Applying Encryption and Hashing Algorithms for Secure Communications

1. Explain the concepts and procedures involved in applying encryption and hashing algorithms by addressing the following:

   Explain why hash values are an important part of performing a forensic investigation. Explain why (or why not) hash values typically change if data is modified. Identify a method of securing message integrity during e-mail communications without encrypting the e-mail.

 

2. Explain the purpose of the –e switch in the GnuPG command. Compare and contrast MD5sum and SHA1sum hashing algorithms. In what ways are they similar (compare)? In what ways do they differ (contrast)?

 

3. Identify the cryptographic algorithms used during the lab. Explain what is required to decrypt an encrypted message. Now apply what you learned in the lab to the following scenario. Scenario Cybercriminals have orchestrated a hybrid attack on your city’s municipal website. The Federal Bureau of Investigation (FBI) has asked that the municipal website be taken offline and that infrastructure that supports the website be isolated until a thorough investigation has been completed. Your Role You have been asked to prepare a brief report for city leaders to address the problem. Requirements Continue working in the same document; simply start your report on a new page with an appropriate heading. In your report you will need to: Describe different types of attack strategies attackers may employ.

 

4. You must choose at least four of the following : Cross-site scripting (XSS) attack. Cross-site request forgery (CSRF). SQL injection. Code injection. Command injection. Parameter tampering. Cookie poisoning. Buffer overflow. DMZ protocol attack. Zero-day attack. Authentication hijacking. Log tampering. Directory traversal. Cryptographic interception. URL interpretation. Impersonation attack. Evaluate mitigation strategies for each type of attack. Recommend a course of action for addressing the web attack. Note: To make a recommendation, you will need to make your own assumptions about the type of attack on the city’s municipal website. Support your work with references to at least three recent, relevant professional resources. Additional Requirements Include a title page and references page. The length will vary depending on how you paste the screen captures. Your report should be 3–4 pages in length. Cite at least three current, relevant professional resources. Follow current APA style and format for references. Use Times New Roman, 12 points, double-spaced.

Complete a lab and respond to questions about the lab. Prepare a report on the topic of hybrid website attacks. This assessment deals with two methods that are essential components in securing an enterprise: encryption and physical security. Encryption is often used on web pages, e-mail, and virtual private networks (VPNs). It is crucial for security professionals to have at least a rudimentary knowledge of cryptography and cryptanalysis.

Lab Activity

Physical security, which is often overlooked, is another crucial component of security. Physical security involves a diverse range of controls such as hard drive encryption, media sanitation methods, lighting, fences, and locks.

Note: The assessments in this course build on one another and you are strongly encouraged to complete them in sequence.
By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies and assessment criteria:
• Competency 1: Perform vulnerability analysis and penetration testing using ethical hacking techniques.
o Explain the concepts and procedures involved in applying encryption and hashing algorithms.

• Competency 2: Describe the role of social engineering in gaining access to systems.
o Describe different types of attack strategies attackers may employ.

• Competency 4: Identify the vulnerabilities of common protocols used in an organization.
o Evaluate mitigation strategies for each type of attack.

• Competency 5: Design a plan for intrusion detection for a secure infrastructure.
o Recommend a course of action for addressing the web attack.

• Competency 6: Communicate in a manner that is professional and consistent with expectations for members of the information technology professions.
o Write content clearly and logically with correct use of grammar, punctuation, and mechanics.

The following lab activity is required to complete Assessment 2.
• Assessment 2 Lab: Applying Encryption and Hashing Algorithms for Secure Communications.
o Section 2: Applied Learning.
o Part 1: Create a Text File on Linux.
o Part 2: Create an MD5sum and a SHA256sum Hash String.
o Part 3: Modify a File and Verify Hash Values.
o Part 4: Generate GnuPG Keys.
o Part 5: Share a GnuPG Key.
o Part 6: Encrypt and Decrypt a Clear Text Message.

To prepare for this assessment, research and analyze existing IT articles and websites on the following topics:
• Different types of attack strategies hackers may employ in a hybrid website attack. You should be able to define and explain each one below (although you will not be required to do so in the actual assessment):
o Cross-site scripting (XSS) attack.
o Cross-site request forgery (CSRF).
o SQL injection.
o Code injection.
o Command injection.
o Parameter tampering.
o Cookie poisoning.
o Buffer overflow.
o DMZ protocol attack.
o Zero-day attack.
o Authentication hijacking.
o Log tampering.
o Directory traversal.
o Cryptographic interception.
o URL interpretation.
o Impersonation attack.
•Mitigation strategies for each type of attack and the effectiveness of each of those strategies.
Your work in this assessment must be supported with recent, relevant resources

Complete the Applying Encryption and Hashing Algorithms for Secure Communications lab. As you go through the lab, be sure to:
• Perform all screen captures as the lab instructs and paste them into a Word document. In the same Word document:
• Explain the concepts and procedures involved in applying encryption and hashing algorithms by addressing the following:
o Explain why hash values are an important part of performing a forensic investigation.
o Explain why (or why not) hash values typically change if data is modified.
o Identify a method of securing message integrity during e-mail communications without encrypting the e-mail.
o Explain the purpose of the —e switch in the GnuPG command.
o Compare and contrast MD5sum and SHA1sum hashing algorithms.
o In what ways are they similar (compare)?
o In what ways do they differ (contrast)?

Now apply what you learned in the lab to the following scenario. Scenario Cybercriminals have orchestrated a hybrid attack on your city's municipal website. The Federal Bureau of Investigation (FBI) has asked that the municipal website be taken offline and that infrastructure that supports the website be isolated until a thorough investigation has been completed.

You have been asked to prepare a brief report for city leaders to address the problem. Requirements Continue working in the same document; simply start your report on a new page with an appropriate heading. In your report you will need to:
• Describe different types of attack strategies attackers may employ. You must choose at least four of the following :
o Cross-site scripting (XSS) attack.
o Cross-site request forgery (CSRF).
o SQL injection.
o Code injection.
o Command injection.
o Parameter tampering.
o Cookie poisoning.
o Buffer overflow.
o DMZ protocol attack.
o Zero-day attack.
o Authentication hijacking.
o Log tampering.
o Directory traversal.
o Cryptographic interception.
o URL interpretation.
o Impersonation attack.
• Evaluate mitigation strategies for each type of attack.
• Recommend a course of action for addressing the web attack. Note: To make a recommendation, you will need to make your own assumptions about the type of attack on the city's municipal website.

Support your work with references to at least three recent, relevant professional resources. Additional Requirements
• Include a title page and references page.
• The length will vary depending on how you paste the screen captures. Your report should be 3-4 pages in length.
• Cite at least three current, relevant professional resources.
• Follow current APA style and format for references.
• Use Times New Roman, 12 points, double-spaced.