Problem 1 (20 Marks) A.   A fake wifi hot spot (also known

 

Problem 1 (20 Marks)

A.   A fake wifi hot spot (also known as an evil twin wifi hot spot) sounds like a great way to steal passwords. Discuss the following kill chain for using a fake wi-fi hot spot. (10 marks)

  1. Criminal goes to the victim’s workplace, and get the name and ID number of their work wifi.
  2. The criminal sets up a wifi hot spot with the same name and ID number. They also set up some fake web pages of popular bank web sites, and the victim’s work email web site.
  3. Then the criminal drives past the victim (or sits near them in the coffee shop), so that the victim’s phone or laptop detects the fake wifi hot spot, and auto-connects to it.
  4. The victim’s downloads are now going through the criminal’s laptop. In particular, the criminal can give a fake DNS answer.
  5. If the victim tries to connect to a web site (e.g., email, bank, anything web-based), the criminal can do a DNS redirect to a fake version of that website.
  6. If the victim types in their password on the fake web site, the criminal can collect it.

Note that Kali Linux has a piece of software that does all of this more or less automatically. Sounds pretty slick, doesn’t it?

B. But what might go wrong? Discuss for example, any 3 of the following, or anything else you can think of that might go wrong. (10 marks)

  1. Geo-fencing: if the victim was smart, they would disable the auto-connect to their work wifi hotspot when they are not at work. But few victims think of this.
  2. Did the criminal remember to change the MAC address of their laptop, which is providing the fake wifi hot spot? The victim’s phone will record the MAC address of the hot spot, and if it’s the criminal’s real MAC address, the police might use that to find the criminal.
  3. After the criminal has stolen the password, the victim might get suspicious, and tell the bank. The bank’s usual approach is to leave the password working on a fake account, and wait for the criminal to try and log in, and perhaps catch the criminal from their IP address.
  4. You might be thinking of using a VPN to log in to the bank with the stolen password? How many VPNs keep log files and other records, which can be seized by police?
  5. A weakness to this approach is that the criminal has to get within wifi range of the victim. If the criminal is known to the victim, they might see the criminal and recognize them.
  6. Similarly, public areas have a lot of surveillance cameras. If the criminal is near the victim, and the victim works out when and where they typed in the password to the fake web page, police might go through nearby video cameras, looking for anyone with a laptop.
  7. Police can also pull up a list of every phone in the area, and go through that list. Did the criminal remember to turn their phone off?
  8. Or anything else you can think of that might go wrong.
Problem 2 (20 marks)

Another way to steal a password is for the criminal to place a hidden camera near the victim’s PC, and record the victim as they type in their password (perhaps when they unlock it, or perhaps first thing in the morning). This works best if the victim types slowly, with only two fingers. Discuss how the criminal might do this?

Pick one type of hidden camera. It can be on the list below, but feel free to choose a hidden camera that’s not on the list. 

Fixed cameras include a:

  • Clock with a camera in it
  • USB charger with a camera in it
  • Mirror with a camera in it
  • Hook with a camera in it (sticks tothe wall, or to a door)
  • Smoke detector with a camera in it(sticks to the ceiling)
  • Light bulb with a camera in it(plugs into a light bulb socket in the ceiling)

Mobile and wearable cameras include:

  • Bottle of water with a camera in it
  • Can of Coca-Cola with a camera init
  • USB stick with a camera in it
  • Wrist watch with a camera in it
  • Tie clip with a camera in it
  • Cigarette lighter with a camera init
  • Pen with a camera in it (and it really writes, too)
  • Car key fob with a camera in it

Your answer should cover:

1| Give the web link, or a screen shot, or similar. 

2| How much does the camera cost?

3| In your answer, you might consider addressing some of these issues: (10 marks)

  • Can the criminal retrieve the video data without being noticed? (Perhaps when they type their password to unlock the PC, while you are nearby, or perhaps first thing in the morning)
  • Can the criminal install or move the camera, without being noticed, or looking suspicious?
  • When the camera is in place and recording, does it look suspicious? Could the victim notice something odd?

4| Consider the technical specs of the camera. (10 marks)

  • Does the camera give enough detail? Can it zoom in on the keyboard?
  • Does the camera use a battery, or does it plug into a wall plug or USB plug? If it’s a battery, could the battery run flat before you can record the password?
  • Does it record all the time, or is it motion sensitive? That is, does it only record video if there is movement? (This makes the battery last longer).
  • If the criminal cannot retrieve the camera, can it be traced back to the criminal? (Fingerprints? Serial number?)
Problem 3 Some fun questions about criminal web sites (20 marks)

Describe your findings for 5 random 4-letter domain names.(4 marks each)

a.    Go to the web site http://www.internetlivestats.com and write down how many web sites there are in the world today. (1 mark)

b.    Scroll down a little, and look for how many web sites have been hacked today. How many have been hacked so far today? (1 mark)

c.     Practically every 4-letter domain name in “.com” has already been registered. Make up five different random 4-letter domain names, such as (as a random example) tiyu.com ptjh.com cjqx.com and so forth.

