Real-Time vs Pre-Computation Password Recovery Attacks

Answer to Question 1

Brute force attack is the number of attempts which is used for understanding secret in every kind of possible situation. Brute force attack does not need any kind of option for sequential orders. An advanced brute attack may not be considered to have all order in sequential way. Table based attack is all about guessing in which attack makes use of precompiled list of option.

Three best practices for password hashing scheme are dictionary attack, brute force attack and lastly rainbow table attack.

When Unix makes use of password then it needs certain number of ways in which track password which is type by user. Unix generally avoid the system of not keeping an individual. Unix stores a value which is generated by making use of password for encryption of block of zero bits.

The algorithm of precomputed hash table is firstly looking for hash in the table, followed by breaking it into tables. Reduce the hash into plaintext followed by going to start, if the hash matches then the chain of hash matches with hash which is contained in original hash.

Answer to Question 2

XSS flaw occurs when an application includes untrusted data in web page without any kind of validation or escaping. Updates can be created by existing kind of web page with various kinds of User supplied data. It makes use of browser API which can easily create HTML or JavaScript.  XSS allow various kind of attackers to execute script in the browser of victim browser which used for hijack in session, defense of various kinds of website.

Stored attacks are those attack in which injected script is stored on permanently basis like on server like database, visitor and log. The victim then can easily receive malicious kind of script from various kinds of server in which requested information can be stored easily. On the contrary reflected attacks are those in which is can be easily web server can provide error message and any other kind of input to the server like a part of server. Reflected attacks are those things which are delivered to victims through route like email message or some kind of website.

Various kind of web application security weakness can easily result in weakness or failure of input data which is coming from the client end. The weakness may result in large of vulnerabilities in web applications like injection of SQL, file system attacks. Data from any kind of unknown source should never be trusted. Input validation testing is sub divided into parts namely testing for reflected cross site scripting, testing for stored site scripting.

Best Practices for Designing Password Hashing Schemes

There are mainly three forms of filtering like input sanitation, output sanitation and lastly input blocking. After the implementation of input sanitation, the page can easily catch invalid contents. When a data is input then webpage can check then webpage can easily check the format of data. Now if the user places wrong kind of input then the web page will provide message form input expected by the particular webpage.

The important difference between XSS and XSRF is that in XSS, hacker put a malicious script of on the client side of the website. In XSRF malicious code are designed so that user can send malicious kind of request to various target website user. XSS is java depended while XSRF are not java depended. In XSS, malicious codes are accepted by various website while in XSRF malicious code are located on various third party website.

Answer to Question 3

Penetration testing start with three phase namely footprint, scanning and lastly enumerating. The three phase are together known as reconnaissance. This process focus much to gather information about target network as soon as possible by making use of steps like collection of information, understanding the coverage of network, identification of various kinds of active machines and lastly fingerprint operating system and lastly mapping of network.

In black box testing internal programming’s are not known. And in this internal working of application are not required to known. It is also known as closed in which data is driven and testing of functionality needs to be done. It is performed by various kinds of end user like tester and developers. It is considered to be least time consuming and exhaustive in nature. It can be done by trial and error method only. In gray box testing internal programming are partial known. In it knowledge of internal application is known. It is also known as translucent testing. It is not suited for various kinds of algorithm testing. Data domains and internal boundaries can be tested if only known. In white box testing internal programming are fully understandable, tester have a full understanding regarding the internal working of various application. It is performed by various kinds of tester and developers. It is considered to be suitable for various kinds of algorithm testing.

DNS enumeration can be considered to be important thing in information gathering phase. DNS enumeration can be easily defined as a critical step for DNS server of website or any kind of host. DNS stands for distributed database which is used for mapping IP address to host and even vice-versa. A zone transfer can be considered to be secondary kind of master server for updating its zone database from various kinds of primary master. A DNS zone transfer need to be performed only by making use of secondary master DNS server.

