Information Technology Security
Added on 2023-06-09
13 Pages3820 Words443 Views
Running head: INFORMATION TECHNOLOGY SECURITY
Information Technology Security
Name of Student-
Name of University-
Author’s Note-
Information Technology Security
Name of Student-
Name of University-
Author’s Note-
1Information Technology Security
1. Cryptography
Replay attack is basically a network category where an attacker gets to know about the
data transmission and deliberately makes the data transmission delayed or makes it repeated. The
repeat or delay of data transmission is basically carried out by sender or by some malicious entity
who intercepts data as well as retransmits them (Zhu & Martínez, 2014). The replay attack is
commonly known as a security protocol that uses data transmission replays from different sender
to intended receiving system. By this replay attacks the senders are actually fooled by making
them believe that they have transmitted the data successfully. This type of attack mainly helps
the intruders or the attackers for gaining success on a network, gain all the information that
would not be easily accessible or the attacker even might conduct some duplicate transaction.
Replay attack is most commonly known as playback attack. If the replay attack is not
mitigated, then the computers or the system network are subjected to replay attacks. The victims
would see the progress of attack as the legitimate messages. There are many examples of replay
attack, out of which one is the messages that are send over a particular network to some
particular authorized user are replayed by some attacker and sends out wrong messages to the
user (Smith, Wiliem & Lovell, 2015). The messages that are sent through the network is
expected to be encrypted and the hacker might not use the actual decryption keys. Valid data
retransmission or the logon messages might help the attacker to get access to network. Replay
attack mostly gains access to all the resources by getting access of an authenticated message and
replaying them that can create a confusion to the receiver.
The best technique that can be used for mitigating the replay attacks is by the use of
digital signatures along with timestamps. There is another technique that would use to prevent
1. Cryptography
Replay attack is basically a network category where an attacker gets to know about the
data transmission and deliberately makes the data transmission delayed or makes it repeated. The
repeat or delay of data transmission is basically carried out by sender or by some malicious entity
who intercepts data as well as retransmits them (Zhu & Martínez, 2014). The replay attack is
commonly known as a security protocol that uses data transmission replays from different sender
to intended receiving system. By this replay attacks the senders are actually fooled by making
them believe that they have transmitted the data successfully. This type of attack mainly helps
the intruders or the attackers for gaining success on a network, gain all the information that
would not be easily accessible or the attacker even might conduct some duplicate transaction.
Replay attack is most commonly known as playback attack. If the replay attack is not
mitigated, then the computers or the system network are subjected to replay attacks. The victims
would see the progress of attack as the legitimate messages. There are many examples of replay
attack, out of which one is the messages that are send over a particular network to some
particular authorized user are replayed by some attacker and sends out wrong messages to the
user (Smith, Wiliem & Lovell, 2015). The messages that are sent through the network is
expected to be encrypted and the hacker might not use the actual decryption keys. Valid data
retransmission or the logon messages might help the attacker to get access to network. Replay
attack mostly gains access to all the resources by getting access of an authenticated message and
replaying them that can create a confusion to the receiver.
The best technique that can be used for mitigating the replay attacks is by the use of
digital signatures along with timestamps. There is another technique that would use to prevent
2Information Technology Security
replay attack is through creation of session keys that are generated randomly. These session keys
are mostly time bound as well as process bound. Another method for preventing the replay
attacks is for each request there is one-password generated (Patel et al., 2015). This one-time
password is used frequently by banks in banking operations. There are other methods as well that
includes non-acceptance of the duplicated messages as well as sequencing the messages.
The working process of replay attack is describe below with the help of an example. Fr
example, an employee of a company sends an encrypted message for some financial transfer.
The employee sends the message to the financial administrator of the company and at that time
the attacker eavesdrops the message, get access to the encrypted message and then resends the
message by changing the content of the message (Alegre, Janicki & Evans,2014). It is not
possible for financial administrator to get to know about the data change and data resending of
the message. The message looks real to the administrator. This will make the financial
administrator to transact money to the attacker’s account.
Preventing a Replay Attack
The only way to prevent a replay attack is proper encryption method that will help to
mitigate replay attack. The encrypted messages that are sent carries keys within them and when
the messages are received by the receiver, the messages are decrypted at the transmission end
and finally the message is opened (Zhang, Lin & Qu, 2015). The work of an attacker for
conducting a replay attack is to get hold of the original message and then replays the message
again. Decrypting the key of the original message is not the work of the attacker. To mitigate
this, the sender as well as receiver has to establish a random key session between them. This key
session consists of one code that is valid only for one transaction and it cannot be reused.
replay attack is through creation of session keys that are generated randomly. These session keys
are mostly time bound as well as process bound. Another method for preventing the replay
attacks is for each request there is one-password generated (Patel et al., 2015). This one-time
password is used frequently by banks in banking operations. There are other methods as well that
includes non-acceptance of the duplicated messages as well as sequencing the messages.
