ClicksRUs”) that tracks user behavior for advertising purposes. Bakery 2 3 Visit from 200.100.1.10 Visit from 200.100.1.10 ClicksRUs Students probably notice this when they see web ads that offer up items very similar to ones they’ve recently been shopping for on other sites. Web bugs can also be used to track users’ reading of advertising emails. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 18 Clickjacking Do you want to perform this dangerous act? [Yes] For a Free Prize Click [Here] [No] Clickjacking is a way of tricking users into providing desired input. The attacker makes the input dialog transparent and places an image with an enticement below the transparent dialog. The user ends up answering a question he didn’t even know he was being asked, unknowingly authorizing his computer to execute the attacker’s will. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 19 Drive-By Download • Code is downloaded, installed, and executed on a computer without the user’s knowledge • May be the result of clickjacking, fake code, program download substitution, etc. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 20 Cross-Site Scripting (XSS) • Tricking a client or server into executing scripted code by including the code in data inputs • Scripts and HTML tags are encoded as plaintext just like user inputs, so they can take over web pages similarly to the way buffer overflow attacks can take over programs Cool
story.
KCTVBigFan From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 21 Cross-Site Scripting (XSS) From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 22 Cross-Site Scripting (Reflected XSS) From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 23 SQL Injection • Injecting SQL code into an exchange between an application and its database server • Example: • Loading an SQL query into a variable, taking the value of acctNum from an arbitrary user input field: • QUERY = "SELECT * FROM trans WHERE acct = '" + acctNum + " '; " • The same query with malicious user input: • QUERY = "SELECT * FROM trans WHERE acct = '2468' OR '1'='1'; " The result of this example attack is that the application returns the entire accounts table from the database. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 24 Dot-Dot-Slash • Also known as “directory traversal,” this is when attackers use the term “../” to access files that are on the target web server but not meant to be accessed from outside • Most commonly entered into the URL bar but may also be combined with other attacks, such as XSS • IE is Evil From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 25 Server-Side Include (SSI) • SSI is an interpreted server-side scripting language that can be used for basic web server directives, such as including files and executing commands • As is the case with XSS, some websites are vulnerable to allowing users to execute SSI directives through text input From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 26 Countermeasures to Injections • Filter and sanitize all user input • Need to account for every potentially valid encoding • Make no assumptions about the range of possible user inputs—trust nothing, check everything • Use access control mechanisms on backend servers, such as “stored procedures” – they separate SQL code from SQL data, thus preventing most SQL injection attacks. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 27 Email Spam • Experts estimate that 60% to 90% of all email is spam • Types of spam: • Advertising • Pharmaceuticals • Stocks 14/33 accts • Malicious code • Links for malicious websites • Spam countermeasures • Laws against spam exist but are generally ineffective • Email filters have become very effective for most spam • Internet service providers use volume limitations to make spammers’ jobs more difficult • My email example (Knucklehead from SC) From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 28 Phishing Email example 636 pic • A message that tries to trick a victim into providing private information or taking some other unsafe action • Spear phishing: A targeted attack that is personalized to a particular recipient or set of recipients From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 29 Countermeasures • User education (Wombat/PhishMe) • Limited effectiveness and very subject to co-evolution with attacks • PGP and S/MIME • Cryptographic solutions (encryption & signatures) that have seen very limited adoption after years on the market • OTHERS (Good research area) From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 30 Summary • What is the most secure web server? • What is second best? • https://www.quora.com/What-is-the-most-secure-web-server-configuration From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 31 Summary • Activities: • Server Maintenance • Web App Updates • Web site coding • Limit Information Transfer • Technologies: • Web scans (+ penetration testing) • Firewalls, Antrivirus, and IPS/IDS (Intrusion detection system) • Web site security audit tools From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 32 Summary • As web browsers have become a primary focus of users and taken on greater functionality, they’ve become a focus of many types of attack • Browser and website weaknesses are often the result of some form of poor authentication • Many attackers focus on tricking users with fake websites, misleading applications, and phishing emails • On the server side, injection attacks are a key concern, and countermeasures to prevent them are critical From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Tutor Answer

Knutsen
School: Carnegie Mellon University

Hello there, here is the complete paper. Go through it and in case of anything, feel free to alert me. Regards

Running head: CYBERSECURITY CONCEPT

Cybersecurity Concept
Name
Institution

1

CYBERSECURITY CONCEPT

2

Cybersecurity Concept
Though I learned a lot of things from this PowerPoint, I was much intrigued by
"keystroke logger" concept. The key points regarding this software among others are well
presented in different slides. Moreover, the writer has used simple ...

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors