Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What Is The Cve Of The Original Poodle Attack?
What Is the CVE Of the Original Poodle Attack? Answer: The poodle attack CVE -ID that is associated with it is CVE-2014-3566. It is the exploit to steal the data. Poodle attacks can steal sensitive information such as cookies, passwords, and relevant data of the browser which is in encrypted form wiRead more
What Is the CVE Of the Original Poodle Attack?
Answer: The poodle attack CVE -ID that is associated with it is CVE-2014-3566. It is the exploit to steal the data.
Poodle attacks can steal sensitive information such as cookies, passwords, and relevant data of the browser which is in encrypted form with the help of SLL (secure socket layer protocol). In 2014, US-CERT defines the vulnerability of the encryption technique that protects Internet traffic. POODLE is the flaw that allows hackers to easily perform client and server network decryption. SLL versions 3.0 to 2.
SLL version 3.0 ad 2.0 can encrypt and check the data authentication which is sent through the internet become weak with the POODLE attack. However, the technology is advanced ad new protocols replace the old ones but the browser somehow still supports the SLL. The hacker can attack by allowing the POODLE to force to downgrade to version 3.
The POODLE allows the MiTM hacker to check the security of the communications. The Hacker can use the POODLE and steal the confidential information mimicked to become the end-user and cause the loss of control of web applications. The POODLE attack occurs in three steps that are described below:
- At first, the hacker gets the user’s personal information with the help of a MiTM attack. The attack is like the eavesdrop an attacker is able to listen to the communication between two people on the Internet, intercepting messages and forwarding them to the parties. The user may think they are communicating with each other but the hacker has control over their communication.
- In the second step, the hacker forces us to downgrade to SLL version 3. It happens by continuing the eavesdropping till the server moves to the previous version of the Protocol if it can not move to the new protocol. It is known as the downgrade stage.
- As the server moves to version 3.0 the POODLE is use to get the data from the encrypted frames. The attacker can see the client communication and also see the data in an unencrypted form as plaintext.
See lessWhat Does a Computer Virus Look Like?
What Does a Computer Virus Look Like? Answer: The virus in the computer may determine with the following messages: Pop-up on windows. Always come to the home page. Your PC becomes slow which affects the performance. A malicious program opens up every time you open the computer. A large number of emaRead more
What Does a Computer Virus Look Like?
Answer: The virus in the computer may determine with the following messages:
The computer virus is developed in a way that it can replicate itself and transfer from one host to other. The virus can’t replicate without any host it always needs the programming files or documents to spread.
The virus is the malicious code type that is written to change the computer functions and move from one host to others. The virus work by forcing itself with a legal program which in turn depends on macros for the code execution. It has the ability to damage in an unknown way like the data corruption of the software.
When the virus attached itself to the files or program, it will stay as dormant till the computer can’t execute its code. For the virus to do its work and spread the infection the program that contains the virus must be run so that the virus will start to cause the damage. The virus will stay in the resting phase without displaying any sign of its appearance. It has the ability to infect another computer in the same network. File corruption, password stealing, scam emails, and taking over the control of the machine for some damages are the work of the virus. Some viruses have a little effect, but few have devastating effects such as data removal and permanent damage to the hard disk.
In the world of connection, the virus can spread in different ways such as through emails, text messages, email attachments, downloading from websites, social media, etc. Mobile phones are affected by malicious apps. The virus can also spread with an attachment that contains images, greetings, funny videos, or audio.
To keep your computer infected with viruses, you must be aware while browsing the web by clicking on different attachments. Do not download the text, downloads from an unknown website.
See lessWhat Statement About Controlling Access To Folders And Files Is Accurate??
What statement about controlling access to the folders and files is accurate? Answer: In the controlling access to the folder and files the statement which is true is that the rights are allocated to an account. Control access to files: The Solaris Operating system is a multiuser system where the usRead more
What statement about controlling access to the folders and files is accurate?
Answer: In the controlling access to the folder and files the statement which is true is that the rights are allocated to an account.
