CS205 - Information Security

zareen

Assignment No. 02
Semester: Fall 2019
CS205: Information Security Total Marks: 15

Due Date: 28/11/2019

Instructions:
Please read the following instructions carefully before submitting assignment:
You need to use MS word document to prepare and submit the assignment on VU-LMS.
It should be clear that your assignment will not get any credit if:

 The assignment is submitted after due date.
 The assignment is not in the required format (doc or docx)
 The submitted assignment does not open or file is corrupt.
 Assignment is copied (partial or full) from any source (websites, forums, students, etc)

Objectives:

To enhance the learning capabilities of the students about:

1. Software Attacks
2. Need for Security against attacks

Assignment
Question No-1:

“Friend Circle” is a social media platform yet to be launched. Currently, it is in testing phase in which various security policies in the perspective of an online platform are being tested. Following are the reports / observations of such tests:
Report 1:
Upon testing the login interface, the security experts found a loophole in the system that an unauthorized person can login to the system by trying different combinations of passwords.
Report 2:
It is observed that bundle of unnecessary requests possibly generated by some computers or bots can overload the application and resultantly system may crash or fail to perform ordinary functions.

After carefully analyzing above mentioned reports, you are required to identify the type of attack associated with each report. Also mention one suitable solution to tackle the identified attack.
Question No-2:

Carefully study the Topics “threat” and “software attacks” and identify the deliberate software attacks for following situations with proper justification.

1. Suppose a user receives an email containing an image file as the attachment. As the user opens the file, different files on his systems get deleted or modified.
2. A student copied some files from his USB flash drive to a computer in university lab. After doing this, he observed that the number of files on the system got duplicated and overall performance of the system got deteriorated. He faced too much delay in performing tasks by the computer.
3. A user noticed that someone is using his Facebook account after stealing his credentials. After investigation, he observed that it happened after installing a software downloaded from an un-authentic website.

zareen

Q. 1 Solution:
Report 1:
Brute Force:
The application of computing and network resources to try every possible password combination is called a brute force attack.
Solution:
Against brute force attack limit the number of unsuccessful access attempts allowed per unit of elapsed time are very effective. For example, if your website receives three failed login attempts; it should block that IP for a certain period of time to stop further attempts being made. We can take following defensive measures:

• Limit Login Attempts (limit the login attempts)
• Password Length (longer password length)
• Password Complexity (UPPERCASE and lowercase alphabets and should also have numbers and special characters)
• Using Captcha (prevent bots from executing automated scripts mainly used in Brute Force attack)

Report 2:
DoS/ DDoS (Denial of Service/ Distributed Denial of Service):
These attacks overwhelm network resources such as web and email gateways, routers, switches, etc. and prevent user and application access, ultimately taking a service offline or severely degrading the quality of a service. A denial-of-service (DoS) attack occurs when an attacker sends a large number of connection or information requests to a target.
Solution:

• CAPTCHA Code is based on assumption that humans are better at character recognition than machines and it is effectively used to provide various services in security. So, it provides good defense against SPAM robots and other automated programs as it almost ensures that people using a website are real people. Generally, computers or bots are not capable of solving a captcha.
• Increase the resources (i.e. bandwidth) of the system.
• Distribute the servers worldwide and use load balancing.

Q. 2 Solution:

1. Virus
When the computer program runs attached with virus it performs some action such as deleting/modified a file from the computer system. A virus is a code that can attach itself to a program and take control of the program to spread itself further. It can harm in different ways, such as showing random popup messages or unwanted advertisements on the screen. Changing, deleting, or hiding user data and system files.
2. Worms
Worms replicate itself to cause slow down the computer system. The main objective of worms to eat the system resources. A worm is a malicious program that replicates itself constantly, without requiring another program environment. Worms can continue replicating themselves until they completely fill available resources, such as memory, hard drive space, and network bandwidth.
3. Trojan Horse
Trojan Horse capture some important information about a computer system. The main objective of Trojan horse to steal the information. Trojan horses are software programs that hide their true nature and reveal their designed behavior only when activated. Trojan horses are frequently disguised as helpful, interesting, or necessary pieces of software, such as readme.exe files often included with shareware or freeware packages. Unfortunately, like their namesake in Greek legend, once Trojan horses are brought into a system, they become activated and can cause destruction on the unsuspecting user.

zareen

@zareen said in CS205 Assignment 2 Solution and Discussion:

Suppose a user receives an email containing an image file as the attachment. As the user opens the file, different files on his systems get deleted or modified.

These are files of any kind that accompany an email message. … Instead, that file contains instructions on where to locate the image file, and then … Other kinds of HTML emails don’t use an internet location for an image; instead, the … and if the image it contains is fetched from their server, they know you opened their email.
link text

@zareen said in CS205 Assignment 2 Solution and Discussion:

It is observed that bundle of unnecessary requests possibly generated by some computers or bots can overload the application and resultantly system may crash or fail to perform ordinary functions.

the “Peer to Peer” collect request which can be scheduled and paid as per … sensitive information on computers opens business up to cyber-attacks, with … way of selling its Security Products”), possibly 2012 LinkedIn breach lead to the … flooded the company’s site with internet traffic in an effort to overload digital systems.
link text

zareen

@zareen said in CS205 Assignment 2 Solution and Discussion:

A student copied some files from his USB flash drive to a computer in university lab. After doing this, he observed that the number of files on the system got duplicated and overall performance of the system got deteriorated. He faced too much delay in performing tasks by the computer.

gathering their data, if this is the case then theoretically all you need to do is flip to the … button to the right of this to tell SPSS where to put the file if you want to store it … Keep one on a floppy disk or USB stick etc. and the other on your student … want to save it and probably copy some into MS Word (see the note on …
link text

zareen

@zareen said in CS205 Assignment 2 Solution and Discussion:

A user noticed that someone is using his Facebook account after stealing his credentials. After investigation, he observed that it happened after installing a software downloaded from an un-authentic website.

Aug 25, 2019 - Hacked Facebook accounts are being sold on the dark web, showing the … Problem is that since so many web sites make you use your email for log in name, I’m not … 90 EACH days after the ‘worst ever’ hack of 50 million users (and here’s … a hacker has claimed he sold the plaintext passwords and email …
link text