Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Explain the CIA triad. For each part of the triad, outline attacks on a database

ID: 3876058 • Letter: E

Question

Explain the CIA triad. For each part of the triad, outline attacks on a database and possible protections?

What are some criticisms of the OSI network model?

Choose an application protocol that requires encryption. Describe that protocol in a few sentences and describe how you would attack the protocol.

What is a side-channel attack? Describe one.

If you were a malware designer, would you rather use TCP or UDP to distribute a malicious payload and why?

What makes MAC address spoofing easy or hard?

Identify a VoIP application that uses SIP.

Identify a VoIP application that does not use SIP.

What is the TCP triple-handshake, and how can it be used in an attack? Which leg of the CIA triad would this attack fall under?

Explanation / Answer

Explain the CIA triad. For each part of the triad, outline attacks on a database and possible protections?

CIA triad is a Confidentiality, integrity and availability model for security policy development. The model consists of these three concepts:

1. Confidentiality: This simply refers to the privacy. It ensures that sensitive information is accessed only by the authorized person. It has many implementation mechanisms like:
1.Username & password protection
2.Encryption
3.Access control lists etc.

If your database has open connection without username and password or weak authentication mechanism, anyone can access information. To prevent this your database connection should be private with a strong sign in credentials.

2. Integrity: It ensures correctness, consistency, and trustworthiness of information. It ensures that information can only be modified by the authorized person so that receiver must have the information the sender/creator intended him to have. It is implemented using following mechanisms.
1. Checksums
2.File Permissions
3.Access Control etc.

Data extracted from the database can change during the communication due to channel noise or any other attack. So to ensure the correctness of the data we add a checksum to that data.

3. Availability: It ensures that authorized person can access the information/resource when required. It is implemented with the following methods:
1. Regular Hardware maintenance

2. Data redundancy like RAID systems

3. Good communication bandwidth etc.
Your database may go down because of heavy load or power failure so to maintain availability you need to perform all the hardware related maintenance on time.

What are some criticisms of the OSI network model?

The criticism of the OSI model and its protocols can be summarized as below:
1.Bad Technology: This is the main drawback of the OSI Model it lacks in many aspects. It has seven layers. And many layers are having overlapping functionalities like error detection/correction, flow control. Besides having seven layers only two layers (network and transport) are having all the functionalities.


2. Bad timing: It was introduced at the time when TCP/IP was already rolled out by various organizations. So why should they roll back to the new complex model?


3. Bad Implementation: As it has so many layers it faced many difficulties and slowness. So it could not get popularity.

Choose an application protocol that requires encryption. Describe that protocol in a few sentences and describe how you would attack the protocol.

Secure File transfer protocol (SFTP): This is a network protocol is used to transfer files between the server and client in a secure way. It sends data with encryption over the network.


As SFTP uses SSH security protocol and this can be attacked with the brute force technique. Bruit force mechanism can be used to crack the SSH passwords. So SFTP is vulnerable to bruit force attack.

What is a side-channel attack? Describe one.

Side channel attack is actually based on physical/hardware implementation. As hardware like electronic circuitry makes noise, emission and consumes some power, This information helps in breaking the system

Example:
Timing attack: Every logical operation on any machine takes a fixed amount of time. This information can be used to analyze the cryptosystem of the machine or data. Suppose you are trying to break a password stored in the system. You submitted multiple possible guesses and analyzed the time taken by the system. It is obvious the for a highly matching password, the system will take more time to respond as the system has to perform more number of comparisons. So by this, you can reach to the possible hack.

Related Questions

Explain many to many relationships and how to deal with them in design. Describe
Question #3797314
Explain me plz! 4. Which of the following contains the Shine-Dalgarno sequence i
Question #190981
Explain me the question E! C. Complete the flow chart for this process. Label th
Question #588847
Explain me why the data communication industry use the layered OSI reference mod
Question #1859844
Explain more B and ii in more depth Page 10 of 11 Suppose that there is no unemp
Question #1105984
Explain or interpret the following in terms of the principles of atmospheric rad
Question #284523
Explain organization forms used by Multinational corporations to respond to inte
Question #2491609
Explain part A and part B 5. Engineers shall avoid deceptive acts. a. Engineers
Question #1711445
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Explain the C constructs line by line in this example 7-15 on page 264 that send
Next
Explain the Coordination Chemistry and Chemical Speciation Utilized in the Analy

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.