Antivirus Techniques: Firewalls, Intrusion Detection System (IDS), Intrusion Prevention System (IPS).
Brief Introduction about Anti-Phishing Approach (Common Strategies Used For Secured Authentication): Authentication using passwords like One Time Password (OTP) generators, Two Factor Authentications, Secure Socket Layer (SSL), Secure Electronic Transaction (SET), Cryptography.
Phishing: tecniche e strategie di un fenomeno in evoluzioneAndrea Draghetti
Slide di presentazione della della tesi di laurea sull’evoluzione delle campagne di phishing dagli anni ’90 ad oggi, diverse nuove tecniche e vettori di attacco vengono usati negli ultimi anni per aggirare tecniche di prevenzione o filtraggio implementate per prevenire la diffusione di questo fenomeno.
1st Students Led conference of Surefoot International School, presented by Grade 10 students on 17th October, 2014. An ICT Integrated into Leadership and Service program the topic covered is CYBER CRIME.
Phishing: tecniche e strategie di un fenomeno in evoluzioneAndrea Draghetti
Slide di presentazione della della tesi di laurea sull’evoluzione delle campagne di phishing dagli anni ’90 ad oggi, diverse nuove tecniche e vettori di attacco vengono usati negli ultimi anni per aggirare tecniche di prevenzione o filtraggio implementate per prevenire la diffusione di questo fenomeno.
1st Students Led conference of Surefoot International School, presented by Grade 10 students on 17th October, 2014. An ICT Integrated into Leadership and Service program the topic covered is CYBER CRIME.
Introduction to Cyber Crime Investigation Keyloggers and Spyware, Virus and Warms, Trojan and backdoors, Steganography, DOS and DDOS attack, SQL injection, Buffer Overflow, Attack on wireless Networks.
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveIvan Sang
Achieving effective cybersecurity and governance is a complex challenge for states, businesses and individuals. Recent empirical analyses indicate that cybercrime now costs the global economy over USD 600 billion annually, but many experts believe that this is a conservative figure that understates the actual amount. Reports of cyber breaches that affect democracy, financial services, retail, healthcare, defence, utilities, and infrastructure are becoming more frequent. Also, this trend is projected to increase in the near future. Governments of developing countries, including Kenya, are slowly adopting technology as a tool to offer efficient services. In contrast, cybercriminals use some of the most cutting edge cyber technologies to commit criminal offences and to outfox state countermeasures. Another trend is that cyber threats originate not only from individual actors or highly organized groups, but are also increasingly states-sponsored. Weaknesses in the cyber domain such as deficient cyber or law enforcement capabilities and poor legislation have been exploited to cause harm and impede socio-economic progress. Using a comparative approach, this presentation shows that cybersecurity is a shared responsibility for private citizens, communities, corporations and states alike. It also illustrates that professionals should play a more active role in minimizing and deterring cyber incidents. This session will explore the case of Kenya as country-specific yet comparatively relevant jurisdiction to explore strategic responses to cybercrime, the operational limits of cybersecurity governance and propose ways to mitigate cyber risks.
Phishing--The Entire Story of a Dark WorldAvishek Datta
Phishing is a common problem in today's world. I have summarized some of the essential points needed for anyone to safeguard against all known Phishing attacks.
Public WiFi works as an essential tool for people who are constantly on the move and need to get things done. But, while having easy access to public WiFi networks is convenient, it can put your data at risk of being snooped by attackers, simply because such networks are often not secured. This webinar will give you an in-depth knowledge on:
1. Dangers of using unsecured WiFi networks
2. 6 security tips for using such networks securely
3. How Quick Heal helps reduce the risks of unsecured WiFi networks
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls have been the first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
A firewall can be hardware, software, or both.
Introduction to Cyber Crime Investigation Keyloggers and Spyware, Virus and Warms, Trojan and backdoors, Steganography, DOS and DDOS attack, SQL injection, Buffer Overflow, Attack on wireless Networks.
