Cybersecurity

Syn Flood or Denial of Service Attack Syn Flood attacks, often referred to as Denial of Service Attacks are caused through exploitation of the TCP protocol. The attacker sends a large number of TCP/SYN packets using a forged address. Because of this, the destination server is unable to successfully establish a proper connection due to the source being unreachable. Lawrence (n.d.). Each time the server attempts to establish a connection, resources are used up with the flooding of packets causing eventual slow down or non-responsiveness. ...

WiFi is commonly used both within organizations and in the general public. In recent years attackers have discovered ways to lure victims by using rogue access points. These are essentially wireless access points that have been installed in a network without authorization. In some cases these may have been installed by employees of an organization for convenience reasons, however this in itself is a security risk. More often than not, an employee who has installed such a device would most likely not have secured it correctly potentially leaving the network open to attack. On the other hand attackers deliberately install a rogue access points in order to deliberately target the network. This can be done through a series of vulnerability testing or scanning once they have access. ...

Wireshark is a software application for protocol and network traffic analysis, also known as a network sniffer. The application can be downloaded for free at https://www.wireshark.org/#download. I downloaded Wireshark from the url and selected the macOS 10.6 .dmg file. I was able to successfully mount the download image and run the package installer which kept all the default settings with the following installed in my system: /Applications/Wireshark.app. The main Wireshark application. /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist. A launch daemon that adjusts permissions on the system’s packet capture devices (/dev/bpf*) when the system starts up. /Library/Application Support/Wireshark/ChmodBPF A copy of the launch daemon property list, and the script that the launch daemon runs. /usr/local/bin. A wrapper script and symbolic links which will let you run Wireshark and its associated utilities from the command line. You can access them directly or by adding /usr/local/bin to your PATH if it’s not already in your PATH. (Source: Wireshark Read Me First.rtf) ...

So it’s that time of year again where I decided to enroll in another Cybersecurity class at UMUC. I will be posting snippets from the class over the next few weeks. This week TCP Congestion Control was one of the topics I was looking at and so this post will serve as a high level overview. TCP Congestion Control is the process of monitoring and controlling network traffic in order to avoid congestion, which could lead to potential loss of packets and / or poor transmission rates. It determines the available capacity on the network and in turn is equipped with the information needed to know the number of packets that can be safely transmitted. Congestion control maintain a state variable for each connection called a congestion window, which is used to determine limits on the amount of data that can be sent at any given time. The size of the limits defined in this window change accordingly based on congestion levels via the process of the additive increase/multiplicative decrease (AIMD) algorithm. AIMD essentially lowers the limits of the congestion window when there is less congestion and raises them when congestion levels have increased. ...

WP login.php is the most critical page on a WordPress website. Without it, you will not be able to access the WP-admin area aka the WP dashboard and other users will not be able to register an account with your website. No website owner would ever want a hacker or an intruder to get full access to the WP-admin area. If they do manage to get its access, intruders will delete your website, change admin password or remove all your post/pages. To avoid this, you should secure the WordPress login page by: ...

Dual factor authentication has become one of the most important security features in the last few years. Major websites like Google Mail, Outlook, Facebook are now protecting user accounts in a better way by allowing them to use a mobile device as their identity. To activate 2 step authentication, the service provider will ask you to install Google Authenticator app (or any of its alternative). Some websites will ask you to verify the mobile phone number so that the authentication service will send a 4 or 5 digit code when required. This code will be used for one-time verification, and it will be valid only for a few hours. ...

The use of malicious code attacks against web applications and more specifically, web enabled databases, is on the rise and continues to be a greater threat as systems become more complicated and reliant on third party libraries and frameworks. There are many different types of exploits and vulnerabilities associated with malicious code attacks which can potentially threaten the very databases that power such applications. Several areas of vulnerabilities are discussed below. ...

SQL injection has been a method of attacking databases through multiple tiers of application infrastructure for many years, MacVittie (2008). SQL or Sequential Query Language is a database language used to interact with large quantities of data, typically stored in tables inside a Relational Database Management System (DBMS). Each command using the SQL language typically generates a result set of data. An example of this follows: select * from accounts The (*) is effectively used to return (all) columns of data in the ‘accounts’ table. A similar, and more dangerous statement could be issued using the drop command: ...

The Internet has brought us a wealth of conveniences and everyday tools that we could not live without and more importantly a dependency that we cannot break. In the workplace the Internet has become a part of our day to day lives. We rely on instant communication with our co-workers, friends and colleagues as well as access to a multitude of information at our fingertips. Children from younger ages are becoming more involved with computers and technology in a trend will continue as the Internet of Things evolves around us in every day appliances. Unfortunately, with all these convenience come challenges and risks that we need to deal with. ...

In his article on usable security, Lampson (2009) asserts that usable security needs to begin with policy and how we model security systems within the organization. He makes the case that security has to be simple and at the same time it has to minimize hassle (for the end user). He concludes that the root cause of this problem is one of economics whereby we “don’t know the costs either of getting security or of not having it, so users quite rationally don’t care much about it. Therefore, vendors have no incentive to make security usable.” To get around this we must first look at simple models of security the user understands. ...