The Impact of Hashing Schemes on Password Recovery Attacks

Penetration test is mainly done for tackling large number of attacks. It mainly compromises of four steps that is foot printing, scanning, enumeration and lastly penetration. At first I have to an analysis on organization that is strength and weakness and after that various kinds of information are collected and followed by attack is developed. After this step, ethical hackers start scanning of various kinds of websites for its weakness and vulnerabilities. In the third stage a proper kind of strategy needs to be developed for the attack. In the last phase that is penetration phase is all about attack itself. This mainly focus on various kinds of methods which are identified in earlier step. It is mainly used for breaking vulnerability for easily breaking into the organization.

Answer to Question 4

Port scanning is nothing but a process for checking out port in which port are opened and in which port can be closed. It is similar to thief who is looking for house whose gate is opened. By the help of this technique an individual can easily communicate with the system of victim from a remote place and access it data.

Three alternative port scanning offered by namp are TCP SYN scan, TCP connect scan and lastly UDP scans. TCP SYN scan can be performed easily, scanning of thousands of networks on a fast kind of network. It is not hampered by any kind of firewall. TCP connect is considered to be default TCP when the option of SYN is not provided. Nmap ask the underlying system for establishing of large number of networks. It also connects them by the help of system.

UDP port scanning is considered to be much slower than TCP connection because TCP is connection based protocol while UDP is considered to be connectionless protocol. So in case of UDP one needs to allowed for a longer period of time before one can assume that remote port is closed.

Address resolution Protocol (ARP) is considered to be a form of attack in which attackers alter MAC address and attacks of Ethernet LAN. It can be done by changing the target ERP cache with forged request of ARP and generally heavily rely on various kinds of packets. ARP poisoning is considered to be much effective in both wireless and wire local kind of networks. By analyzing ARP Positioning attack can be considered to be effective for both wired and wireless networks. Hackers easily modify MAC address of various computers.

Protection of User Passwords in Unix Systems

The main principle of ARP poisoning attack is the various kind of attack which can force a system for switching its MAC address. MAC address can be defined as a physical address which is mainly assigned to NFC card.

Answer to Question 5

Authentication can be defined as a popular kind of methodology which can be used for security testing.

Common vulnerabilities and Exposures is considered to be dictionary kind of reference system which is also known as information security threats. In an information security a vulnerability can be easily defined as error code which is mainly used by various kinds of hacker for entering an information system. CVE identifiers are considered to be unique in nature are common kind of identifier which is used for vulnerabilities of cyber security.

Nmap is considered to be a well-known automated vulnerability scanner. There are large number of benefits for performing vulnerability identification like improvisation of security, saves time, helps in analyzing risk and thereby fixing it, lastly saves money.

Fuzzing is considered to be a quality assurance method which can be used for understanding various errors in codes. It acts like security loophole in various software and operating networks.

The method of detection of vulnerability in various kind of source code can be considered to be much valuable. The easiest kind of way for prevention of various vulnerabilities is making use of a language which does not allow for them. C allow this kind of vulnerabilities by making use of direct access to various kinds of memory and it also lacks a strong kind of typing system.

Maintaining access generally requires large number of steps which can be used in target environment so that maximum amount of data can be gathered. The final phase is all about tracking of simple things by which attackers can easily take necessary steps for removing of detection. Any kind of changes which are being made focus on returning of state of any non-recognition by any kind of host data.

The basic differences between the three possible states in which the port scanners detect ports are as follows.

Open	Closed	Filtered
In this state, the host sends a reply to indicate that a service is accepting response from the port	In this state, the host provides the information regarding denial of access to the port connections	In this state, the host does not send any reply and blocks the connection
Security and stability issues are present in the program that is used to deliver the service	Security and stability issues are found in the operating system that is run on the port	No vulnerabilities are noticed in filtered ports

Basic Packet Filtering – Basic packet filtering is useful for controlling access in a particular network. While a data packet tries to enter the network, the firewall checks its source’s and destination’s protocols, ports and IP addresses.

Stateful Packet Filtering – Stateful Packet Filtering works in a different way than basic filtering. It generally works by using Stateful Packet Inspection (SPI), that generally uses tracking on the network connection states (UDP communication, TCP Stream, etc.).