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveIvan Sang
Achieving effective cybersecurity and governance is a complex challenge for states, businesses and individuals. Recent empirical analyses indicate that cybercrime now costs the global economy over USD 600 billion annually, but many experts believe that this is a conservative figure that understates the actual amount. Reports of cyber breaches that affect democracy, financial services, retail, healthcare, defence, utilities, and infrastructure are becoming more frequent. Also, this trend is projected to increase in the near future. Governments of developing countries, including Kenya, are slowly adopting technology as a tool to offer efficient services. In contrast, cybercriminals use some of the most cutting edge cyber technologies to commit criminal offences and to outfox state countermeasures. Another trend is that cyber threats originate not only from individual actors or highly organized groups, but are also increasingly states-sponsored. Weaknesses in the cyber domain such as deficient cyber or law enforcement capabilities and poor legislation have been exploited to cause harm and impede socio-economic progress. Using a comparative approach, this presentation shows that cybersecurity is a shared responsibility for private citizens, communities, corporations and states alike. It also illustrates that professionals should play a more active role in minimizing and deterring cyber incidents. This session will explore the case of Kenya as country-specific yet comparatively relevant jurisdiction to explore strategic responses to cybercrime, the operational limits of cybersecurity governance and propose ways to mitigate cyber risks.
Phishing--The Entire Story of a Dark WorldAvishek Datta
Phishing is a common problem in today's world. I have summarized some of the essential points needed for anyone to safeguard against all known Phishing attacks.
Public WiFi works as an essential tool for people who are constantly on the move and need to get things done. But, while having easy access to public WiFi networks is convenient, it can put your data at risk of being snooped by attackers, simply because such networks are often not secured. This webinar will give you an in-depth knowledge on:
1. Dangers of using unsecured WiFi networks
2. 6 security tips for using such networks securely
3. How Quick Heal helps reduce the risks of unsecured WiFi networks
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls have been the first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
A firewall can be hardware, software, or both.
To secure a network, someone in the organization must know exactly where the network needs to be secured. Although this step may sound simple and obvious, many companies skip it. They install a perimeter firewall and then relax, lulled into a sense of security by this single layer of defense. To truly assess the risks within a computing environment, you must deploy technical controls using a strategy of defense in depth, which is likely to include IDPSs, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers (commonly referred to as sniffers).
In computer network security of network resources is very crucial. IDS is a powerful line of defense to detect unusual activity which come in or out from the network system then alert to the admin to take proper decision.
Allot ServiceProtector protects the performance and integrity of your network services and resources by providing a first line of defense against Denial of Service (DoS/DDoS) and Zero-Day attacks. For more information: http://www.allot.com/products/security/serviceprotector/
Sources of Funds, Venture Capital System, Designing a Funding Strategy, What investors look in a pitch funding, Current funding options available in GLobal Market
Core Concept of Marketing, Nature and Scope of Marketing, Importance, Selling Vs Marketing, Marketing Concepts, Segmentation, Basis of Segmentation, Targeting, Strategies of Targeting, Positioning, Strategieis of Positioning, Consumer Markets and Buying Behaviour, Consumer Behaviour, Buying Decision Behaviour
Entreprenuership Development Plan, Institutional Support System, National Institute for Entrepreneurship and Small Business Development, STEPs stands for Science and Technology Entrepreneurs Park, National Alliance for Young Entrepreneurs (NAYE), Technical Consultancy Organizations (TCOs), National Small Industries Corporation, Industrial Development Bank of India (IDBI), IFCI (Industrial Finance Corporation of India), ICICI (Industrial Credit and Investment Corporation of India) , RUDSETI (Rural Development and Self Employment Training Institute), Rural Development and Human Development Training Programs, Technology Transfer Programs
Planning and organizing Entrepreneurial VentureArnav Chowdhury
Define Process of planning
entrepreneurial venture, How to Organize business research
tool and techniques, Define Life cycle of venture, Define Problem solving approaches,What are the ways of financing new venture
Introduction to entrepreneurship: What are Entrepreneurship Traits, Define Entrepreneur decision making process
What is the Role of entrepreneurship in economy
Analyze Concept of start up and forms of ownership
Role of Women entrepreneur and challenges
Cyber Safety Mechanism: Introduction, brief Introduction about Policies involved in cyber safety mechanism and purpose of implementing cyber security model
Information Technology Law (Cyber Law): Evolution of the IT Act 2000 and Its amendments: Genesis and Necessity, advantages.
