IS assignment 1 1 - wewq PDF

Preview

Summary

wewq...

Description

Assignment 1

Student ID: 30333735 Name: Prasath Valathur Sriharan Course ID: ITECH 3215 – Information Security.

Question 1.

Name of the Threat System it attacks How it attacks

Mitigation stratergies

Scope of threat

NotPetya Malware. It attacks Windows Operating System. It uses PsExec or Eternal Blue server message block to get into the victims system. It encrypts the file in the operating system by using 128 bit encryption.  Taking backup of the files.  Patching up the system with the latest patch for the vulnerability in the system.  Activating anti-virus and anti-malware softwares.  Enable firewall Cyber threat actor or cybercriminal

Name Of The Threat: The name of the threat is NotPetya Malware which is a variant of petya malware. It started on 27 th june 2017 which appeared in multiple countries and affected multiple sectors. The petya malware was old ransomware which overwrites the Master Boot Record and ask for ransom. Whereas NotPetya malware is both data wiper and could also be a ransomware. It was initially started in companys and firms at ukraine and it spread globaly later (Ncas alerts. (n.d.)). System It Attacks: The NotPetya malware attacks the windows operating system.It locks the all the files in the system and ask the victim for ransom to unlock their system files. It attacked in different country in different sectors Ncas alerts. (n.d.). How It Attacks: The NotPetya malware used the M.E docs file which is in accounting software. It used the M.E docs as a way to get into the system and uses Eternal Romance or Eternal blue which is vulnerability in the windows server message block and It uses PsExec and WMI(windows management instrumentation) tools to spread through the network to take control of all the systems( Ncas alerts. (n.d.)).After that it crashes the system and the Notpetya malware encrypt all the files in the system by using 128 bit key encrytion and make unique id for the victim. If the affected system is connected to the network the malware uses the network to spread throught the network( Ncas alerts. (n.d.)). The cyber threat actor ask the victim for ransom by displaying a message on the screen. If we give the ransom they might decrypt the files and give access to system or else they wipe it out. But particularly with this malware we are not sure whether we get our data back or not because they have a different id and encryption key. So getting back all the data is not sure(Notpetya Malware (n.d.)).

Mitigation Stratergies: The mitigation stratergies to prevent your system from getting attacked by following some of the steps      

Taking backup of the system and stored in separate drive so that you can retrive the data. Patch the system with the latest patches given by the microsoft for the vulnerabilities of the system and make sure it is up-to-date(Notpetya Malware (n.d.)). Make sure the anti-virus and anti-malware software is active. Enable the firewall and scan all the files from internet. Blocking remote execution via PsExec. Secure the Window Management instrumentation(WMI) user. (Ransom ware (n.d.)).

Scope of Threat: The cybercriminal or cyber threat actor who ask for the ransom to victim and they might steal information or system credentials by attacking the system ( Notpetya Malware (n.d.)). The cyber criminal will try steal all the system credential from system at back so they try steal the identity of the victim and they might ask for the ransom from the victim.In some case the organisation can be a threat and the threat may be a internal as well (Cybercrime and digital threats (n.d.)). Conclusion: No system is free from threat all the system in the network will have some sort of vulnerability. To prevent your system from attack you might follow the mitigation strategies. The migitation strategies might help from being a victim of ransom ware.By regularly updating the anit-virus and firewall may prevent the attack and keep the patches upto date so that the vulnerability are minimised.

Question 2: A) Generating two keys using RSA:

Screenshot 1 In screenshot we are generating the key using RSA the code used for generating the key is gpg –gen-key. The size of the first key is 1024 bit.

Screenshot 2 This screenshot 2 show that the first key has been generated.

Screenshot 3 Screenshot 3 shows second key pair of size 1056 has been created using the code gpg –gen-key.

Screenshot 4 The above screenshot shows that two keys where generated using RSA encryption. The encryption of the key of different size took different time because the size of the key is different and it depends on the processors speed. B)Encrypting the file:

The above screenshot shows that the text file has been created by the name prasath.txt and it has been encrypted by using the command gpg –c prasath.txt. Now the encrypted file is showed on the desktop by the name prasath.txt.gpg.

Screenshot 5 The above screenshot shows that the text file prasath.txt has been encrypted and the output file has been generated as prasath.txt.gpg.

C) Generating a 1GB file - encrypt and decrypt the 1 GB file:

Screenshot 6 The above screenshot show that the file size of the prasath.txt is of size 1 GB. The 1 GB file is been generated by using the command dd if=/dev/urandom of =prasath.txt bs=10320000 count=100. By using the command 1GB file is generated.

Screenshot 7 The above screen shot shows that the file prasath.txt is of size 1GB and it took 2mins 18 seconds for encrypting 1 GB of data and for encrypting 10 GB file will take 21min 8 seconds. The prasath.txt file has been encrypted by using the command gpg –c prasath.txt and the encrypted file is popped up on the desktop with the name prasath.txt.gpg.

Screenshot 8 This screen shot shows that the encrypted file prasath.txt.gpg is being decrypted by using the command gpg prasath.txt.gpg and it is saved with a new file name prasath1.txt

Screenshot 9 The above screenshot shows the decryption of 1 GB file and it took 1 min 3 seconds. For decrypting 10 GB of data will take approximately 13min.

D) Exporting the public key:

Screenshot 10 The above screenshot shows that the public key is being exported by using the command gpg –armor – export [email protected]>mypk

Screenshot 11 The above screenshot shows that the public key has been exported and the public key is in ASCII format.

E) Displaying the cipher text:

Screenshot 12 The above screenshot shows that the file been encrypted and output has been record as cipher text in ASCII format.

F) i) Exchange your public key and your friend’s public key using email:

Screenshot 13 In the above screenshot my public prasathpk is sent to my friend by using email and by same way my friend sent his public mypk.

II) Import your friend’s public key into your key ring:

Screenshot 14 The above screenshot show that my friend’s public key has been imported into my key ring by using the command gpg –import mypk.

III) Encrypt a file using your friend’s public key and send the encrypted file to your friend:

Screenshot 15 The above screenshot shows that a file is been encrypted by using my friend public key by using the command gpg - -out secrets_to_k .txt - - recipient [email protected] - -encrypt prasath.txt.

Screenshot 16 The above screenshot shows that the encrypted file has been sent to my friend via email for the decryption.

IV) Ask your friend to decrypt the encrypted file:

Screenshot 17 The above screenshot shows the decryption of encrypted file which my friend sent me by encrypting the file by using my public key.

Screenshot 18 The above screenshot shows that how the encrypted file look before decryption because it is in ASCII format.

Screenshot 19 The above screenshot shows the file which has been decrypted by me by using my public key.

V) You can ask your friend to do the same thing:

Screenshot 20 The above screenshot show that my friend used my key to encrypt the file and he also decrypted the file what I sent via email.

Screenshot 21 The above screenshot shows the decrypted file by my friend. G) The cryptography plays a major role in securing the data of individual by encrypting the data or text from one to the other end. The text or any file is sent from one to another is encrypted by the user key and encrypts the file. The telegram app is one of the highly secured messaging applications which use an endto-end encryption method to transfer the messages ( End-to-End (n.d)). By using the end-to-end encryption which makes the message more secured. The telegram messaging application have a separate chat room where two individual share data or text which are encrypted and hidden from outsiders. In this cryptography helps in encryption of the data and providing a secret chat key for the user. So the end-toend encryption makes the telegram application more secured ( End-to-End (n.d)).

Reference: Ncas alerts. (n.d.).In us-cert.gov retrieved from https://www.us-cert.gov/ncas/alerts/TA17-181A Ransomware (n.d.) retrieved from https://www.csoonline.com/article/3233210/ransomware/petya-ransomware-andnotpetya-malware-what-you-need-to-know-now.html Notpetya Malware (n.d.) retrieved from https://www.us-cert.gov/sites/default/files/publications/MIFR10130295.pdf. Cybercrime and digital threats (n.d.) retrieved from https://www.trendmicro.com/vinfo/us/security/news/cybercrimeand-digital-threats/frequently-asked-questions-the-petya-ransomware-outbreak. Create linux file (n.d.) retrieved from https://stackoverflow.com/questions/9381463/how-to-create-a-file-in-linuxfrom-terminal-window. Generating file (2010, march 03) retrieved from https://www.skorks.com/2010/03/how-to-quickly-generate-a-largefile-on-the-command-line-with-linux/. Encrypting files with password (2015, may 07) retrieved from https://www.blackmoreops.com/2015/05/07/encrypting-files-withpassword/.

End-to-End (n.d). Retrieved from https://core.telegram.org/api/end-to-end...