Understanding IP Vulnerabilities In Networking

In my previous article, I have talked about some of the facts that you need to know about network security. This article talks about some of the facts that you need to know about IP Vulnerabilities in Networking. Follow me as we are going to look at that in this article.

There are different types of attacks that target IP. The table lists some of the more common IP-related attacks.

IP Attacks	Description
ICMP attacks	Threat actors use Internet Control Message Protocol (ICMP) echo packets (pings) to discover subnets and hosts on a protected network, to generate DoS flood attacks, and alter host routing tables.
Denial-of-Service (DoS) attacks	Threat actors attempt to prevent legitimate users from accessing information or services.
Distributed Denial-of-Service (DDoS) attacks	Similar to a DoS attack, but features a simultaneous, coordinated attack from multiple source machines.
Address spoofing attacks	Threat actors spoof the source IP address in an attempt to perform blind spoofing or non-blind spoofing.
Man-in-the-middle attack (MiTM)	Threat actors position themselves between a source and destination to transparently monitor, capture and control the communication. They could simply eavesdrop by inspecting captured packets or alter packets and forward them to their original destination.
Session hijacking	Threat actors gain access to the physical network, and then use a MiTM attack to hijack a session.

ICMP Attacks

ICMP was developed to carry diagnostic messages and to report error conditions when routes, hosts, and ports are unavailable. ICMP messages are generated by devices when a network error or outage occurs.

The ping command is a user-generated ICMP message, called an echo request, that is used to verify connectivity to a destination.
Threat actors use ICMP for reconnaissance and scanning attacks. This enables them to launch information-gathering attacks to map out a network topology, discover which hosts are active (reachable), identify the host operating system (OS fingerprinting), and determine the state of a firewall.

Threat actors also use ICMP for DoS and DDoS attacks, as shown in the ICMP flood attack in the figure.

ICMP Flood

Note: ICMP for IPv4 (ICMPv4) and ICMP for IPv6 (ICMPv6) are susceptible to similar types of attacks.
The table lists common ICMP messages of interest to threat actors.

ICMP Message	Description
ICMP echo request and echo reply	This is used to perform host verification and DoS attacks.
ICMP unreachable	This is used to perform network reconnaissance and scanning attacks.
ICMP mask reply	This is used to map an internal IP network.
ICMP redirects	This is used to lure a target host into sending all traffic through a compromised device and create a MiTM attack.
ICMP router discovery	This is used to inject bogus route entries into the routing table of a target host.

Networks should have strict ICMP access control list (ACL) filtering on the network edge to avoid ICMP probing from the internet. Security analysts should be able to detect ICMP-related attacks by looking at captured traffic and log files.

In the case of large networks, security devices, such as firewalls and intrusion detection systems (IDS), should detect such attacks and generate alerts to the security analysts.

Amplification and Reflection Attacks

Threat actors often use amplification and reflection techniques to create DoS attacks. The example in the figure illustrates how an amplification and reflection technique called a Smurf attack is used to overwhelm a target host.

Note: Newer forms of amplification and reflection attacks such as DNS-based reflection and amplification attacks and Network Time Protocol (NTP) amplification attacks are now being used.
Threat actors also use resource exhaustion attacks. These attacks consume the resources of a target host to either crash it or consume the resources of a network.

Address Spoofing Attacks

IP address spoofing attacks occur when a threat actor creates packets with false source IP address information to either hide the identity of the sender or to pose as another legitimate user. The threat actor can then gain access to otherwise inaccessible data or circumvent security configurations. Spoofing is usually incorporated into another attack such as a Smurf attack.
Spoofing attacks can be non-blind or blind:

Non-blind spoofing – The threat actor can see the traffic that is being sent between the host and the target. The threat actor uses non-blind spoofing to inspect the reply packet from the target victim. Non-blind spoofing determines the state of a firewall and sequence-number prediction. It can also hijack an authorized session.
Blind spoofing – The threat actor cannot see the traffic that is being sent between the host and the target. Blind spoofing is used in DoS attacks.

MAC address spoofing attacks are used when threat actors have access to the internal network. Threat actors alter the MAC address of their host to match another known MAC address of a target host, as shown in the figure. The attacking host then sends a frame throughout the network with the newly-configured MAC address. When the switch receives the frame, it examines the source MAC address.

Threat Actor Spoofs a Server’s MAC Address

The switch overwrites the current CAM table entry and assigns the MAC address to the new port, as shown in the figure. It then forwards frames destined for the target host to the attacking host.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

Fact Check Policy

CRMNUGGETS is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Fact Check Policy

Suicide Forbidden. RCCG Sunday School Students

Leave a reply

Memory Verse: “Casting all your care upon Him, for He careth for you”-1 Peter 5:7.

Bible Passage: Romans 5:1-8.

Introduction

Suicide is the act of intentionally causing one’s death and deliberately killing one’s self. Research shows that approximately 90% of people who have died by suicide were suffering from a mental illness at the time. The most common mental illness reported is depression. Also, many suicides happen impulsively in a moment of crisis with a breakdown in the ability to deal with life stresses, such as financial problems, relationship break-up or chronic pain and illness. In addition, experiencing conflict, disaster, violence, abuse, (physical, sexual emotional, verbal and so on) discrimination or loss and a sense of isolation are strongly associated with suicidal behaviour. Intense sadness and hopelessness, not caring about activities that used to matter, withdrawal from family, friends, sports and social activities; substance (drug, alcohol) abuse are some of the common signs of suicidal thoughts.

OUTLINES

1. Biblical view of Suicide

2. Antidotes to suicidal thoughts/attempts

The Biblical View Of Suicide

The Bible views suicide as equal to murder (self-murder). God is the only one to decide when and how a person should die. We should say with the Psalmist. “My times are in thy hand…“(Psalms 31:14). God is the giver of life. He gives and He takes away (Job 1:21). The Bible mentions six specific people who committed suicide. Abimelech (Judges 9:54), Saul (1 Sam 31:4), Saul’s armour bearer (1 Sam. 31:4-6), Ahitophel (2 Samuel 17:23), Zimri (1 Kings 16:18) and Judas (Matt. 27:5).

Suicide, the taking of one’s own life, is ungodly because it rejects God’s gift of life. No one should presume to take God’s authority upon them to end his or her own life. Some people in Scripture felt deep despair in life. Solomon, in his pursuit of pleasure, reached the point where he “hated life”(Eccl. 2:17). Elijah was fearful and depressed and yearned for death (1 Kings 19:4). Jonah was so angry at God that he wished to die (Jonah 4:8). Even the apostle Paul and his missionary companions at one point were under great pressure that resulted in despair (2 Cor. 1:8).

However, non of these men committed suicide. Solomon learned to fear God and keep his commandment (Eccl. 12:13). Elijah was comforted by an angel, allowed to rest and given a new commission (1 Kings 19:5,15). Jonah received admonition and rebuke from God (Jonah 4:1-3;8-11). Paul learned that, although the pressure he faced was beyond his ability to endure, the Lord can bear all things (2 Cor. 1:9).

ANTIDOTES TO SUICIDAL THOUGHTS/ATTEMPTS

According to the Bible, suicide is a sin (Ex. 20:13). Therefore if you or anyone around you expresses suicidal thoughts or exhibits self-harming behaviours, seek pastoral and professional help. In addition, the following steps may help to rescue anyone having suicidal thoughts.

Take a few moments to consider letting God prove His love to you (Romans 5:5).
Know that Jesus identifies with you in times of rejection and humiliation (Isaiah 53:2-6).
Jesus Christ endured suffering and shame so that you might have all your sins forgiven and your weight of guilt removed (Romans 5:7-8, Romans 8:32).
Know that Jesus will forgive and repair your brokenness and restore your joy if you humbly receive Him as your Saviour (Is. 1:18; 2 Cor. 5:17).
Be assured that Jesus will always come to your rescue whenever you are in trouble if only you cry or call upon Him (Psalms 61:1-2; Jer. 33:3; Ps. 50:15).

CONCLUSION: No matter how bad things are in your life, there is the God of love who is waiting for you to guide you through your tunnel and out into His marvellous light.

QUESTIONS

What is the biblical view of suicide?
Mention the antidotes to suicidal thoughts/attempts

ASSIGNMENT: From the lesson introduction and contemporary environment, identify any five (5) sources of suicide (2×5=10Marks).

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be thrilled to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria, and Phillips Consulting among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

I know you might agree with some of the points raised in this article. You might disagree with some of the issues raised. Let me know your views about the topic discussed. We would appreciate it if you can drop your comment. Thanks in anticipation.

Fact Check Policy

Understanding Address Resolution Protocol Vulnerabilities

Leave a reply

Hosts broadcast an ARP Request to other hosts on the network segment to determine the MAC address of a host with a particular IP address. All hosts on the subnet receive and process the ARP Request. The host with the matching IP address in the ARP Request sends an ARP Reply. This article talks about Address Resolution Protocol vulnerabilities. Follow me as we will look at that together in this article.

Any client can send an unsolicited ARP Reply called a “gratuitous ARP.” This is often done when a device first boots up to inform all other devices on the local network of the new device’s MAC address. When a host sends a gratuitous ARP, other hosts on the subnet store the MAC address and IP address contained in the gratuitous ARP in their ARP tables.

However, this feature of ARP also means that any host can claim to be the owner of any IP/MAC they choose. A threat actor can poison the ARP cache of devices on the local network, creating a MiTM attack to redirect traffic. The goal is to associate the threat actor’s MAC address with the IP address of the default gateway in the ARP caches of hosts on the LAN segment. This positions the threat actor in between the victim and all other systems outside of the local subnet.

ARP Cache Poisoning

ARP cache poisoning can be used to launch various man-in-the-middle attacks.

PC-AR1

IP: 192.168.10.10
MAC: AA:AA:AA:AA:AA:AAIP: 192.168.10.254
MAC: EE:EE:EE:EE:EE:EEIP: 192.168.10.1
MAC: A1:A1:A1:A1:A1:A1Threat ActorARP Request: MAC of 192.168.10.1

ARP Cache on PC-A
ARP Cache on PC-A
IP Address	MAC Address
192.168.10.1	????

ARP Cache on Threat Actor Host
ARP Cache on Threat Actor Host
IP Address	MAC Address
192.168.10.10	AA:AA:AA:AA:AA:AA
192.168.10.1	A1:A1:A1:A1:A1:A1

Note: There are many tools available on the internet to create ARP MiTM attacks including dsniff, Cain & Abel, ettercap, Yersinia, and others.

DNS Attacks

The Domain Name Service (DNS) protocol defines an automated service that matches resource names, such as www.cisco.com, with the required numeric network address, such as the IPv4 or IPv6 address. It includes the format for queries, responses, and data and uses resource records (RR) to identify the type of DNS response.

Securing DNS is often overlooked. However, it is crucial to the operation of a network and should be secured accordingly.
DNS attacks include the following:

DNS open resolver attacks
DNS stealth attacks
DNS domain shadowing attacks
DNS tunnelling attacks

DNS Open Resolver Attacks
Many organizations use the services of publicly open DNS servers such as GoogleDNS (8.8.8.8) to provide responses to queries. This type of DNS server is called an open resolver. A DNS open resolver answers query from clients outside of its administrative domain. DNS open resolvers are vulnerable to multiple malicious activities described in the table.

Table caption
DNS Resolver Vulnerabilities	Description
DNS cache poisoning attacks	Threat actors send spoofed, falsified record resource (RR) information to a DNS resolver to redirect users from legitimate sites to malicious sites. DNS cache poisoning attacks can all be used to inform the DNS resolver to use a malicious name server that is providing RR information for malicious activities.
DNS amplification and reflection attacks	Threat actors use DoS or DDoS attacks on DNS open resolvers to increase the volume of attacks and to hide the true source of an attack. Threat actors send DNS messages to the open resolvers using the IP address of a target host. These attacks are possible because the open resolver will respond to queries from anyone asking a question.
DNS resource utilization attacks	A DoS attack that consumes the resources of the DNS open resolvers. This DoS attack consumes all the available resources to negatively affect the operations of the DNS open resolver. The impact of this DoS attack may require the DNS open resolver to be rebooted or services to be stopped and restarted.

DNS Stealth Attacks
To hide their identity, threat actors also use the DNS stealth techniques described in the table to carry out their attacks.

Table caption
DNS Stealth Techniques	Description
Fast Flux	Threat actors use this technique to hide their phishing and malware delivery sites behind a quickly-changing network of compromised DNS hosts. The DNS IP addresses are continuously changed within minutes. Botnets often employ Fast Flux techniques to effectively hide malicious servers from being detected.
Double IP Flux	Threat actors use this technique to rapidly change the hostname to IP address mappings and to also change the authoritative name server. This increases the difficulty of identifying the source of the attack.
Domain Generation Algorithms	Threat actors use this technique in malware to randomly generate domain names that can then be used as rendezvous points to their command and control (C&C) servers.

DNS Domain Shadowing Attacks
Domain shadowing involves the threat actor gathering domain account credentials in order to silently create multiple sub-domains to be used during the attacks. These subdomains typically point to malicious servers without alerting the actual owner of the parent domain.

DNS Tunneling

Botnets have become a popular attack method of threat actors. Most often, botnets are used to spread malware or launch DDoS and phishing attacks.

DNS in the enterprise is sometimes overlooked as a protocol that can be used by botnets. Because of this, when DNS traffic is determined to be part of an incident, the attack is often already over.

It is necessary for the cybersecurity analyst to be able to detect when an attacker is using DNS tunnelling to steal data and prevent and contain the attack. To accomplish this, the security analyst must implement a solution that can block outbound communications from the infected hosts.