Information Technology and Modern Gadgets: Introduction, Utilization of Various Gadgets, Advantages of modern gadgets, Disadvantages of modern gadgets, Top 10 gadgets in India with small description.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
UNIT IV:Security Measurement Strategies
1. Antivirus Techniques: Firewalls, Intrusion Detection System (IDS),
Intrusion Prevention System (IPS).
Brief Introduction about Anti-Phishing Approach (Common Strategies Used
For Secured Authentication): Authentication using passwords like One Time
Password (OTP) generators, Two Factor Authentications, Secure Socket
Layer (SSL), Secure Electronic Transaction (SET), Cryptography.
2. Firewall is a barrier between Local Area Network (LAN) and the Internet. It
allows keeping private resources confidential and minimizes the security risks. It
controls network traffic, in both directions.
The following diagram depicts a sample firewall between LAN and the internet.
The connection between the two is the point of vulnerability. Both hardware and
the software can be used at this point to filter network traffic.
3.
4. Firewall is categorized into three basic types −
Packet filter (Stateless & Stateful)
Application-level gateway
Circuit-level gateway
5. Sateless & Stateful Packet Filtering Firewall
In this type of firewall deployment, the internal network is connected to the external network/Internet via a
router firewall. The firewall inspects and filters data packet-by-packet.
Packet-filtering firewalls allow or block the packets mostly based on criteria such as source and/or destination
IP addresses, protocol, source and/or destination port numbers, and various other parameters within the IP
header.
The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN and
ACK bits, etc.
Packet filter rule has two parts −
Selection criteria − It is a used as a condition and pattern matching for decision making.
Action field − This part specifies action to be taken if an IP packet meets the selection criteria. The action
could be either block (deny) or permit (allow) the packet across the firewall.
Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches.
ACL is a table of packet filter rules.
As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds
matching criteria and either permits or denies the individual packets.
6. Stateless firewall is a kind of a rigid tool. It looks at packet and allows it if its
meets the criteria even if it is not part of any established ongoing communication.
Hence, such firewalls are replaced by stateful firewalls in modern networks. This
type of firewalls offer a more in-depth inspection method over the only ACL based
packet inspection methods of stateless firewalls.
7. An application-level gateway acts as a relay node for the application-level traffic.
They intercept incoming and outgoing packets, run proxies that copy and forward
information across the gateway, and function as a proxy server, preventing any
direct connection between a trusted server or client and an untrusted host.
The proxies are application specific. They can filter packets at the application
layer of the OSI model.
8. An application-specific proxy
An application-specific proxy accepts packets generated by only specified application for which
they are designed to copy, forward, and filter. For example, only a Telnet proxy can copy, forward,
and filter Telnet traffic.
If a network relies only on an application-level gateway, incoming and outgoing packets cannot
access services that have no proxies configured. For example, if a gateway runs FTP and Telnet
proxies, only packets generated by these services can pass through the firewall. All other
services are blocked.
Application-level Filtering
An application-level proxy gateway, examines and filters individual packets, rather than simply
copying them and blindly forwarding them across the gateway. Application-specific proxies check
each packet that passes through the gateway, verifying the contents of the packet up through the
application layer. These proxies can filter particular kinds of commands or information in the
application protocols.
Application gateways can restrict specific actions from being performed. For example, the
gateway could be configured to prevent users from performing the ‘FTP put’ command. This can
prevent modification of the information stored on the server by an attacker.
9. The circuit-level gateway is an intermediate solution between the packet filter and
the application gateway. It runs at the transport layer and hence can act as proxy
for any application.
Similar to an application gateway, the circuit-level gateway also does not permit
an end-to-end TCP connection across the gateway. It sets up two TCP connections
and relays the TCP segments from one network to the other. But, it does not
examine the application data like application gateway. Hence, sometime it is
called as ‘Pipe Proxy’.
10. The packet filtering firewalls operate based on rules involving TCP/UDP/IP
headers only. They do not attempt to establish correlation checks among different
sessions.
Intrusion Detection/Prevention System (IDS/IPS) carry out Deep Packet
Inspection (DPI) by looking at the packet contents. For example, checking
character strings in packet against database of known virus, attack strings.
