logo

CSI2102 - Information Security: Assignment

17 Pages1220 Words277 Views
   

Edith Cowan University

   

Information Security (CSI2102)

   

Added on  2020-03-04

About This Document

 CSI2102 - Information Security assignment The below document discusses the hacking of the network. It also discusses how an attacker uses a sniffer to observe the communication between two devices and collects the transmitted data.

CSI2102 - Information Security: Assignment

   

Edith Cowan University

   

Information Security (CSI2102)

   Added on 2020-03-04

ShareRelated Documents
INFORMATION SECURITY
CSI2102 - Information Security: Assignment_1
Question 1Session HackingTCP session hacking is of the security attack in a protected network of the user. Thecommon session hacking methods is called as IP spoofing. Here the attacker uses the sourcerouted IP packets which is used to insert the commands in the communication between twonodes in a network. The IP distinguishes itself as an authenticated user. This attack is mainly dueto the lack of authentication. Because the authentication is done only one time at the starting ofthe TCP session (Asif & Tripathi, 2012). Man in the middle attack is another type of sessionhacking in which the attacker uses a sniffer to observe the communication between two devicesand collects the transmitted data.Performance of the attackSession hacking can be done in different ways. By using packet sniffersCross site scriptingSpoofing of IPBlind attackBy using packet sniffersHere the attacker captures the victim's session ID and access the server through the packer sniffer(Bharti, 2013). 1
CSI2102 - Information Security: Assignment_2
Cross site scriptingHere the attacker captures the session ID of the victim through the XSS attack. Java scriptis used in the XSS attack. Then the crafted link with malicious script is send to the attacker,when the victim clicks the java script will run and complete the instructions which is given in themalicious code by the attacker (D, 2017).Spoofing of IPThis spoofing technique is unauthorized one which is used to access the IP address of thecomputer from the through the trusted host. When this technique is implemented the attacker willaccess the IP address of the client and it will be injected to the spoofed packets and it is used inthe TCP session to fool the server and it will communicate with the victim (Guides, Tools & X,2017).Blind attackIf the attacker can’t sniff the packets then he will guess the sequence number which isexpected by the server. Hence the brute force combination will be tried for the sequence number.2
CSI2102 - Information Security: Assignment_3
MitigationTo defend the network from session hacking, the network administrator needs toimplement the security measures in the network and application level. These network levelattacks can be prevented by ciphering the packets. Hence the attacker cannot decipher the packetto get the confidential information (KumarBharti & Chaudhary, 2013). The packets can beencrypted by the protocols like IPSEC, SSH and SSL. The IPSEC protocol have the ability toencrypt the packet with some shared key between the two members. This IPsec can be run in twomodes, Transport and tunnel. In transport mode the data’s are sent in an encrypted packet file. Intunnel mode the header and data’s of the packet is encrypted and it is more restrictive. Thissession hacking is one of the serious threat which mainly focus the web application andnetworks.To prevent the session Hijacking by follows the below steps.The web applications can be use the TLS/SSL to transfer the sensitive data. The SSL/TLS encrypting the data so it difficult for hacker.Must be use the very long random numbers as session key.Web applications also use secondary checks to increase the security.Users must be log out the web applications.3
CSI2102 - Information Security: Assignment_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Session Hijacking is a type of cyber-attack
|5
|849
|92

Types of VPN and Encryption Techniques
|13
|2690
|49

SSL/TLS VPN Technologies: Significance, Role, Advantages, and Security
|9
|2008
|427

Man-In-The-Middle Attack
|18
|3456
|309

Introduction to Information Assurance and Information Security Assignment 2022
|4
|529
|16

Security in Cryptography | Assignment
|7
|1502
|13