Threat actors who use DNS tunnelling place non-DNS traffic within DNS traffic. This method often circumvents security solutions. For the threat actor to use DNS tunnelling, the different types of DNS records such as TXT, MX, SRV, NULL, A, or CNAME are altered. For example, a TXT record can store the commands that are sent to the infected host bots as DNS replies. A DNS tunnelling attack using TXT works like this:

The data is split into multiple encoded chunks.
Each chunk is placed into a lower level domain name label of the DNS query.
Because there is no response from the local or networked DNS for the query, the request is sent to the ISP’s recursive DNS servers.
The recursive DNS service will forward the query to the attacker’s authoritative name server.
The process is repeated until all of the queries containing the chunks are sent.
When the attacker’s authoritative name server receives the DNS queries from the infected devices, it sends responses for each DNS query, which contains the encapsulated, encoded commands.
The malware on the compromised host recombines the chunks and executes the commands hidden within.

To be able to stop DNS tunnelling, a filter that inspects DNS traffic must be used. Pay particular attention to DNS queries that are longer than average, or those that have a suspicious domain name. Also, DNS security solutions, such as Cisco Umbrella (formerly Cisco OpenDNS), block much of the DNS tunnelling traffic by identifying suspicious domains. Domains associated with Dynamic DNS services should be considered highly suspect.

DHCP

DHCP servers dynamically provide IP configuration information to clients. The figure shows the typical sequence of a DHCP message exchange between client and server.

DHCP Attacks

DHCP Spoofing Attack
A DHCP spoofing attack occurs when a rogue DHCP server is connected to the network and provides false IP configuration parameters to legitimate clients. A rogue server can provide a variety of misleading information:

Wrong default gateway – The threat actor provides an invalid gateway, or the IP address of its host to create a MiTM attack. This may go entirely undetected as the intruder intercepts the data flow through the network.
Wrong DNS server – A threat actor provides an incorrect DNS server address pointing the user to a malicious website.
Wrong IP address – The threat actor provides an invalid IP address, invalid default gateway IP address, or both. The threat actor then creates a DoS attack on the DHCP client.

Assume a threat actor has successfully connected a rogue DHCP server to a switch port on the same subnet as the target clients. The goal of the rogue server is to provide clients with false IP configuration information.

1. Client Broadcasts DHCP Discovery Messages

2. DHCP Servers Respond with Offers

3. Client Accepts Rogue DHCP Request

4. Rogue DHCP Acknowledges the Request

In the figure, a legitimate client connects to the network and requires IP configuration parameters. The client broadcasts a DHCP Discover request looking for a response from a DHCP server. Both servers receive the message.

Fact Check Policy

CRMNAIJA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Fact Check Policy

Health Benefits Of Kedi V-CA Tablet

Leave a reply

Kedi V-Ca Tablet is a nutritious way of adding to the body’s supply of Vitamin C and calcium V-Ca drink is a perfect way to start your day. In this article, I want to talk about some of the health benefits of this exciting product.

Health Benefits:

V-Ca facilitates calcium absorption, making it more bio-available to the cells.
V-Ca is important in many other critical functions such as the absorption of iron, simulation of the immune system and as an antioxidant to strengthen the immune system.
V-Ca neutralises potentially harmful reactions in the watery part of the body, such as blood and fluid both inside and sounding cells.
V-Ca may be useful as an immune stimulator and modulator in some circumstances. It promotes resistance to infection through the immunologic activity of leukocytes, the production of interferon and maintaining mucous membrane.
V-Ca increased intake is required to maintain normal plasma level under acute emotional or environmental stress such as trauma , fever , infection , or elevated environmental temperature.
It helps you replace the Vitamin C loss through colds and flu.

Recommended Daily Intake

Dissolve one tablet in a glass of water (220ml – 300 ml) either warm or ordinary water. Do not exceed the recommended intake.
Action Point

PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

Fact Check Policy

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Fact Check Policy

Choosing Best Hosting Platform For Website

Leave a reply

Choosing the right host can make all the difference in how fast your website loads and how easy it is to use. You don’t want your server to be overloaded with traffic, causing your site to load slowly, or worse, crash! Make sure your website stays up and running with these tips on finding the best hosting platform.

What Is Web Hosting?

Web hosting is a service that allows organizations and individuals to post a website or web page onto the Internet.

A web host, or web hosting service provider, is a business that provides the technologies and services needed for the website or webpage to be viewed on the Internet.

Websites are hosted or stored, on special computers called servers. When Internet users want to view your website, all they need to do is type your website address or domain into their browser.

Why Should I Choose a Good Web Host?

A good web host will keep your website up and running smoothly, with little to no downtime. They will also offer you features like unlimited storage space, bandwidth, and email accounts.

Plus, a good web host will have excellent customer service in case you need any help.

What Are the Different Types of Web Hosting Services?

1) Shared hosting is the most popular type of web hosting, and is perfect for small-scale websites and blogs. With shared hosting, your website will be hosted on a server with other websites.

2) VPS hosting is great for medium-sized businesses or websites with high traffic. With VPS hosting, your website will be hosted on a virtual private server, giving you more control over your server environment.

(3) Dedicated hosting is ideal for large businesses or websites with very high traffic. You get a fully dedicated server for your business, which gives you all the power and stability that comes with owning your own physical hardware. If you’re still not sure what kind of hosting best suits your needs, compare our top 5 hosts below !

– SiteGround
– Bluehost
– A2Hosting
– DreamHost
– InMotionHosting

How Do I Choose Between Them?

If you’re running a website, you need a hosting platform that can keep it up and running reliably. But with so many options out there, how do you choose the best one for your needs?

Here are some things to consider when making your decision:

What features does the company offer?
Do they have an uptime guarantee or any type of support for their customers?
Do they offer domain registration services or other related features?
How much does it cost per month and what payment methods are accepted?
Does this company offer shared hosting or dedicated servers as well as VPSes (virtual private servers)?

How Much Should I Expect To Pay?

The cost of hosting a website can vary greatly depending on your needs. If you are just starting out, you can find shared hosting plans for as little as $5 per month.

However, if you need more power or have a higher traffic website, you may need to pay $10 or more per month. Additionally, some hosting providers offer discounts if you pay for multiple months in advance.

How Do I Get Started With My New Webhost?

So you’ve decided on a web host and are ready to get started with your new website. Congratulations! Now it’s time to get started on the fun part: building your site. But first, you need to set up your hosting account.

Here’s a quick guide on how to do that.

1) Fill out the sign-up form for your hosting service of choice.

2) Check your email inbox for an activation link or confirmation email from the company’s support team.

3) Click or tap on this link/email to confirm your purchase. Next, enter your billing information (name, address, credit card number). After filling in the necessary fields, click on Confirm Purchase. You should now be redirected to a page where you can log in to your account. Choose a username and password (this will be different than any other login info you may have used elsewhere), then enter them into the login boxes. Now you’re taken to the control panel for your hosting account, which is called cPanel. In order to add a domain name (or make any changes at all) to your account, you’ll need to add it through cPanel.

Action Point

PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

Fact Check Policy

Increasing Blog Traffics: 6 Methods To Help Drive Traffic

Leave a reply

The above question has been a common question among bloggers and this post will you improve your blog. Keep reading…

If you want to drive more traffic to your blog and increase your visibility, you’re going to need to ensure that you aren’t leaving anything on the table. You’ll want to maximize every single opportunity that you can, which means looking at different ways that you can drive traffic from multiple sources.

Here are six great methods that you can use today to help drive traffic to your blog and increase your online presence.

#1. Write Great Content

The number one thing you can do today to increase your traffic is simply published great content. If you’re interested in driving a lot of organic traffic, focus on consistently publishing great content that people want to read and share.

This will make it easier for search engines to find your site and rank it highly for relevant terms. It will also make it easier for other bloggers to share your content with their readers, which can lead to more referral traffic.

#2. Create Quality Backlinks

You’ve got a great piece of content and it’s on a topic that people want to read about, but no one knows it exists yet. The only way they’re going to find out is if you can get quality backlinks pointing at your site.

Don’t just ask anyone either, find credible sites in your industry or niche and make sure you exchange links with them. If you don’t know how to do that, use an SEO tool like Ahrefs to analyze their link profile first. It will show you what kind of anchor text they are using for their backlinks.

Then, simply replicate their process by making your relevant links with similar anchor texts so that Google sees you as someone who shares information rather than someone trying to game its system.

#3. Share on Social Media, Comment on Other Blogs

The best way to drive a ton of traffic is by commenting on other blogs, as well as sharing on social media. Since you’re adding value and giving away information for free, people will start following you and driving even more traffic back to your site. The key here is linking back to original content with contextual links.

If someone asks a question in their post, answer it directly in your comment. If they link to an outside resource, use that link when referencing it in your comment. This helps create a natural flow of traffic from one post to another that drives targeted visitors back to your website.

#4. Ask For Feedback

If you know someone who reads or writes for a living, ask them for feedback on your writing. Specifically, ask if there’s anything that sounds awkward or is difficult to read.

Sometimes it can be hard to see our own mistakes and find flaws in our writing without another person’s perspective. If you feel comfortable doing so, ask them if they have any suggestions on how you could make it better.

You may even consider sending them an entire draft of something you’re working on rather than just asking for feedback from one specific piece. The more eyes you get looking at your work, the more likely it will be improved before publishing.

#5. Participate in a Community or Network of Bloggers

One of the best ways to increase your exposure on Google is by participating in a community or network of bloggers. There are tons of these out there; blogging has become an integral part of internet culture over recent years, so finding one that fits you is pretty simple.

Once you’ve got that down, it’s just a matter of sharing links and commenting frequently on others’ blogs (Just make sure you read their posts before leaving comments!)

By being active within these communities, you can build relationships with other bloggers who will share your content, and maybe even link back to it, helping you get more exposure from search engines.

#6. SEO (Search Engine Optimization)

Although Google is less dependent on keywords in rankings than it used to be, having a site filled with words and phrases that people are likely to search for will still give you an edge over those who lack a keyword strategy.

SEO isn’t just about stuffing as many keywords into your pages as possible, though, it’s also about choosing carefully what words and phrases you target, and how those words and phrases appear on your page.

For example, How to make money blogging may have more traffic potential than Blogging for profit tips. Your goal should be to make sure that every page of your website has at least one or two keywords or keyphrases in it somewhere; otherwise, you might find yourself getting lost in the shuffle when it comes time for search engines to do their thing.

You can use tools like Google AdWords Keyword Planner to research which keywords and keyphrases are most popular among searchers.

These are obviously the free ways to drive traffic to your blog. Slow and steady wins the raise

Why My Blog is Not Getting Traffic?

To understand why Google might not be sending you as much traffic as you’d like, let’s first talk about why Google likes a site.

For example, if a lot of other sites link to yours (the linking concept is called link popularity), or if a lot of people read and share content on yours regularly (called engagement), then that tells Google that yours is a popular and engaging site, so it will send more visitors to you.

If none of these things are happening for you, then there are a few reasons why. You could have chosen an unpopular topic for your website—if no one cares about what you’re writing about, they won’t go to your site and tell their friends either.

Or maybe you don’t have any quality content—if readers can’t find anything useful when they get to your site, they won’t come back again.

What is Good Traffic For a Blog?

Various metrics can be used to determine whether or not a website is popular, and how much traffic it has. One of these metrics is Google PageRank, which uses a scale of 1–10 to measure how important a site is.

The higher a site’s PageRank score, the more likely it will appear in search results. However, there are many factors involved in determining how high a site appears on search engine result pages (SERPs).

For example, how often people link to you from other sites—known as backlinks—is an important factor. In addition, how popular your topic is can also affect how high you rank on SERPs.

This is why choosing a niche for your website can help increase its popularity; if you choose a highly-popular niche, chances are that more people will be searching for information related to your site than if you chose a less-popular niche.

Finally, how frequently new content is added to your site can influence how well it ranks on SERPs; Google likes sites with fresh content because they tend to have higher visitor engagement rates than those without new content.

Blog Traffic Checker

There are a lot of different tools that will allow you to check statistics on your website, but one of my favourites is Google Analytics.

You can use it to see where people are coming from when they click on your links, what they’re searching for in search engines, how much time they spend on each page, and which pages convert most effectively (i.e., what action do they take after reading that particular page).

These are important factors to consider when trying to increase your visitors. The more you know about how people interact with your site, the better equipped you’ll be to make changes that improve performance.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be thrilled to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria, and Phillips Consulting among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

Fact Check Policy

As a Student, earn $1.5 (N1,500.00) performing simple 5 Minutes tasks. Here are my withdrawal tasks.

Claim your 1 USDT for reading this post.

Free BNB up for Grab. Click here to claim yours.

Internal Link Building For SEO Success

Leave a reply

What is link building? There are various definitions online, but the best one I have found comes from Wikipedia, which explains link building as the process of attracting links to a website from other websites.

In simpler terms, link building is how you make sure that people can find your site when they look up specific keywords on search engines like Google and Bing.

What is Internal Link Building?

Internal link building is a component of search engine optimization that involves adding links within your website’s content and navigation.

Internal link building can boost your site’s search visibility by increasing its prominence in search engine results. It also helps ensure that all the pages on your site are easily found, ensuring higher quality traffic.

You can do internal link building yourself with just some time and patience or hire an expert to get it done for you.

What Are The 3 Types of Internal Links?

The three major types of internal links are; contextual, navigational, and hub. All three are important for getting traffic to your site, but if you want to get an advantage over your competitors you need to learn how to do them right. This is a summary of the three types of internal linking.

– Contextual linking is when you link to pages that are related to the one that visitors are on.

– Navigational linking points visitors in the direction of other pages they might be interested in based on what they clicked on or entered into a search engine like Google.

– Hub linking creates new entry points into your website from which people can go deeper into its content. The key to this type of linking is making sure it’s easy for users to find their way back out again.

Linking also helps make your site more scannable because it lets users jump around easily between different sections and topics. Think about using headings, subheadings, bullet points, and paragraphs to help organize your information.

It’s not enough just to have text; there should be some form of structure as well. Try starting with headers first before going any further so you know where your post will begin and end and where you’ll include graphics or images.

How Does Internal Linking Benefit Me?

Internal linking allows search engines to see every page on your site as relevant and important. Search engines like relevance, which means if your website is poorly linked internally, it could be at a significant disadvantage.