Application gateways do look at the packet contents but only for specific
applications. They do not look for suspicious data in the packet. IDS/IPS looks for
suspicious data contained in packets and tries to examine correlation among
multiple packets to identify any attacks such as port scanning, network mapping,
and denial of service and so on.
11. Types of IDS
There are two basic types of IDS.
Signature-based IDS: It needs a database of known attacks with their signatures.
Signature is defined by types and order of packets characterizing a particular attack.
Limitation of this type of IDS is that only known attacks can be detected. This IDS can
also throw up a false alarm. False alarm can occur when a normal packet stream
matches the signature of an attack. Well-known public open-source IDS example is
“Snort” IDS.
Anomaly-based IDS: This type of IDS creates a traffic pattern of normal network
operation. During IDS mode, it looks at traffic patterns that are statistically unusual.
For example, ICMP unusual load, exponential growth in port scans, etc. Detection of
any unusual traffic pattern generates the alarm. The major challenge faced in this
type of IDS deployment is the difficulty in distinguishing between normal traffic and
unusual traffic.
12. IDS and IPS are similar in detection of anomalies in the network. IDS is a ‘visibility’
tool whereas IPS is considered as a ‘control’ tool.
Intrusion Detection Systems sit off to the side of the network, monitoring traffic at
many different points, and provide visibility into the security state of the network. In
case of reporting of anomaly by IDS, the corrective actions are initiated by the network
administrator or other device on the network.
Intrusion Prevention System are like firewall and they sit in-line between two
networks and control the traffic going through them. It enforces a specified policy on
detection of anomaly in the network traffic. Generally, it drops all packets and blocks
the entire network traffic on noticing an anomaly till such time an anomaly is
addressed by the administrator.
13.
14. Phishing prevention measures should be complemented with detection methods.
The key strategies include
Monitor domain name registrations.
Watermark the original web pages to identify usage in phishing sites.
Monitor web server logs for suspicious referral entries and excessive traffic from
one source IP.
Track double-bounce mails.
Setup forum for users to report phishing.
15. Detecting registered fake domain names
The attacker needs to setup a look-alike site. First a domain name is registered. Many
times attackers register a domain which sounds similar to the original. If they are
targeting www.abcbank.com attackers might register www.abc-bank-1.com. In a recent
phishing attack Halifax bank was targeted using a domain called www.halifaax.com.
Notice the extra "a". If we are diligent enough to track registrations of new DNS
domains, we have a chance of getting to know about these "similar" registrations and
can initiate action before the domain name can be used for a phishing attack.
This method of detection is not fool-proof because of different reasons. First - Even
though it is easy to track new registrations of GLTD-generic top-level-domain like .com
and .net, it is not true for CCTLD -country specific top-level-domains like .cn(China) or
.kr(Korea) where many phishing sites are registered. Second - attackers may choose
not to register a domain name and operate the website using just IP address.
16. Detecting look alike webpages
When a phishing webpage is being created, some attackers might not want to write their own
HTML page -they might just Copy-Paste the content of the original website and make their own
page. If we insert something like obfuscated javascript in the original website [which alerts us
when run under any URL other than the authentic] we can get alerted against these attacks.
There are many methods for watermarking your original website to track a phisher. For more on
this read the "6 steps to beat phishing".
Many times attackers design the phishing webpage such that the images are picked up from the
original site rather than keeping a repository of images in their fake website. When the user
loads the phishing webpage, the browser goes and picks the images from original website. The
referrer URL as seens by the original website will be the URL of the fake website [www.abc-
bank-1.com].
On the original website if we are analyzing the web server logs and looking for suspicious
referrers we will be able to detect an phishing attack in progress.
17. Detecting emails sent to users
Once the phishing site is ready, attackers sends emails to hundreds of users, who are the potential
victims. As expected, many of these emails would bounce as the TO: address is incorrect. To increase
credibility of the mail attackers would keep the From: address of the mail as something like
admin@abcbank.com. This userid will be non-existent on the abcbank.com email server. Otherwise the
mails which bounce will get into the mailbox of a user, if the admin@abcbank.com is a valid email id. If
this is a valid email address, attackers would keep the from address as something like
admin1@abcbank.com.
