Chapter 7
Internet Control Message protocol (ICMP)
This network protocol plays a significant role in management and administration of internet protocol (IP). Since it is a control protocol, it does not carry application data but only information about the network status itself. The following is some usage of internet control protocol, reporting errors behind communications of network application, reporting on any available remote host, and reporting on network congestion.
Routers, intermediary devices, or hosts use internal control protocol in communicating updates or error information to other routers, intermediary devices, or hosts. The ICMP message contains three fields these include, type, code, and checksum fields. These fields define ICMP purpose and provide a checksum. The following attacks use ICMP, blind connection reset attacks, blind throughput reduction attacks, and blind performance degrading attacks.
Simple Network Management Protocol (SNMP)
This is most common protocol used in network management. It usage is in, collection of information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers among others
Issue with SNMP
SNMP is vulnerable to attacks such as IP spoofing. They are also subject to packet sniffing of unadorned text because they do not implement encryption. As results of insecurity, SNMP`s powerful configurations are not fully utilized hence its full capacity is not felt.
Steps in DNS look up
Open the DNS console, and expand the server where one wants to create the zone. Right-click the undo Lookup Zones and select New Zone to open the New Zone Wizard then Click next, choose Standard Primary, and click next. In the Network ID field, enter the first three octets of the zone’s IP address, and click next. When the wizard gives a name for the DNS zone file, click next to acknowledge the default name, and click Finish.
After creating the zone, one needs to add pointer resource (PTR) records to the zone. These account associate an IP address with a host name. One can create the PTR records explicitly in the reverse zone, or the DNS console can create the PTR records automatically when you create records in the forward lookup zone. The Internet service provider (ISP) might handle reverse search for your subnet. When one is not sure, checking with his or ISP is suitable.
A frontward lookup zone is that division of the DNS system that allows one to perform name-to-address decree. On name servers, one must configure at least one forward lookup zone in order for the DNS Service to work. The forward lookup zone creation is by using the DNS Server wizard or starting the Create New Zone wizard by right clicking the Forward Lookup Zone folder and selecting the Create a New Zone. To allow users in Company A to access resources in Company B, the administrator of Company A decides to create a stub zone for Company B’s domain. Bind is an implementation of domain name systems protocols.
Virtualization This is the creation of a virtual version of something for instance an OS, a server, and storage devices among others. It is usage is in information systems, for instance, in it allows a piece of hardware to run multiple operating systems.
Virtualization just like other programs experiences a number of shortcomings. These are High risk of configuration; the possibility of using more than one switch on a host makes configuration risk to be high since confusion during inter switching can occur. Lack of Intra server network visibility, this call for deployments of new solutions to access traffic jam hence its efficiency is unpredictable.
Chapter 8
Bluetooth
Bluetooth is a wireless technology that uses low power radio communication to connect phones, computers, and other network devices over short-range distance of about ten meters.
Bluetooth technology primary function include, supporting a basic wireless networking of personal devices among the masses. The devices communicate with the use of Bluetooth specification protocols. Bluetooth speed when compared to Wi-Fi is much slower and supports fewer devices.
Types of Bluetooth Attacks
Some of the known Bluetooth attacks include the following: Blue bugging: this type of attack that allows an attacker to take full control of the victims phone and operate it, for instance make calls, send short messages among using other service on the phone. The attacker uses AT command parser to execute this kind of attack.
Blue jacking: this is the sending of unsolicited messages to open Bluetooth devices by using vCard message contents to exploit the OBEX protocol. Other forms of Bluetooth attacks include, blue smack, blue snarf, and blue snarf plus.
AP is an access point used for checking or logging in to use certain programs. Rogue access point is an access point installed by an organization staff member without the systems administrators consent. Examples of wireless threats or attacks include, passive capturing, denial service, configuration problems, and rogue access points. Purchasing and installing firewall prevent internal attacks on the network. Firewalls intercept the intrusion and block it protecting the network from any attack,
WEP, WPA, and WPA2 are wireless protocols developed to protect wireless networks. WEP (wired equivalent privacy) is the weakest of the three, has serious security risks, for instance, it is vulnerable to attacks or hacking. WPA replaced WEP because, its security level is better than that of WEP. WAP2 on the other hand, is the advanced version of WAP this implies that its safety level is better than the two. It is the most recent security protocol.
Chapter 9
Access Control
Access control as the name suggests is controlling and checking whoever can use or view certain information in a certain network system. There are six steps in access control these steps include the following, who decides, exactly needs, what is available, how do one tell, how do one get organized, and training.