Use the who is search to look up those random 4-letter domain names, and find out how many of them are registered. Many web sites link to who is for free, such as http://whois.com/whois or http://dnstoolkit.net/whois/ 

Of your 5 random 4-letter domain names:

  • How many are registered?
  • From Who is, what is the name of the contact person? It should be listed as “Registrant Name”?
  • Is there a phone number, email address, or physical address?
Problem 4. Public Key Providers (20 marks)

This question is about the companies that provide public keys used in web site encryption. The key is called a “digital certificate”. Web sites with encryption start with https not http. Discuss two Public Key Providers (10 marks each).

a.   Go to your favorite encrypted web site, such as a bank, or any web site which asks for a password. Click on the padlock symbol, and it will tell you the name of the company that issued the digital certificate for the web site. Alternatively, you could just pick a company from the list of recognized digital certificates for the Mozilla web browser, at: http://www.mozilla.org/projects/security/certs/included/index.html

Either way, find the name of a company that issues digital certificates for web sites.    (2 mark)

b.   Go to the web site of that company that issues digital certificates. Look up their contact details, and write down the company’s street address and phone number.    (2 marks)

c.   Browse the web site of the company that sells digital certificate. Find how much does it cost for a digital certificate for a year? (Use the cheapest choice, e.g., single-name certificate).   (2 mark)

d.   How does someone apply for a digital certificate from this company? Do they ask for a driver’s licence? An incorporation certificate? Or do they only ask that you generate a CSR (certificate signing request), which a web server program can make using its domain name.    (2 marks)

e.   In your opinion, could a criminal obtain a digital certificate from this company? Could they use it for a phishing web site like https://www.mybank.com-blahblah1234-gang.com? Why or why not?                                                                           (2 marks)

Problem 5. A Cost-benefit analysis! (10 marks)

Your company’s web site is sometimes broken into by hackers, with the following estimates of probabilities and costs:

·        Each day there is a 0.5% chance that a script kiddie will only deface the web site, but cause no other damage. This would cost only $20,000 in lost sales.

·        Each day there is a 0.3% chance that an expert hacker will delete data and steal customers’ credit card numbers, costing $200,000.

·        Remember how hackers stole all the data from Ashley Madison and killed the company? We estimate that each day there is a 0.03% chance that an expert hacker will steal all the company’s data, costing $1,000,000.

The big boss wants you to advise on which of these three solutions to buy:

  1. We could do nothing and accept the problem.
  2. A nice IBM firewall costs a huge $40,000 per year. It claims to prevent all the script kiddie attacks, and 95% of both kinds of expert attack.
  3. A cheap Microsoft firewall costs only $5,000 per year. It claims to prevent 90% of script kiddie attacks, and 50% of both kinds of expert attacks.

The big boss wants you to advise which to choose. Feel free to use a spreadsheet or calculator or whatever you find the most convenient to answer these questions:

·        Calculate the annualized loss expectancy (ALE) for the three kinds of hacker attacks. What is the total annual loss expectancy? (3 marks)

·        For the three possible solutions, calculate the total annualized loss expectancy (ALE) if that solution was used? (3 marks)

·        Calculate the cost-benefit of the three different solutions (6 marks)

·        If the boss asks, is there a large difference between the solutions (are two solutions about the same), or is there a clear winner? (2 mark)

·        The Microsoft salesperson offers to reduce the price from $5,000 per year, to completely free. Would free software change your advice? (2 marks)

Problem 6. Cloud Computing   (10 marks)

There are several cloud computing providers, such as:

  • AmazonWeb Services (AWS)
  • Alibaba Cloud
  • Google Cloud Platform
  • Microsoft Azure
  • Kamatera Performance Cloud, and many others.

Pick any one cloud computing provider, and go to their web site to answer these questions.  

a.    I’m a criminal, and want to do password hashing for my dictionary attacks. This will need 100 servers, running Linux (not Windows). How much would this cost, per month? You can round off if you want. (4 marks)

b.    Is there a 1-month free trial? Can I get 100 servers for free? (2 mark)

c.     Can anyone rent 100 servers? Do they check up on who I am, or can I be some criminal with an anonymous email address?  (2 marks)

d.    In what country are the physical servers? Or don’t they say? (2 marks)

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Related Questions

patient file

Your final project for this course will be a patient record analysis. You will apply the knowledge of anatomy, physiology, and pharmacology that you have developed during this course in a thorough review of existing patient information in the Final Project Patient File. Specifically, you will review a patient’s history

