- (Topic 3)
You are a cybersecurity specialist at CloudTech Inc., a company providing cloud-based services. You are managing a project for a client who wants to migrate their sensitive data to a public cloud service. To comply with regulatory requirements, the client insists on maintaining full control over the encryption keys even when the data is at rest on the cloud. Which of the following practices should you implement to meet this requirement?
Correct Answer:
D
The best practice to meet the client??s requirement is to encrypt data client- side before uploading to the cloud and retain control of the encryption keys. This practice is also known as client-side encryption or end-to-end encryption, and it involves encrypting the data on the client??s device using a software or hardware tool that generates and manages the encryption keys. The encrypted data is then uploaded to the cloud service, where it remains encrypted at rest. The encryption keys are never shared with the cloud service provider or any third party, and they are only used by the client to decrypt the data when needed. This way, the client can maintain full control over the encryption keys and the security of the data, even when the data is stored on a public cloud service12.
The other options are not as optimal as option D for the following reasons:
✑ A. Use the cloud service provider??s encryption services but store keys on- premises: This option is not feasible because it contradicts the client??s requirement of maintaining full control over the encryption keys. Using the cloud service provider??s encryption services means that the client has to rely on the cloud service provider to generate and manage the encryption keys, even if the keys are stored on-premises. The cloud service provider may have access to the keys or the ability to decrypt the data, which may compromise the security and privacy of the data. Moreover, storing the keys on-premises may introduce additional challenges, such as key distribution, synchronization, backup, and recovery3.
✑ B. Use the cloud service provider??s default encryption and key management services: This option is not desirable because it violates the client??s requirement of maintaining full control over the encryption keys. Using the cloud service provider??s default encryption and key management services means that the client has to trust the cloud service provider to encrypt and decrypt the data on the server-side, using the cloud service provider??s own encryption keys and mechanisms. The cloud service provider may have access to the keys or the ability to decrypt the data, which may compromise the security and privacy of the data. Furthermore, the cloud service provider??s default encryption and key management services may not meet the regulatory requirements or the security standards of the client4.
✑ C. Rely on Secure Sockets Layer (SSL) encryption for data at rest: This option is not sufficient because SSL encryption is not designed for data at rest, but for data in transit. SSL encryption is a protocol that encrypts the data as it travels over the internet between the client and the server, using certificates and keys that are exchanged and verified by both parties. SSL encryption can protect the data from being intercepted or modified by unauthorized parties, but it does not protect the data from being accessed or decrypted by the cloud service provider or any third party who has access to the server. Moreover, SSL encryption does not provide the client with any control over the encryption keys or the security of the data.
References:
✑ 1: Client-side encryption - Wikipedia
✑ 2: What is Client-Side Encryption? | Definition, Benefits & Best Practices | Kaspersky
✑ 3: Cloud Encryption Key Management: What You Need to Know | Thales
✑ 4: Cloud Encryption: How It Works and How to Use It | Comparitech
✑ : What is SSL Encryption and How Does it Work? | Norton
- (Topic 3)
Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company.
While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?
Correct Answer:
B
A man-in-the-middle attack using forged ICMP and ARP spoofing is a type of network-level session hijacking attack where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets and intercept or modify the data exchanged between the client and the server.
A man-in-the-middle attack using forged ICMP and ARP spoofing works as follows1:
✑ The attacker sends a forged ICMP redirect message to the client, claiming to be the gateway. The ICMP redirect message tells the client to use the attacker??s machine as the next hop for reaching the server??s network. The client updates its routing table accordingly and starts sending packets to the attacker??s machine instead of the gateway.
✑ The attacker also sends a forged ARP reply message to the client, claiming to be the server. The ARP reply message associates the attacker??s MAC address with the server??s IP address. The client updates its ARP cache accordingly and starts sending packets to the attacker??s MAC address instead of the server??s MAC address.
✑ The attacker receives the packets from the client and forwards them to the server, acting as a relay. The attacker can also monitor, modify, or drop the packets as they wish. The server responds to the packets and sends them back to the attacker, who then forwards them to the client. The client and the server are unaware of the attacker??s presence and think they are communicating directly with each other.
Therefore, Jake is studying a man-in-the-middle attack using forged ICMP and ARP spoofing, which is a type of network-level session hijacking attack.
References:
✑ Network or TCP Session Hijacking | Ethical Hacking - GreyCampus
- (Topic 2)
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and how can he secure that traffic?
Correct Answer:
B
We have various articles already in our documentation for setting up
SNMPv2 trap handling in Opsview, but SNMPv3 traps are a whole new ballgame. They can be quite confusing and complicated to set up the first time you go through the process, but when you understand what is going on, everything should make more sense.
SNMP has gone through several revisions to improve performance and security (version 1, 2c and 3). By default, it is a UDP port based protocol where communication is based on a ??fire and forget?? methodology in which network packets are sent to another device, but there
is no check for receipt of that packet (versus TCP port when a network packet must be acknowledged by the other end of the communication link).
There are two modes of operation with SNMP – get requests (or polling) where one device requests information from an SNMP enabled device on a regular basis (normally using UDP port 161), and traps where the SNMP enabled device sends a message to another device when an event occurs (normally using UDP port 162). The latter includes instances such as someone logging on, the device powering up or down, or a wide variety of other problems that would need this type of investigation.
This blog covers SNMPv3 traps, as polling and version 2c traps are covered elsewhere in our documentation.
SNMP trapsSince SNMP is primarily a UDP port based system, traps may be ??lost?? when sending between devices; the sending device does not wait to see if the receiver got the trap. This means if the configuration on the sending device is wrong (using the wrong receiver IP address or port) or the receiver isn??t listening for traps or rejecting them out of hand due to misconfiguration, the sender will never know.
The SNMP v2c specification introduced the idea of splitting traps into two types; the original ??hope it gets there?? trap and the newer ??INFORM?? traps. Upon receipt of an INFORM, the receiver must send an acknowledgement back. If the sender doesn??t get the acknowledgement back, then it knows there is an existing problem and can log it for sysadmins to find when they interrogate the device.
- (Topic 1)
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?
Correct Answer:
C
Cyber Kill Chain Methodology 1. Reconnaissance - Gathering information about the target.
- (Topic 2)
You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?
Correct Answer:
B