The mails with wrong To: addresses are all returned to the abcbank.com SMTP server. The SMTP
server looks at the From: address admin1@abcbank.com and finds it is non-existent. From: address
and To: address are both wrong. This is called a double-bounce mail.
This method of detection is not foolproof as attackers could use a domain name other than the original
like admin1@abc-bank-1.com. The bounced mail will never reach the SMTP server of the original
abcbank.com and no analysis and alerting is possible.
Finally, users who receive the phishing mail can alert the organization about it. It is important for the
organization to implement forums for easy reporting. It could be setting up a common mailbox like
phish@abcbank.com or a toll-free-number or educating the user helpdesk about this attack. These
forums should be actively published to the users via different channels. An alert user who reports
early could save many others.
18. Detecting Man in the Middle Attacks
Another method quite popular today is real time man-in-the-middle phishing
attacks. As was recently demonstrated in the attacks on Citibusiness, phishers
collect user-id passwords [short-lived one time passwords] and use them in real
time against the original websites. If the attacker is trying passwords of multiple
victims, you will see hundreds of connections from the attacker's PC. If we are
analyzing the webserver logs and checking for large number of connections from
one IP it could be the attacker doing man-in-the-middle.
This method of detection is not fool-proof as attackers might use the phished
informations from multiple computers rather than from a single one.
19. Secured Login
The first and foremost security step should be the use of an HTTPS site rather than
an HTTP one. Whenever you login from an HTTP page, there is no guarantee that
your login credentials are sent in an encrypted format onto the main page. Further,
two-way authentication or certificate-based login is a must for significant logins.
This is a combination of a traditional username and password along with a code
sent to you on your phone.
20. Two-Factor Authentication (2FA) One time Password: One Time PasswordOne time
passwords (OTPs) are an authentication method commonly used as part of two-factor
identification (2FA) and multi-factor authentication (MFA) that can help balance these
needs. OTPs are unique passwords that are only valid for a single login session for a
defined period of time. Because OTPs aren’t reusable, they overcome many of the
shortcomings of traditional (static) passwords by not being vulnerable to replay attacks.
How OTP Soft Tokens Work
Soft tokens are software programs, typically downloadable mobile authenticator
applications, such as RapidIdentity Mobile or Google Authenticator, that effectively
turn a user’s device into an OTP generator.
The setup process entails the server generating a secret key. The user enters the secret
key into the authenticator application. The user can then generate an OTP to verify
the setup process worked with the server.
Each time the authenticator app is opened, a random number is generated for use at a
fixed interval. After a specified period of time has elapsed (normally 30 seconds), a new
number is presented.
21. When it is time for a user to authenticate, the user simply enters the current
value generated by the mobile authenticator app, along with their username and
optionally, a password, PIN, TouchID, or FaceID to log in, effectively adding
another layer of security.
Behind the scenes, the server that is authenticating the user runs the algorithm
used to generate the OTP. The clocks of the user's device and the server are
roughly synchronized, so the numbers entered should match. Once the user’s
credentials are validated, the user is permitted to access the service, website, or
application.
22. When it is time for a user to authenticate, the user simply enters the current
value generated by the mobile authenticator app, along with their username and
optionally, a password, PIN, TouchID, or FaceID to log in, effectively adding
another layer of security.
Behind the scenes, the server that is authenticating the user runs the algorithm
used to generate the OTP. The clocks of the user's device and the server are
roughly synchronized, so the numbers entered should match. Once the user’s
credentials are validated, the user is permitted to access the service, website, or
application.
23. Benefits
Ease of Use: As most users already have smartphones and are comfortable with mobile
technologies, it is easy for them to learn to use soft OTPs and incorporate them into
their daily routines. Users tend to keep their smartphones close at hand, making the
mobile authenticator application readily accessible.
Works Offline: Because the soft OTPs are generated by a clock-based algorithm that is
synchronized across the IT infrastructure, a cell phone signal is not required to
authenticate using this method. This comes in handy for situations where a wireless
signal isn’t available, such as on flights when airplane mode is used.
Not Vulnerable to Replay Attacks: In addition to offering an extra layer of security,
OTPs also mitigate the risk of replay attacks—a shortcoming of traditional passwords.
Replay attacks use valid username and password data captured in transmission to fool
a system into granting access, effectively replaying the request. Because OTPs are not
reusable, even if a would-be intruder were to record an OTP, it would no longer be
valid if the intruder tried to use the OTP to log into a service.
