Authentication & Comp. Security YuvrajShridhar Universityof Kent1/10/2018 The “Nothing to hide” argument regardingprivacy and government/corporate surveillance Nothingto hide conflict suggests that there is no threat to security until the pointwhen the government or a corporate uncovers unlawful activity, in which case anindividual has no legal authority to affirm that it the matter remains private. Inthe same way, if an individual engages in the legitimate activity, he/she hasnothing to worry.
Regarding government and the corporate actions ininvestigating particular information, individuals argue that a security dangerexists when perhaps unlawful private activities are uncovered. For instance,when the authorities survey one’s phone records and find that one made calls toher kin, an accomplice in another country, a video store, and an onlineshopping service, “So what?” that individual may state. “I am notembarrassed or traumatised by such a piece of information. If anyone asks me, Iwill openly reveal to him or her what stores I shop. I do not have anything tohide.” The “nothing to hide” debate and its assortments areastoundingly unavoidable when it comes to the issue of information security.(closed, 2017)Informationsecurity master, Bruce Schneier calls it the “broadest answer againstaffirmation advocates” The “nothing to hide” debate is one ofthe fundamental questions made while changing protection against security. Inits most influencing structure, it is a question that the affirmation intrigueis unnecessary to some individuals; hence rolling out the improvement againstsecurity concerns is an inevitable goal for information security.
When in doubtthe “nothing to hide” debate is offered as a friendly exchange:”In case you do not have anything to hide, by then, what do you need tofear?” Others ask, “On the off chance that you are not doing anythingincorrectly, by then what do you need to hide?” Knownattacks against the Diffie-Hellman protocol, and the most commoncountermeasures to stop them Attacks against the DHtradition are in three categories: Denial of Service Attacks:Here, the aggressor will endeavour to prevent two users from efficiently doingthe convention. The attacker can achieve this from multiple points of view, forinstance by erasing the messages that the two users send to each other, or byoverpowering the server with superfluous calculation or correspondence, suchthat the server lacks enough capacity to provide services to the legitimateusers. Thesolution for such an attack includes having the software developer’s answersfor cryptographic enigmas (generally called Hashcash or esteeming limits).
Incase a server can endorse the IP address of its clients, one can use a lesscapable affirmation plot called SYN Cookies. SYN Cookies helps to avoid IPmocking to a specific degree. Outsider attacks:The assailant tries to disturb the transfer of information, for instance,including, expelling, or handing-off messages, with the aim of extractinginformation from communication processes. Such an attack can be prevented byupdating and applying the most recent security patches to all gadgets andframeworks as well as investing in forensic procedures Insider Attacks:It is possible that one of the individuals in an organisation can initiate adelicate action to continue running a particular activity with an ultimateobjective to endeavour to get data about the secret key of his peers. It is an essentialattack in case one of the individuals holds a static riddle key. Note thatmalignant programming could be amazingly powerful in mounting such an attack.Insider attacks are prevented by screening and reacting to suspicious orproblematic behaviour and utilising layered protection against remote assaults(Cao and Rong, 2013.
pp.6449-6454)Anin-depth description of the FREAK SSL/TLS Vulnerability, and its potentialimpact and the mitigation techniques used.FREAK (FactoringAttack on RSA-EXPORT Keys) SSL/TSL is a weakness in some implementation ofSSL/TLS that provides an attacker to decrypting secure communication betweenvulnerable clients and servers. These included obliging exportable programmingto utilise straightforward, open critical sets with RSA moduli of 512 bits orless, with the aim of enabling them to be broken suitably by the NationalSecurity Agency (NSA), but not by different clients with lesser figuringassets. However,by the mid-2010s, increased technological power ensured that the SSL/TLS couldbe broken by anybody with access to barely simple figuring assets are utilisingthe striking Number Field Sieve estimation, using as less as $100 ofappropriated preparation of associations. Thus, this enabled an individual withjust an unassuming measure of calculation, to break the security of any sitethat permitted the use of 512-piece trade review keys (Pieprzyk, 2010)Toprotect against FREAKS, SSL/TLS attacks users should ensure that they are continuallyupdating the operating system as well as other communication software to avoidattacks targeting older software.Usersshould also implement the use of the advanced form of security measure to avoidthe malicious attacks like SSL flaws. Moreover,a user is advised to install an SSL certificate obtained from a genuine andauthentic certificate authority like Comodo SSL certificate authority.
Howattackers bypass firewalls and some tools and countermeasures, applicable.Phishing-the attacks involve sending emails through a firewall to persuade the recipientto reveal password or download and run malware. The offence is mitigated byplanting a firewall that does not allow email and content originating from theinternet into industrial networks.
