Information security is used to describe the tasks of protecting information in a digital form. To better understand the concepts of information security, you should be familiar with the key characteristics of information, which are expressed in the C.I.A triad characteristics.
Your answer:
Integrity – This is one of the property of the guarding of information systems against the modification of information or destruction (Jouini, Rabai and Aissa 2014). This property also ensures the accuracy of information, non-repudiation and the authenticity of information. This property within the context of information systems should refer to the method of ensuring that the data is accurate, real and thus safeguard the systems from any form of modification of data from unauthorized users.
Confidentiality – This property defines the act of preservation against unauthorized form of access and disclosure of information. This property also defines the protection of proprietary information and personal privacy. The main aim of confidentiality would be meant for ensuring that the primary information should be hidden from the unauthorized people, the principle of confidentiality dictates the fact that the information should be solely viewed by those people who would have the right privileges (Von Solms and Van Niekerk 2013).
Availability – This property defines the reliable and timely access of information. This also defines the proper use of information. The property of availability also depicts the defending of various resources and information systems in order to ensure reliable and timely access to information. The aspect of availability of information within the information systems would refer to the ability of the user for accessing information or any form of resources within a specified location (Demchenko et al. 2013).
The availability of data within an information system should be ensured with the help of storage that might be set in a local format or they can even be gathered from an offline facility. Hence, the availability of information should be achieved at all times for the proper benefit of the users (Ren et al. 2015).
Question 2
Security experts have discovered that many Internet of Things (IoT) devices including routers, DVRs and cameras could be potentially recruited into botnet because of a malicious software program Mirai, which emerged in 2016 and possibly becomes one of the biggest IoT-based malware threats. Hackers could use such malware to scan insecure Linux-based connected devices, enslave them into a botnet network, and used that to launch massive DDoS attacks to make internet outage, such as an attack on 20 September 2016 on computer security journalist Brian Krebs’s website, an attack on French web host OVH and the October 2016 Dyn cyberattack.
Your answer:
The basic steps for launching a DDoS attack are:
(“The Mirai Botnet: All About the Latest Malware DDoS Attack Type | Corero”, 2018)
The strategies for the prevention of botnets are being set by the Corero SmartWall Threat Defense System (TDS). The Security Operations Team has a deep experience for dealing with the attacks and thus be able to mitigate the attacks (Ullah, Khan and Aboalsamh 2013).
The hackers who were responsible for the attack made use of malware for scanning connected computing devices that were operated on Linux platform. These hackers were mainly categorized as black and white hackers.
Question 3
Integrity protection is used to guard against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.
MD5 |
SHA1 |
SHA256 |
|
shattered-1.pdf |
|||
shattered-2.pdf |
Explain why the Hash algorithm SHA256 is more secure than MD5 and SHA1;
Your answer:
MD5: ee4aa52b139d925f8d8884402b0a750c
SHA1: 38762CF7F55934B34D179AE6A4C80CADCCBB7F0A
SHA256: 2bb787a73e37352f92383abe7e2902936d1059ad9f1ba6daaa9c1e58ee6970d0
For shatterd-2.pdf:
MD5: 5bd9d8cabc46041579a311230539b8d1
SHA1: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a
SHA256: d4488775d29bdef7993367d541064dbdda50d383f89f0aa13a6ff2e0894ba5ff
An attacker might be able to implement a malicious file within the system in order to penetrate or gain access to the backup systems that would mainly rely on SHA1 hash algorithm for the purpose of checking of the integrity of the data and deliver a form of malicious update to their clients that would use the SHA1 in order to verify the file that is meant to be updated. They are also meant to attack and thus decrypt the encrypted form of connection within a particular website where the browser of the user would be making use of the SHA1 algorithm.
In order to demonstrate the success of the algorithm, Google had published two unique forms of Portable Document Format (PDF) files that would have identical form of SHA1 hash function. Google would recommend every user who would make use of SHA1 for switching to the SHA256 or SHA3 that possess strong form of cryptographic hash functions. The software and operating systems mostly depend on SHA1 for the purpose of verification of the integrity of files while distributing updates to their users within ISO checksums.
Question 4:
RSA is an algorithm to encrypt and decrypt messages. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described RSA in 1978. A user of RSA creates and then publishes the product of two large prime numbers along with an auxiliary value as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message. However, with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.
Complete the following tasks:
Your answer:
The use of digital signatures are meant to validate the integrity and availability of any form of electronic data. In order to create a digital signature, the software meant for signing would create a one way hash of the data that would be meant for signing. The private key would then be used in order to encrypt the hash. The encrypted form of hash with the additional form of other information such as the hashing algorithm is known as the digital signature.