610 6-1 Discussion: Improve, Part Two—Mitigating Unwanted Consequences

 The Essential Workplace Conflict Handbook. Including the IMPROVE Supplementary Document. Next, in your initial post, address the following: • In what ways do you perceive the Improve phase as being informed by the other phases of DMAIC that you have worked with in the course thus far? • How can

Code of conduct

 For this assignment, Write a paper about employee codes of conduct using information from your textbook and at least two other scholarly sources. First, research employee codes of ethics, especially for the medical field. Next, find some examples of employee codes of ethics from medical facilities and choose the one

Human Growth and Development

Scenario: Simon Whitaker is 42 years old and has suffered from mental illness since his late teens. He lives in a flat in a large housing estate. He lost his job as a warehouse cleaner after he was admitted to hospital the last time he became ill, two years ago.

Exporting Security

Write a 2 page argumentative essay on the links provided below. Link 1: https://www.airuniversity.af.edu/SSQ/Book-Reviews/Article/1292320/exporting-security-international-engagement-security-cooperation-and-the-changi/ Link 2:https://digital-commons.usnwc.edu/cgi/viewcontent.cgi?article=1049&context=nwc-review Link 3: https://digital-commons.usnwc.edu/cgi/viewcontent.cgi?article=1049&context=nwc-review #Exporting #Security

Organizational culture and values

 Details: Prepare a 10-minute presentation (10-15 slides, not including title or reference slide) on organizational culture and values. Describe how alignment between the values of an organization and the values of the nurse impact nurse engagement and patient outcomes. Discuss how an individual can use effective communication techniques to overcome

Document Analysis

Document Analysis (5% – c. 500 words) Primary sources are writings that were produced by individuals or groups at the time of the historical events or issues that they deal with. A number of such documents have been placed on Blackboard, organized by course unit. This assignment requires you to

M3D1: Big Data

The discussion will examine the social interaction of participants regarding an issue or situation and its impact on research data. This discussion addresses the following module outcomes: •MO1: Become familiar with the process of conducting marketing research methods and research tools •MO2: Review the process marketers use for identifying and

Case Study 1 and 2 Pneumonia and Addison diseases

Review the case study and answer all questions with a scholarly response using APA and include 2 scholarly references. Answer both case studies on the same document and upload 1 document to Moodle. Case Studies will be uploaded to Moodle and put through TURN-It-In (anti-Plagiarism program) Turn it in Score

Should schools ban unhealthy snack machines?

 Your outline should include: An explanation of the controversial issue, why is it controversial? Identify which position or side you will take in your paper, and explain why. If you don’t agree with the position you are taking discuss how this could affect your argument on the topic. If you

The Outcome of Inequality of Wealth and Income

Research Topic: Submit an idea for a research study based on a business/economic problem. • Write the title of the study. • Explain your overarching aim for the study. • What is the problem? • What is the significance of it? • Draft at least two research questions. Due 1/27

“practice of professional engineering”

1. “practice of professional engineering” means any act of planning, designing, composing, evaluating, advising, reporting, directing or supervising that requires the application of engineering principles and concerns the safeguarding of life, health, property, economic interests, the public welfare or the environment, or the managing of any such act; (“exercice de

Curriculum Development and Evaluation

 Learning Materials: Keating, S. B. (2011). Curriculum development and evaluation in nursing (2nd ed.). New York: Springer. (Chapter 13) Books are on website Vital Source user name is sred9196@yahoo.com, the password is Bungalow9@ • Exercise #1: Address an educational need among nursing staff at a health care agency. In the

Epidemiology and Surveillance

Research the public health agency in Chicago, IL and develop a presentation on its structure, response capabilities, surveillance tools, and role in emergency management. In your response, include a description of the community served by the department (Chicago), its emergency response structure, surveillance systems that are used at hospitals, biohazard

General Psychology Application

 General Psychology Application Essay Over the course of the class, we have discussed a number of different psychological concepts and theories. For your paper you will be asked to connect a real life experience or observation with a concept or theory from lecture and/or your textbook. Your assignment should include

Issues and Trends in Curriculum Development

 Learning Materials: • Iwasiw, C., Goldenberg, D., & Andrusyszyn, M. (2009). Curriculum development in nursing education (2nd ed.). Boston: Jones & Bartlett. (Chapters 13 and 14) • Keating, S. B. (2011). Curriculum development and evaluation in nursing (2nd ed.). New York: Springer. (Chapters 16 and 17) PowerPoint • Chapter 13

Foundation of Nursing Module 2.1 ( Discussion)

Module 2.1 – Discussion Nursing Theories and Theorists Instructions: After reading the assigned chapters, please post two discussion questions based on the readings along with your answers to the following questions: Did any of the theories or theorist influence your own personal theory of nursing; and consequently, your own view