Precomputed Hash Tables and Time-Memory Trade-Off Techniques

The three possible alternative port scanning options are as follows.

TCP SYN Scan – The most popular scan option provided by nmap is TCP SYN scan. The main benefits of this scan includes fast action, quick scanning of thousands of ports within a second and others while also not being restricted by firewalls.

TCP Connect Scan – This is a default type of scan that only occurs when SYN action is not possible. This is also the only option when the user does not have any raw packet privileges.

UDP Scans – Even though most of the internet based services run via the TCP protocol, UDP services are also very widely deployed in various networks. The three most common UDP services are DNS, SNMP, and DHCP (registered ports 53, 161/162, and 67/68).

Of the three scans discussed above, UDP scans are most effective in avoiding blocking by both basic and stateful packet filtering firewalls. This is because UDP scans are very slow and hence, most of the security auditors like firewalls ignore the ports.

Port scanners achieve identification of operating system using two methods.

TCP Port Service Scanning – The scanner is able to identify application based on a specific number of open ports that in turn helps it to identify the operating system running. For instance, 135 (RPC), 445 (SMB), 3389 (RDP) and 139 (Netbios-ssn) generally imply the system is running Windows operating system.

TCP/IP Stack Fingerprinting – Within a TCP protocol definition, certain parameters are defined precisely along with different default value sets. Analyzing these values, the operating system may be identified.  

Answer to Question 2

Poor data validations by web applications occur when there are erroneous methods used for the validation of the input data. This type of validation also contains a large number of vulnerabilities and hence, is to be avoided at all costs. Two examples of poor data validations are as follows.

Code injection attacks occur when some unknown identity injects an untrusted input into a running program thus changing its course of action as well as output. Some examples of code injection attacks are CRLF injection, Cross-sit Scripting, Host header injection and others.

SQL injections occur when the input provided by the user into the system is not filtered for the escape characters and then sent into an SQL statement. This process will ultimately result in manipulation and altering of statements that have been inserted into the database by the application end-user.

Understanding XSS and XSRF

Blind SQL injection is completely similar to the regular SQL injection attack except that in the blind attack, the attacker is not able to visualize the results of the attack. These attacks are known to be time intensive and there are many tools available to implement these attacks.

Countermeasures to SQL attacks are as follows.

Parameterized Statements – This is done by fixing the parameters of the statements such that the injected input is not able to change the values and the data.

Coding Level Enforcement – This can be done by using object-relational mapping libraries. The benefit of using this is that it does not require the any entry of SQL code.

Answer to Question 3

There are several security testing methodologies and frameworks that are deployed in order to test the security of the system and detect external agents that may hurt the system. Some of the common security testing frameworks are as follows.

Open Source Security Testing – This testing framework was developed for the purpose of free security testing on a repeatable basis. This framework performs the action via six different stages: information security, process security, internet security, communication security, wireless security and physical security. In each of the phase, the system performs various activities like analysis of competitive intelligence, privacy review, network mapping, leakage of data, IDS testing, scanning for vulnerability and others. This framework is much popular in the networking community and also requires a certain level of knowledge to understand its functions.

Information System Security Assessment – This is a very long testing framework available and is also free to use. The entire framework consists of 1200 pages and includes an extremely detailed level of functions and information. However, this framework has not been updated for quite some time and hence, sometimes becomes too obsolete to use.

NIST – This framework provides some technical guidelines regarding system testing and identification of errors and attacks. It also includes different templates and techniques that can be deployed for the testing process.

Open Web Application Security – This is generally treated as a testing guide and helps to determine poorly written and executed programs and applications as well as detect malware, identity theft and others.

Answer to Question 4   

Butter-overflow vulnerability can be used for overcoming challenging problems like injection of malicious codes, jumping of various kinds of malicious codes and followed by writing of malicious codes.

Three OS countermeasures which can be used for detection of vulnerability are use of C and other kind of associated language. C allow it making use of direct access to various kinds of memory and it also lacks certain number of system.

