Digital Forensics Analysis
Running head: Cryptography 1
August 29, 2019
You are heading in the right direction. You need to have specific details correct. Please use this guide and use scholarly/peer-reviewed articles. You appear to have just googled the information. Here is the checklist. Create appropriate tables and use the correct sources. Please see my notes below.
|Student Name: Aisha Tate|
|This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission|
|Project 5: Requires the Following TWO Pieces||Areas to Improve|
|2. Lab Experience Report with Screenshots|
|IT Systems Architecture|
|You will provide this information in tabular format and call it the Network Security and Vulnerability Threat Table|
|security architecture of the organization|
|the cryptographic means of protecting the assets of the organization|
|the types of known attacks against those types of protections|
|means to ward off the attacks|
|Include and define the following components of security in the architecture of your organization, and explain if threats to these components are likely, or unlikely:|
|Then list the security defenses you employ in your organization to mitigate these types of attacks.|
|Plan of Protection|
|Learn more about the transmission of files that do not seem suspicious but that actually have embedded malicious payload, undetectable to human hearing or vision. This type of threat can enter your organization’s networks and databases undetected through the use of steganography or data hiding. You should include this type of threat vector to an organization in your report to leadership.|
|Provide the leadership of your organization with your plan for protecting identity, access, authorization and nonrepudiation of information transmission, storage, and usage|
|Data Hiding Technologies|
|describe to your organization the various cryptographic means of protecting its assets. descriptions will be included in the network security vulnerability and threat table for leadership|
|1. Shift / Caesar cipher|
|2. Polyalphabetic cipher|
|3. One time pad cipher/Vernam cipher/perfect cipher|
|4. Block ciphers|
|5. triple DES|
|7. Advanced Encryption Standard (AES)|
|8. Symmetric encryption|
|9. Text block coding|
|Data Hiding Technologies|
|1. Information hiding and steganography|
|2. Digital watermarking|
|3. Masks and filtering|
|Network Security Vulnerability and Threat Table|
|Describe the various cryptographic means of protecting its assets. descriptions will be included in the network security vulnerability and threat table for leadership|
|1. Shift / Caesar cipher|
|2. Polyalphabetic cipher|
|3. One time pad cipher/Vernam cipher/perfect cipher|
|Access Control Based on Smart Card Strategies|
|Describe how identity management would be a part of your overall security program and your CAC deployment plan:|
|2. Lab Experience Report|
|Summarizes the Lab Experience and Findings||See note below*|
|Responds to the Questions|
|Provides Screenshots of Key Results||Yes|
|Lab Experience Report Feedback|
· I am puzzled that your payload changed the size of the image file. You just added a text file? Right? You do not have to resubmit your Lab file.
This is a security assessment report on cyber security threats against varying cryptographic mechanisms and set out control access programs to try to stop/inhibit such security threats for a property management firm. Within the report, there will be an overview of the property management firm’s network. Moreover, I will try to establish the different potential threats that he company faces. The report will also feature the property management needs to consider installation of stored information protection features as well as control to access of its employees. Perhaps, the report will also explain the enrolment of CAC (Control Access Cards) for authentication purposes. Then lastly, the report will cover email security and encryption types that can be used to aid in email security.
It system architecture
A distributed system is the network system used within our company’s offices. The constituents of this system includes; WLAN, LAN and a WAN. The office’s LAN is made up of a computer network. LAN mainly used for one purpose within the office: sharing of resources which includes printers and data storage infrastructures. The connection is wired. Besides being fast, it is also characterised for enhancing security. The function of WAN is interconnection of the LAN in offices of the entire firm. The primary advantage of this system is that the firm’s agents and employees can work from different workstations yet have the access to the company’s resources (Rouse, 2017). The LAN also is also connected to the internet through a firewall. All of the firm’s offices are connected to WLAN. This allows the firm’s agents to connect there devices (i.e. phones and laptops) to the company’s LAN hence access of the internet. Through this, they are able to access to important resources.
The lab findings for project 5 involved the utilization of cryptography; gaining experience and an understanding of stenography and encryption/decryption. The three stenography programs used were OpenStego, QuickStetgo and OurSecret in addition, the two encryption/decryption programs used were VeraCrypt and AxCrypt. The Security Manager (SM) and the System Administrator (SA) for the system conducted research on their own systems to determine which tools they could recommend to the managers of the organization.
OpenStego was used to hide a secret message inside of a picture. This allowed the SM and SA to create messages, store the message in a text file, and lastly, text a file within the message of an existing image. This process then granted the message to be extracted from the picture with the payload. The most distinguished difference between the original image (757 kb) and the image with the payload (1.59 MB), was that the image was much larger in size with the payload.
