MD5 hashing a method of encryption that takes a string of characters regardless of length and produces a 128bit fingerprint. MD5 hashing is commonly used in databases such as Mysql to store sensitive data. However, MD5 hashing is not trusted now days there is techniques to identify the hash. For example software known as Rainbow tables have been proven to decrypt the hash.(Rouse, n.d.)

The important thing to note is that MD5 hashing is not encryption as the results are permanent. Once a string of text has been converted into a hash it cannot be un-hashed back to its original state. For that reason alone hashing is not considered encryption.

Known attacks on relating to MD5

Back in 2016 a Video streaming service company in China known as YouKu was attacked and had 92 Million users personal information exposed along with each ones MD5 hashes.(Mooney, 2020)

Bibliography

Mooney, G. (2020, June 24). What is MD5? Retrieved from ipswitch: https://blog.ipswitch.com/what-is-md5

Rouse, M. (n.d.). MD5 . Retrieved from techtarge: https://searchsecurity.techtarget.com/definition/MD5

1. Investigate and discuss one of the more severe vulnerabilities found as a result of the OpenVAS scan. Depending on the vulnerability the Common Vulnerabilities and Exposures (CVE) database may be of use.

Before the Windows update the LDAP was potentially leaking data placing the server and site names at risk. So what is LDAP?

Lightweight Directory Access Protocol(LDAP) which is used to access directory services. If an attacker were to get hold of the information stored by the LDAP they could potentially pose as an employee and trick real staff into providing sensitive information or services to the attacker thinking that they are helping a fellow staff member. This kind of use of insider information falls under Social Engineering techniques.

2.Investigate and discuss vulnerability assessment of services on Cloud Infrastructure such as Amazon Web Services.

Intruder is a vulnerability scanner that has been designed to work with the three major cloud based provides such as AWS,GCP and Azure.

The benefit of using Intruder is that it also can scan physical networks aswell cloud based services. The difficulty with cloud based services is tracking what assets you have, what is being used and what assets are not currently being used. This problem makes it difficult for cloud services to keep track of activities. You cant monitor activity if you do not know that it is there.

Intruder has a builtin Cloudbot that is used to provide hourly checks for any new IP addresses and hostnames accessing your network

For your journal entry answer the following questions

1. Explain in your own words the DOS attack scenario.

A Dos attack is when one computer floods a server with a large number of request packets. With all the attacker’s fake requests using up all the available memory other packets need to wait till their is enough memory for them to use

1. Explain in your own words how the Hping3 attack causes the denial of service.

Hping3 allows a user to manipulate not only the size of the packets being send but also the quantity of each packets over a given network.

1. Discuss the benefits of using anti-phishing functionality.

By installing such extensions in one’s browser a user can be alerted by the program if the website the wish to connect to is a known website for phishing. This will give the user the option of either not getting navigated to the website or continuing anyways.

For your journal entry answer the following questions

In the lab, you use Nmap to scan the network and Wireshark to capture packets on the network.

1. What information can you obtain by network footprinting using Nmap?

Penetration tests use Nmap to trace the vulnerabilities within a network. If there are weakness found the Tester will patch them making it harder for a hacker to obtain needed information.

information discovered:

Port numbers

Email addresses

Operating System information

Firewall identification

DNS information

(Nmap, n.d.)

1. How could an attacker use this information?

By knowing which port numbers are frequently being used an attacker can use that port number knowing that his/her packets will go through undetected

By knowing what type of operating system and firewall are being used they can focus on exploits that are known to those Applications.

1. How can packet sniffing be used to detect potential threats on a network?

By monitoring all the packets of a healthy network a pattern will naturally form of standard operating traffic. So if there are any attempts to attack the network the traffic inconsistency will be easy to identify and dealt too.

1. Analyse the packet capture and assess what is happening

Nmap. (n.d.). Nmap Cheat Sheet: From Discovery to Exploits – Part 1: Introduction to Nmap. Retrieved from resources.infosecinstitute.com: https://resources.infosecinstitute.com/nmap-cheat-sheet/#gref

Discuss when you may need to use the Windows Defender Exclusions feature from the lab.  What the security considerations or actions would you recommend or implement if you were asked to exclude a folder from Windows Defender.

Somestimes Windows Defender Flags Applications as threats but in fact they are safe programs.

I would can that folder or file by itself to make sure that the folder or file in question is truly safe before excluding it from the scan.

I would also change the security permission of that particular folder to suit the security needs.

Discuss a scenario when you may need to use the Microsoft Safety Scanner rather than Windows Defender.

There are some Viruses that target the functionality of the Operating System. This could lead to Windows Defender viewing some files as “friendly” instead of as a virus.

Select a feature Internet Explorer Browser Security from the lab and discuss the vulnerability it is protecting, is this required just for Internet Explorer?

Disable popups. This is a core feature that can stop people from clicking on popups that may lead them to unsecured websites or links, that may have viruses waiting for unexpected users.

No. All browsers have the option of enabling or disabling popups.

For your journal entry discuss social engineering in a business context

1. Summarize the key information gathered from MyBook?

Phillip is married to a woman on a beach

He has a Dog which is a Pug

Car is broken down

Phone number and DOB

Studied at Oxford University

Previous work experience – HP and Costa

Kingston Thames

Job title

Hobbies- Raves

1. Consider how the information gathered can be leveraged to attack an organization?

You can request to change the password for Phillips important accounts. This could lead into having access to his emails so attackers can potentially send phishing emails to the Mangers of the company where he works.

1. What prevention methods could be used to mitigate the risk of an attack?

Limit the mount of personal information that is posted on Social media sites such as facebook.

Have security questions that are not related to family or your pets. That will make it harder for attackers to narrow down on the correct answer.

Have 3rd party Authentication setup so any requests get sent Phillips phone. This would mean that the attackers would not need to have physical access to Phillips phone in order to change the password of any sensitive Accounts.