Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
55 views2 pages

NS-Assignment1 Solution

This document contains the answers to 6 questions related to information security: 1) It describes 3 steps (Nepenthes, CW sandbox, Botspy) to track and study a botnet of 100,000 zombies, and 2 strategies (DPI and DNS lookup) to recognize botnet traffic. 2) It notes that if a company's personal information is stolen, clients could sue the company for damages, causing major financial loss. 3) It distinguishes cyberwar as state-sponsored attacks equivalent to armed attacks, while cyberterrorism uses the internet for violent acts to achieve political goals through intimidation, such as election interference or sabotaging infrastructure. 4) The last question is answered in

Uploaded by

Asim Shareef
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
55 views2 pages

NS-Assignment1 Solution

This document contains the answers to 6 questions related to information security: 1) It describes 3 steps (Nepenthes, CW sandbox, Botspy) to track and study a botnet of 100,000 zombies, and 2 strategies (DPI and DNS lookup) to recognize botnet traffic. 2) It notes that if a company's personal information is stolen, clients could sue the company for damages, causing major financial loss. 3) It distinguishes cyberwar as state-sponsored attacks equivalent to armed attacks, while cyberterrorism uses the internet for violent acts to achieve political goals through intimidation, such as election interference or sabotaging infrastructure. 4) The last question is answered in

Uploaded by

Asim Shareef
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Assignment #1

Information Security (Solution)


ASIM SHARIF SATTI

1. How can researchers study and track a botnet consisting of 100,000 zombies?
Botnet zombies can be tracked and study in the following three steps.

Step1: Nepenthes: Gather tests of self-governing spreading malware.

Step2: CW sandbox: Automatically study and analyse the data sample.

Step3: Botspy: Observe a given botnet.

There are two essential strategies for recognizing botnet traffic i.e.

1) Deep Packet Inspection (DPI): It is a packet filtering technique that examines the
data part of a packet and searches for viruses, spam, and intrusions and decides
whether the packet may pass or if it needs to be dropped or routed to the different
destination. There are multiple headers for IP packets: IP header and TCP or UDP
header.

2) DNS lookup: It is used to identify the DNS traffic of the communication service
providers (CSP) and their network configuration. Observing the DNS traffic gives a
number of distinct advantages, including providing the specific IP address of the
device making the DNS lookup, visibility of all raw and non-cached DNS requests
and an ability to analyze the frequency of botnet DNS lookups.

2. How can companies be harmed if they allow personal information in their


control to be stolen?
If companies personal information is misused or stolen in that case the clients of that
company can sue the company for the damage to their personal information or data,
which can lead massive loss to that company.
3. Distinguish between cyberwar and cyber-terror. How can countries use
cyberwar attacks?
Cyberwarfare is the use or targeting in a battlespace or warfare context of
computers, online control systems and networks. It involves both offensive and
defensive operations pertaining to the threat of cyberattacks, espionage and sabotage.
Or the U.S. Congressional Research Service said in a 2015 report, "it is typically
conceptualized as state-on-state action equivalent to an armed attack or use of force in
cyberspace that may trigger a military response."
Cyberterrorism is the use of the Internet to conduct violent acts that result in, or
threaten, loss of life or significant bodily harm, in order to achieve political gains
through intimidation.

The most common methods of cyber misconduct includes infecting a computer


system with malware, holding it hostage with ransomware, disabling it with a flood of
messages (a so-called denial of service attack) or hacking data for the purpose of
espionage. A more extreme example might be a cyberattack that aims to sabotage,
say, the test launching of missiles. Real-life examples include Russia’s manipulation
of social media to sway Western elections, most notably the 2016 U.S. presidential
vote, and the so-called Stuxnet worm, said to have been developed by the U.S.
National Security Agency and Israeli intelligence, that sabotaged Iranian nuclear
centrifuges starting in 2009.

4. If an attacker breaks into a corporate database and deletes critical files, against
what security goal is this attack aimed?
I: Integrity II: confidentiality
5. Why do you think DoS attackers use zombies to attack victims instead of sending
attack packets directly to victims? Come up with two reasons

1) Disguise their IP address and MAC address.

2) To launch an attack of a greater size with a greater chance of success.

6. Why would using a script created by a hacker not give you the experience of
expert hacking?
Well a script would mean that someone else has written that and it could have been
used already. As discussed in class that would mean that it could be detected very
easily and just thrown out because the server or database may have seen that attack
many times.Also you would be limited on what you could do as well

You might also like