@zaasmi said in CS204 Assignment 2 Solution and Discussion:
Suppose that if you’ve ever tried to login to your online bank account and find that not all of your savings are being accounted for, it could be an indication that you’ve been targeted by cyber criminal. Although there are several ways that cyber criminals could have gotten your account data, there’s a fair chance you’ve accidentally come across a phishing website in the past, misinterpreting the login page of your online bank. Enlist all possible security measures to protect your online banking account from cyber criminals.
Respond as if the network has already been breached. Adopting this mindset forces the IT team to prioritize the most business-critical parts of the network and use network segmentation as a strategy. When done correctly, network segmentation, achieved through the creation of network zones, limits the ability for a hacker to move laterally across a compromised network. Network segmentation requires continual updates and configurations, but it can mean the difference between a hacker getting only as far as an employee’s infected computer and helping themselves to the bank’s ATM systems.
Implement an enterprise-wide security policy. A well-defined security policy serves as a crucial road map for any bank IT team to maintain a truly adaptive security architecture. It’s what helps the people tasked with protecting the bank’s systems determine the best way for the network to operate with minimal risk. Additionally, the security policy should take into consideration all regulatory and enterprise compliance requirements and how to apply timely patches to maintain compliance.
Security policy enforcement. It’s one thing to have a security policy that defines how the IT platform behaves and another to actually validate that it is being enforced across your network. Doing the former but not the latter might allow you to comply with some regulations, but it won’t make your network safer. Organizations must constantly monitor their network for changes to configurations and ensure that these changes are approved and compliant with policy. It’s a collaborative effort across the enterprise—network operations, security operations, and the CIO.
@moaaz said in CS204 Assignment 1 Solution and Discussion:
Question. 2 Marks 10
Mr. “Omar” is an HR coordinator at XYZ University. He receives an E-mail containing a message that, “Your University’s E-mail account password will be expired within 24 hours” from some fake E-mail account pretending to be the legitimate E-mail from University. Mr. “Omar” is redirected to a fake password renewal page i.e.“xyzcuniversity.edurenewal.com” where both new and existing passwords are requested. The cyber attacker is monitoring the page and hacks the original password to gain access.
Keeping in view the above scenario, answer the following questions:
Mention the cyber-crime name, which is occurring in the scenario.
Mention the category of cyber-crime.
Mention all possible prevention measures for such type of cyber-crimes.
Phishing Attack , Data theft or Email Spoofing
Cyber-Crime against property
• Learn to Identify Suspected Phishing Emails
• Check the Source of Information from Incoming Mail
• Do not click on hyperlinks or links attached in the email, as it might direct you to a fraudulent website.
• Type in the URL directly into your browser or use bookmarks / favorites if you want to go faster.
• Enhance the Security of Your Computer
• Update on your operating system and web browsers.
• Enter Your Sensitive Data in Secure Websites Only
• The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data.
• Delete these emails and ask your university to clarify any doubts.
• Check Back Frequently to Read About the Evolution of Malware
Use the caesar cipher method to encrypt the word “ACTIVATION” and show the complete process step by step.
A B C D E F G H I K L M N O P Q R S T U V W X Y Z
Chose a number form 1 to 26 .the number will represent the key or the “shift” value that will be used to shift the standard Alphabet.
A B C D E F G H I K L M N O P Q R S T U V W X Y Z
W X Y Z A B C D E F G H I K L M N O P Q R S T U V
Now bottom row of ALPHABE will now by known as Cipher ALPHABET.
Plain : A B C D E F G H I K L M N O P Q R S T U V W X Y Z
Cipher: W X Y Z A B C D E F G H I K L M N O P Q R S T U V
Ciper text : WYPERWPEKI
Actually, it’s difficult to compare the cryptographic strengths of symmetric and asymmetric key encryptions. Even though asymmetric key lengths are generally much longer (e.g. 1024 and 2048) than symmetric key lengths (e.g. 128 and 256), it doesn’t, for example, necessarily follow that a file encrypted with a 2048-bit RSA key (an asymmetric key) is already tougher to crack than a file encrypted with a 256-bit AES key (a symmetric key).
Instead, it would be more appropriate to compare asymmetric and symmetric encryptions on the basis of two properties:
Their computational requirements, and
Their ease of distribution
Symmetric key encryption doesn’t require as many CPU cycles as asymmetric key encryption, so you can say it’s generally faster. Thus, when it comes to speed, symmetric trumps asymmetric. However, symmetric keys have a major disadvantage especially if you’re going to use them for securing file transfers.
Because the same key has to be used for encryption and decryption, you will need to find a way to get the key to your recipient if he doesn’t have it yet. Otherwise, your recipient won’t be able to decrypt the files you send him. However way you do it, it has to be done in a secure manner or else anyone who gets a hold of that key can simply intercept your encrypted file and decrypt it with the key.
The issue of key distribution becomes even more pronounced in a file transfer environment, which can involve a large number of users and likely distributed over a vast geographical area. Some users, most of whom you may never have met, might even be located halfway around the world. Distributing a symmetric key in a secure manner to each of these users would be nearly impossible.
Asymmetric key encryption doesn’t have this problem. For as long as you keep your private key secret, no one would be able to decrypt your encrypted file. So you can easily distribute the corresponding public key without worrying about who gets a hold of it (well, actually, there are spoofing attacks on public keys but that’s for another story). Anyone who holds a copy of that public key can encrypt a file prior to uploading to your server. Then once the file gets uploaded, you can decrypt it with your private key.