Question

Complete the following short answer questions:

1.  How do the viruses propagate between computers?
2.  What is social engineering?
3.  How will an SPI firewall handle a packet containing a TCP segment which is an acknowledgement?
4.  Revise the access control list (ACL) in Figure 3-23 (page 119 in the textbook) to permit access to an FTP server with IP address 10.32.67.112.
5.  How will the ACL in Figure 3-23 (page 119 in the textbook) handle a packet that attempts to open a connection to an FTP server? Explain.
6.  For each of the following passwords, first state the kind of attack that would be necessary to crack it. Justify your answer. Then say whether or not it is an adequate password, again giving specific reasons.

a)  password
b)  Winter1
c)  SpringBreaK
d)  2!T*d (00-10)
e)  9g&8tY7#?s+445=232+

Answer 1

1.

The virus is a program which causes harm to the computer and mobile devices by entering the computer without the knowledge of the user.

1. Spreading of the virus in the computer:

Most of the virus spread in computer today by the following means which are as follows:

• Floppy disk.
• Emails containing infected attachments.
• Infected programs of the malicious files.
• By downloading the free software.
• Through pornography downloaded by users.

2.

It can be defined as a process of applying social skills and involving personal communications by hackers with the people to extract important information. The main motive in social engineering is to extract security related information. In includes persuading the target by asking for help and without bringing to the notice of the victim, the hackers find out useful security related information that is meant to be confidential.

Social engineering attack is difficult to control. This is because in most of the cases the victim is politely persuaded who willing and ignorantly reveal all confidential details that lead to the security breach.

Social engineering attacks can occur in any of the following forms:

• Through online emails,
• Phone calls
• Personal interaction,
• Reverse social engineering, and many others.

3.

When a State full Packet Inspection firewall receives a packet containing TCP ACK segment, it will check a connection state table to see if the packet belongs to an established connection. If it does not, the packet is dropped.

Also, If a TCP segment containing flags other than the SYN is received and does not have an associated entry in the state table; it will not be allowed through the firewall.

4.

Access Control List (ACL) for Server

Firewalls maintain an access control list (ACL) for all the kinds of traffic it allows to pass through to and from the network. Knowing the state of the connections being worked on, the firewall can decide on the level and kind of security mechanism it needs to employ. It also helps in knowing which kinds of traffic need to be blocked.

In a web server’s firewall, the ACL will inform the firewall that inbound packets to port 22 should be blocked. As the server runs on port 80 and port 22 is only supposed to be used for FTP. Thus, such packets will be blocked.

The new ACL (Access Control List) of server having IP address 10.32.67.112 is given below:

RULE	RANGE	PORT	ACTION
1	ALL	80	Allow with filters
2	10.32.67.112	22	Allow all connections
3	ALL	ALL	Block

5.

According to the third rule of ACL that says that unless a packet is allowed by the rules specified, the packet is dropped and logs of.

Hence the access control list will not allow opening a connection to an FTP server by the packet.

6.

Password Strength Check by Examples

The reusable password is the string of character which is being used to access the resources attached with a particular username. Weak passwords like ordinary dictionary words or name passwords can easily be cracked by dictionary attacks. For cracking the password, all nouns or names must be tried in a regular vocabulary.

Passwords with simple diffractions on nouns, such as noun with the first letter capitalized, followed by a single digit is liable to vocabulary attacks in the hybrid approach. The password will not be a strong password if it is having the simple variation in the word. They can all easily be cracked.

Brute force attacks crash the Complex passwords. Brute force method means the most obvious method that gives the solution but takes maximum time. So, attempt with all probable combination of characters by the brute force attack.

All combinations of a single character and double characters are tried, and so forth. As it checks for each character so it takes more time than dictionary attacks. Complex passwords having long length are stronger and hard to crack.

a)

A password like “password” is a weak password as it is a simple name that can easily be cracked by dictionary attacks. Weak passwords like ordinary dictionary words or name passwords can easily be cracked by dictionary attacks. It is not an adequate password because it is a simple name and it can be crack by dictionary attack in no time.

There is no complexity in it that is any combination of lowercase or uppercase or digits or special characters have not been used in it. For cracking, the attacker uses a vocabulary attack, trying all nouns or names in a regular or modified vocabulary. There are only a rare thousand dictionary words and names in any language, so dictionary attacks can crack dictionary word or name passwords almost instantly.

b)

Passwords like “Winter1” can easily be cracked by dictionary attacks in hybrid mode. “Winter1” password is a simple word with slight variation like the first alphabet capitalized and a digit in the end. Such passwords can easily be broke by dictionary attacks in hybrid mode.

It is not an adequate password because it has very slight variation as compared to the simple preprocessing word and no matter what the length of simple password is, it can be the crack in no time. Password length does not matter in case of simple words or names as they are too easy to get cracked. Dictionary attacks in hybrid mode can easily crack any simple password of any length in no time. So, “Winter1” will crack easily.

c)

“SpringBreaK” password can be cracked by dictionary attacks in hybrid mode. “SpringBreaK” password is a simple word with slight variation like first, seven, and eleven alphabets capitalized. Such passwords can easily be broken by dictionary attacks in hybrid mode. It is not an adequate password but it will take more time to dictionary attacks in hybrid mode to crack it because of many variations in it and of its length which is good. But also it is not an adequate password.

Adequate passwords should have complexity in them that is any combination of lowercase or uppercase or digits or special characters should be used in it. Password length does not matter in case of simple words or names as they are too easy to get cracked. Dictionary attacks in hybrid mode can easily crack any simple password of any length in no time.

d)

“2!T*d (00-10)” is a complex password that can only be cracked by brute force attacks. Complex passwords contain lowercase alphabets, uppercase alphabets, digits and special characters in any combination. Such passwords can only be broken by brute force attacks. Brute force attacks try all possible combinations of characters. First, all combination of a single character are tried then all combinations of two characters then all combination of three characters, and so forth. As it checks for each character so it takes far much more time than dictionary attacks. 2!T*d (00-10) password is not of adequate strength as its length is less than eight characters. Given the speed of brute force cracking today the complex passwords should be at least eight characters long. Passwords having the length more than seven will be considered adequate.

e)

“9g&8tY7#?s+445=232+” is a complex password that can only be cracked by brute force attacks. Complex passwords contain lowercase alphabets, uppercase alphabets, digits and special characters in any combination. Such passwords can only be broken by brute force attacks. Brute force attacks try all possible combinations of characters. First, all combination of a single character are tried then all combinations of two characters then all combination of three characters, and so forth.

As it checks for each character so it takes far much more time than dictionary attacks. “9g&8tY7#?s+445=232+” the password is of adequate strength as its length is greater than eight characters. It is a highly strong password due to its complexity and its length. Given the speed of brute force cracking today the complex passwords should be at least eight characters long. Passwords having a length more than seven will be considered adequate.