Protocols are a common focus of attack because of the number of devices that can be targeted. Devices made by different vendors are able to communicate and work with each other because of standard protocols that allow them to understand each other. The wide use of these protocols makes them an appealing target to attackers. If a flaw can be found in a popular protocol, then many devices made by different vendors will be vulnerable to the attack. There are a number of different protocols over the years that have been updated due to vulnerabilities found in their original versions, a prime example being the SSH protocol.
SSH (Secure Shell) is a network protocol that allows users to remotely login to a computer in order to perform tasks such as executing commands and transferring files. It was designed in 1995 as a means to replace less secure protocols like rlogin and telnet. The problem with these protocols is that information, including passwords, is send as plaintext (Rosasco, & Larochelle, 2003). SSH addresses this issue by encrypting traffic sent between the devices. Even with these improvements in security, the original version of SSH, referred to as SSH1 or SSH-1, was not without its own vulnerabilities.
One vulnerability of SSH-1 allowed an attacker to insert malicious commands into an encrypted session. These commands would be accepted by the server and ran with the privileges of the user that established the connection. This attack would become known as the “SSH insertion attack”. In order to perform the attack, a person would first need access to the traffic being send between the client and server. This is possible through traditional network monitoring software, as well as through a TCP hijack attack. Once this is don...
... middle of paper ...
...s the integrity check.
Works Cited
Lanza, J.P. (2003a, May 19). Vulnerability note vu#13877. United States Computer Emergency Readiness Team, Retrieved from http://www.kb.cert.org/vuls/id/13877
Lanza, J.P. (2003b, May 19). Vulnerability note vu#945216. United States Computer Emergency Readiness Team, Retrieved from http://www.kb.cert.org/vuls/id/945216
Rosasco, N., & Larochelle, D. (2003, May 30). How and why more secure technologies succeed in legacy markets: lessons from the success of ssh. Computer Science at the University of Virginia, Retrieved from http://www.cs.virginia.edu/~drl7x/sshVsTelnetWeb3.pdf
sshd. (2002). The University of Texas at Austin, Retrieved from http://www.tacc.utexas.edu/services/userguides/ssh_detailed/
ssh insertion attack. (1998). Core Security Technologies, Retrieved from http://www.coresecurity.com/content/ssh-insertion-attack
Kabay, M. E., & Robertson, B. (2009). Security policy guidelines. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (5th ed.). New York, NY: John Wiley
Grimes, R. (2005). Honeypots for windows. (1st ed., p. 424). New York, NY: Apress Publishing. Retrieved from http://www.apress.com/9781590593356
Cichonski P., Grance T., Millar T., & Scarfone K. (2012). Computer Security Incident Handling Guide. Retrieved February 15, 2014 from http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
Staff, S. (2007, 03 07). Search Security : Security News. Retrieved 03 05, 2010, from Search Security: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1249421,00.html
Diffie, Whitfield. (2008). Information Security: 50 Years Behind, 50 Years Ahead. Communications of the ACM. 51(1), 55-57.
"SANS 2011 - Event-At-A-Glance." SANS: Computer Security Training, Network Security Research, InfoSec Resources. Web. 17 Mar. 2011. .
William C &, Dennis L &, Michael S (1996), Information Security Handbook, NY: MacMillian Press LTD
The RSA cryptosystem, imagined by Ron Rivest, Adi Shamir, and Len Adleman , was pitched in the August 1977 issue of Scientic American. The cryptosystem is generally ordinarily utilized for giving security and guaranteeing legitimacy of advanced information. Nowadays RSA is sent in numerous business frameworks. It is utilized by web servers and programs to secure web traffic, it is used to guarantee security and legitimacy of Email, it is utilized to secure remote login sessions, and it is at the heart of electronic Visa installment frameworks. In short, RSA is much of the time utilized within provisions where security of advanced information is a worry.
Whitman, M. E., & Mattord, H. J. (2009). Principles of Information Security 3rd Ed. Boston: Course Technology.
Paisley. "The Impact of a Cyber War." Defense Tech RSS. N.p., 16 Jan. 2008. Web. 21 Nov. 2013. (Source H)
BRANDON, JOHN. "When Cybercriminals ATTACK." Computerworld 45.21 (2011): 26. MasterFILE Premier. Web. 6 Feb. 2014
Hettinger, Mike, and Scott Bousum. "Cybersecurity." TechAmerica Cybersecurity Comments. N.p., n.d. Web. 11 Mar. 2014. .
Melford, RJ 1993, 'Network security ', The Internal Auditor, vol. 50, no. 1, p. 18.
Thomas, Teka. "Cyber defense: Who 's in charge?" National Defense July 2015: 21+. War and Terrorism Collection. Web. 28 Oct.
The world of hacking cannot be placed into clearly defined positive or negative categories. When people hear the word hacker they tend to think about someone that defies or breaks the law. Everything in life has two sides of it the good and the bad, that is how people can understand a subject if they see both sides. Hackers can cause havoc around the world within the systems they get into just to get what they wish. On the other hand hackers are an essential help when we are in trouble and someone needs to find info inside a cellphone to try and help if someone is missing. There are two kinds of hackers; the most familiar is described as a criminal, dangerous and devious. The other kind is not as familiar and behaves in more ethical ways.