Phases of Penetration Testing

Integer Overflow vulnerability are used in computation programming like an integer overflow which helps in various kinds of arithmetic operation and creating of large number of values which is outside the range.

Fuzzing or fuzz testing is known to be a quality depended technique which can be used for discovering various kinds of error in codes. It also works for understanding loopholes in software and operating system. It generally involves a massive amount of random data named fuzz. A software tool name fuzzer can be used for identification of potential causes. It mainly works for understanding vulnerabilities which can be easily exploited by DOS attack and SQL injection. This particular scheme is mainly used by hackers for weakening the greatest amount of havoc in least interval of time. Fuzz offers a high benefit to cost ratio and can create defects if it is overlooked in some way. It cannot provide overall picture of network security or effectiveness of a program.

Answer to Question 5

In a DNS cache poisoning attack, an attacker will insert a DNS reply into a network and tells the network user that the host name is linked to any selectable IP address. Based on this reply, the user will update his DNS cache. With the help of the newly configured cache, the attacker will act as a middleman and infect the user’s device through the cache.

One of the well-known vulnerability tool is the nMap. This helps in performing the vulnerability identification by improvising the security, saving the time, help in analyzing the risks and fixing it and initially it also saves time. Nmap is considered to an automated vulnerability scanner that is able to perform a large number of actions during scanning. There are large number of benefits for performing vulnerability identification like improvisation of security, saves time, helps in analyzing risk and thereby fixing it, lastly saves money.

The method of detection of vulnerability in various kind of source code can be considered to be much valuable. The easiest kind of way for prevention of various vulnerabilities is making use of a language which does not allow for them. C allow this kind of vulnerabilities by making use of direct access to various kinds of memory and it also lacks a strong kind of typing system.

In Windows, the password of the user has been stored in the form of NTLM hash or as a LM hash regardless of saving it in the hashed format within the registry hive. In Linux the password has been saved in the custom shell etc. and all the details related to the password have been stored in the “etc/passwd”.

Alternative Port Scanning Techniques Offered by Nmap

Maintaining access generally requires large number of steps which can be used in target environment so that maximum amount of data can be gathered. The final phase is all about tracking of simple things by which attackers can easily take necessary steps for removing of detection. Any kind of changes which are being made focus on returning of state of any non-recognition by any kind of host data.

Cross-Site Request Forgery mainly occurs when the malicious website email, instant message, blog or the programs makes the users web browser to perform certain actions which are unwanted, on the trusted sites for which the users are authenticated. The impact of the CSRF if mainly dependent on the exposed capabilities of the application. Unauthorized commands are passed from the side of the user which is trusted by the web application.

Firstly the browser of the victim is tricked to send HTTP requests to the web applications as intended by the attacker and this normally involves the submission of forms on the web applications in order to alter the data. Secondly once the sending of the HTTP request is done there would be a cookie header. This are the cookies which are generally used for the storing of the session identifiers in order to avoid the user form re-authenticating for each of the request.

Two of the counter measures that can be used to prevent the CSFR includes:

1. Anti-CSRF tokens: This is also known as synchronizer token. There is need of including the anti CSFR token in the forms or when an authentication request is made. The web application will then verify the existence and the correctness of this token before processing of the request.
2. Same-site Cookies: this is a new attribute which is generally set on the Cookies in order to instruct the browser for disabling the third party usage for the specific cookies.

The main difference that exists between the Cross Site Scripting attack and Cross-Site Request Forgery Attack is that CSRF attack only happens in the authenticated sessions whenever the server has a trust on the user or the browser whereas in Cross-Site Scripting attack there is no need of any authenticated sessions and is capable of exploiting when the website which is vulnerable does not perform the basics of validation or escaping inputs.

Port scanning method generally refers to the surveillance done upon the ports of the computer which is most often done by the hackers in order to do malicious activities. The hackers are mainly associated with conducting port scanning in order to locate the holes in the computer ports. This scan involves the sending of a series of messages by someone in order to make an attempt of breaking into a system so as to learn which of the computer network service and each of which is associated with a well-known port number which is provided by the computer. Message is sent to different ports at a single point of time.