The more internal links you have on your site, the more pages you get indexed—and that is exactly what you want when trying to achieve success from an organic search engine ranking perspective.

How Do I Put Together an Effective Strategy?

If you’re familiar with content marketing, then you know that a successful strategy involves creating and sharing lots of content across various platforms.

Internal link building is a fundamental part of most campaigns because it helps improve your site’s rank in Google’s SERPs.

To implement a successful strategy, however, you have to know how to put together an effective one. Here are some tips for effective internal link building for SEO success:

1) Create content at least once per week

2) Include links back to other pages on your website or blog whenever possible. It will help boost the relevance of these pages when they show up in search results.

The more times a page appears in search engine results, the more weight Google assigns to its ranking.

In addition, by linking to your content from external sites like LinkedIn or YouTube, you can increase the credibility of those websites as well.

Finally, keep in mind that not all links should be considered equal. That’s why it’s important to strategically include links between different types of content such as blog posts, videos, infographics, and articles.

Doing so will give readers a better understanding of what’s being discussed and encourage them to visit the other pages on your site.

It also provides readers with additional information that may answer their questions before they even ask them.

And while this may seem like something that would work against improving your rankings, it has the opposite effect.

Creating a Map of Your Site

Internal links aren’t just important for link building; they play a crucial role in site structure and usability.

Getting your internal linking strategy down to a science will not only help your search rankings but will also help boost user experience and funnel more traffic to your website.

To start creating a map of your site, look at high-level pages or sections of content that are similar to one another, then make an educated guess about what pages would be useful to users who land on those specific sections.

Next, do some preliminary research on the topic to see if you can find out any popular keywords that people use when searching for information related to these topics.

If so, include them in your navigation bar (or other prominent areas) so users can quickly and easily get to where they want to go.

You can also create new content around these popular keywords and see how often people share it with their friends online. The more social shares you have, the higher your search engine ranking will be because Google likes websites with lots of social signals!

Internal Linking Tool

If you want to automate things, you can use Ahrefs. Ahrefs is a popular link indexing and analysis tool. By using its various filters, you can learn more about your top linking pages and competitors’ best-performing pages.

You can even copy these links and put them to work on your website if you want to try similar content strategies.

If that doesn’t work for some reason, simply reach out to influencers who have shared your competitors’ top-performing content to request they share yours instead.

These days it’s easier than ever to find the contact information of any given person with just a few clicks. A little hard work will yield impressive results!

Conclusion

Internal links make a website more user-friendly and help search engines crawl your site more effectively.

Search engine bots can’t see through URLs, so they won’t know to follow internal links on your site unless you tell them (i.e., via internal links).

Internal link building is therefore one of several strategies you can use to increase your website’s traffic, search engine rankings, and reputation.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

Fact Check Policy

MYCRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Download my ICT APP App On Google Playstore

Migrate to Truehost Domain and Hosting. Very Cheap. Very Fast and 99.9% Reliable

Monitor Your Keywords and Ranking, Join SEOPOZ Today

Youtube Video Marketing: How to Make Your Videos Go Viral

Leave a reply

Did you know that YouTube has over 1 billion users each month? That’s almost 1 out of every 2 people on the internet, and it’s just one of many social media platforms that you can tap into when creating your video marketing campaign to promote your business or service, particularly if you have a product or service that lends itself to demonstration or explanation via video content.

As these statistics indicate, YouTube video marketing is worth exploring as part of your overall marketing strategy, and this article will explain some of the basics of how to get started.

Use Your Target Keywords

One of the simplest, yet most important parts of Youtube marketing is to use your target keywords when you upload your videos.

YouTube indexes and ranks videos on their search engine with these keywords as a crucial element. If you want your video to go viral or rank highly in Youtube search results, make sure that they are packed with relevant keywords. Using keywords such as tips or tricks will give your video a higher chance of ranking higher than other competitors if viewers also enter those terms in the Youtube search bar.

In addition, try inserting hashtags at the end of your description for even more promotion!

Know What Works Best for Each Type of Content

With a little bit of research, you can figure out what kind of video works best for your industry. Figure out how long videos in your niche tend to be and match that length—too short or too long and people might not watch them.

Read up on what sort of content does well on YouTube—and then give that a shot. You’ll need to create something that isn’t too technical or niche if you want it to have broad appeal. Do some research before diving in.

That way, you can tailor the video accordingly. What do other companies produce? What’s the usual number of minutes per video? Is there any technical jargon that would alienate potential viewers? You’ll need to answer these questions before getting started.

Once you’ve got all this information and have crafted an idea, get started! You may find success with one type of content but struggle with another so don’t be afraid to experiment and try new things!

Ensure your videos are fully optimized

There are a few tips you should consider to ensure your videos are fully optimized. Always keep in mind that optimization is a processAlways keep in mind that optimization is a process, not an event. You will want to tweak each video as it performs.

Here are a few questions you should ask yourself before uploading your next video

-Does the thumbnail image accurately represent the content of the video?

-Is there a clear call to action for viewers?

-Is there any text on the screen other than subtitles?

-Are captions available in multiple languages?

-What’s the length of the video and how many views have been generated by it so far?

-If I were a viewer, would I subscribe to this channel based on this one video alone?

-How can I use annotations and cards effectively within my YouTube Channel?

Choose the right format for your content

There are many formats for videos on YouTube, such as explainer videos, product demos, interviews, tutorials, vlogs, and commercials. While you can mix these styles within a single video, each of them should be marketed to reach different kinds of viewers and increase your number of subscribers.

The first thing you need to decide is whether you want your videos to entertain or inform your audience—this will help determine what kind of video style works best for you.

If you have an interview with an expert in the field, then it might make sense to have a format that looks more like TV news. If it’s a tutorial or how-to video, it might make sense to use stop motion animation.

It’s also important to keep the length of your video manageable—most people wax have short attention spans so if they’re not hooked by 10 seconds, they’ll click away. It’s also helpful to think about who you’re trying to reach and tailor your content accordingly.

It would make sense for a company selling pet products to upload videos of animals playing with their toys while someone making makeup tutorials could show women wearing their cosmetics at home in front of a mirror, as well as tips on how to apply them correctly.

Understand Retention Metrics

There are a few key metrics that you should be paying attention to when it comes to marketing your videos. The first is retention, which tells you how many people watch at least 50% of your video.

A low retention rate might mean that people lose interest in what you’re promoting or your video isn’t very interesting. On the other hand, if people stop watching before the end of your video, then they may not like what they see and it could be for some reasons.

They might have been expecting something different than what was delivered on the video or they simply didn’t find anything that interested them.

If your retention rates are really low, there are a couple of things you can do to improve them: create more engaging content, use a better thumbnail image, promote your videos better on social media platforms like Facebook and Twitter, etc.

Get Influencers To Promote For You

Now that you have created a viral video, it’s time to promote it. Start by building relationships with people in your industry who have large followings.

Many of them are looking for ways to stay relevant and will be eager to share your content if you ask. If they agree, start spreading your message through their audience via social media and email, but do not be afraid to cold call and email random people on YouTube who might be interested too.

If they are not the right person, ask how you can connect with someone else at their company or what steps you need to take next to grow your channel.

Do not just stop there! Networking is one of the most important aspects of any successful business so keep going until you get enough traction.

Utilize your YouTube statistics

Do you spend a lot of time watching YouTube videos? Have you ever thought about utilizing these statistics for marketing purposes? Well, now you can.

There are tons of YouTube influencers who have millions of subscribers and views. If one is willing to promote your product or service, it may prove beneficial in increasing sales.

You can offer them incentives or pay them a certain amount if they can increase traffic on your website, which will directly affect your sales.

Share your new video on Social Media

Post your video on Facebook, Twitter, Reddit, and other social media platforms your target audience uses regularly. By sharing links with friends, family, and colleagues (and adding hashtags like #videomarketing) you have an opportunity to get noticed by people outside of your network.

This is what can lead to viral success!

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

Fact Check Policy

Download my ICT APP App On Google Playstore

Migrate to Truehost Domain and Hosting. Very Cheap. Very Fast and 99.9% Reliable

Monitor Your Keywords and Ranking, Join SEOPOZ Today

Email Marketing Techniques to Grow Your Business

Leave a reply

Email marketing can make your business look huge even if it’s tiny, but only if you do it correctly. It’s easy to use the process to bring in new customers and increase the sales from the people who are already buying from you, but it requires effort to be effective.

Read on to learn how to create an email marketing strategy that will grow your business using techniques that you can use again and again as you start to expand your online presence.

Types of Email Marketing

The list of marketing tactics you can use is limited only by your imagination. But if you are new to email marketing, we recommend you begin with a few tried-and-true techniques: offers and coupons (sales), newsletter subscriptions, invitations for webinars and events, contact lists for direct sales, deals, and prizes.

Many other email marketing strategies could work well for your business. Experiment with what suits you best!

How to Write a Subject Line

With over seven billion emails sent every day, no one can afford to ignore email marketing. If you want your brand’s message in front of consumers at all times, email is your best bet.

But with so many emails competing for people’s attention, it’s important to make yours stand out. To do that, you have to use words that appeal directly to recipients and inspire them to open and read your message.

Here are a few tips on how to write an effective subject line
– Avoid spammy words like FREE or LIMITED TIME OFFER. The goal here is to get the reader interested enough to open the email, not trick them into opening a fake virus attachment.

– Create curiosity by using action verbs or adjectives like Exclusive or Amazing.

– Keep it short and sweet – any sentence longer than 25 words will be too wordy for most readers.

Lead Magnets

In simple terms, a lead magnet is an incentive. It’s something you offer in exchange for an email address and permission to send marketing messages via email—in other words, permission to advertise (spam) your business.

Lead magnets can be anything: free reports, e-books, white papers or videos, infographics… whatever you have that people will find useful and want in exchange for their contact info.

Promote your lead magnet on social media and wherever else you might market yourself or your business.

Introduction To Newsletters

While some people have grown up on instant messaging and social media, email marketing is still one of the most powerful tools you can use as a small business owner. In fact, by incorporating newsletters into your marketing plan, you’ll be able to create leads, convert customers, and connect with new customers without spending too much time or money.

If you know how to use newsletters for business, it can do wonders for your company. For example, businesses that send regular updates see an average return of $40 for every dollar spent on their newsletter campaigns.

As your customer base grows, so will the ROI from your newsletter campaign—so it pays to get started now!

When Should I Send Emails?

Email marketing is extremely popular with businesses because email is inexpensive and offers several ways for you to build customer relationships. But it can be challenging to decide when you should send emails.

You don’t want to bombard your customers with too many emails, but you also don’t want them wondering why they haven’t heard from you in ages.

So when should you send an email? Here are some guidelines.

#1 Send an email no more than once a week if the recipient is not on your list of regular contacts.

#2 If you regularly correspond with the recipient, feel free to contact them more often—though never more than once per day or every other day—as long as it feels natural to do so.

#3 For new leads or prospects, consider sending them one introductory email at the beginning of your relationship and then again three months later.

#4 Once you have sent these two introductory emails, make sure to space out any future messages so that you don’t end up spamming your prospect with unwanted content.

How Long Should My Emails Be?

The optimal length for your emails should be between 120 and 250 words, depending on how complex your subject matter is. Shorter email lengths tend to get more click-throughs and conversions than longer ones.

Your content mustn’t feel too long—so if you find yourself writing copy that goes over 1,000 words, it might be a good idea to rewrite it into multiple shorter pieces instead of one big one.

How Many Emails Should I Send Out?

Email marketing is, without a doubt, one of THE most effective forms of marketing there is, but that doesn’t mean you should send out dozens or hundreds of emails daily.

Your email subscribers are busy people with full inboxes—they don’t need your constant clogging up their inboxes! For example, a good rule of thumb is to never send more than one email per week.

Another good idea: Include an unsubscribe link at the bottom of every email you send out.

Conclusion

Email marketing is one of your strongest marketing assets. When executed properly, email can turn strangers into customers and mere customers into lifelong advocates.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

Fact Check Policy

Download my ICT APP App On Google Playstore

Migrate to Truehost Domain and Hosting. Very Cheap. Very Fast and 99.9% Reliable

Monitor Your Keywords and Ranking, Join SEOPOZ Today

Common Http And Https Exploits For Networks

Leave a reply

Internet browsers are used by almost everyone. Blocking web browsing completely is not an option because businesses need access to the web, without undermining web security. In this article, I want to look at common HTTP and https exploits for networks.
To investigate web-based attacks, security analysts must have a good understanding of how a standard web-based attack works. These are the common stages of a typical web attack:

The victim unknowingly visits a web page that has been compromised by malware.
The compromised web page redirects the user, often through many compromised servers, to a site containing malicious code.
The user visits this site with malicious code and their computer becomes infected. This is known as a drive-by download. When the user visits the site, an exploit kit scans the software running on the victim’s computer including the OS, Java, or Flash player looking for an exploit in the software. The exploit kit is often a PHP script and provides the attacker with a management console to manage the attack.
After identifying a vulnerable software package running on the victim’s computer, the exploit kit contacts the exploit kit server to download code that can use the vulnerability to run malicious code on the victim’s computer.
After the victim’s computer has been compromised, it connects to the malware server and downloads a payload. This could be malware or a file download service that downloads other malware.
The final malware package is run on the victim’s computer.

Independent of the type of attack being used, the main goal of the threat actor is to ensure the victim’s web browser ends up on the threat actor’s web page, which then serves out the malicious exploit to the victim.

Some malicious sites take advantage of vulnerable plugins or browser vulnerabilities to compromise the client’s system. Larger networks rely on IDSs to scan downloaded files for malware. If detected, the IDS issues an alert and records the event to log files for later analysis.

