logo

Assignment | Objectives Of Information Security

   

Added on  2020-02-24

4 Pages1500 Words90 Views
Question 1: (1)Three key objectives of information security. The confidentiality is defined as the property, through which information is not made available or either disclosed to any unauthorised personnel, entities and processes as it is defined on ISO27000. Data integrity is concerned with the maintaining and assuring that the accuracy and completeness of the data is maintained over the whole lifecycle of the data (Boritz, 2011). The data integrity is also concerned with the availability of the data to unauthorised personnel. The integrity helps to assure the data owners that there will be no interference with the information by other parties. The availability means that when the correct parties need data, it will be availed with ease. Security controls are the key measures which helps to make that the data is only availed to the required personnel (Loukas and Oke, 2010). The availability offers assurance to the data owners that they willaccess the data when they need it. (2)Examples of confidentiality, integrity and availability One example of confidentiality in ATM system is through encryption of data, which ensures that the right personnel and owners of the cards who know the keys of the cards can access the information stored. Hashing the data is a key example of providing the integrity of data in the ATM system. This helps to provide the data in the original form without alteration. The backup methods of accessing the data is a key example of data availability which is done in the ATM system. The owners can access their account at their branches when the ATM system is not functioning. Question 2 (1)Mirai malware Mirai malware is able to function by changing the IP address of the internet service provider. Forthe case on the attack, Mirai was able to engage on the change of Domain Name System (DNS)servers. This makes the servers non-functional and therefore hinder access of the information. Thehackers through this malware are able to prevent the different users from accessing information onthe internet servers. This malware is able to affect the online devices alone. Devices with defaultlogins are the most vulnerable to the Mirai attack. One of the best strategy to prevent from Miraimalware is through installation of well managed firewall, which h is up-to-date (Krebs, 2017).Changing the default usernames and password will make it hard for Mirai to make changes on thesystems. Lastly, application of good network security practices will enhance the defencemechanism. (2)Hackers The hackers using Mirai malware are still unclear. But through the analysis of the coding, which isusing the English language, it was found that it had strings in Russian (Krebs, 2017). This makes itclear that Russian hackers were involved in the case. Moreover, Anna-senpai, not known whetherits real name, was able to release the malware to public. Moreover, it is believed that Paras Jha wasthe main creator of Mirai.

(3)DDoS attack Distributed denial of service attacks, (DDoS), is a security threat which involved the change of channel for the right user of some internet services to be unable to access the data through the change of the servers and making them non-functional. The attackers using Mirai, were able to release the malware, to all clients who were using the Dyn provider. The malware was able to offload the traffic on the network provider and clogging the Dyn servers with other requests with different IP addresses.This meant sure that the clients of Dyn were unable to access the internet services since the login details were changed by the malware. The malware was able to take the advantage of the Internet of thing devices (IoT) to execute the changes. Question 3 Integrity protection is used to guard against improper information modification or destruction,including ensuring information nonrepudiation and authenticity. (1)Calculate message-digest fingerprints (checksum) for the provided files shattered-1&2.pdf: MD5 SHA1 SHA256 shattered-1.pdf shattered-2.pdf (2)SHA256 vs MD5 and SHA1; The output size, which is created by SHA256, is more than what MD5 and SHA1 are able to create,that is the 256 bits compared to 160 bits for SHA1. Moreover, SHA1 and MD5 are more prone toattacks unlike SHA256. (3)Google Company announced that they achieved successful SHA-1 Based on the result, the checksum is much close and therefore able to create the collision. This means that unintended result will be achieved and therefore lead to unsecure results due to the collision. Question 4 (1)Vigenère cipher Vigenère cipher is a key method of encrypting alphabetic text through the use of interwoven Ceasarciphers, which is based on letters of a keyword (Bruen & Forcinito, 2011). The main differencebetween Caesar and Vigenère cipher is that Caesar is a monoalphabetic while Vigenère cipher is apolyalphabetic. (2)By Plaintext meet me after the toga party Key After ciphertext glzkx(3)Attack Vigenère cipher Brute Force attack Babbage attack or Kasiskis attack is a key method which can be used to attackVigenère cipher. Through the Brute-force attack, the key word is known and then the output for therest is researched (Martin, 2012). The attack is able to decrypt the Caesar Cipher through sheereffort, which can be done through the computer. A cipher with more secure ciphers is needed to

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Information Security: Analysis of Mirai Botnet Malware Attack on Edimax Cameras
|16
|3642
|383

Information Security Management - Assignment
|8
|2250
|44

IT Security: Types of Risks, Organizational Procedures, Impact of Firewall Configuration, Implementation of DMZ, Static IP and NAT
|18
|1181
|61

Information Security: System Security and Future Trends
|9
|2178
|407

Security Evaluation for WidgetsInc Web-Store
|11
|3970
|239

Information Security Systems in ATM
|9
|1901
|332