ARP Poisoning and Detection of Vulnerabilities

UDP port scanning is much slower than the TCP port scanning and this happens due to the fact in UDP one has to wait for receiving the answer of a specified timeout whereas in TCP instant answer is received and it can be seen that the port is open after receiving the three-way framework. And if it is closed then it is likely to get the packet with RST flag set. Thin helps in moving on to the next port instantly.

Brute force attack is the number of attempts which is used for understanding secret in every kind of possible situation. Brute force attack does not need any kind of option for sequential orders. An advanced brute attack may not be considered to have all order in sequential way. Table based attack is all about guessing in which attack makes use of precompiled list of option.

Three best practices for password hashing scheme are dictionary attack, brute force attack and lastly rainbow table attack.

When Unix makes use of password then it needs certain number of ways in which track password which is type by user. Unix generally avoid the system of not keeping an individual. Unix stores a value which is generated by making use of password for encryption of block of zero bits.

The algorithm of precomputed hash table is firstly looking for hash in the table, followed by breaking it into tables. Reduce the hash into plaintext followed by going to start, if the hash matches then the chain of hash matches with hash which is contained in original hash.

CVE or common vulnerability and exposure system is associated with providing a reference model for the publically known information-security vulnerabilities and the exposures.

CVE can be defined as an unique common identifiers for the publically known information security and the vulnerabilities in the software packages which are publically released. It is mainly included in the security test so as to identify and catalog the vulnerabilities in software or firm into a free dictionary for any organization in order to improve the security. This dictionary mainly standardizes the way in which the known vulnerabilities or exposures are identified.

One of the well-known vulnerability tool is the nMap. This helps in performing the vulnerability identification by improvising the security, saving the time, help in analyzing the risks and fixing it and initially it also saves time.

Robust testing can be described as the quality assurance methodology which is focused on the testing of the robustness of the software, this testing process has also been used for the purpose of describing the process of verifying the robustness of the test cases included in a test process. Whereas the functional testing can be defined as a software testing process which is used within the software development process. In this testing the software is tested so as to make sure that all the requirements are confronted.

Methods of Authentication for Security Testing

Fuzzing can be defied as the automated testing process which involves the providing of the invalid, unexpected or random data as the inputs to a program of the computer. And this program is then monitored for the purpose of obtaining the expectations like the crashes and many more.

The OS countermeasures against buffer over flow attack includes:

• Disabling of unnecessary services.
• Protecting the system with a firewall or a host based intrusion prevention system.
• Enabling of another access control mechanism like the TCP wrappers which authenticates the user with a password.

Passive information gathering in security testing mainly refers to the gathering of as much information as possible without any kind of establishment of the contact between the tester and the target. For this purpose third party website and tools are used which do not communicate with the target from where the information is being gathered. The biggest advantage of the passive information gathering is that the target would never know about the performing of the information gathering. Whereas active information gathering refers to the gathering of information in which physical contact is involved between the tester and the actual target. The biggest advantage is that the current situation of the system can be known and also helps in reduction of the network traffic. Two of the passive information gathering tool involves the Harvester and Netcraft. Active information gathering tool involves the nMap.

Once the tester gains access of the target system then he should work hard for keeping access of the system. The tester might make use the hijacked system as a launch pad at the moment of the attack which would be followed by scanning and exploitation of the system or continuous exploitation of the current system in the stealth mode. One of the major tool is a backdoor or a Trojan in order to get easy access of the breached system. And another tool is the rootkit which is a type of malware which is highly adopted in hiding itself from the targeted system.

Cover track can be considered to be the last step of the testing process. This step involves the clearing of all the digital signs that are left by the tester at the early stages of the testing process. Two of the method in covering tracks can be done is by deleting the evidences and moving, hiding, alteration and renaming of the files.