Who decides; in most cases, error occur during access control selection since only the head office gets involved in making decision rather than the staff members who use the system. This in most cases results in implementations that only work for the head office and strains other staff members. Exact needs and requirements; clear definition of the needs should be outlined before consulting vendor or manufacturer. This avoids unnecessary purchases and installation because only necessary implementations take place. Available resources; this is identifying what is available which helps in determining the needs and avoid making unnecessary steps. For instance, insurance provision to the firm is a way of contributing to the value of the site. What to tell; involves choosing durable devices that will last for long. Getting organized, this ensures less trouble during installation since an exact design that fits a facility’s needs. This sometimes calls for need of a security integrator in complex situations or needs. Training is the continuous process, takes place repeatedly over time. It is also the last step in the access control system. After installations and implementations of the first five steps of the access control, staff members training on how to operate and use the system takes place.
Access control terms are terms commonly used in access control industry they include the following, access area, access credentials, access level, access control mode, American disabilities model, administrator, anti pass back, authorization server, badge, badging station, bar code, biometrics bumping, cardholder, channel, command, controller, and download among other terms.
Access Control Models
Access controls models perform specific functions in controlling user rights in system administration. There are three main access control models. These are mandatory access control (MAC), discretionary Access control (DAC), and role based access control (RBAC).
The mandatory access control model is the most restrictive model type. It assigns users role according to the wishes of the system administrator. This implies that the end user cannot modify this type of model, but have to conform to its files. This model usage is in discrete secretive environments such as in the military and other top security firms.
Role based access control, however, creates control permission by assigning access rights to specific roles within a given company. It works best in organizational settings since specific departments perform specific roles. For instance, specific access role may be created for only the managers, secretaries, assistant managers among other staff members. This means that only those with the access clearance can access those programs.
Discretionary access control model, on the other hand, is the list restrictive model among the three. In this model, the end user has total freedom to make modifications on the programs or assign any rights to the objects he wishes.
Accounting Management Issues
Management accounting is a support tool used by many businesses for reporting financial information to the business owners and stakeholders. Accounting management comes with some problems or shortcomings these include, high cost, constraints, and inaccuracy. Costly; this always means additional budget on the existing budget, hiring of individuals with the required skills is costly as in forces the business owners to dig deeper into their pockets.
Chapter 10
Types of Authentication Credentials
The process of determining if a user or entity is who he or she claims to be is authentication. Users identify themselves using a username and a password. After authentication, a session token is stored in a cookie. A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service before gaining access to it. The below discussions shows types of authentication credentials;
Single sign on (SSO) is a user authentication process, which permits a user to access multiple application using similar user name and password throughout. Single sign on also has shortcomings as follows, since they allow access to many sources, one can misuse this information for his or her own selfish needs. It therefore, calls for focus on protection of user credentials to avoid abuse or any misuse of the same. Security faults and breach of code of ethics since one can forget to log out, and unauthorized persons gain access to this information.
Federal identity management (FIM) is a possible arrangement among multiple enterprises that allow subscribers to use the same identification data in obtaining access to all enterprises in the group. The main reason behind this practice is saving and cutting production cost for the partners in the group. User passwords face many challenges for instance, rainbow tables among others. Rainbow table; is a system that hackers use to break passwords. Rainbow tables are tables of clear text passwords and hashes. They allow a passwords quick look up if a hash for that password knowledge is public. They then store the password in clear text.
Biometrics is the science and technology used in measuring and analysis of biological data. The biological data include DNA, fingerprints, eye retinas, voice patterns among others for authentication purposes. Biometric devices encrypt data upon collection to avoid data theft. They also consist of scanners, software that converts scanned data into digital form, and a database for storage of information collected.
Chapter 11
What is cryptography?
Cryptography refers to part used to prevent stealing of private information in situations where an attacker breaks into a computer. It also conducts other vital security duties for information in the computer including authentication, repudiation, confidentiality and integrity. For example, cryptography can be relevant in determining if the sender of a message is genuine or imposter. It also helps in proving whether an individual send a message or performed an action using the computer or not, which is essential in proving that a criminal participated in financial transactions.
What is an algorithm?
Algorithm refers to a set of explained instructions, which yields predictable end-state from a known beginning and it implies that wrong definition leads to incorrect results. The most known example of an algorithm is a computer program because each computer program entails dissimilar instructions varying in complexity. Algorithm occurs in varying classes, which include the greedy algorithm, randomized, brute force, branch and bound among others.
What is a key?