24. Drawbacks
Requires a Mobile Device: Soft OTPs require users to complete the login process
on their mobile phones. Some users may not want to take this step on their
personal phones, and it may not even be an option for users who don't have
smartphones. Additionally, mobile phones have to be charged frequently, and if the
battery dies, the user can’t authenticate via this method.
Devices Can Be Lost or Stolen: A soft OTP cannot be used to authenticate if the
mobile device itself is lost or stolen. However, in the event this does happen, it’s
just a matter of re-provisioning the mobile authenticator app on the user’s new
smartphone, unlike with hard tokens, where a new token would have to be
purchased and shipped to the user.
Security Vulnerabilities: Soft OTPs are installed on mobile devices, leaving them
vulnerable to attacks on the phone’s operating system or other applications. Soft
OTPs also utilize a shared secret between the app and the system’s server, each of
which can be hacked to access the password.
25. Secure Sockets Layer (SSL) is a networking protocol designed for securing
connections between web clients and web servers over an insecure network, such
as the internet. After being formally introduced in 1995, SSL made it possible for
a web server to securely enable online transactions between consumers and
businesses. Due to numerous protocol and implementation flaws and
vulnerabilities, SSL was deprecated for use on the internet by the Internet
Engineering Task Force (IETF) in 2015 and has been replaced by the Transport
Layer Security (TLS) protocol.
While TLS and SSL are not interoperable, versions of TLS through 1.2 were
backward-compatible with SSL 3.0. However, backward compatibility with SSL
was removed from TLS 1.3, the current version of TLS that was published in
2018.
26. A website that implements SSL/TLS has "HTTPS" in its URL instead of "HTTP."
28. SSL Record provide two services to SSL connection.
Confidentiality
Message Integrity
In SSL Record Protocol application data is divided into fragments. The fragment
is compressed and then encrypted MAC (Message Authentication Code) generated
by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is
appended. After that encryption of the data is done and in last SSL header is
appended to the data.
29. Handshake Protocol is used to establish sessions. This protocol allow client and
server to authenticate each other by sending a series of messages to each other.
Handshake protocol uses four phases to complete its cycle.
Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In
this IP session, cipher suite and protocol version are exchanged for security
purpose.
Phase-2: Server send his certificate and Server-key-exchange. Server end the
phase-2 by sending Server-hello-end packet.
Phase-3: In this phase Client reply to the server by sending his certificate and
Client-exchange-key.
Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake
Protocol ends.
30. This protocol uses SSL record protocol. Unless Handshake Protocol is completed,
the SSL record Output will be in pending state. After handshake protocol the
Pending state is converted into Current state.
Change-cipher protocol consists of single message which is 1 byte in length and
can have only one value. This protocol purpose is to cause the pending state to be
copied into current state.
31. This protocol is used to convey SSL-related alerts to the peer entity. Each message
in this protocol contain 2 bytes.
Level is further classified into two parts:
Warning: This Alert have no impact on the connection between sender and
receiver.
Fatal Error: This Alert breaks the connection between sender and receiver.
32. Advantage of this approach is that the service can be tailored to the specific needs
of the given application.
Secure Socket Layer was originated by Netscape.
SSL is designed to make use of TCP to provide reliable end-to-end secure service.
This is two-layered protocol.
33. Secure Electronic Transaction or SET is a system which ensures security and
integrity of electronic transactions done using credit cards in a scenario. SET is
not some system that enables payment but it is a security protocol applied on
those payments. It uses different encryption and hashing techniques to secure
payments over internet done through credit cards. SET protocol was supported in
development by major organizations like Visa, Mastercard, Microsoft which
provided its Secure Transaction Technology (STT) and NetScape which provided
technology of Secure Socket Layer (SSL).
SET protocol restricts revealing of credit card details to merchants thus keeping
hackers and thieves at bay. SET protocol includes Certification Authorities for
making use of standard Digital Certificates like X.509 Certificate.
34. Let’s see a general scenario of electronic transaction, which includes client,
payment gateway, client financial institution, merchant and merchant financial
institution.