Control access to files:
The Solaris Operating system is a multiuser system where the users that are logged in the system can also read files of other users, this happens with the file permissions. Access to files is given with the following steps:
Guard the files through encryption:
The files are safe by making them difficult to understand by unknown users. The files that have permission 600 can’t be read by the owner as well superuser. The directory which is permit 700 is also unreadable. But some of the people who are tech nerds and get your password or find the root password can read the files. The files are encrypted is placed on a backup tape during the backup of the files. The Solaris OS framework gives the digect. mac, encrypt command for file protection.
Use of ACL:
The ACL has control over the file permission. The ACLs are used when the UNIX files that provide protection is not enough. UNIX files grant read, write, and execute permissions for owner, group, etc. of the three classes. The security provided by the ACLs is described below:
Controlled folder access:
The controlled folder access can checks the apps that are allowed the changes in the files in secure folders and also blocks applications that are not authenticated. The steps for the controlled folder access are listed below:
Sometimes the app that looks safe contains harm.it happens when the system wants you to be safe and sometimes causes an error. Just add the app to the safe list and allow the app to keep it from being blocked.
See lessWhat Is The Shortest, Abbreviated Version Of The Copy Running-Config Startup-Config Command??
What Is the Shortest, Abbreviated Version of The Copy Running-Config Startup-Config Command?? Answer: The shortest form of the Copy Running-Config Startup-Config command is the copy run start. The short form is easy to write rather than the copy system: r nvram: s. When you need to save the runningRead more
What Is the Shortest, Abbreviated Version of The Copy Running-Config Startup-Config Command??
Answer: The shortest form of the Copy Running-Config Startup-Config command is the copy run start. The short form is easy to write rather than the copy system: r nvram: s. When you need to save the running configuration of the startup file in the NVRAM type the copy run start.
To modify the configuration of RPM at first it is necessary to make the changes in the memory because it can be lost when the system is rebooted. Two forms of the configuration files exit the running configuration which is present in RAM and the startup configuration which is stored in the NVRAM. Let’s see at the condole running configuration to startup configuration for both console graphical user interface based on the following:
Console based:
Different types of the commands are present for the configuration let’s take a look at a few of them such as the:
The guideline for it in the console-based is:
R1>enable
R1#show running-config
R1#show startup-config
R1#copy startup-config
R1#show running-config startup-config
R1#erase startup-config
R1#show startup-config
Graphical user interface:
Instruction for the commands on the GUI based are listed below:
- Choose the R1 devices from the drop-down list, tap on the configuration, and the left navigation is open.
- In the navigation tap on the utility option and then the save Running config to PC.
- For the display the command taps on view > IOS display command.
- In a drop-down list choose the available show commands and tap on show.
See lessWhat Are Two Services Performed By The Data Link Layer Of The Osi Model? (Choose Two.)?
What are two services performed by the data link layer of the OSI model? (Choose two.) Data packet encryption is the work of the data link layer. When the packet needs to forward the path is determined by the data link layer. Its work is to accept the packets of Layer 3 and encapsulate them into pacRead more
What are two services performed by the data link layer of the OSI model? (Choose two.)
Answer: The data link layer work to exchange the frames between nodes on a physical media. The basic work of the data link layer is:
The path is determined by layer 3, while layer 2 is responsible to develop the MAC address table which is its work.
Datalink layer work is to manage the data movements in and out of the physical link over a network. In the OSI model, it is referred to as the Open System Interconnection (OSI). The bits encoding and decoding happen in the data link layer right before they need to move in the form of the frames between nodes. It can also check the method the device recovery after collision (a process where all the nodes send the frames at a time). The data link and two more layers one is LLC (logical link layer) and the other one is MAC (Media access layer).
LLC work is to handle the data flow of the different applications and the error detection, acknowledgement is also a function of it.MAC layer can handle access to the physical media. The physical addressing of the packets is also the work of the MAC layer. Ethernet and 802.11 wireless are common examples of it. the function of the data link layer are :
- The error in the bit transmission can handle by it.
- The data flow is controlled by it so that there is no traffic at the sending and receiving sides.
- Datalink layer allows the data transmission to layer 3 where the addressing and routing occur.
See lessWhat Is a Wifi Access Point?
What Is a Wi-Fi Access Point? Answer: The Wi-Fi access point is the device that helps the wireless devices to have a connection to a wired network.it is very convenient and quick to just install the WAPs in the computers in a network rather than the use the wires (cables). WAP (wireless access pointRead more
What Is a Wi-Fi Access Point?