A key refers to a variable value, applicable with the help of an algorithm to a block of unencrypted text in order to come up with encrypted or decrypt text. The key length is an essential factor used in determining the manner of decrypting text in given messages.
What is a hash?
A hash refers to the algorithm or subroutine applicable in highlighting varying amount of data or keys into smaller fixed amount of data. The hash function returns different values called the hash values, hash codes and hash sums among others.
How does hashing work?
Hashing is essential in accelerating data comparison findings such as locating items within the database, detecting identical records in intense files as well as highlighting similar stretches in DNA sequences. Hash functions are also essential in hash tables as they encourage location of the data as long as the search key is available. Furthermore, the hash functions build the caches for large data stored in slow media. They are vital requirements of a bloom filter by offering them with an enclosing approximation.
What are common hash algorithms?
The common hash algorithms include the block cipher within the CBC mode, the secure hash algorithm 1, the message digest and the secure hash algorithm 256.
What is a stream cipher?
A stream cipher is a method applicable in encrypting texts in order to create a cipher text. The method is not commonly applicable in the contemporary cryptography. On the contrary, a block cipher refers to a manner of encrypting text where the keys and algorithm are applicable to blocks of data instead of individual bits within a given stream.
How do they work?
Block ciphers divides the input text into fixed-size portions known as blocks. Since the input texts comes in varying sizes, it is essential for the algorithm to pad them with additional bytes. Then the block cipher encrypts the message. On the contrary, the stream cipher performs its duties with the application of two different data stream. It refers to the initial data stream of an input text while the second one is key data. The encryption works with both streams as it takes a byte from an input stream and another one from the key stream.
What is symmetric encryption?
A symmetric encryption refers to the best and commonly applicable technique. Mostly, it is the secret key, which can be a number, word or letter used in a message in order to transform the content in varying manner. If the sender and the recipient have a secret key, they are capable of encrypting and decrypting all messages that uses the given key. On the contrary, asymmetric encryption refers to the problems of exchanging secret keys on the internet while trying all means so that they do not fall in the hands of wrong people.
What algorithms are associated with each type of encryption system?
The association of algorithms in symmetric and asymmetric differs because when using symmetric algorithm, the involved groups use similar keys for en and decryption. This implies that in order to enhance privacy, it is essential to keep the keys in secret because the moment other parties discovers them, it makes the information not to be safe. On the contrary, the asymmetric algorithms applies pairs of keys since it uses one in encryption while the other one in decryption. To keep the decryption key secretly as they spread the encryption key to all parties interested in sending the encrypted messages.
What is a digital signature?
A digital signature refers to an electronic signature, which is essential because it is capable of authenticating the senders’ identity. It also authenticates the signer of a document in order to guarantee that the substance of the communication or document is original. The digital signature is most preferable because it is easily transportable, not easy to imitate and time-stamped automatically. In digital signature, the user copy pastes the contract into the email note. The user applies special software, to retrieve the message hash of the contract. Then user uses the private key previously retrieved from the public-private key authority to encrypt the hash. Consequently, the encrypted hash turns out to be the digital signature of the message.
Chapter 12:
What is a digital certificate (DC)?
A digital certificate refers to an electronic credit card that a person uses to institute his or her credentials while conducting any form of business or transactions on the web. The certificate contains the name, serial number, the expiration date, digital signature and a copy of certificate holders. Besides, a personal digital certificate refers to a digital identity card that resides on the computer.
What is a registration authority (RA)?
The registration authority refers to an agency in a network that is essential in verifying the users’ request of a digital certificate and gives the certificate authority permission to issue it. It is most preferable as it supports involved companies and individual to exchange their information and money safely. This is so because it has a public key, which is useful in encrypting and decrypting messages and digital signatures.
What are the general duties of an RA?
For the past decades, the registration authority was responsible for administering registration of common land, town and green village under the 1965 Act. Currently, it specializes in maintaining the register in order to enable public inspection, carry out searches for registers and handle differing amendments to the registers.
What is a certificate authority (CA)?
A certificate authority is an agency of network that gives out and manages security credentials and public keys in order to encourage message encryption. Furthermore, it also monitors the registration authory so that it can verify information that the requestor of a digital certificate offered. The certificate authority can only offer the certificate after verification by the registration authority.
What is public key infrastructure (PKI)?
It is a key that users use in order to unsecure the public network on the internet so that the user can exchange information and money through the application of public and private cryptographic key pair. It entails a certificate authority, which is essential in issuing and verifying the digital certificate. It also has a registration authority, which verifies the certificate authority before the requestor gets the digital certificate. It also has the directories used in the storage of certificates as well as a certificate management system.
