User Account

All Pages

Find out severe distributed denial of service attack

Assignment Help Computer Network Security
Reference no: EM132196617

QUESTIONS

1. This question is about the public key used in web site encryption. The key is called a "digital certificate". Web sites with encryption start with https not http.

a. Go to your favorite encrypted web site, such as a bank, or any web site which asks for a password.

Click on the padlock symbol, and it will tell you the name of the company that issued the digital certificate for the web site.
Alternatively, you could just pick a company from the list of recognized digital certificates for the Mozilla web browser

Either way, find the name of a company that issues digital certificates for web sites.

b. Go to the web site of that company that issues digital certificates. Look up their contact details, and write down the company's street address and phone number.

c. Browse the web site of the company that sells digital certificate. Find how much does it cost for a digital certificate for a year? (Use the cheapest choice, e.g., single-name certificate).

d. How does someone apply for a digital certificate from this company? Do they ask for a driver's licence? An incorporation certificate? Or do they only ask that you generate a CSR (certificate signing request), which a web server program can make using its domain name.

e. In your opinion, could a criminal obtain a digital certificate from this company?

2. A few short questions about computer security.

a. Anti-virus software is popular for Microsoft Windows. Find the typical detection rate for popular anti-virus software. Please give recent references for what you find (i.e., since 2018 began, or as new as possible)

b. Using the web, find out one recently severe distributed denial of service (DDoS) attack. Who and how did they launch the attack? What were the damages?

c. How big is the biggest botnet currently in use? What country is it likely to have come from? Please give references for what you find.

Note that the BredoLab Botnet (also known as Oficla) used to run on about thirty million computers, but it was mostly dismantled back in 2010.

3. For identity theft events,

Click on "Data Breaches", and then scroll down a little, and for the types of breaches and organizations, pick "Select All", but only for the year 2018.

a. For identity thefts in 2018, scroll down and find one that's fairly large (at least 10,000 people).

Briefly describe the date, the organization, how many people were affected, and what happened.

b. Click on the back button to return to the search page, and this time pick "Select All" for all 3 choices,

Instead of scrolling down the list, look for the button to download all the breaches as a single spreadsheet.

Just above that button is the "Records total:" that says how many people have had their personal data stolen. Is that bigger than the population of the world?

c. Download the large spreadsheet, and highlight all columns, so you can sort the lines by column F, "Total Records". What is the biggest security breach, and how many people had their personal information stolen? Briefly describe the date, the organization, how many people were affected, and what happened.

4. Some fun questions about criminal web sites.

a. Go to the web site and write down how many web sites there are in the world today.

b. Scroll down a little, and look for how many web sites have been hacked today. How many have been hacked so far today?

c. Practically every 4-letter domain name in ".com" has already been registered. Make up five different random 4-letter domain names, such as (as a random example) tiyu.com ptjh.com cjqx.com and so forth.

Use thewhois search to look up those random 4-letter domain names, and find out how many of them are registered. Many web sites link to whois for free,such as

Of your 5 random 4-letter domain names:
- How many are registered?
- From Whois, what is the name of the contact person? It should be listed as "Registrant Name"?
- Is there a phone number, email address, or physical address?

d. For one of the registered domain names (or if they're all unregistered, try zzz4.com as that's a real web site). For the web site, run a traceroute program on your computer, or go to a web site with a traceroute interface (look for one on Google). There is an online traceroute tool at www.net.princeton.edu/cgi-bin/traceroute.pl

A visual traceroute program is nice, even though it's a bit slow.

Using traceroute, can you find in which country (and, if you can figure it out, which city) is the web site physically hosted?

5. Remember how your phone's MAC address lets people track where you go?

a. For your favorite type of phone or laptop (Android / iPhone / Windows / Apple / etc.), search for a free app that lets you change your MAC address to a different MAC address. What is the name of one such app?

b. Search for a review of that program. Does the review seem positive or negative? If you were a criminal (or just interested in privacy) would this program be good enough for you to use for changing your MAC address? Why or why not?

c. Go to the Google news web site, and search for change mac address

Are there any news articles about computer network security? Pick one news story, and briefly describe what it's about.

6. There are several organizations that sell spy software, which turns your mobile phone into a spying machine. These organizations include:

 

Organization

Spy Software

1

NSO Group

Pegasus

2

Gamma Group

FinFisher / FinSpy

3

Hacking Team

Galileo / Da Vinci

4

Swiss Government, Dept. of the Environment

MiniPanzer  / MegaPanzer

Pick just one of the above, and do some reading about their spy software (for example, each kind of spy software has its own Wikipedia article).

a. Can anyone buy this software? Or do they only sell it to governments? (Usually corrupt dictatorships with poor human rights records)?

b. Has the software been sold to corrupt dictatorships, and other governments with poor records on human rights?

c. What kind of data do they steal? Is it only the Apple iPhone? Or every kind of mobile phone? Conversations in Skype? Keylogging? Stealing Bitcoin from your cryptocurrency wallet? Or what?

d. Find a recent (within the last year or so) news story, which mentions this software. Give a short summary of the news story.