Answer: The Wi-Fi access point is the device that helps the wireless devices to have a connection to a wired network.it is very convenient and quick to just install the WAPs in the computers in a network rather than the use the wires (cables).
WAP (wireless access point) itself is the device and helps the wireless capable system to have access to the internet. The access points are quite the same as the router, the newest technology router works as the access point. The ISP gives the client a service in which the router works as an access point to reduce the complications.
The router which has no functions to work as an access point causes complications for their customers because they need to connect with the dedicated WAPs to have the router enjoy the internet access and it is very difficult to handle for the end-user who has little knowledge of its working.
Most people get confused between the WAPs and the hotspot. The Wi-Fi access point covers the area with the Wi-Fi signal while the hotspot covers the region in which the connection with the internet is possible over the air. When the Wi-Fi is not developed it is very difficult for the user to connect to the internet because all devices need to have a connection with a wire for the internet router. Due to the mobiles, tabs, and different technology access to the internet and Wi-Fi access point is very common.
The Wi-Fi access point is commonly used to establish the network connectivity in an office where each client and the employee have access regardless of their location in the office, Other than the WAPs are also used in the public areas for the internet connectivity such as the airports, coffee shops, etc. the WAPS work in the context of the 802 standards and called as Wi-Fi. The stand-alone access points are the devices that are similar to the home broadcast routers, the router that is used in a home networking contains the access point that is built into the system hardware and works along with the stand-alone unit.
See lessWhat Is The Difference Between Encryption And Hashing?
What Is the Difference Between Encryption and Hashing? Answer: Encryption is the process in which the data is decrypted to make it easy to read and that’s why it is two-way. Unlike encryption hashing is one way, the plain text is mixed up in a unique form with the help of salt which is further can’tRead more
What Is the Difference Between Encryption and Hashing?
Answer: Encryption is the process in which the data is decrypted to make it easy to read and that’s why it is two-way. Unlike encryption hashing is one way, the plain text is mixed up in a unique form with the help of salt which is further can’t be decrypted.
Let’s take a look at the concept of the encryption and hashing so that you can find it easy to understand the difference between them:
Encryption:
Encryption is the technique in which the readable text called plain text is converted to a different form that is difficult to understand called the ciphertext. An encryption key is used to convert the ciphertext to the readable plain text and it is known as the decryption. Some of the algorithms used in encryption are AES, RSA, etc.
Hashing:
Hashing convert, the data into a hash key with the use of the hash function. The data can’t be obtained from the hash key. The key is contained in the DB and they are checked to know if the original data is the same or not. Most of the login passwords use hashing.
Some of the points that define the difference between hashing and encryption are listed in the following:
- Hashing is used for indexing and reverting the information from the database. Encryption is used to hide the original data from an unknown user.
- The hash code cannot be transformed to its original form, just it is mapped to check if the data is the same or not. Encryption is two-way and the ciphertext is transformed into plain text through decryption.
- Hashing is more secure as compared to encryption.
- In hashing for each information, the new hash key is generated but for some reason, the same key will also be used .in encryption always the new key is created.
- The hash data is small and fixed and has not been affected due to an increase in data size. The length of the encrypted data is not fixed and increases with the information.
See lessWhat Is Integrity In Cyber Security?
What Is Integrity in Cyber Security? Answer: Integrity is defined as the information present in the system and managed in a way that no unauthorized person can make any kind of changes or modifications. Integrity has a huge impact on data availability, accuracy, etc. The CIA triad (confidentiality,Read more
What Is Integrity in Cyber Security?
Answer: Integrity is defined as the information present in the system and managed in a way that no unauthorized person can make any kind of changes or modifications. Integrity has a huge impact on data availability, accuracy, etc.
The CIA triad (confidentiality, integrity, availability) is the standard for information security policies. The elements of the triad are the basis of cybersecurity and, for its effectiveness, the triad must be updated. Confidentiality limits access to data, integrity makes sure that data is accurate, and availability ensures that information is available for the users. Let’s discuss the importance of the integrity which also affects the cyber security in the following:
Integrity:
Integrity ensures that data is accurate and not modified by unknown users. It gives the guarantee and the completeness of data.it does not only secure the stored data but also the information which is transmitted among systems such as email. For maintenance, it is not needed to have control access at the system level. constructive integrity means it has to be protected against unintentional changes like user error or data loss that happens due to the malfunction.