Server connection logs can often reveal information about the type of scan or attack. The different types of connection status codes are listed here:

Informational 1xx – This is a provisional response, consisting only of the Status-Line and optional headers. It is terminated by an empty line. There are no required headers for this class of status codes. Servers MUST NOT send a 1xx response to an HTTP/1.0 client except under experimental conditions.
Successful 2xx – The client’s request was successfully received, understood, and accepted.
Redirection 3xx – Further action must be taken by the user agent to fulfil the request. A client SHOULD detect infinite redirection loops because these loops generate network traffic for each redirection.
Client Error 4xx – For cases in which the client seems to have erred. Except when responding to a HEAD request, the server SHOULD include an entity containing an explanation of the situation, and if it is temporary. User agents SHOULD display any included entity to the user.
Server Error 5xx – For cases where the server is aware that it has erred, or it cannot perform the request. Except when responding to a HEAD request, the server SHOULD include an entity containing an explanation of the error situation, and if it is temporary. User agents SHOULD display any included entity to the user.

To defend against web-based attacks, the following countermeasures should be used:

Always update the OS and browsers with current patches and updates.
Use a web proxy like Cisco Cloud Web Security or Cisco Web Security Appliance to block malicious sites.
Use the best security practices from the Open Web Application Security Project (OWASP) when developing web applications.
Educate end-users by showing them how to avoid web-based attacks.

The OWASP Top 10 Web Application Security Risks is designed to help organizations create secure web applications. It is a useful list of potential vulnerabilities that are commonly exploited by threat actors.

Common HTTP Exploits

Malicious iFrames
Threat actors often make use of malicious inline frames (iFrames). An iFrame is an HTML element that allows the browser to load another web page from another source. iFrame attacks have become very common, as they are often used to insert advertisements from other sources into the page. Threat actors compromise a webserver and modify web pages by adding HTML for the malicious iFrame. The HTML links to the threat actor’s webserver. In some instances, the iFrame page that is loaded consists of only a few pixels. This makes it very hard for the user to see. Because the iFrame is run on the page, it can be used to deliver a malicious exploit, such as spam advertising, an exploit kit, and other malware.
These are some of the ways to prevent or reduce malicious iFrames:

Use a web proxy to block malicious sites.
Because attackers often change the source HTML of the iFrame in a compromised website, make sure web developers do not use iFrames. This will isolate any content from third-party websites and make modified pages easier to find.
Use a service such as Cisco Umbrella to prevent users from navigating to websites that are known to be malicious.
Make sure the end-user understands what an iFrame is. Threat actors often use this method in web-based attacks.

HTTP 302 Cushioning
Another type of HTTP attack is the HTTP 302 cushioning attack. Threat actors use the 302 Found HTTP response status code to direct the user’s web browser to a new location. Threat actors often use legitimate HTTP functions such as HTTP redirects to carry out their attacks. HTTP allows servers to redirect a client’s HTTP request to a different server.

HTTP redirection is used, for example, when web content has moved to a different URL or domain name. This allows old URLs and bookmarks to continue to function. Therefore, security analysts should understand how a function such as HTTP redirection works and how it can be used during attacks.

When the response from the server is a 302 Found status, it also provides the URL in the location field. The browser believes that the new location is the URL provided in the header. The browser is invited to request this new URL. This redirect function can be used multiple times until the browser finally lands on the page that contains the exploit. The redirects may be difficult to detect due to the fact that legitimate redirects frequently occur on the network.

These are some ways to prevent or reduce HTTP 302 cushioning attacks:

Use a web proxy to block malicious sites.
Use a service such as Cisco Umbrella to prevent users from navigating to websites that are known to be malicious.
Make sure the end user understands how the browser is redirected through a series of HTTP 302 redirections.

Domain Shadowing
When a threat actor wishes to create a domain shadowing attack, the threat actor must first compromise a domain. Then, the threat actor must create multiple subdomains of that domain to be used for the attacks.

Hijacked domain registration logins are then used to create the many subdomains needed. After these subdomains have been created, attackers can use them as they wish, even if they are found to be malicious domains. They can simply make more from the parent domain. The following sequence is typically used by threat actors:

A website becomes compromised.
HTTP 302 cushioning is used to send the browser to malicious websites.
Domain shadowing is used to direct the browser to a compromised server.
An exploit kit landing page is accessed.
Malware downloads from the exploit kit landing page.

These are some ways to prevent or reduce domain shadowing attacks:

Secure all domain owner accounts. Use strong passwords and use two-factor authentication to secure these powerful accounts.
Use a web proxy to block malicious sites.
Use a service such as Cisco Umbrella to prevent users from navigating to web sites that are known to be malicious.
Make sure that domain owners validate their registration accounts and look for any subdomains that they have not authorized.

Email

Over the past 25 years, email has evolved from a tool used primarily by technical and research professionals to become the backbone of corporate communications. Each day, more than 100 billion corporate email messages are exchanged. As the level of use rises, security becomes a greater priority. The way that users access email today also increases the opportunity for the threat of malware to be introduced.

It used to be that corporate users accessed text-based email from a corporate server. The corporate server was on a workstation that was protected by the company’s firewall. Today, HTML messages are accessed from many different devices that are often not protected by the company’s firewall. HTML allows more attacks because of the amount of access that can sometimes bypass different security layers.

The following are examples of email threats:

Attachment-based attacks – Threat actors embed malicious content in business files such as an email from the IT department. Legitimate users open malicious content. Malware is used in broad attacks often targeting a specific business vertical to seem legitimate, enticing users working in that vertical to open attachments or click embedded links.
Email spoofing – Threat actors create email messages with a forged sender address that is meant to fool the recipient into providing money or sensitive information. For example, a bank sends you an email asking you to update your credentials. When this email displays the identical bank logo as mail you have previously opened that was legitimate, it has a higher chance of being opened, having attachments opened and links clicked. The spoofed email may even ask you to verify your credentials so that the bank is assured that you are you, exposing your login information.
Spam email – Threat actors send an unsolicited email containing advertisements or malicious files. This type of email is sent most often to solicit a response, telling the threat actor that the email is valid and a user has opened the spam.
Open mail relay server – Threat actors take advantage of enterprise servers that are misconfigured as open mail relays to send large volumes of spam or malware to unsuspecting users. The open mail relay is an SMTP server that allows anybody on the internet to send mail. Because anyone can use the server, they are vulnerable to spammers and worms. Very large volumes of spam can be sent by using an open mail relay. It is important that corporate email servers are never set up as an open relay. This will considerably reduce the number of unsolicited emails.
Homoglyphs – Threat actors can use text characters that are very similar or even identical to legitimate text characters. For example, it can be difficult to distinguish between an O (upper case letter O) and a 0 (number zero) or a l (lower case “L”) and a 1 (number one). These can be used in phishing emails to make them look very convincing. In DNS, these characters are very different from the real thing. When the DNS record is searched, a completely different URL is found when the link with the homoglyph is used in the search.

Just like any other service that is listening to a port for incoming connections, SMTP servers also may have vulnerabilities. Always keep SMTP software up to date with security and software patches and updates.

To further prevent threat actors from completing their task of fooling the end-user, implement countermeasures. Use a security appliance specific to email such as the Cisco Email Security Appliance.

This will help to detect and block many known types of threats such as phishing, spam, and malware. Also, educate the end-user. When attacks make it by the security measures in place, and they will sometimes, the end-user is the last line of defence. Teach them how to recognize spam, phishing attempts, suspicious links and URLs, homoglyphs, and never open suspicious attachments.

Web-Exposed Databases

Web applications commonly connect to a relational database to access data. Because relational databases often contain sensitive data, databases are a frequent target for attacks.
Code Injection
Attackers are able to execute commands on a web server’s OS through a web application that is vulnerable. This might occur if the web application provides input fields to the attacker for entering malicious data. The attacker’s commands are executed through the web application and have the same permissions as the web application. This type of attack is used because often there is insufficient validation of input. An example is when a threat actor injects PHP code into an insecure input field on the server page.SQL Injection
SQL is the language used to query a relational database. Threat actors use SQL injections to breach the relational database, create malicious SQL queries, and obtain sensitive data from the relational database.
One of the most common database attacks is the SQL injection attack. The SQL injection attack consists of inserting a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data, execute administration operations on the database, and sometimes, issue commands to the operating system.

Unless an application uses strict input data validation, it will be vulnerable to the SQL injection attack. If an application accepts and processes user-supplied data without any input data validation, a threat actor could submit a maliciously crafted input string to trigger the SQL injection attack.

Security analysts should be able to recognize suspicious SQL queries in order to detect if the relational database has been subjected to SQL injection attacks. They need to be able to determine which user ID was used by the threat actor to log in, then identify any information or further access the threat actor could have leveraged after a successful login.

Client-side Scripting

Cross-Site Scripting
Not all attacks are initiated from the server-side. Cross-Site Scripting (XSS) is where web pages that are executed on the client-side, within their own web browser, are injected with malicious scripts.

These scripts can be used by Visual Basic, JavaScript, and others to access a computer, collect sensitive information, or deploy more attacks and spread malware. As with SQL injection, this is often due to the attacker posting content to a trusted website with a lack of input validation. Future visitors to the trusted website will be exposed to the content provided by the attacker.
These are the two main types of XSS:

Stored (persistent) – This is permanently stored on the infected server and is received by all visitors to the infected page.
Reflected (non-persistent) – This only requires that the malicious script is located in a link and visitors must click the infected link to become infected.

These are some ways to prevent or reduce XSS attacks:

Be sure that web application developers are aware of XSS vulnerabilities and how to avoid them.
Use an IPS implementation to detect and prevent malicious scripts.
Use a web proxy to block malicious sites.
Use a service such as Cisco Umbrella to prevent users from navigating to websites that are known to be malicious.
As with all other security measures, be sure to educate end-users. Teach them to identify phishing attacks and notify infosec personnel when they are suspicious of anything security-related.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be delighted to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

Fact Check Policy

Understanding Threats And Vulnerabilities For Networks

Leave a reply

In this article, I want to look at some of the facts that you need to know about threats and vulnerabilities for networks. Cybersecurity analysts must prepare for any type of attack. It is their job to secure the assets of the organization’s network. To do this, cybersecurity analysts must first identify:

Assets – Anything of value to an organization that must be protected including servers, infrastructure devices, end devices, and the greatest asset, data.
Vulnerabilities – A weakness in a system or its design that could be exploited by a threat actor.
Threats – Any potential danger to an asset.

Identify Assets

As an organization grows, so do its assets. Consider the number of assets a large organization would have to protect. It may also acquire other assets through mergers with other companies. The result is that many organizations only have a general idea of the assets that need to be protected.

The collection of all the devices and information owned or managed by the organization are assets. The assets constitute the attack surface that threat actors could target. These assets must be inventoried and assessed for the level of protection needed to thwart potential attacks.

Asset management consists of inventorying all assets, and then developing and implementing policies and procedures to protect them. This task can be daunting considering many organizations must protect internal users and resources, mobile workers, and cloud-based and virtual services.

Further, organizations need to identify where critical information assets are stored, and how access is gained to that information. Information assets vary, as do the threats against them. For example, a retail business may store customer credit card information.

An engineering firm will store competition-sensitive designs and software. A bank will store customer data, account information, and other sensitive financial information. Each of these assets can attract different threat actors who have different skill levels and motivations.

Identify Vulnerabilities

Threat identification provides an organization with a list of likely threats for a particular environment. When identifying threats, it is important to ask several questions:

What are the possible vulnerabilities of a system?
Who may want to exploit those vulnerabilities to access specific information assets?
What are the consequences if system vulnerabilities are exploited and assets are lost?

The threat identification for an e-banking system would include:

Internal system compromise – The attacker uses the exposed e-banking servers to break into an internal bank system.
Stolen customer data – An attacker steals the personal and financial data of bank customers from the customer database.
Phony transactions from an external server – An attacker alters the code of the e-banking application and makes transactions by impersonating a legitimate user.
Phony transactions using a stolen customer PIN or smart card – An attacker steals the identity of a customer and completes malicious transactions from the compromised account.
Insider attack on the system – A bank employee finds a flaw in the system from which to mount an attack.
Data input errors – A user inputs incorrect data or makes incorrect transaction requests.
Data centre destruction – A cataclysmic event severely damages or destroys the data centre.

Identifying vulnerabilities on a network requires an understanding of the important applications that are used, as well as the different vulnerabilities of that application and hardware. This can require a significant amount of research on the part of the network administrator.

Identify Threats

Organizations must use a defence-in-depth approach to identify threats and secure vulnerable assets. This approach uses multiple layers of security at the network edge, within the network, and on network endpoints.

Edge router – The first line of defence is known as an edge router (R1 in the figure). The edge router has a set of rules specifying which traffic it allows or denies. It passes all connections that are intended for the internal LAN to the firewall.
Firewall – The second line of defence is the firewall. The firewall is a checkpoint device that performs additional filtering and tracks the state of the connections. It denies the initiation of connections from the outside (untrusted) networks to the inside (trusted) network while enabling internal users to establish two-way connections to the untrusted networks. It can also perform user authentication (authentication proxy) to grant external remote users access to internal network resources.
Internal router – Another line of defence is the internal router (R2 in the figure). It can apply final filtering rules on the traffic before it is forwarded to it’s destination.

Routers and firewalls are not the only devices that are used in a defence-in-depth approach. Other security devices include Intrusion Prevention Systems (IPS), Advanced Malware Protection (AMP), web and email content security systems, identity services, network access controls and more.
In the layered defence-in-depth security approach, the different layers work together to create a security architecture in which the failure of one safeguard does not affect the effectiveness of the other safeguards.

The Security Onion and The Security Artichoke

There are two common analogies that are used to describe a defence-in-depth approach.

#1 Security Onion

A common analogy used to describe a defence-in-depth approach is called “the security onion.” a threat actor would have to peel away at a network’s defences layer by layer in a manner similar to peeling an onion. Only after penetrating each layer would the threat actor reach the target data or system.
Note: The security onion described on this page is a way of visualizing defence-in-depth. This is not to be confused with the Security Onion suite of network security tools.

#2 Security Artichoke

The changing landscape of networking, such as the evolution of borderless networks, has changed this analogy to the “security artichoke”, which benefits the threat actor.
As illustrated in the figure, threat actors no longer have to peel away each layer. They only need to remove certain “artichoke leaves.” The bonus is that each “leaf” of the network may reveal sensitive data that is not well secured.
For example, it’s easier for a threat actor to compromise a mobile device than it is to compromise an internal computer or server that is protected by layers of defence. Each mobile device is a leaf. And leaf after leaf, it all leads the hacker to more data. The heart of the artichoke is where the most confidential data is found. Each leaf provides a layer of protection while simultaneously providing a path to attack.
Not every leaf needs to be removed in order to get at the heart of the artichoke. The hacker chips away at the security armour along the perimeter to get to the “heart” of the enterprise.
While internet-facing systems are usually very well protected and boundary protections are typically solid, persistent hackers, aided by a mix of skill and luck, do eventually find a gap in that hard-core exterior through which they can enter and go where they please.

Fact Check Policy

Understanding Security Policy Regulations And Standards

Leave a reply

Business policies are the guidelines that are developed by an organization to govern its actions. The policies define standards of correct behaviour for the business and its employees. In networking, policies define the activities that are allowed on the network.

This sets a baseline of acceptable use. If the behaviour that violates the business policy is detected on the network, it is possible that a security breach has occurred. understanding Security Policy Regulations And Standards. In this article, I want to talk about security policy regulations and standards in cyber security.

An organization may have several guiding policies, as listed in the table.

Policy	Description
Company policies	These policies establish the rules of conduct and the responsibilities of both employees and employers. Policies protect the rights of workers as well as the business interests of employers. Depending on the needs of the organization, various policies and procedures establish rules regarding employee conduct, attendance, dress code, privacy and other areas related to the terms and conditions of employment.
Employee policies	These policies are created and maintained by human resources staff to identify employee salary, pay schedule, employee benefits, work schedule, vacations, and more. They are often provided to new employees to review and sign.
Security policies	These policies identify a set of security objectives for a company, define the rules of behavior for users and administrators, and specify system requirements. These objectives, rules, and requirements collectively ensure the security of a network and the computer systems in an organization. Much like a continuity plan, a security policy is a constantly evolving document based on changes in the threat landscape, vulnerabilities, and business and employee requirements.

Security Policy

A comprehensive security policy has a number of benefits, including the following:

Demonstrates an organization’s commitment to security
Sets the rules for expected behavior
Ensures consistency in system operations, software and hardware acquisition and use, and maintenance
Defines the legal consequences of violations
Gives security staff the backing of management

Security policies are used to inform users, staff, and managers of an organization’s requirements for protecting technology and information assets. A security policy also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance.

The table lists policies that may be included in a security policy.

Policy	Description
Identification and authentication policy	Specifies authorized persons that can have access to network resources and identity verification procedures.
Password policies	Ensures passwords meet minimum requirements and are changed regularly.
Acceptable Use Policy (AUP)	Identifies network applications and uses that are acceptable to the organization. It may also identify ramifications if this policy is violated.
Remote access policy	Identifies how remote users can access a network and what is accessible via remote connectivity.
Network maintenance policy	Specifies network device operating systems and end user application update procedures.
Incident handling procedures	Describes how security incidents are handled.

One of the most common security policy components is an AUP. This can also be referred to as an appropriate use policy. This component defines what users are allowed and not allowed to do on the various system components. This includes the type of traffic that is allowed on the network. The AUP should be as explicit as possible to avoid misunderstanding.

For example, an AUP might list specific websites, newsgroups, or bandwidth-intensive applications that are prohibited from being accessed by company computers or from the company network. Every employee should be required to sign an AUP, and the signed AUPs should be retained for the duration of employment.

BYOD Policies

Many organizations must now also support Bring Your Own Device (BYOD). This enables employees to use their own mobile devices to access company systems, software, networks, or information. BYOD provides several key benefits to enterprises, including increased productivity, reduced IT and operating costs, better mobility for employees, and greater appeal when it comes to hiring and retaining employees.

However, these benefits also bring an increased information security risk because BYOD can lead to data breaches and greater liability for the organization.
A BYOD security policy should be developed to accomplish the following:

Specify the goals of the BYOD program.
Identify which employees can bring their own devices.
Identify which devices will be supported.
Identify the level of access employees are granted when using personal devices.
Describe the rights to access and activities permitted to security personnel on the device.
Identify which regulations must be adhered to when using employee devices.
Identify safeguards to put in place if a device is compromised.

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

Best Practice	Description
Password-protected access	Use unique passwords for each device and account.
Manually control wireless connectivity	Turn off Wi-Fi and Bluetooth connectivity when not in use. Connect only to trusted networks.
Keep updated	Always keep the device OS and other software updated. Updated software often contains security patches to mitigate against the latest threats or exploits.
Back up data	Enable backup of the device in case it is lost or stolen.
Enable “Find my Device”	Subscribe to a device locator service with a remote wipe feature.
Provide antivirus software	Provide antivirus software for approved BYOD devices.
Use Mobile Device Management (MDM) software	MDM software enables IT, teams, to implement security settings and software configurations on all devices that connect to company networks.

Regulatory and Standards Compliance

There are also external regulations regarding network security. Network security professionals must be familiar with the laws and codes of ethics that are binding on Information Systems Security (INFOSEC) professionals.

Many organizations are mandated to develop and implement security policies. Compliance regulations define what organizations are responsible for providing and the liability if they fail to comply. The compliance regulations that an organization is obligated to follow depend on the type of organization and the data that the organization handles. Specific compliance regulations will be discussed later in the course.

Fact Check Policy

Understanding CIA Triad In Cyber Security

Leave a reply

Information security deals with protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. In this article, I will be talking about CIA Triad in cyber security. Follow me as we are going to look at that together in this article.

CIA Triad

As shown in the figure, the CIA triad consists of three components of information security:

Confidentiality – Only authorized individuals, entities, or processes can access sensitive information.
Integrity – This refers to the protection of data from unauthorized alteration.
Availability – Authorized users must have uninterrupted access to the network resources and data that they require.

Network data can be encrypted (made unreadable to unauthorized users) using various cryptography applications. The conversation between two IP phone users can be encrypted. The files on a computer can also be encrypted. These are just a few examples. Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted.

Zero Trust Security

Zero trust is a comprehensive approach to securing all access across networks, applications, and environments. This approach helps secure access from users, end-user devices, APIs, IoT, microservices, containers, and more. It protects an organization’s workforce, workloads, and workplace.

The principle of a zero-trust approach is, “never trust, always verify.” Assume zero trusts any time someone or something requests access to assets. A zero-trust security framework helps to prevent unauthorized access, contain breaches, and reduce the risk of an attacker’s lateral movement through a network.

Traditionally, the network perimeter, or edge, was the boundary between inside and outside, or trusted and untrusted. In a Zero trust approach, any place at which an access control decision is required should be considered a perimeter.

This means that although a user or other entity may have successfully passed access control previously, they are not trusted to access another area or resource until they are authenticated. In some cases, users may be required to authenticate multiple times and in different ways, to gain access to different layers of the network.

The three pillars of zero trust are workforce, workloads, and workplace.
Click on the buttons to learn more about the pillars of zero trust.

Zero Trust for the Workforce

Zero Trust for Workloads

Zero Trust for the Workplace

#1 Zero Trust for the Workforce

This pillar consists of people (e.g., employees, contractors, partners, and vendors) who access work applications by using their personal or corporate-managed devices. This pillar ensures only the right users and secure devices can access applications, regardless of location.

#2 Zero Trust for Workloads

#3 Zero Trust for Workplace

This pillar focuses on secure access for any and all devices, including on the internet of things (IoT), that connect to enterprise networks, such as user endpoints, physical and virtual servers, printers, cameras, HVAC systems, kiosks, infusion pumps, industrial control systems, and more.

Access Control Models

An organization must implement proper access controls to protect its network resources, information system resources, and information.
A security analyst should understand the different basic access control models to have a better understanding of how attackers can break the access controls.
The table lists various types of access control methods.

Access Control Models	Description
Discretionary access control (DAC)	This is the least restrictive model and allows users to control access to their data as owners of that data. DAC may use ACLs or other methods to specify which users or groups of users have access to the information.
Mandatory access control (MAC)	This applies the strictest access control and is typically used in military or mission critical applications. It assigns security level labels to information and enables users with access based on their security level clearance.
Role-based access control (RBAC)	Access decisions are based on an individual’s roles and responsibilities within the organization. Different roles are assigned security privileges, and individuals are assigned to the RBAC profile for the role. Roles may include different positions, job classifications or groups of job classifications. Also known as a type of non-discretionary access control.
Attribute-based access control (ABAC)	ABAC allows access based on attributes of the object (resource) to be accessed, the subject (user) accessing the resource, and environmental factors regarding how the object is to be accessed, such as time of day.
Rule-based access control (RBAC)	Network security staff specify sets of rules regarding or conditions that are associated with access to data or systems. These rules may specify permitted or denied IP addresses, or certain protocols and other conditions. Also known as Rule-Based RBAC.
Time-based access control (TAC)	TAC Allows access to network resources based on time and day.

Another access control model is the principle of least privilege, which specifies a limited, as-needed approach to granting user and process access rights to specific information and tools. The principle of least privilege states that users should be granted the minimum amount of access required to perform their work function.

A common exploit is known as privilege escalation. In this exploit, vulnerabilities in servers or access control systems are exploited to grant an unauthorized user, or software process, higher levels of privilege than they should have. After the privilege is granted, the threat actor can access sensitive information or take control of a system.

Fact Check Policy

Understanding AAA Operation In Cyber Security

Leave a reply

Understanding AAA Operation In Cyber Security

A network must be designed to control who is allowed to connect to it and what they are allowed to do when they are connected. These design requirements are identified in the network security policy. The policy specifies how network administrators, corporate users, remote users, business partners, and clients access network resources. The network security policy can also mandate the implementation of an accounting system that tracks who logged in and when and what they did while logged in. Some compliance regulations may specify that access must be logged and the logs retained for a set period of time

The Authentication, Authorization, and Accounting (AAA) protocol provides the necessary framework to enable scalable access security.

The table lists the three independent security functions provided by the AAA architectural framework.

AAA Component	Description
Authentication	Users and administrators must prove that they are who they say they are. Authentication can be established using a username and password combinations, challenge and response questions, token cards, and other methods. AAA authentication provides a centralized way to control access to the network.
Authorization	After the user is authenticated, authorization services determine which resources the user can access and which operations the user is allowed to perform. An example is “User ‘student’ can access host server XYZ using SSH only.”
Accounting	Accounting records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Accounting keeps track of how network resources are used. An example is “User ‘student’ accessed host server XYZ using SSH for 15 minutes.”

This concept is similar to the use of a credit card, as indicated by the figure. The credit card identifies who can use it, how much that user can spend, and keeps an account of what items the user spent money on.

AAA Authentication

AAA Authentication can be used to authenticate users for administrative access or it can be used to authenticate users for remote network access.
Cisco provides two common methods of implementing AAA services.

Local AAA Authentication

Server-Based AAA Authentication

This method is sometimes known as self-contained authentication because it authenticates users against locally stored usernames and passwords, as shown in the figure. Local AAA is ideal for small networks.

Centralized AAA is more scalable and manageable than local AAA authentication and therefore, it is the preferred AAA implementation.

A centralized AAA system may independently maintain databases for authentication, authorization, and accounting. It can leverage Active Directory or Lightweight Directory Access Protocol (LDAP) for user authentication and group membership while maintaining its own authorization and accounting databases.

Devices communicate with the centralized AAA server using either the Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+) protocols.

The table lists the differences between the two protocols.

	TACACS+	RADIUS
Functionality	It separates authentication, authorization, and accounting functions according to the AAA architecture. This allows modularity of the security server implementation.	It combines authentication and authorization but separates accounting, which allows less flexibility in implementation than TACACS+
Standard	Mostly Cisco supported	Open/RFC standard
Transport	TCP port 49	UDP ports 1812 and 1813, or 1645 and 1646
Protocol CHAP	Bidirectional challenge and response as used in Challenge Handshake Authentication Protocol (CHAP)	Unidirectional challenge and response from the RADIUS security server to the RADIUS client
Confidentiality	Encrypts the entire body of the packet but leaves a standard TACACS+ header.	Encrypts only the password in the access-request packet from the client to the server. The remainder of the packet is unencrypted, leaving the username, authorized services, and accounting unprotected.
Customization	Provides authorization of router commands on a per-user or per-group basis	Has no option to authorize router commands on a per-user or per-group basis
Accounting	Limited	Extensive

AAA Accounting Logs

Centralized AAA also enables the use of the Accounting method. Accounting records from all devices are sent to centralized repositories, which simplifies auditing of user actions.

AAA Accounting collects and reports usage data in AAA logs. These logs are useful for security auditing. The collected data might include the start and stop connection times, executed commands, number of packets, and number of bytes.

One widely deployed use of accounting is to combine it with AAA authentication. This helps with managing access to internetworking devices by network administrative staff. Accounting provides more security than just authentication.

The AAA servers keep a detailed log of exactly what the authenticated user does on the device, as shown in the figure. This includes all EXEC and configuration commands issued by the user.

The log contains numerous data fields, including the username, the date and time, and the actual command that was entered by the user. This information is useful when troubleshooting devices. It also provides evidence against individuals who perform malicious actions.

The table displays the various types of accounting information that can be collected.

Type of Accounting Information	Description
Network Accounting	Network accounting captures information for all Point-to-Point Protocol (PPP) sessions, including packet and byte counts.
Connection Accounting	Connection accounting captures information about all outbound connections that are made from the AAA client, such as by SSH.
EXEC Accounting	EXEC accounting captures information about user EXEC terminal sessions (user shells) on the network access server, including username, date, start and stop times, and the access server IP address.
System Accounting	System accounting captures information about all system-level events (for example, when the system reboots or when accounting is turned on or off).
Command Accounting	Command accounting captures information about the EXEC shell commands for a specified privilege level, as well as the date and time each command was executed, and the user who executed it.
Resource Accounting	The Cisco implementation of AAA accounting captures “start” and “stop” record support for connections that have passed user authentication. The additional feature of generating “stop” records for connections that fail to authenticate as part of user authentication is also supported. Such records are necessary for users employing accounting records to manage and monitor their networks.