7. Cost-benefit analysis!Your company's web site is sometimes broken into by hackers, with the following estimates of probabilities and costs:

- Each day there is a 0.4% chancethat a script kiddie will only deface the web site, but cause no other damage. This would cost only $10,000 in lost sales.

- Each day there is a 0.2% chance (once everythree hundred days) that an expert hacker will delete data and steal customers' credit card numbers, costing $250,000.

- Remember how hackers stole all the data from Ashley Madison and killed the company? We estimate that each day there is a 0.02% chance (once in ten thousand days) that an expert hacker will steal all the company's data, costing $1,000,000.

The big boss wants you to advise on which of these three solutions to buy:

I. We could do nothing and accept the problem.

II. A nice IBM firewall costs a huge $50,000 per year. It claims to prevent all script kiddie hackers and 95% of expert hackers.

III. A cheap Microsoft firewall costs only $8,000 per year. It claims to prevent 90% of script kiddie hackers and 50% of expert hackers.

The big boss wants you to advise which to choose. Feel free to use a spreadsheet or calculator or whatever you find the most convenient to answer these questions:

- Calculate the annualized loss expectancy (ALE) for the three kinds of hacker attacks. What is the total annual loss expectancy?
- For the three possible solutions, calculate the total annualized loss expectancy (ALE) if that solution was used?
- Calculate the cost-benefit of the three different solutions
- If the boss asks, is there a large difference between the solutions (are two solutions about the same), or is there a clear winner?
- A magazine article claims that the IBM firewall doesn't stop 95% of expert hackers, it only stops 90% of expert hackers. Would this small difference cause you to change your advice?
- The Microsoft salesperson offers to reduce the price from $8,000 per year, to completely free. Would free software change your advice?

Attachment:- Assignment.rar

Verified Expert

In this assignment we have write report for the network security and here we have perform the operation on the network security. Here I have done analysis of the digital certificate. Here we have also studied spyware software and also create ALE and SLE.

Reference no: EM132196617

Questions Cloud

Write a signal handler function : Write a signal handler function, When a SIGALRM signal arrives this function will be called in which variable will be set.
Prompt the user to input the elapsed time for an event : Write a C++ program that prompts the user to input the elapsed time for an event in seconds.
How happy is jim in utiles : How happy is Jim in utiles? Brian is risk neutral (e.g. A=0) how much would he be willing to pay for the same coin toss gamble if not doing anything makes.
Display the sorted vector values : Write a C program to perform the following tasks: Read the values of a vector of integer numbers. Display the values.
Find out severe distributed denial of service attack : CP5603 - Advanced E-Security - How does someone apply for a digital certificate from this company? Do they ask for a driver's licence
Print out all of the command line arguments passed : Write a C++ program that prints out all of the command line arguments passed to the program.
How many hours of leisure he should give up : Ivan had 200 rubles from his parents weekly. Since this week Ivan will start to get 1000 rubles weekly from parents and grandmother.
Read the epresentation of a binary tree : Write a C++ program that will read in a left child - right child array representation of a binary tree.
The court stated that this interest must be expressed : The Court stated that this interest must be expressed? _______________ that the patient did not want to be sustained by artificial means.

Reviews

len2196617

12/17/2018 11:20:03 PM

Please answer the following questions You can read any documents, or talk to any people, or ask the lecturer. Feel free to discuss the issues with your classmates, or with anyone else. Make sure you write your own answers.

Write a Review

Computer Network Security Questions & Answers

  Re-design the companys hq network

Your task is to re-design the company's HQ network and secure the Company's network infrastructure and communications.

  List some of the key national and international standards

List some of the key national and international standards that provide guidance on IT security management and risk assessment.

  Discuss top-three physical security controls that you need

Discuss the top-three physical security controls that you believe need to be implemented in order to secure the physical perimeter of the office space.

  Summarize the primary vulnerabilities and potential threats

Summarize the primary vulnerabilities and potential threats that exist for GCI related to the practice of storing sensitive data on laptops. In your opinion, which of the risks GCI faces are most significant to the company?

  A determine the elements of the risk management framework b

to foster and develop national preparedness and encourage the exploration of risk related interdependencies across the

  Write a two-page paper listing the network protocols covered

Write a 1- to 2-page paper listing the network protocols covered in the readings and discussing one protocol with which you have worked.

  What exactly is cyberterrorism

What exactly is cyberterrorism and What is information warfare? How can information warfare be distinguished from cyberterrorism?

  What is a digital signature

What is a digital signature? What is the difference between network security configuration and network security compliance?

  Establishing compliance of it security controls with us laws

Describe the importance of and method of establishing compliance of IT security controls with U.S. laws and regulations, and how organizations can align their policies and controls with the applicable regulations

  What changes to the network topology or design must be made

After running for several months with a single router and a single Internet Service Provider, Netstack College wants to improve the reliability of their Internet connection. They have contracted with a second ISP so they will have two connections ..

  Determine the impact of five potential logical threats

Identify at least five (5) potential physical threats that require attention. Determine the impact of at least five (5) potential logical threats that require attention.

  Write a paper recommending what type of security policy used

Write a paper recommending what type of security policy should be used and what security technologies should be used.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd