Information Security Assignment On E-Fail & Krack Attacks

3 7.1 E-Fail Attack: A real estate company was worried about the attacks going all around. He has heard about the issue of the hijack of email or data manipulation in the emails. So his business can get attack by this as: His email can get attack by the E-fail. As he sends emails regarding the location of the building to the client every time. He is even not using or does not know anything about the attack. So explained the scenario if he gets attacked, then what will be the risks attached to it. The server that he was using was not at all protected and was using HTTP, not the https network. So he can easily get attacked by the attacker. Every time he can lose one client as a client can receive the wrong address in an email or can get an error while opening the image, by this client will get lose interest in his property. Figure: E-fail attack example (E-FAIL, 2018) Advice for the business: The business should use the https network. Disable all its Html rendering as the attacker can use img tag to send the wrong output to the victim's client. It should arrange for more secure end to end channel such as temporarily should stop sending encrypted emails, especially PGP encrypted one. Attacker advantages: He can send his address in place victim's address. He can steal his customers for the benefit of his own. He can access the encrypted mails of the victim, so he has a track of his all private conversation done via mail. He can misguide all the customer's victims has via mail. 7.2 Krack Attack: The readings considered to prepare this information security assignment signifies that a client who has a Business of real state can get suffer from the Krack attack as the victim has started his new business and created a portal for all the customers to visit the website and register to get bonus points and put referral codes for the customers. The client travels most of the time for a business meeting, and he also connects his laptop to any kind of WIFI, as an example the airport Free WIFI hotspot; he never takes care of any kind of messages prompts up when connecting to the network. The risk his business can face is If the attacker took him into his loop whole while connecting to Wi-Fi at the time of the airport, then the attacker will have all the details of login credentials. An attacker can get access to all his credit card details if they are save in the browser. An attacker can attack the portal can damage the things in seconds. Advice for the protection of his business: Whenever he login to a website, make sure the connection which he is using is encrypted. Also, make sure the connection which he is using stays encrypted for the protection of all the secret keys. To encrypt web browsing, make sure to use a virtual private network. Impact on the business of this attack can cause a loss in the clients, and all his private data can steal, which results in downfall for the business. 8. Summary From above evaluation on information security assignment, it can be summerized that the presence of unauthorized activities and malicious programs lead security concerns in the cryptography systems. This report reviewed the weaknesses of cryptography and also analysed major two attacks including E-FAIL and KRACK attacks. It is found that E-FAIL is a leading cyber-attack where the attackers obtain data from the e-mials through fraud and spam signals. This research provided a way to enhance skills about information security and also highlighted the key vulnerabilities and threats asocoaited with the computing networks and systems. So, based on the readings developed within this information security assignment it is suggested based that companies must include effective security systems and tools and protect data using cryptography systems in order to address security vulnerabilities and attacks. 9. References Chacos, B. and Simon, M. (2017). KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know. [online] PCWorld. Available at: https://www.pcworld.com/article/3233308/krack-wi-fi-security-flaw-faq-tips.html. Johns, M., Nikiforakis, N., Volkamer, M., & Wilander, J. (2019). Web Application Security (Dagstuhl Seminar 18321). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik. Jose, T. T. Tomy, V. Karunakaran, Anjali Krishna V, A. Varkey and Nisha C.A., "Securing passwords from dictionary attack with character-tree," 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, 2016, pp. 2301-2307. Poddebniak, D. and Dresen, C. (2018). [online] Usenix.org. Available at: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf. Rehman, I. (2018). information security assignment What Is A Brute Force Attack?. [online] The Official Cloudways Blog. Available at: https://www.cloudways.com/blog/what-is-brute-force-attack/ Vanhoef, M. and Piessens, F., 2017, October. Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1313-1328). INFOSEC, (2018) A Review of Asymmetric Cryptography. [online]. Avialable at: https://resources.infosecinstitute.com/review-asymmetric-cryptography/#gref [Accessed 25/06/20]. E-FAIL, (2018) EFAIL. [online]. Avialable at: https://efail.de/ [Accessed 25/06/20]. Cloud Flare, (2018) What is a KRACK Attack? | How to Protect Against KRACK Attacks. [online]. Avialable at: https://www.cloudflare.com/learning/security/what-is-a-krack-attack/ [Accessed 25/06/20].

Subject Name: Computer Science

Level: Undergraduate

If you want the solution to this assignment or want to discuss any other assignment or course you may contact us directly at order@bestacademicexperts.org or message us on Whatsapp or Viber at +91-9303607402 (http://api.whatsapp.com/send?phone=919303607402&text=Hello%20 )