Fact Check Policy

Securing Communications In Cyber Security: How ?

Leave a reply

Organizations must provide support to secure the data as it travels across links. This may include internal traffic, but it is even more important to protect the data that travels outside of the organization to branch sites, telecommuter sites, and partner sites. In this article, I want to take about the means of securing communications in cyber security. Follow me as we look at that in this article.
These are the four elements of secure communications:

Data Integrity – Guarantees that the message was not altered. Any changes to data in transit will be detected. Integrity is ensured by implementing either of the Secure Hash Algorithms (SHA-2 or SHA-3). The MD5 message-digest algorithm is still widely in use, however, it is inherently insecure and creates vulnerabilities in a network. The use of MD5 should be avoided.
Origin Authentication – Guarantees that the message is not a forgery and does actually come from whom it states. Many modern networks ensure authentication with algorithms such as hash-based message authentication code (HMAC).
Data Confidentiality – Guarantees that only authorized users can read the message. If the message is intercepted, it cannot be deciphered within a reasonable amount of time. Data confidentiality is implemented using symmetric and asymmetric encryption algorithms.
Data Non-Repudiation – Guarantees that the sender cannot repudiate, or refute, the validity of a message sent. Nonrepudiation relies on the fact that only the sender has the unique characteristics or signature for how that message is treated.

Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted.

Cryptographic Hash Functions

Hashes are used to verify and ensure data integrity. Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse. Grinding coffee is a good analogy of a one-way function.

It is easy to grind coffee beans, but it is almost impossible to put all of the tiny pieces back together to rebuild the original beans. The cryptographic hashing function can also be used to verify authentication.

A hash function takes a variable block of binary data, called the message, and produces a fixed-length, condensed representation, called the hash. The resulting hash is also sometimes called the message digest, digest, or digital fingerprint.

With hash functions, it is computationally infeasible for two different sets of data to come up with the same hash output. Every time the data is changed or altered, the hash value also changes.

Because of this, cryptographic hash values are often called digital fingerprints. They can be used to detect duplicate data files, file version changes, and similar applications. These values are used to guard against an accidental or intentional change to the data, or accidental data corruption.

The cryptographic hash function is applied in many different situations for entity authentication, data integrity, and data authenticity purposes.

Cryptographic Hash Operation

Mathematically, the equation h= H(x) is used to explain how a hash algorithm operates. As shown in the figure, a hash function H takes an input x and returns a fixed-size string hash value h.

The example in the figure summarizes the mathematical process. A cryptographic hash function should have the following properties:

The input can be any length.
The output has a fixed length.
H(x) is relatively easy to compute for any given x.
H(x) is one way and not reversible.
H(x) is collision-free, meaning that two different input values will result in different hash values.

If a hash function is hard to invert, it is considered a one-way hash. Hard to invert means that given a hash value of h, it is computationally infeasible to find an input for x such that h=H(x).

MD5 and SHA

Hash functions are used to ensure the integrity of a message. They ensure data has not changed accidentally or intentionally. In the figure, the sender is sending a $100 money transfer to Alex. The sender wants to ensure that the message is not accidentally altered on its way to the receiver. Deliberate changes that are made by a threat actor are still possible.

Pay to Alex$100.00One Hundred and 00/100 Dollars4ehlDx67NMop9Starting HashPay to Jeremy$1000.00One Thousand and 00/100 Dollars12ehqPx67NMoXEnding HashDifferent

The hash algorithm works as follows:

The sending device inputs the message into a hashing algorithm and computes its fixed-length hash of 4ehiDx67NMop9.
This hash is then attached to the message and sent to the receiver. Both the message and the hash are in plaintext.
The receiving device removes the hash from the message and inputs the message into the same hashing algorithm. If the computed hash is equal to the one that is attached to the message, the message has not been altered during transit. If the hashes are not equal, as shown in the figure, then the integrity of the message can no longer be trusted.

There are four well-known hash functions:

MD5 with 128-bit digest – Developed by Ron Rivest and used in a variety of internet applications, MD5 is a one-way function that produces a 128-bit hashed message. MD5 is considered to be a legacy algorithm and should be avoided and used only when no better alternatives are available. It is recommended that SHA-2 or SHA-3 be used instead.
SHA-1 – Developed by the U.S. National Security Agency (NSA) in 1995. It is very similar to the MD5 hash functions. Several versions exist. SHA-1 creates a 160-bit hashed message and is slightly slower than MD5. SHA-1 has known flaws and is a legacy algorithm.
SHA-2 – Developed by the NSA. It includes SHA-224 (224 bit), SHA-256 (256 bit), SHA-384 (384 bit), and SHA-512 (512 bit). If you are using SHA-2, then the SHA-256, SHA-384, and SHA-512 algorithms should be used whenever possible.
SHA-3 – SHA-3 is the newest hashing algorithm and was introduced by NIST as an alternative and eventual replacement for the SHA-2 family of hashing algorithms. SHA-3 includes SHA3-224 (224 bit), SHA3-256 (256 bit), SHA3-384 (384 bit), and SHA3-512 (512 bit). The SHA-3 family are next-generation algorithms and should be used whenever possible.

While hashing can be used to detect accidental changes, it cannot be used to guard against deliberate changes that are made by a threat actor. There is no unique identifying information from the sender in the hashing procedure. This means that anyone can compute a hash for any data, as long as they have the correct hash function.

For example, when the message traverses the network, a potential attacker could intercept the message, change it, recalculate the hash, and append it to the message. The receiving device will only validate against whatever hash is appended.

Therefore, hashing is vulnerable to man-in-the-middle attacks and does not provide security to transmitted data. To provide integrity and origin authentication, something more is required.

Note: Hashing algorithms only protect against accidental changes and does not protect the data from changes deliberately made by a threat actor.

Origin Authentication

To add origin authentication and integrity assurance, use a keyed hash message authentication code (HMAC). HMAC uses an additional secret key as input to the hash function.

Note: Other Message Authentication Code (MAC) methods are also used. However, HMAC is used in many systems including SSL, IPsec, and SSH.

Click each button for an illustration and explanation about origin authentication using HMAC.

HMAC Hashing Algorithm

Creating the HMAC Value

Verifying the HMAC Value

Cisco Router HMAC Example

An HMAC is calculated using any cryptographic algorithm that combines a cryptographic hash function with a secret key. Hash functions are the basis of the protection mechanism of HMACs.

Only the sender and the receiver know the secret key, and the output of the hash function now depends on the input data and the secret key. Only parties who have access to that secret key can compute the digest of an HMAC function. This defeats man-in-the-middle attacks and provides authentication of the data origin.

If two parties share a secret key and use HMAC functions for authentication, a properly constructed HMAC digest of a message that a party has received indicates that the other party was the originator of the message. This is because the other party possesses the secret key.

Fact Check Policy

CRMNIAIJA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Fact Check Policy

Data Confidentiality In Cybersecurity: What You Should Know

Leave a reply

There are two classes of encryption used to provide data confidentiality; asymmetric and symmetric. These two classes differ in how they use keys. In this article, I am going to talk about data confidentiality in Cybersecurity. Symmetric encryption algorithms such as Data Encryption Standard (DES), 3DES, and Advanced Encryption Standard (AES) are based on the premise that each communicating party knows the pre-shared key. Data confidentiality can also be ensured using asymmetric algorithms, including Rivest, Shamir, and Adleman (RSA) and the public key infrastructure (PKI).

Note: DES is a legacy algorithm and should not be used. 3DES should be avoided if possible.
The figure highlights some differences between symmetric and asymmetric encryption.

Symmetric EncryptionAsymmetric Encryption

Use the same key to encrypt and decrypt data.
Key lengths are short (40 bits – 256 bits).
Faster than asymmetric encryption.
Commonly used for encrypting bulk data such as in VPN traffic.

Uses different keys to encrypt and decrypt data.
Key lengths are long (512 bits – 4096 bits).
Computationally taxing therefore slower than symmetric encryption.
Commonly used for quick data transactions such as HTTPS when accessing your bank data.

Symmetric Encryption

Symmetric algorithms use the same pre-shared key to encrypt and decrypt data. A pre-shared key, also called a secret key, is known by the sender and receiver before any encrypted communications can take place.

To help illustrate how symmetric encryption works, consider an example where Alice and Bob live in different locations and want to exchange secret messages with one another through the mail system. In this example, Alice wants to send a secret message to Bob.

In the figure, Alice and Bob have identical keys to a single padlock. These keys were exchanged prior to sending any secret messages. Alice writes a secret message and puts it in a small box that she locks using the padlock with her key. She mails the box to Bob.

The message is safely locked inside the box as the box makes its way through the post office system. When Bob receives the box, he uses his key to unlock the padlock and retrieve the message. Bob can use the same box and padlock to send a secret reply back to Alice.

Symmetric Encryption Example

Today, symmetric encryption algorithms are commonly used with VPN traffic. This is because symmetric algorithms use less CPU resources than asymmetric encryption algorithms. This allows the encryption and decryption of data to be fast when using a VPN.

When using symmetric encryption algorithms, like any other type of encryption, the longer the key, the longer it will take for someone to discover the key. Most encryption keys are between 112 and 256 bits. To ensure that the encryption is safe, a minimum key length of 128 bits should be used. Use a longer key for more secure communications.

Symmetric encryption algorithms are sometimes classified as either a block cypher or a stream cypher. Click the buttons to learn about these two cypher modes.

Block cyphers transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128 bits. Common block cyphers include DES with 64-bit block size and AES with 128-bit block size.

Well-known symmetric encryption algorithms are described in the table.

Symmetric Encryption Algorithms	Description
Data Encryption Standard (DES)	This is a legacy symmetric encryption algorithm. It uses a short key length that makes it insecure for most current uses.
3DES (Triple DES)	The is the replacement for DES and repeats the DES algorithm process three times. It should be avoided if possible as it is scheduled to be retired in 2023. If implemented, use very short key lifetimes.
Advanced Encryption Standard (AES)	AES is a popular and recommended symmetric encryption algorithm. It offers combinations of 128-, 192-, or 256-bit keys to encrypt 128, 192, or 256 bit-long data blocks.
Software-Optimized Encryption Algorithm (SEAL)	SEAL is a faster alternative symmetric encryption algorithm to AES. SEAL is a stream cypher that uses a 160-bit encryption key and has a lower impact on the CPU compared to other software-based algorithms.
Rivest ciphers (RC) series algorithms	This algorithm was developed by Ron Rivest. Several variations have been developed, but RC4 was the most prevalent in use. RC4 is a stream cypher that was used to secure web traffic. It has been found to have multiple vulnerabilities which have made it insecure. RC4 should not be used.

Asymmetric Encryption

Asymmetric algorithms, also called public-key algorithms, are designed so that the key that is used for encryption is different from the key that is used for decryption, as shown in the figure. The decryption key cannot, in any reasonable amount of time, be calculated from the encryption key and vice versa.

Asymmetric Encryption Example

Asymmetric algorithms use a public key and a private key. Both keys are capable of the encryption process, but the complementary paired key is required for decryption. The process is also reversible. Data that is encrypted with the public key requires the private key to decrypt. Asymmetric algorithms achieve confidentiality and authenticity by using this process.

Because neither party has a shared secret, very long key lengths must be used. Asymmetric encryption can use key lengths between 512 to 4,096 bits. Key lengths greater than or equal to 2,048 bits can be trusted, while key lengths of 1,024 or shorter are considered insufficient.

Examples of protocols that use asymmetric key algorithms include:

Internet Key Exchange (IKE) – This is a fundamental component of IPsec VPNs.
Secure Socket Layer (SSL) – This is now implemented as IETF standard Transport Layer Security (TLS).
Secure Shell (SSH) – This protocol provides a secure remote access connection to network devices.
Pretty Good Privacy (PGP) – This computer program provides cryptographic privacy and authentication. It is often used to increase the security of email communications.

Asymmetric algorithms are substantially slower than symmetric algorithms. Their design is based on computational problems, such as factoring extremely large numbers or computing discrete logarithms of extremely large numbers.

Because they are slow, asymmetric algorithms are typically used in low-volume cryptographic mechanisms, such as digital signatures and key exchange. However, the key management of asymmetric algorithms tends to be simpler than symmetric algorithms, because usually one of the two encryption or decryption keys can be made public.

Common examples of asymmetric encryption algorithms are described in the table.

Asymmetric Encryption Algorithm	Key Length	Description
Diffie-Hellman (DH)	512, 1024, 2048, 3072, 4096	The Diffie-Hellman algorithm allows two parties to agree on a key that they can use to encrypt messages they want to send to each other. The security of this algorithm depends on the assumption that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome.
Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA)	512 – 1024	DSS specifies DSA as the algorithm for digital signatures. DSA is a public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar to RSA, but is 10 to 40 times slower for verification.
Rivest, Shamir, and Adleman encryption algorithms (RSA)	512 to 2048	RSA is for public-key cryptography that is based on the current difficulty of factoring very large numbers. It is the first algorithm known to be suitable for signing, as well as encryption. It is widely used in electronic commerce protocols and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.
EIGamal	512 – 1024	An asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie-Hellman key agreement. A disadvantage of the ElGamal system is that the encrypted message becomes very big, about twice the size of the original message and for this reason it is only used for small messages such as secret keys.
Elliptic curve techniques	224 or higher	Elliptic curve cryptography can be used to adapt many cryptographic algorithms, such as Diffie-Hellman or ElGamal. The main advantage of elliptic curve cryptography is that the keys can be much smaller.