Answer to Question 1

There are two ways of proceeding the XSS flaws that includes firstly; he application updates the webpage that already exists, in association with the user-supplied data through the application of the browser API that is capable of creating the JavaScript or HTML. Secondly, it can occur when the application is including the untrusted data within the new web page in the absence of the proper escaping or validation. This attack allows the intruder to execute the codes in the browser of the victim that can overtake the command of the user sessions, redirecting the user towards the malicious sites, or deface web sites.

Common Vulnerabilities and Exposures

Reflected XSS attacks: a link is shared to the victim to “https://example.com/page?var=<script>alert(‘xss’)</script>” and somewhere on the page that value is echoed back to the victim. The value is only on the page if they follow this special link. The downside of this type is the attacker will have to specifically attack one victim or a group of victims whom the attacker can get to click on a link. It may be hard to get another person to follow your link.

Stored XSS attacks: the attacker finds a way to get a website to persist “<script>alert(‘xss’)</script>” for some time, maybe in the database. Then the intruder can send the victim to “https://example.com/page” and it reads the value out of the database and presents it to the victim. The upside of this type is it will attack everyone who views the page.

It can be described as during the condition when the application is not capable of ensuring the data/input, the processes involved in it contains the structures those are valid only. This structure consist of within the particular character set, of particular length, and satisfying the specified syntax. Following are some examples:

1. Allowance of utilizing of < > in web forms
2. Allowance of utilizing of double dash or semi-colon in database (web stores)

Sanitization can be described as the acceptance of the input however; sanitizing the data for example encode, remove, or “escape” “known suspect patterns or character such as remove <script>.” It gets the security context during the XSS attack or the untrusted value and thus, returns the trusted value considering the security context as the value use. If the value has been the trusted for the whole context, the sanitization method will be helpful in unwrapping the contained safe value and it has been further used directly.

I disagree with the statement as it occurs because of the several web applications providing users along with the persistent authentication validations.

Answer to Question 2

It can be described as a method that can uncover the windows for the hackers those can be utilized by the intruder against a victim. The goal of the port scanning is to collect as many information as it could be utilized for the identification of the vulnerabilities in the network and system of the victim. Examples of tools for carrying out port scanning are Packet Sniffers, Vulnerability Scanners, Port Scanners, and Vulnerability Exploitation tools.

The operations and design of the internet has been commonly based on the TCP/IP Internet Protocol Suite in which the network services have been referenced through utilizing the port number and the host address. Following are the categories of the result delivered by port scanning after scanning:

The Benefits of Vulnerability Identification and Fuzzing

Open: The host has been sending the reply in manner to indicate that the services have been listened on port

Closed: The host has been sending the reply in manner to indicate that the connections have been the denied to the port.

Filtered: For the instance no reply received from the host

Stateless Firewalls can be described as ACLs in general that contain the rules regarding the allowance and blocking of the traffic based on the Destination IP, Source IP, Network Protocols, Port numbers, and others.

Stateful Firewalls can be describes as “smarter” in a manner to interpret information alike to the present state of the TCP connection and determine the condition stating whether the packets have been fragmenting in manner to bypass the firewalls.

Stateful can be described as the much effective and efficient blocking network scanners than stateful as stateful might bypass the malicious coding and allow them to cross thr firewall to the system.

Answer to Question 3

In Windows, the password of the user has been stored in the form of NTLM hash or as a LM hash regardless of saving it in the hashed format within the registry hive. In Linux the password has been saved in the custom shell etc. and all the details related to the password have been stored in the “etc/passwd”.

A brute force cracking can be described as the attempt made crack the password using the guesses and dictionary attack s can be described as selection of the options from the set of the options those are predetermined.  NirSoft can be utilized for recovering the password.

Password salts are random data that can be input within the system as an additional input in manner to the one-way function, which hashes the passphrase or password, or the data. it can be utilized for enhancing the security as the new salt has been generating randomly for every password being implemented on the file. In other manner, the password and the salt have been processed and concatenated with the cryptographic hash function.

It reverses the cryptographic hash functions, can be applicable for cracking the password hashes, and can be utilized for the password recovery. It is a type, where the attacker can execute a cryptographic attack in manner to achieve the situation that has been similar to that of the “space-time tradeoff.”