Moreover, all the systems in the world need confidence about data integrity, and the banks and finance departments have the important need that makes sure that the transactions between the system are safe from breaches. in the incident that happens between Bangladesh and New York hackers installed the scheme which have all the credential details that start the withdrawals and also installed malware in the system that delete all the records in DB related to the transactions.
The different measure is applied for integrity protection such as user authentication preventing the unknown person to access the systems and make changes, hash verification, and the digital signature are developed to protect the system from modification by an unauthorized person.
See lessWhat Is a Black Hat Hacker?
What Is a Black Hat Hacker? Answer: The black hat hackers broke into the system and spread the virus that destroys the data, and files, stole passwords, user personal information, credit card numbers, etc. The reason for the hacking is self -serve such as the financial benefit, revenge, or to createRead more
What Is a Black Hat Hacker?
Answer: The black hat hackers broke into the system and spread the virus that destroys the data, and files, stole passwords, user personal information, credit card numbers, etc. The reason for the hacking is self -serve such as the financial benefit, revenge, or to create horror. Sometimes they target the specific person with whom they didn’t agree on some issue.
Black hat hackers stole the information for their gain, which is opposite to the white hat hackers who work as specialists and are employed in the companies to determine the faults in the security which might be the vulnerability of the company and the strength of the black hat hackers. The target of them is both the single person or the entire organization, by making the security weak, shut down the systems of making changes in the networks.
Hacking works fine on large systems where the spread of the software contains malware is easy. The company swank the partner, and associates, and then they bought or resell the license for the malicious software to the different criminal company’s so that they can further sell them in new markets.
Sometimes the black hat hackers use the call center by making a call and disguising themselves as from a technology company like Microsoft. In this technique, the hackers convinced the customer to give the control or install the malicious software. When the customer gives access to or downloads the software, then indirectly they give access to their passwords, and bank information, or give the entire access to the systems.
Their activities of them are keystroke monitoring programs that use the victim data and launch attacks that prohibit access to the sites. The black hat hackers have their conferences like DEFCON and Blackhat. The professionals attend their meetings to learn from them, even law enforcement officials present at the conference. The US government allocates different punishments for the black hat hackers under the federal laws, computer crime state, etc. the penalties for them are fine, jail, or sometimes both. The laws were made that prevent the person from the following activities:
- Password protect system access without consent
- Modification of the system data.
- Spread the malicious software for personal gain.
See lessWhat Is The Primary Countermeasure To Social Engineering?
What is the primary countermeasure to social engineering? Awareness. Whaling. Phishing. Shoulder surfing. Answer: The countermeasure to social engineering is awareness. Social Engineering enforces the victims to provide sensitive information. Social engineering is a range of malicious acts which isRead more
What is the primary countermeasure to social engineering?
Answer: The countermeasure to social engineering is awareness. Social Engineering enforces the victims to provide sensitive information.
Social engineering is a range of malicious acts which is obtained by human interaction. Manipulation is common and forces the users to give their personal information which is used against them. The attack took place in more than one step such as the attacker first checking the thorough information about the user, their vulnerability, and weakness in security, and then the victim’s trust gaining begins that in return reveals the sensitive data and remote access. The techniques of the social engineering are listed below:
Baiting:
In this method, the attackers provide bait like a false promise to the victims. The bait lures them into the traps where they provide their personal information and infect the system. The physical media is common for baiting.
Scareware:
This is a common technique when using the Internet. On some websites, you may see the notification that your system received an error and asked you to click on the link for protected software installations, but in return, your computer was infected with the virus.
Pretexting:
In it, the hackers obtain data through different lies that look appealing. They act like they are from someplace where their data is needed to perform a task.
Phishing:
This is a popular method of social engineering; it includes email and SMS scams that create urgency or fear in victims. They trap the victim in a way to download the attachments, and links and show their information.
Spear phishing:
It’s a technique in which hackers disguised themselves as the IT consultant of the company and send the email that trick the victims to give them credit card information etc.
The countermeasure to the social engineering is listed in the following:
- Awareness against social engineering.
- Business process.
- Technical protection.
- Test the employee toughness in social engineering.
See less