The same technique was utilized in the hiding of a secret message inside of an image was identified when using QuickStego. The main contrtrast between using QuickStego and OpenStego was that QuickStego was more of a basic tool in terms of stenography. QuickStego didn’t grant the SM and SA access to encrypt or decrypt the payload tex data thats hiddin in the image. OurSecret included the same capabilities of hiding a secret message inside of an image, just like OpenStego and QuickStego. The most obvious distinction was that OurSecret had the ability to encrypt files hidden in an image, as well as assign a password that the user would need in order to extract the hidden files. OurSecret mirrored and mimicked OpenStego in regards that the file size would be larger if the file contained a hidden message within an image.
The two encryption/decryption tools that were used during this lab exercise were VeraCrypt and AxCrypt. While conducting the OpenStego portion of the lab exercise, it was noted that the SM and SA tested and used the VeraCrypt encryption/decryption tool to encrypt directories, drives, or partitions as containers. Later, those files could generate an encrypted file container, encrypt a non-system partition/drive and/or encrypt the system partition or the entire system drive. The SM and SA also used this tool, to encrypt and decrypt files or folders. It’s noted that AxCrypt worked as a separate program within its own window, in addition to fully integrating into Windows Explorer.
To determine which tool would be best for the organization, the SM and SA discusses which type of message that needs to be sent and the purpose of the message. OpenStego would be the best contender due to the fact that you only need to send an encrypted message hidden inside of another message. QuickStego would be best recommened if you only needed to send a hidden message within an image but didn’t need to be encrypted. If a hidden message needed to be encrypted and password protected, then the SM and SA would recommend the use of OurSecret. When it comes to determining which encryption and/or decryption tool to use, the SM and SA decides on whether or not they would use VeraCrypt or AxCrypt. Once this happens, the SM and SA would need to verify and confirm their decision with the Chief Information Security Officer (CISO) to discuss the way ahead for the organization in terms of cryptography. (See Checklist above)
Types of attacks
A cyber-attack is a deliberate use of codes to manipulate computer systems and networks in an attempt to manipulate and compromise the confidentially of certain information (Ledford, 2018). Perhaps there are different motivations behind every cyber-attack. It can be political or social. The internet is the main channel through which this happens. The targets also varies. The activity might be targeted towards a corporate organization, the government or an individual. The cybersecurity attacks are carried out by use of malicious programs like fake websites, viruses, unauthorized web access a mong other means. The intention can be either for financial gain or boosting of the ego of the perpetrator through causing harm to the organization.
From the article, “Types of attacks”, we learn of the examples and definition of the different types of cyberattacks.
1. Back door attack – this is a type attack where an attacker takes advantage of the vulnerabilities and flaws of a system though use of viruses, worms and Trojan horses to gain access into system after which he sets up a backdoor (Oppenheimer 2010). This allows him access to important information without the administrator realizing.
2. Denial of service. This can be abbreviated as DDoS. Denial of service attack is carried out by numerous systems relaying ICMP packets to a server. The objective of this attack is preventing being to gain access to a certain site they might want to access. This is the type of attack that is common among us as agents of a property management firm. The main source of leads and traffic is the website. This is where clients get to know of our services and thereafter reach out. Therefore, sometimes the competitors might want to deploy malicious program to deter clients from reaching us.
3. Phishing – this is an attack where something malicious is sent through the email. At most times, they will send out a link and request you to click on it. Moreover, you might be requested to download something over the net. When sending out such emails, they will try to eliminate all sources of suspicion and make it look genuine. Once you do that, you will have your system infected. Just as the other types of security attacks, phishing is also one which a property management firm is exposed to. Our clients are the primary targets of this attack, mostly there information on our system. Besides the threat of our clients losing money there is also the threat of money laundering. On top of it all, such events might lead to tarnishing of the name of the firm leading to reduced client flow.
4. Use of SQL – This is a programming language which facilitates communication with the database. When an attacker uses SQL, he or she will send out malicious codes which will lead to your database giving out more information than what it is usually meant to share (Menegaz, 2012). The attacker will do this by taking advantage of the commonly identifies SQL vulnerabilities. (See checklist above)
5. Cross-site scripting. This is abbreviated as XXS. This kind of attack is targeted at vulnerable websites with weak security systems for the purpose of attaining user credentials or other classified information. Just as the SQL, XXS is also carried out by use of malicious codes. In XXS, the site is not the primary target but rather its visitors. As a property management firm, our clients who have accounts/portals on our website are the ones who could fall prey of such as attack. This is because on registration with the firm, a client is required to submit confidential information about his property and himself which is meant to be between the firm and the client.
