Week 5 - Computer Security and Ethical hacking

Types of Browser Attacks:
- Man-in-the-Browser: An attack where the user's browser is compromised, allowing an attacker to manipulate the user's actions and the data being sent to banks without the user's knowledge.
- Keystroke Logger:
- A hardware or software tool that records all keystrokes made by a user.
- Can be a small device connected via USB or malware installed on the system.
- Not limited to browsers, can affect any typed input.
- Page-in-the-Middle:
- An attack that redirects users to a page different from their intended destination.
- Allows attackers to intercept and modify user input.
- Program Download Substitution:
- Attackers create a page that appears to offer legitimate downloads but instead installs malware on the user's computer.
- This is a common method of distributing spyware.
- User-in-the-Middle:
- This involves using click-bait to trick users into resolving CAPTCHAs for spam-related purposes.

Attacks discussed primarily relate to failures of user authentication.
Mitigation strategies include:
- Shared Secret: A piece of information shared among users and a service, which enhances security.
- One-Time Password (OTP): A password that is valid for only one session or transaction.
- Out-of-Band Communication: An alternate communication channel used for verification to prevent unauthorized access.

Fake Websites: Users may encounter sites that mislead them, leading them to unwittingly disclose private information.
Clickjacking:
- A malicious technique that entices users into clicking on something different from what they perceive, potentially executing dangerous actions unintentionally.
- Example dialogue: "Do you want to perform this dangerous act? [Yes] [No] For a Free Prize Click [Here]"

Refers to scenarios where malicious code is downloaded and installed automatically without the user's consent during web browsing.
- Can happen due to various factors including clickjacking or fake codes.

Cross-Site Scripting (XSS):
- Involves attackers injecting malicious scripts into content from otherwise trusted websites, tricking the client or server into executing those scripts.
- Example: <script src=http://badsite.com/xss.js></script>
SQL Injection:
- Inserting SQL code into a legitimate database query.
- Example of a normal query:
- QUERY = "SELECT * FROM trans WHERE acct = '" + acctNum + "';"
- Malicious variation:
- QUERY = "SELECT * FROM trans WHERE acct = '2468' OR '1'='1';"
Dot-Dot-Slash (Directory Traversal):
- An attack method using "../" to navigate directories in the file system, allowing access to restricted files.
Server-Side Include (SSI):
- Can execute commands or include files on the server when a vulnerable website interprets inputs as SSI directives.

Input Filtering and Sanitization:
- Every user input must be properly validated to prevent injection vulnerabilities.
- Assume no valid input can be blindly trusted, therefore check all inputs rigorously.
Access Control Mechanisms:
- Utilizing "stored procedures" in databases to secure backend access and execution of SQL queries.

Prevalence of Spam:
- Estimates suggest 60% to 90% of all email is spam.
Types of Spam:
- Advertising for pharmaceuticals and stocks.
- Spreading of malicious code.
- Links directing to harmful websites.
Countermeasures:
- Although laws exist against spam, they are often ineffective.
- Email filters have improved efficiency in combating spam.
- Internet Service Providers (ISPs) enforce volume limitations to hinder spammers.

Definition:
- Phishing involves deceptive messaging aimed at extracting private information from victims or prompting unsafe actions.
Spear Phishing:
- A targeted form of phishing that personalizes the attack for specific individuals or groups.

MIME (Multipurpose Internet Mail Extensions):
- Extends the original RFC 822 Internet mail format by adding new header fields, allowing for non-ASCII content.
S/MIME (Secure/Multipurpose Internet Mail Extensions):
- Security enhancements atop MIME to enable signed and/or encrypted email communications.
Functions of S/MIME:
- Enveloped Data: Encrypted content and keys.
- Signed Data: Encoded message along with a signed digest.
- Clear-signed data: Cleartext message alongside an encoded signed digest.
SSL and TLS:
- SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) provide general-purpose security services as a protocol suite based on TCP.

TLS Session:
- Association between a client and a server created through the Handshake Protocol to define cryptographic security parameters.
HTTPS (HTTP over SSL):
- Combination of HTTP with SSL to create a secure communication channel between a web client and server.
- Identified by URL starting with https://, ensuring document confidentiality.

Overview:
- IPsec includes various application security mechanisms and aims to provide encryption and authentication across all IP traffic.
Benefits of IPsec:
- Strong security for traffic when implemented in firewalls or routers.
- Transparent over applications, providing security without needing user intervention.
IPsec Modes:
- Transport Mode:
- Extends security to the payload of an IP packet for end-to-end communication, encrypting data while allowing the header to remain unaltered.
- Tunnel Mode:
- Encrypts the entire packet and encapsulates it for transmitted security between networks, allowing secure communication through untrusted infrastructures.

To further understand the discussed concepts, refer to:
- Chapter 22 of William Stallings
- Chapter 4 of Charles P. Pfleeger