Answer to Question 4

The principals can be described as follows:

• Utilizing the strong type language such as Java, C# and others in manner to detect the buffer overflows
• Usage of the safe library functions such as: strncpy, fgets, snprintf, and strncat.

1. Using the language that do not allow buffer overflow attacks can be best approach for example C
2. Minimizing the usage of the strcat and strcopy functions can be helpful in restricting the attacks by replacing these functions with an alternative strn.
3. ASLR (Address space layout randomization) and DEP (data execution prevention) are another preventive measures.

An integer overflow vulnerability can be caused because of the functioning of the command ‘gets’ that can read the value from stdin, will not be considering the size of the buffer. It can be exploited remotely as the ssh daemon will have to overwrite the memory through creating the hashtable of size zero while trying to storing some of the values in there.

It can be described as the technique for the quality assurance through discovering the security loopholes and coding errors in the networks, operating systems, or software. The most interesting ones are the input data those have been crossing the trust boundary.

Answer to Question 5

The phases including Reconnaisance, Scanning, gaining access, Maintaining Access, and covering tracks will be executed in manner to support the attack stages later in the security assessment.

1. Determining the network range
2. Information gathering
3. Identifying active machines
4. OS fingerprinting
5. Finding open ports and access points
6. Mapping the network
7. Fingerprinting services

Imagining XSS issue on the online blog or forum it can be stated that the attacker can effectively force the user through the CSRF in manner to force them to post the copy of the one of the biggest worm. The attacker can also utilize CSRF in manner to relay the attack against the selected site in manner to execute the denial of service attack within the perfect circumstances.

I disagree with the proposed statement as the CSRF attacks are generally executed through utilizing the Java Script image object or HTML image object. The attackers in general embed these codes within the email or the page performing the web request for forwarding the URL familiar to the victim.

Synchronizing the token patterns: STP can be a helpful technique where the secret, unique, and token value for every request has been embedded by the web application in every verified  and HTML forms on the server side.

Client-side safeguards: The extensions of the browsers such as uMatrix and RequestPolicy can be helpful in preventing the CSRF through establishing a default-denying policy for the cross-site requests.

The major difference in both the attacks is that XSS has been designed in manner to exploit the trust on the particular website for the user whereas the CSRF aim at exploiting the trust that the browser have established for the browser of the visitors. CSRF is all about checking auth_tockens used in from , in CSRF attack you can create spoof html form and force other victim to do things according to your need while XSS is all about java script execution.  

Ort scanning method can be defined as an attack, which tends to send the client requests among the wide range of the port addresses on the host. the goal of this attack is to search an active port that can be used to exploit the unknown vulnerability of the service being targeted. For example, For the instance when the attacker trying to get information about all the webservers those have been running in the target network, portsweep can be utilized aginst the port 443 and 80 to the every host in the network.

The three alternative options for the Nmap are the open, closed and filtered. There are the possibilities that the filtered port might require further probing because they can be subjected to the firewall rules that will allow them open to some conditions or IPs, and closed to others.

Most of the operating systems TCP/IP stacks has been queuing the incoming packets through utilizing the internal buffers. The UDP packets’ buffer have been very limited in space that could be resulting in the transfer of the UDP packets much faster and that much fast that it cannot be processes through the remote host.

The phases including Reconnaisance, Scanning, gaining access, Maintaining Access, and covering tracks will be executed in manner to support the attack stages later in the security assessment.

Real-time password recovery attacks are capable of synchronizing all active directory password resets and the changes would be ranging between the on-premises and SaaS application within the real time. Pre-computed table is nothing but the rainbow table that can be utilized for reversing the cryptographic hash functions.

The brute force emphasizes on the choices of password entering through making assumptions in sequential manner however; dictionary attack can be represented as estimating a password comprising different aspects related to the choice of the victim. The brute force consumes a lot of time whereas the dictionary is the fastest and the sample space has been limited.

Cryptographic hash functions: These are the very fast functions those have been completely undesirable against the brute force attacks.