Asymmetric Encryption – Confidentiality

Asymmetric algorithms are used to provide confidentiality without pre-sharing a password. The confidentiality objective of asymmetric algorithms is initiated when the encryption process is started with the public key.
The process can be summarized using the formula:

Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality
When the public key is used to encrypt the data, the private key must be used to decrypt the data. Only one host has a private key; therefore, confidentiality is achieved.

If the private key is compromised, another key pair must be generated to replace the compromised key.

Asymmetric Encryption – Authentication

The authentication objective of asymmetric algorithms is initiated when the encryption process is started with the private key.
The process can be summarized using the formula:

Private Key (Encrypt) + Public Key (Decrypt) = Authentication
When the private key is used to encrypt the data, the corresponding public key must be used to decrypt the data. Because only one host has the private key, only that host could have encrypted the message, providing authentication of the sender. Typically, no attempt is made to preserve the secrecy of the public key, so any number of hosts can decrypt the message. When a host successfully decrypts a message using a public key, it is trusted that the private key encrypted the message, which verifies who the sender is. This is a form of authentication.

Click the buttons to view how the private and public keys can be used to provide authentication to the data exchange between Bob and Alice.

Alice uses her private key

Bob requests the public key

Bob decrypts using the public key

Alice encrypts a message using her private key. Alice sends the encrypted message to Bob. Bob needs to authenticate that the message did indeed come from Alice.

Asymmetric Encryption – Integrity

Combining the two asymmetric encryption processes provides message confidentiality, authentication, and integrity.
The following example will be used to illustrate this process. In this example, a message will be ciphered using Bob’s public key and a ciphered hash will be encrypted using Alice’s private key to provide confidentiality, authenticity, and integrity.

Alice uses Bob’s public key.

Alice encrypts a hash using her private key

Bob uses Alice’s public key to decrypt the hash

Bob uses his private key to decrypt the message

Alice wants to send a message to Bob ensuring that only Bob can read the document. In other words, Alice wants to ensure message confidentiality. Alice uses the public key of Bob to cypher the message. Only Bob will be able to decipher it using his private key.

Diffie-Hellman

Diffie-Hellman (DH) is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret without having communicated before. The new shared key is never actually exchanged between the sender and receiver. However, because both parties know it, the key can be used by an encryption algorithm to encrypt traffic between the two systems.
Here are two examples of instances when DH is commonly used:

Data is exchanged using an IPsec VPN
SSH data is exchanged

To help illustrate how DH operates, refer to the figure.

Next, Alice and Bob will each select a secret colour. Alice chose red while Bob chose blue. These secret colours will never be shared with anyone. The secret colour represents the chosen secret private key of each party.

Alice and Bob now mix the shared common colour (yellow) with their respective secret colour to produce a public colour. Therefore, Alice will mix the yellow with her red colour to produce a public colour of orange. Bob will mix the yellow and the blue to produce a public colour of green.

Alice sends her public colour (orange) to Bob and Bob sends his public colour (green) to Alice.

Alice and Bob each mix the colour they received with their own, original secret colour (Red for Alice and blue for Bob.). The result is a final brown colour mixture that is identical to the partner’s final colour mixture. The brown colour represents the resulting shared secret key between Bob and Alice.

The security of DH is based on the fact that it uses very large numbers in its calculations. For example, a DH 1024-bit number is roughly equal to a decimal number of 309 digits. Considering that a billion is 10 decimal digits (1,000,000,000), one can easily imagine the complexity of working with not one, but multiple 309-digit decimal numbers.

Diffie-Hellman uses different DH groups to determine the strength of the key that is used in the key agreement process. The higher group numbers are more secure, but require additional time to compute the key. The following identifies the DH groups supported by Cisco IOS Software and their associated prime number value:

DH Group 1: 768 bits
DH Group 2: 1024 bits
DH Group 5: 1536 bits
DH Group 14: 2048 bits
DH Group 15: 3072 bits
DH Group 16: 4096 bits

Note: A DH key agreement can also be based on elliptic curve cryptography. DH groups 19, 20, and 24, which are based on elliptic curve cryptography, are also supported by Cisco IOS Software.

Unfortunately, asymmetric key systems are extremely slow for any sort of bulk encryption. This is why it is common to encrypt the bulk of the traffic using a symmetric algorithm, such as 3DES or AES and use the DH algorithm to create keys that will be used by the encryption algorithm.

Fact Check Policy

Digital Signatures In Cybersecurity: How To Use It

Leave a reply

Digital signatures in cybersecurity are a mathematical techniques used to provide authenticity, integrity, and nonrepudiation. Digital signatures have specific properties that enable entity authentication and data integrity.

In addition, digital signatures provide nonrepudiation of the transaction. In other words, the digital signature serves as legal proof that the data exchange did take place. Digital signatures use asymmetric cryptography.

The signature cannot be forged and provides proof that the signer, and no one else, signed the document.

Digital signatures are commonly used in the following two situations:

Code signing – This is used for data integrity and authentication purposes. Code signing is used to verify the integrity of executable files downloaded from a vendor website. It also uses signed digital certificates to authenticate and verify the identity of the site that is the source of the files.
Digital certificates – These are similar to a virtual ID card and used to authenticate the identity of the system with a vendor website and establish an encrypted connection to exchange confidential data.

There are three Digital Signature Standard (DSS) algorithms that are used for generating and verifying digital signatures:

Digital Signature Algorithm (DSA) – DSA is the original standard for generating public and private key pairs, and for generating and verifying digital signatures.
Rivest-Shamir Adelman Algorithm (RSA) – RSA is an asymmetric algorithm that is commonly used for generating and verifying digital signatures.
Elliptic Curve Digital Signature Algorithm (ECDSA) – ECDSA is a newer variant of DSA and provides digital signature authentication and non-repudiation with the added benefits of computational efficiency, small signature sizes, and minimal bandwidth.

In the 1990s, RSE Security Inc. started to publish public-key cryptography standards (PKCS). There were 15 PKCS, although 1 has been withdrawn as of the time of this writing. RSE published these standards because they had the patents to the standards and wished to promote them. PKCS are not industry standards, but are well recognized in the security industry and have recently begun to become relevant to standards organizations such as the IETF and PKIX working group.

Digital Signatures for Code Signing

Digital signatures are commonly used to provide assurance of the authenticity and integrity of software code. Executable files are wrapped in a digitally signed envelope, which allows the end-user to verify the signature before installing the software.
Digitally signing code provides several assurances about the code:

The code is authentic and is actually sourced by the publisher.
The code has not been modified since it left the software publisher.
The publisher undeniably published the code. This provides nonrepudiation of the act of publishing.

The US Government Federal Information Processing Standard (FIPS) Publication 140-3, specifies that software available for download on the internet is to be digitally signed and verified.

The purpose of digitally signed software is to ensure that the software has not been tampered with and that it originated from the trusted source as claimed. Digital signatures serve as verification that the code has not been tampered with by threat actors and malicious code has not been inserted into the file by a third party.

Click the buttons to access the properties of a file that has a digitally signed certificate.

File Properties

Digital Signatures

Digital Signatures Details

Certificate Information

Certification Path

This executable file was downloaded from the internet. The file contains a software tool from Cisco Systems.

Digital Signatures for Digital Certificates

A digital certificate is equivalent to an electronic passport. It enables users, hosts, and organizations to securely exchange information over the Internet. Specifically, a digital certificate is used to authenticate and verify that a user who is sending a message is who they claim to be. Digital certificates can also be used to provide confidentiality for the receiver with the means to encrypt a reply.

Digital certificates are similar to physical certificates. For example, the paper-based Cisco Certified Network Associate Security (CCNA-S) certificate in the figure identifies who the certificate is issued to, who authorized the certificate, and for how long the certificate is valid. Digital certificates also provide similar information.

The digital certificate independently verifies an identity. Digital signatures are used to verify that an artefact, such as a file or message, is sent from the verified individual. In other words, a certificate verifies identity, a signature verifies that something comes from that identity.

This scenario will help you understand how a digital signature is used. Bob is confirming an order with Alice. Alice is ordering from Bob’s website. Alice has connected with Bob’s website, and after the certificate has been verified, Bob’s certificate is stored on Alice’s website. The certificate contains Bob’s public key. The public key is used to verify Bob’s digital signature.

Fact Check Policy

Authority And PKI Trust System: The Facts

Leave a reply

Internet traffic consists of traffic between two parties. When establishing an asymmetric connection between two hosts, the hosts will exchange their public key information. An SSL certificate is a digital certificate that confirms the identity of a website domain. To implement SSL on your website, you purchase an SSL certificate for your domain from an SSL Certificate provider. The trusted third party does an in-depth investigation prior to the issuance of credentials. In this article, I want to talk about Authority and PKI Trust System.

After this in-depth investigation, the third-party issues credentials (i.e. digital certificate) that are difficult to forge. From that point forward, all individuals who trust the third party simply accept the credentials that the third-party issues. When computers attempt to connect to a website over HTTPS, the web browser checks the website’s security certificate and verifies that it is valid and originated with a reliable CA.

This validates that the website identity is true. The certificate is saved locally by the web browser and is then used in subsequent transactions. The website’s public key is included in the certificate and is used to verify future communications between the website and the client.

These trusted third parties provide services similar to governmental licensing bureaus. The figure illustrates how a driver’s license is analogous to a digital certificate.

The Public Key Infrastructure (PKI) consists of specifications, systems, and tools that are used to create, manage, distribute, use, store, and revoke digital certificates. The certificate authority (CA) is an organization that creates digital certificates by tying a public key to a confirmed identity, such as a website or individual. The PKI is an intricate system that is designed to safeguard digital identities from hacking by even the most sophisticated threat actors or nation-states.

Some examples of Certificate Authorities are IdenTrust, DigiCert, Sectigo, GlobalSign, and GoDaddy. These CAs charge for their services. Let’s Encrypt is a non-profit CA that offers certificates free of charge.

The Public Key Infrastructure

PKI is needed to support the large-scale distribution and identification of public encryption keys. The PKI framework facilitates a highly scalable trust relationship.
It consists of the hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates.

PKI certificates contain an entity’s or individual’s public key, it’s purpose, the certificate authority (CA) that validated and issued the certificate, the date range during which the certificate is valid, and the algorithm used to create the signature.
The certificate store resides on a local computer and stores issued certificates and private keys.
The PKI Certificate of Authority (CA) is a trusted third party that issues PKI certificates to entities and individuals after verifying there identity. It signs these certificates using it’s private key.
The certificate database stores all certificates approved by the CA.

The next figure shows how the elements of the PKI interoperate:

In this example, Bob has received his digital certificate from the CA. This certificate is used whenever Bob communicates with other parties.
Bob communicates with Alice.
When Alice receives Bob’s digital certificate, she communicates with the trusted CA to validate Bob’s identity.

Issues PKI Certificate. Bob initially requests a certificate from the CA. The CA authenticates Bob and stores Bob’s PKI certificate in the certificate database.
Exchanges PKI Certificate. Bob communicates with Alice using his PKI certificate.
Verifies PKI Certificate. Alice communicates with the trusted CA using the CA’s public key. The CA refers to the certificate database to validate Bob’s PKI certificate.

Note: Not all PKI certificates are directly received from a CA. A registration authority (RA) is a subordinate CA and is certified by a root CA to issue certificates for specific uses.

The PKI Authorities System

Many vendors provide CA servers as a managed service or as an end-user product. Some of these vendors include Symantec Group (VeriSign), Comodo, Go Daddy Group, GlobalSign, and DigiCert among others.

Organizations may also implement private PKIs using Microsoft Server or Open SSL.
CAs, especially those that are outsourced, issue certificates based on classes that determine how trusted a certificate is.

The table provides a description of the classes. The class number is determined by how rigorous the procedure was that verified the identity of the holder when the certificate was issued. The higher the class number, the more trusted the certificate. Therefore, a class 5 certificate is trusted much more than a lower-class certificate.

Class	Description
0	Used for testing in situations in which no checks have been performed.
1	Used by individuals who require verification of email.
2	Used by organizations for which proof of identity is required.
3	Used for servers and software signing. Independent verification and checking of identity and authority is done by the certificate authority.
4	Used for online business transactions between companies.
5	Used for private organizations or government security.

For example, a class 1 certificate might require an email reply from the holder to confirm that they wish to enrol. This kind of confirmation is a weak authentication of the holder. For a class 3 or 4 certificates, the future holder must prove identity and authenticate the public key by showing up in person with at least two official ID documents.

Some CA public keys are preloaded, such as those listed in web browsers. The figure displays various VeriSign certificates contained in the certificate store on the host. Any certificates signed by any of the CAs in the list will be seen by the browser as legitimate and will be trusted automatically.

Note: An enterprise can also implement PKI for internal use. PKI can be used to authenticate employees who are accessing the network. In this case, the enterprise is its own CA.

The PKI Trust System

PKIs can form different topologies of trust. The simplest is the single-root PKI topology.
As shown in the figure below, a single CA, called the root CA, issues all the certificates to the end-users, which are usually within the same organization. The benefit of this approach is its simplicity. However, it is difficult to scale to a large environment because it requires a strictly centralized administration, which creates a single point of failure.

Single-Root PKI Topology

On larger networks, PKI CAs may be linked using two basic architectures:
Cross-certified CA topologies – As shown in the figure below, this is a peer-to-peer model in which individual CAs establish trust relationships with other CAs by cross-certifying CA certificates. Users in either CA domain are also assured that they can trust each other.

This provides redundancy and eliminates the single point of failure.

Cross-Certified CA

Hierarchical CA topologies – As shown in the figure below, the highest-level CA is called the root CA. It can issue certificates to end-users and to a subordinate CA. The sub-CAs could be created to support various business units, domains, or communities of trust.

The root CA maintains the established “community of trust” by ensuring that each entity in the hierarchy conforms to a minimum set of practices. The benefits of this topology include increased scalability and manageability. This topology works well in most large organizations. However, it can be difficult to determine the chain of the signing process.

A hierarchical and cross-certification topology can be combined to create a hybrid infrastructure. An example would be when two hierarchical communities want to cross-certify each other in order for members of each community to trust each other.