35. Requirements in SET :
SET protocol has some requirements to meet, some of the important requirements
are :
It has to provide mutual authentication i.e., customer (or cardholder)
authentication by confirming if the customer is intended user or not and merchant
authentication.
It has to keep the PI (Payment Information) and OI (Order Information)
confidential by appropriate encryptions.
It has to be resistive against message modifications i.e., no changes should be
allowed in the content being transmitted.
SET also needs to provide interoperability and make use of best security
mechanisms.
36. Participants in SET :
In the general scenario of online transaction, SET includes similar participants:
Cardholder – customer
Issuer – customer financial institution
Merchant
Acquirer – Merchant financial
Certificate authority – Authority which follows certain standards and issues
certificates(like X.509V3) to all other participants.
37. SET functionalities :
Provide Authentication
Merchant Authentication – To prevent theft, SET allows customers to check previous
relationships between merchant and financial institution. Standard X.509V3 certificates
are used for this verification.
Customer / Cardholder Authentication – SET checks if use of credit card is done by an
authorized user or not using X.509V3 certificates.
Provide Message Confidentiality : Confidentiality refers to preventing unintended
people from reading the message being transferred. SET implements confidentiality by
using encryption techniques. Traditionally DES is used for encryption purpose.
Provide Message Integrity : SET doesn’t allow message modification with the help of
signatures. Messages are protected against unauthorized modification using RSA
digital signatures with SHA-1 and some using HMAC with SHA-1.
38. Cryptography is the study and practice of techniques for secure communication in
the presence of third parties called adversaries. It deals with developing and
analyzing protocols which prevents malicious third parties from retrieving
information being shared between two entities thereby following the various
aspects of information security.
Secure Communication refers to the scenario where the message or data shared
between two parties can’t be accessed by an adversary. In Cryptography, an
Adversary is a malicious entity, which aims to retrieve precious information or
data thereby undermining the principles of information security.
39. Confidentiality refers to certain rules and guidelines usually executed under
confidentiality agreements which ensure that the information is restricted to
certain people or places.
Data integrity refers to maintaining and making sure that the data stays accurate
and consistent over its entire life cycle.
Authentication is the process of making sure that the piece of data being claimed
by the user belongs to it.
Non-repudiation refers to ability to make sure that a person or a party associated
with a contract or a communication cannot deny the authenticity of their
signature over their document or the sending of a message.
40.
41. Consider two parties Alice and Bob. Now, Alice wants to send a message m to Bob
over a secure channel. So, what happens is as follows.
The sender’s message or sometimes called the Plaintext, is converted into an
unreadable form using a Key k. The resultant text obtained is called the
Ciphertext. This process is known as Encryption. At the time of receival, the
Ciphertext is converted back into the plaintext using the same Key k, so that it
can be read by the receiver. This process is known as Decryption.
Alice (Sender) Bob (Receiver)
C = E (m, k) ----> m = D (C, k)
Here, C refers to the Ciphertext while E and D are the Encryption and Decryption
algorithms respectively.
42. Let’s consider the case of Caesar Cipher or Shift Cipher as an example.
As the name suggests, in Caesar Cipher each character in a word is replaced by
another character under some defined rules. Thus, if A is replaced by D, B by E and
so on. Then, each character in the word would be shifted by a position of 3. For
example:
Plaintext : prestige
Ciphertext : suhvwljh
Note that even if the adversary knows that the cipher is based on Caesar Cipher, it
cannot predict the plaintext as it doesn’t have the key in this case which is to shift
the characters back by three places.
43. In general there are three types Of cryptography:
Symmetric Key Cryptography: It is an encryption system where the sender and
receiver of message use a single common key to encrypt and decrypt messages.
Symmetric Key Systems are faster and simpler but the problem is that sender and
receiver have to somehow exchange key in a secure manner. The most popular
symmetric key cryptography system is Data Encryption System(DES).
Hash Functions: There is no usage of any key in this algorithm. A hash value with
fixed length is calculated as per the plain text which makes it impossible for contents
of plain text to be recovered. Many operating systems use hash functions to encrypt
passwords.
Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt
and decrypt information. A public key is used for encryption and a private key is used
for decryption. Public key and Private Key are different. Even if the public key is
known by everyone the intended receiver can only decode it because he alone knows
the private key.