A given unidirectional path does not allowany communications or attacks into plant networks.Thecommon engineering-this method involves looking at a sticky note on anindividual’s monitor or under his/her keyboard or at times shoulder surf asthey key in the password. At times a moving tale is told to persuade one toreveal the password while at other times a user is convinced to installkeystroke loggers.
The best way to mitigate such an attack is through a two-factorauthentication process that ensures a stolen password is not enough to grantaccess. Compromisethe domain controller- it compromises of a trusted external asset. Since in thepast, control systems are designed not to rely on any external system for safe,correct, and reliable operation. However, this has changed with time andcontrol system, relies on IT domain controllers. When an attacker compromisesthe domain controller, they do not need to attack the other systems as they canchange passwords or create their accounts. The best way to mitigate againstsuch an attack is not to allow industrial systems to trust a domain controller.Firewall rules and unidirectional gateways can be helpful in blocking allcommunication from corporate domain controllers.
Attackexposed clients- this is possible since the client software is as vulnerable asthe industrial servers are. Once an external server is compromised, the attackcan be propagated to the industrial clients, e.g.
, when one pulls a file from avirus-infected server, and there will be a virus in the industrial network. Thebest way to mitigate such an attack is not to allow clients to access lesstrusted networks by changing the firewall rules or deploying unidirectionalgateways (Asadzadeh Kaljahi, Payandeh, andGhaznavi-Ghoushchi, 2014, pp.1659-1671)How attackers bypass intrusion detection systems and the available toolsand countermeasures. Flooding-The IDS relies on resources such as the processing power and memory to analysetraffic and capture packets to report malicious attacks.
Attackers exhaustresources such as the processing power and the memory by flooding the networkwith noise traffic to target the system with little or no intervention from theIDS.Encryption-various site media have a limitation on transmission units, there is a need topermit fragmentation of traits in different sized packets. The attackersexploit this chance by dividing attacking packets into smaller portions thatare not detectable by the IDS but may cause an attack when reassembled by atarget host.Encryption-thenetwork-based intrusion detection uses the analysis of the traffic captured asit goes through the network from the source to the destination. When anattacker establishes an encrypted SSH, SSL or VPN tunnel the IDS seise to analysepackets and malicious traffic.Obfuscation– this technique involves concealing an attack with special characters. Thesecharacters may include the space, delete, backspace, and even at times be inhex format to deceive the IDS.
In some cases, Unicode might be used torepresent a specific value such as ci to represent slash for a web page request(Psiaki, Humphreys and Stauffer, 2016, pp.26-53) Waysof dealing with such attacks.Polymorphism Mark based IDS regularly search for common assaultexamples that coordinate noxious activity.
To recognise cradle flood attacks,an IDS may search for, the confirmation of NOP slides, which are utilised todebilitate the insurance of address space, format randomisation. Fracture and little bundles One basic strategy is to patch the attack payload intodifferent small packages, with the objective that the IDS must reassemble thepackage stream to recognise the strike. A clear strategy for part packages isby separating them.
In any case, an adversary can similarly just claim to famebundles with small payloads. The ‘bristle’ avoidance device calls are created packetswith small payloads known as session grafting. Moreways of protecting against these attackers include making sure that a companyhas a robust network monitoring put in place, especially for the open sourceopen program. It entails scrutinising on open source programs before openingone.
Theother measure is to use anti-malware solutions such as Trend Micro Office Scan.Since most attackers include an emulation of network traffic so that theactivity can appear genuine to avoid setting off the alarms, the anti-malwareis designed to handle such attacks. ReferencesAsadzadeh Kaljahi, M.,Payandeh, A. and Ghaznavi-Ghoushchi, M. (2014). TSSL: improving SSL/TLSprotocol by trust model.
Security and Communication Networks, 8(9),pp.1659-1671.closed, H.(2017). How can attackers bypass firewalls?. online Security.stackexchange.
com.Available at:https://security.stackexchange.com/questions/19457/how-can-attackers-bypass-firewallsAccessed 30 Dec. 2017.Cao, Z.
and Rong, X.(2013). A Mechanism of Intrusion Detection System Cooperating withFirewall. Information Technology Journal, 12(21), pp.6449-6454.Pieprzyk, J.(2010). Topics in Cryptology – CT-RS 2010.
Berlin: Springer-Verlag.Psiaki, M., Humphreys,T., and Stauffer, B. (2016).
Attackers can spoof navigation signals without ourknowledge. Here’s how to fight back GPS lies. IEEE Spectrum, 53(8),pp.26-53.