Hierarchical CA

Interoperability of Different PKI Vendors

Interoperability between a PKI and its supporting services, such as Lightweight Directory Access Protocol (LDAP) and X.500 directories, is a concern because many CA vendors have proposed and implemented proprietary solutions instead of waiting for standards to develop.

Note: LDAP and X.500 are protocols that are used to query a directory service, such as Microsoft Active Directory, to verify a username and password.
To address this interoperability concern, the IETF published the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 2527). The X.509 version 3 (X.509 v3) standard defines the format of a digital certificate.

X.509v3 Applications

1234

InternetEnterprise NetworkVPN ConcentratorExternal Web ServerInternet Mail ServerCisco Secure ACSCA ServerSSLS/MIMEEAP-TLSIPsec

SSL – Secure web servers use X.509.v3 for website authentication in the SSL and TLS protocols, while web browsers use X.509v3 to implement HTTPS client certificates. SSL is the most widely used certificate-based authentication.
IPsec – IPsec VPNs use X.509 certificates when RSA-based authentication is used for internet key exchange (IKE).
S/MIME – User mail agents that support mail protection with the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol use X.509 certificates.
EAP-TLS – Cisco switches can use certificates to authenticate end devices that connect to LAN ports using 802.1x between the adjacent devices. The authentication can be proxied to a central ACS via the Extensible Authentication Protocol with TLS (EAP-TLS).

Certificate Enrollment, Authentication, and Revocation

The first step in the CA authentication procedure is to securely obtain a copy of the CA’s public key. All systems that leverage the PKI must have the CA’s public key, which is called the self-signed certificate. The CA public key verifies all the certificates issued by the CA and is vital for the proper operation of the PKI.

Note: Only a root CA can issue a self-signed certificate that is recognized or verified by other CAs within the PKI.

For many systems such as web browsers, the distribution of CA certificates is handled automatically. The web browser comes pre-installed with a set of public CA root certificates. Organizations and their website domains push their public certificates to website visitors. CAs and certificate domain registrars create and distribute private and public certificates to clients that purchase certificates.

The certificate enrollment process is used by a host system to enrol with a PKI. To do so, CA certificates are retrieved in-band over a network, and the authentication is done out-of-band (OOB) using the telephone. The system enrolling with the PKI contacts a CA to request and obtain a digital identity certificate for itself and to get the CA’s self-signed certificate.

The final stage verifies that the CA certificate was authentic and is performed using an out-of-band method such as the Plain Old Telephone System (POTS) to obtain the fingerprint of the valid CA identity certificate.

Authentication no longer requires the presence of the CA server, and each user exchanges their certificates containing public keys.
Certificates must sometimes be revoked. For example, a digital certificate can be revoked if a key is compromised or if it is no longer needed.
Here are two of the most common methods of revocation:

Certificate Revocation List (CRL) – A list of revoked certificate serial numbers that have been invalidated because they expired. PKI entities regularly poll the CRL repository to receive the current CRL.
Online Certificate Status Protocol (OCSP) – An internet protocol used to query an OCSP server for the revocation status of an X.509 digital certificate. Revocation information is immediately pushed to an online database.

Fact Check Policy

Become Part Of our Fan Base on Facebook. Click Here.
Follow Us on Twitter. Click Here.
Many Crypto. One place. Use Roqqu

Hi, I now use RavenBank to send, receive and save money. I also pay my bills with ease, you should try it out too

Fact Check Policy

Analysing Applications And Its Impact On Cryptography

Leave a reply

In my previous article, I have talked about all that you need to know about network security. In this article, I will be talking about applications and their impacts on cryptography. Where can PKI be used by an enterprise?

The following provides a shortlist of common uses of PKIs:

SSL/TLS certificate-based peer authentication
Secure network traffic using IPsec VPNs
HTTPS Web traffic
Control access to the network using 802.1x authentication
Secure email using the S/MIME protocol
Secure instant messaging
Approve and authorize applications with Code Signing
Protect user data with the Encryption File System (EFS)
Implement two-factor authentication with smart cards
Securing USB storage devices

Encrypted Network Transactions

A security analyst must be able to recognize and solve potential problems related to permitting PKI-related solutions on the enterprise network.

Consider how the increase of SSL/TLS traffic poses a major security risk to enterprises because the traffic is encrypted and cannot be intercepted and monitored by normal means. Users can introduce malware or leak confidential information over an SSL/TLS connection.

Threat actors can use SSL/TLS to introduce regulatory compliance violations, viruses, malware, data loss, and intrusion attempts in a network.

Other SSL/TLS-related issues may be associated with validating the certificate of a web server. When this occurs, web browsers will display a security warning. PKI-related issues that are associated with security warnings include:

Validity date range – The X.509v3 certificates specify “not before” and “not after” dates. If the current date is outside the range, the web browser displays a message. Expired certificates may simply be the result of administrator oversight, but they may also reflect more serious conditions.
Signature validation error – If a browser cannot validate the signature on the certificate, there is no assurance that the public key in the certificate is authentic. Signature validation will fail if the root certificate of the CA hierarchy is not available in the browser’s certificate store.

The figure shows an example of a signature validation error with the Cisco AnyConnect Mobility VPN Client.

Signature Validation Error

Some of these issues can be avoided due to the fact that the SSL/TLS protocols are extensible and modular. This is known as a cypher suite. The key components of the cypher suite are the Message Authentication Code Algorithm (MAC), the encryption algorithm, the key exchange algorithm, and the authentication algorithm. These can be changed without replacing the entire protocol.

This is very helpful because the different algorithms continue to evolve. As cryptanalysis continues to reveal flaws in these algorithms, the cypher suite can be updated to patch these flaws. When the protocol versions within the cypher suite change, the version number of SSL/TLS changes as well.

Encryption and Security Monitoring

Network monitoring becomes more challenging when packets are encrypted. However, security analysts must be aware of those challenges and address them as best as possible.

For instance, when site-to-site VPNs are used, the IPS should be positioned so it can monitor unencrypted traffic.

However, the increased use of HTTPS in the enterprise network introduces new challenges. Since HTTPS introduces end-to-end encrypted HTTP traffic (via TLS/SSL), it is not as easy to peek into user traffic.

Security analysts must know how to circumvent and solve these issues. Here is a list of some of the things that a security analyst could do:

Configure rules to distinguish between SSL and non-SSL traffic, HTTPS and non-HTTPS SSL traffic.
Enhance security through server certificate validation using CRLs and OCSP.
Implement antimalware protection and URL filtering of HTTPS content.
Deploy a Cisco SSL Appliance to decrypt SSL traffic and send it to intrusion prevention system (IPS) appliances to identify risks normally hidden by SSL.

Cryptography is dynamic and always changing. A security analyst must maintain a good understanding of cryptographic algorithms and operations to be able to investigate cryptography-related security incidents.

There are two main ways in which cryptography impacts security investigations. First, attacks can be directed to specifically target the encryption algorithms themselves.

After the algorithm has been cracked and the attacker has obtained the keys, any encrypted data that has been captured can be decrypted by the attacker and read, thus exposing private data. Secondly, the security investigation is also affected because data can be hidden in plain sight by encrypting it.

For example, command and control traffic that is encrypted with TLS/SSL most likely cannot be seen by a firewall. The command and control traffic between a command and control server and an infected computer in a secure network cannot be stopped if it cannot be seen and understood.

The attacker would be able to continue using encrypted commands to infect more computers and possibly create a botnet. This type of traffic can be detected by decrypting the traffic and comparing it with known attack signatures, or by detecting anomalous TLS/SSL traffic. This is either very difficult and time-consuming or a hit-or-miss process.

Fact Check Policy

Antimalware Protection In Cybersecurity: Facts To Note

Leave a reply

The term “endpoint” is defined in various ways. For the purpose of this course, we can define endpoints as hosts on the network that can access or be accessed by other hosts on the network. This obviously includes computers and servers, however many other devices can also access the network. With the rapid growth of the Internet of Things (IoT), other types of devices are now endpoints on the network.

This includes networked security cameras, controllers, and even light bulbs and appliances. Each endpoint is potentially a way for malicious software to gain access to a network. In addition, new technologies, such as the cloud, expand the boundaries of enterprise networks to include locations on the internet for which enterprises are not responsible. This article discusses some of the facts that you need to know about antimalware protection in cybersecurity.

Devices that remotely access networks through VPNs are also endpoints that need to be considered. These endpoints could inject malware into the VPN network from the public network.
The following points summarize some of the reasons why malware remains a major challenge:

According to research from Cybersecurity Ventures, by 2021 a new organization will fall victim to a ransomware attack every 11 seconds.
Ransomware attacks will cost the global economy $6 trillion annually by 2021.
In 2018, 8 million attempts to steal system resources using cryptojacking malware were observed.
From 2016 to early 2017, global spam volume increased dramatically. 8 to 10 percent of this spam can be considered to be malicious, as shown in the figure.
In 2020, it is projected that the average number of cyber attacks per macOS device will rise from 4.8 in 2018 to 14.2 in 2020.
Several common types of malware have been found to significantly change features in less than 24 hours in order to evade detection.

Malicious Spam Percentage

Endpoint Security

News media commonly cover external network attacks on enterprise networks. These are some examples of such attacks:

DoS attacks on an organization’s network to degrade or even halt public access to it
Breach of an organization’s webserver to deface their web presence
Breach of an organization’s data servers and hosts to steal confidential information

Various network security devices are required to protect the network perimeter from outside access. As shown in the figure, these devices could include a hardened router that is providing VPN services, a next-generation firewall (ASA, in the figure), an IPS appliance, and an authentication, authorization, and accounting (AAA) services server (AAA Server, in the figure).

However, many attacks originate from inside the network. Therefore, securing an internal LAN is nearly as important as securing the outside network perimeter. Without a secure LAN, users within an organization are still susceptible to network threats and outages that can directly affect an organization’s productivity and profit margin. After an internal host is infiltrated, it can become a starting point for an attacker to gain access to critical system devices, such as servers and sensitive information.

Specifically, there are two internal LAN elements to secure:

Endpoints – Hosts commonly consist of laptops, desktops, printers, servers, and IP phones, all of which are susceptible to malware-related attacks.
Network infrastructure – LAN infrastructure devices interconnect endpoints and typically include switches, wireless devices, and IP telephony devices. Most of these devices are susceptible to LAN-related attacks including MAC address table overflow attacks, spoofing attacks, DHCP related attacks, LAN storm attacks, STP manipulation attacks, and VLAN attacks.

Host-Based Malware Protection

The network perimeter is always expanding. People access corporate network resources with mobile devices that use remote access technologies such as VPN. These same devices are also used on unsecured or minimally secured, public and home networks. Host-based antimalware/antivirus software and host-based firewalls are used to protect these devices.

Antivirus/Antimalware Software
This is software that is installed on a host to detect and mitigate viruses and malware. Examples are Windows Defender Virus & Threat Protection, Cisco AMP for Endpoints, Norton Security, McAfee, Trend Micro, and others. Antimalware programs may detect viruses using three different approaches:

Signature-based – This approach recognizes various characteristics of known malware files.
Heuristics-based – This approach recognizes general features shared by various types of malware.
Behaviour-based – This approach employs analysis of suspicious behaviour.

Many antivirus programs are able to provide real-time protection by analyzing data as it is used by the endpoint. These programs also scan for existing malware that may have entered the system prior to it being recognizable in real-time.

Host-based antivirus protection is also known as agent-based. Agent-based antivirus runs on every protected machine. Agentless antivirus protection performs scans on hosts from a centralized system. Agentless systems have become popular for virtualized environments in which multiple OS instances are running on a host simultaneously.

Agent-based antivirus running in each virtualized system can be a serious drain on system resources. Agentless antivirus for virtual hosts involves the use of a special security virtual appliance that performs optimized scanning tasks on the virtual hosts. An example of this is VMware’s vShield.

Host-based Firewall
This software is installed on a host. It restricts incoming and outgoing connections to connections initiated by that host only. Some firewall software can also prevent a host from becoming infected and stop infected hosts from spreading malware to other hosts. This function is included in some operating systems. For example, Windows includes Windows Defender Firewall with Advanced Security as shown in the figure.

Other solutions are produced by other companies or organizations. The Linux iptables and TCP Wrappers tools are examples.

Host-based Security Suites
It is recommended to install a host-based suite of security products on home networks as well as business networks. These host-based security suites include antivirus, anti-phishing, safe browsing, a Host-based intrusion prevention system, and firewall capabilities. These various security measures provide a layered defence that will protect against the most common threats.

In addition to the protection functionality provided by host-based security products is the telemetry function. Most host-based security software includes robust logging functionality that is essential to cybersecurity operations. Some host-based security programs will submit logs to a central location for analysis.

There are many host-based security programs and suites available to users and enterprises. The independent testing laboratory AV-TEST provides high-quality reviews of host-based protections, as well as information about many other security products.
Search the internet for the AVTest organization to learn more about AV-TEST.

Network-Based Malware Protection

New security architectures for the borderless network address security challenges by having endpoints use network scanning elements. These devices provide many more layers of scanning than a single endpoint possibly could. Network-based malware prevention devices are also capable of sharing information among themselves to make better-informed decisions.

Protecting endpoints in a borderless network can be accomplished using network-based, as well as host-based techniques, as shown in the figure above. The following are examples of devices and techniques that implement host protections at the network level.

Advanced Malware Protection (AMP) – This provides endpoint protection from viruses and malware.
Email Security Appliance (ESA) – This provides filtering of SPAM and potentially malicious emails before they reach the endpoint. An example is the Cisco ESA.
Web Security Appliance (WSA) – This provides filtering of websites and blacklisting to prevent hosts from reaching dangerous locations on the web. The Cisco WSA provides control over how users access the internet and can enforce acceptable use policies, control access to specific sites and services, and scan for malware.
Network Admission Control (NAC) – This permits only authorized and compliant systems to connect to the network.

Fact Check Policy

CRMNaija is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Fact Check Policy