A security mechanism consists of policies and that are meant to detect, inhibit or recover from a security threat posed by an attacker. Example of security mechanism include:
1. Physical security – this is a mechanism that requires installation of physical barriers crucial network resources. This can includes installation and locking of doors. The advantage of this is to prevent mishandling of equipment by new unskilled agents or even their clients.
2. Authentication – authentication means that the information given by a person on his or her identity is true. Users have to undergo a three tier identification process before approval of the authentication process. The first step involves input of credentials by user, which are known to him or her. These includes PINS, private key and passwords, which they themselves created. The next is provision of a resource they are expected to have. Provision of a genuine resource means you pass the authentication step and vice versa. Examples of these resources are security cards and security tokens. The last means of authentication is assessment of a certain physical character trait. A good example is ones fingerprints, voice or patterns of the retina. A strong authentication process involves incorporation of two or more of the three mentioned authentication procedures. The common ones is use of fingerprint and retina pattern identification.
3. Authorization mechanism – this involves giving the user access to the network and whichever resource they might want to retrieve. The administrator of the network is the person infested with the powers to grant access to the network to only identified workers of the property management firm. Thereafter is when they can have access to whichever resource they were after. The managing broker of the firm will be given access to all information on the network. On the other hand, the agents of the firm will only have access to shared data and data/information that they themselves have uploaded on their personal portals in the network.
4. Data encryption – this is formatting of information in a way that only the intended person can decode it. This is done to protect information from read by third parties who might use the same information to harm the firm. Perhaps this is a mechanism that than come in handy in our efforts to ensure customer data security.
5. Firewalls – firewalls enhances security policies by acting as boundaries of two networks. Use of various set of instructions is what is used by firewalls in deciding which of the incoming traffic will be granted access and which wouldn’t.
6. Intrusion detection system and intrusion prevention system – these security mechanisms are used to inhibit security risks and prevent occurrence of new ones. An IDS makes use of intrusion alerts to sense and analyse outbound and inbound network traffic for suspicious undertakings (Rouse, 2017). In case of event of a suspicious activity, the IDS kicks the uses out of the network accompanied by a notification to the security personnel of the potential threat. The IPS is a complimentary of the IDS. The IDS works by examining incoming traffic to reject harmful requests. The IPS averts threat by uncovering malicious packets and blocking threat carrying IPs and notifying the security personnel of the incidence. The property management firm needs to continue utilising both IPS and IDS in its 24/7 operations to ensure enhanced security of the network. Below is a table showing the access points and how they can be secured.
Security and protection of client’s information and assets is one of our top priorities. So far we have taken a look at the IT systems of the architecture of the property management firm. We have looked at the potential types of cybersecurity faced by the firm and the various types of mechanisms that can be deployed. The next important step is formulation of a protection plan. A multi-tier system will be used to in the firm’s identification process. The firm’s agents will be provided with security cards and retina identification systems will be installed at all major access points to the company’s network. Alternative, one of this will be used in complementary with use PINs. Given the fact that it’s the agents who will come up with these passwords, they will not be expected to share them with third parties. Moreover, the passwords/PINs will comprise of numbers, letters, special characters and alpha-numeric to make sure they are not easily cracked. A network password will be assigned to the WLAN and only a given agent will be able to access it. He will be responsible for making any necessary changes when needed to the WLAN. A strong protection plan will ensure that our clients and agents information and files is protected. (please see checklist above)
Issuance of CAC will be used to control access to the firm’s buildings. Besides strong six character digit pin, the company’s agents will be have a badge with their picture, fingerprint, name and the name of the firm on it. Outside the building, there will be a door system which will require a person to provide his/her or and the scanning of the badge. A green light will be accompanied by an “access granted” feedback while a red light will display “access denied” based on assessment of a persons’ credentials. All agents will submit their schedules to the security specialists to be programmed in the system to ensure security. For example a person who randomly shows up in days which he or she is not supposed to be on duty will not be allowed entry into the firm’s premises. So all the agents will be required to submit their schedules so that necessary adjustment can be done to the system to grant you access into the premises. This will be done within 48hrs. The policy will help deny access to people who are not supposed to be there. Perhaps, this will not only help ensure the general security of the firm but also the company’s personal information and conversations. Each team or group of agents will only have access to the files which they themselves uploaded. That is, there personal files on their private portals. The person supposed to have access to all files is the managing broker only. This plan of protection will be set in place to make sure confidential information of our clients and agents does not land on a third party.
Nonrepudiation protections will be ensured by a digital signature present on the CAC issued to all agents. CAC readers will be installed on all desks besides the computers. This will make sure the information sent and deleted from the network can be traced to the originator (Lord, 2017). This will help increase accountability. No one will deny of having done something which compromised the security of the network and its information because he/ she will be under watch on his or her workdays. Therefore a person will be responsible for anything that happens while he/she is logged in through his card, PIN or retina recognition system.