Cryptographic hash functions with a salt: It can be referred as the auxiliary input to the hash functions those have been selected randomly during the password set by the user.  

Password-hashing functions: it is also represented as the password-based key derivation functions ensuring to fight against the brute force.

Unix stores the value of the password within the encrypt zero bits’ block through the execution of the one-way function namely “crypt().” Traditionally it was stored in etc/password/file.

The pre-computed table has been utilized in recovering the password of certain limited lengths those have been consist of the limited set of characters. Rainbow tables are specific to the hash function they were created for e.g., MD5 tables can crack only MD5 hashes.

The operations and design of the internet has been commonly based on the TCP/IP Internet Protocol Suite in which the network services have been referenced through utilizing the port number and the host address. Following are the categories of the result delivered by port scanning after scanning:

Open: The host has been sending the reply in manner to indicate that the services have been listened on port

Closed: The host has been sending the reply in manner to indicate that the connections have been the denied to the port.

Filtered: For the instance no reply received from the host

Stateless Firewalls can be described as ACLs in general that contain the rules regarding the allowance and blocking of the traffic based on the Destination IP, Source IP, Network Protocols, Port numbers, and others.

Stateful Firewalls can be describes as “smarter” in a manner to interpret information alike to the present state of the TCP connection and determine the condition stating whether the packets have been fragmenting in manner to bypass the firewalls.

Stateful can be described as the much effective and efficient blocking network scanners than stateful as stateful might bypass the malicious coding and allow them to cross thr firewall to the system.

 (i) Describe three possible alternative port scanning options offered by nmap, which manipulate the TCP protocol in non-standard ways, and may thus be used to avoid filtering.

The three possible alternative port scanning options are as follows.

TCP SYN Scan – The most popular scan option provided by nmap is TCP SYN scan. The main benefits of this scan includes fast action, quick scanning of thousands of ports within a second and others while also not being restricted by firewalls.

TCP Connect Scan – This is a default type of scan that only occurs when SYN action is not possible. This is also the only option when the user does not have any raw packet privileges.

UDP Scans – Even though most of the internet based services run via the TCP protocol, UDP services are also very widely deployed in various networks. The three most common UDP services are DNS, SNMP, and DHCP (registered ports 53, 161/162, and 67/68).

(ii) How effective are the options you described in item (i) in avoiding blocking by basic and stateful packet filtering firewalls? Explain your reasoning. [4]

Of the three scans discussed above, UDP scans are most effective in avoiding blocking by both basic and stateful packet filtering firewalls. This is because UDP scans are very slow and hence, most of the security auditors like firewalls ignore the ports.

(d) Port scanners may also be used for operating system identification during

network mapping. Explain how this is usually achieved, giving three examples

of information that a scanner may use for distinguishing different

Port scanners achieve identification of operating system using two methods.

TCP Port Service Scanning – The scanner is able to identify application based on a specific number of open ports that in turn helps it to identify the operating system running. For instance, 135 (RPC), 445 (SMB), 3389 (RDP) and 139 (Netbios-ssn) generally imply the system is running Windows operating system.

TCP/IP Stack Fingerprinting – Within a TCP protocol definition, certain parameters are defined precisely along with different default value sets. Analyzing these values, the operating system may be identified.

1. Using the language that do not allow buffer overflow attacks can be best approach for example C
2. Minimizing the usage of the strcat and strcopy functions can be helpful in restricting the attacks by replacing these functions with an alternative strn.
3. ASLR (Address space layout randomization) and DEP (data execution prevention) are another preventive measures.

1. Using the language that do not allow buffer overflow attacks can be best approach for example C
2. Minimizing the usage of the strcat and strcopy functions can be helpful in restricting the attacks by replacing these functions with an alternative strn.
3. ASLR (Address space layout randomization) and DEP (data execution prevention) are another preventive measures.

An integer overflow vulnerability can be caused because of the functioning of the command ‘gets’ that can read the value from stdin, will not be considering the size of the buffer. It can be exploited remotely as the ssh daemon will have to overwrite the memory through creating the hashtable of size zero while trying to storing some of the values in there.