The cryptosystem based on RSA public key and the scheme of digital signature are widely being deployed in the recent times. Hence, these have become as the essential form of building blocks in order to create the emerging form of infrastructure based on the public key (Singh 2013). There are various form of electronic transactions that have also embraced this form of technology for the purpose of associating documents, perform different form of internet based transactions, with the help of the true originator in order to ensure the property of integrity.
p = 3, q = 11, e = 7, m = 5
n = p * q = 3 * 11 = 33
f (n) = (p-1) * (q-1) = 2 * 10 = 20
Hence, we would need to compute d = e-1 mod f (n) with the help of the backward substitution of GCD algorithm:
According to GCD:
20 = 7 * 2 + 6
7 = 6 * 1 + 1
6 = 1 * 6 + 0
Therefore, we have:
1 = 7 – 6
= 7 – (20 – 7 * 2)
= 7 – 20 + 7 * 2
= -20 + 7 * 3
Thus we obtain d = e-1 mod f (n) = e-1 mod 20 = 3 mod 30 = 3
Hence, the public key is {7, 33} and the private key is {3, 33}.
The weaknesses of the digital signatures could be compensated with the proper use of the private key that should be kept in a secured manner. Digital signatures should provide a higher level of authenticity as it does not ensure the confidentiality of data. Hence, there should be other proper methods of encryption and decryption that should be needed to be implemented (Tsai, Lo and Wu 2014).
Question 5:
Moving toward a more secure web from HTTP to HTTPS is a well-known Google initiative. Early 2018, a proposal was posted by Emily Schechter (product manager of Chrome Security) to mark all HTTP pages as definitively “not secure” and remove secure indicators for HTTPS pages.
Complete the following tasks:
Your answer:
HTTP (Hyper Text Transfer Protocol) is a form of protocol that would permit the users of World Wide Web in order to transfer information such as text, images, video, music and other form of files that are kept on the web pages. The HTTP is mainly used for accessing HTML pages and various other form of resources that could be easily accessible with the use of HTTP. It is also a form of request-response protocol within the model of client-server computing.
HTTPS (Hyper Text Transfer Protocol Secure) is a form of protocol that makes use of an encrypted form of HTTP connection within the transport layer security. When the clients would exchange some form of private information with a server, it would be needed to be secured for the purpose of prevention against any form of issue based on hacking. Hence, the HTTPS protocol was introduced for the purpose of allowance of authorization and secured form of transactions (Naylor et al. 2014).
The disadvantages of the migration from HTTP to HTTPS are:
Reference
Demchenko, Y., Grosso, P., De Laat, C. and Membrey, P., 2013, May. Addressing big data issues in scientific data infrastructure. In Collaboration Technologies and Systems (CTS), 2013 International Conference on (pp. 48-55). IEEE.
Deshmukh, R.V. and Devadkar, K.K., 2015. Understanding DDoS attack & its effect in cloud environment. Procedia Computer Science, 49, pp.202-210.
Durumeric, Z., Ma, Z., Springall, D., Barnes, R., Sullivan, N., Bursztein, E., Bailey, M., Halderman, J.A. and Paxson, V., 2017, February. The security impact of HTTPS interception. In Proc. Network and Distributed System Security Symposium (NDSS).
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.
Kolias, C., Kambourakis, G., Stavrou, A. and Voas, J., 2017. DDoS in the IoT: Mirai and other botnets. Computer, 50(7), pp.80-84.
Korol, M., Slesarev, V.V. and Nechai, N.M., 2014. Search Engine optimization.
Narteh, B., 2015. Perceived service quality and satisfaction of self-service technology: The case of automated teller machines. International Journal of Quality & Reliability Management, 32(4), pp.361-380.
Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munafò, M., Papagiannaki, K. and Steenkiste, P., 2014, December. The cost of the S in HTTPS. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies (pp. 133-140). ACM.
Ren, Y.J., Shen, J., Wang, J., Han, J. and Lee, S.Y., 2015. Mutual verifiable provable data auditing in public cloud storage.
Rewagad, P. and Pawar, Y., 2013, April. Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 437-439). IEEE.
Roshdy, R., Fouad, M. and Aboul-Dahab, M., 2013. Design and Implementation a New Security Hash Algorithm Based on MD5 and SHA-256. International Journal of Engineering Sciences & Emerging Technologies, 6(1), pp.29-36.
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).
The Mirai Botnet: All About the Latest Malware DDoS Attack Type | Corero. (2018). Retrieved from https://www.corero.com/resources/ddos-attack-types/mirai-botnet-ddos-attack.html
Tsai, J.L., Lo, N.W. and Wu, T.C., 2014. Weaknesses and improvements of an efficient certificateless signature scheme without using bilinear pairings. International Journal of Communication Systems, 27(7), pp.1083-1090.
Ullah, I., Khan, N. and Aboalsamh, H.A., 2013, April. Survey on botnet: Its architecture, detection, prevention and mitigation. In Networking, Sensing and Control (ICNSC), 2013 10th IEEE International Conference on (pp. 660-665). IEEE.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.
Wang, B., Zheng, Y., Lou, W. and Hou, Y.T., 2015. DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks, 81, pp.308-319.
Zheng, M., Sun, M. and Lui, J., 2013. Droidanalytics: a signature based analytic system to collect, extract, analyze and associate android malware. arXiv preprint arXiv:1302.7212.
We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.
Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.
Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.
Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.
Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.
Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.
We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.
Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.
You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.
Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.
Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.
You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.
You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.
Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.
We create perfect papers according to the guidelines.
We seamlessly edit out errors from your papers.
We thoroughly read your final draft to identify errors.
Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!
Dedication. Quality. Commitment. Punctuality
Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.
We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.
We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.
We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.
We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.