The working process of replay attack is describe below with the help of an example. Fr
example, an employee of a company sends an encrypted message for some financial transfer.
The employee sends the message to the financial administrator of the company and at that time
the attacker eavesdrops the message, get access to the encrypted message and then resends the
message by changing the content of the message (Alegre, Janicki & Evans,2014). It is not
possible for financial administrator to get to know about the data change and data resending of
the message. The message looks real to the administrator. This will make the financial
administrator to transact money to the attacker’s account.
Preventing a Replay Attack
The only way to prevent a replay attack is proper encryption method that will help to
mitigate replay attack. The encrypted messages that are sent carries keys within them and when
the messages are received by the receiver, the messages are decrypted at the transmission end
and finally the message is opened (Zhang, Lin & Qu, 2015). The work of an attacker for
conducting a replay attack is to get hold of the original message and then replays the message
again. Decrypting the key of the original message is not the work of the attacker. To mitigate
this, the sender as well as receiver has to establish a random key session between them. This key
session consists of one code that is valid only for one transaction and it cannot be reused.
3Information Technology Security
2. Network Security Fundamentals
Four general goals for securing networking are confidentiality, integrity, availability, and
non-repudiation. All the goals are stated below with examples.
Confidentiality: To implement a network security, the first goals is to maintain the
confidentiality. The main function of confidentiality is protecting the business data that are
stored in the system from an unauthorized person (Luan et al., 2015). To maintain the
confidentiality in a network security, it is made sure that the data is only available to the intended
as well as authorized person. The business data should only be accessible to the employees of the
companies or the sender and the receiver. The persons who are authorized to access the data
should only get the access of the data. Confidentiality mainly deals with controlling the access of
the files in the storage or the transit. For maintaining the confidentiality, there should be system
configuration or the products configuration.
For example: Taking the example of bank records, all the customers associated with the
bank should be able to access their data along with the employees of the bank who helps to
conduct a transaction. No other person should get the right to access them. Confidentiality fails
when the data is accessed by some other person intentionally or accidentally. Failure of
confidentiality is most commonly known as data breach. If the details of the bank are made
public, then it will be accessible to all others. Majority of the incidents that are reported recently
involves confidentiality loss.
Integrity: Integrity is the second goal for the Network Security. The main aim of
integrity involves assuring as well as maintaining the consistency and accuracy of the data.
Function of integrity is maintaining a proper accurate data and the data should be reliable and
2. Network Security Fundamentals
Four general goals for securing networking are confidentiality, integrity, availability, and
non-repudiation. All the goals are stated below with examples.
Confidentiality: To implement a network security, the first goals is to maintain the
confidentiality. The main function of confidentiality is protecting the business data that are
stored in the system from an unauthorized person (Luan et al., 2015). To maintain the
confidentiality in a network security, it is made sure that the data is only available to the intended
as well as authorized person. The business data should only be accessible to the employees of the
companies or the sender and the receiver. The persons who are authorized to access the data
should only get the access of the data. Confidentiality mainly deals with controlling the access of
the files in the storage or the transit. For maintaining the confidentiality, there should be system
configuration or the products configuration.
For example: Taking the example of bank records, all the customers associated with the
bank should be able to access their data along with the employees of the bank who helps to
conduct a transaction. No other person should get the right to access them. Confidentiality fails
when the data is accessed by some other person intentionally or accidentally. Failure of
confidentiality is most commonly known as data breach. If the details of the bank are made
public, then it will be accessible to all others. Majority of the incidents that are reported recently
involves confidentiality loss.
Integrity: Integrity is the second goal for the Network Security. The main aim of
integrity involves assuring as well as maintaining the consistency and accuracy of the data.
Function of integrity is maintaining a proper accurate data and the data should be reliable and
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Questions and Answers on Cryptography, Network Security, Firewalls, and Host Hardeninglg...
|7
|1967
|70
COIT20262 Assignment 1 Submissionlg...
|7
|1565
|52
Packet Capture and Analysislg...
|7
|1576
|364
COIT20262 - Advanced Network Securitylg...
|7
|1484
|89
BN203 Network Security MITlg...
|7
|1660
|49
Network Security Tools Reportlg...
|7
|1141
|38