Cyber Defense eMagazine January 2021 Edition

More documents

Recommendations

Info

obvious those advancements have the reversible systems that make them being manageable. The similar situation is with the communications routes that can be tracked using the widespread monitoring tools. Even if the packets of their information are well secured they can be transformed into the plaintext as there are a plenty of options on the marketplace for such a purpose. The devices in network communicate with each other coping with the certain set of rules. First, it’s important to understand why communication protocols matter as they are from the crucial significance for the traffic enabling and information exchange. In other words, if two devices follow such rules and if their talk is accurate or as defined they will get a permission to make a connection with one another and do some data transfer. Logically, those information are the part of the communication channel and in both – policing and military – there can be an advisory who can listen to the traffic and re-direct its samples to the other machines. We call that operation tapping or streaming. Further, the exchanged information are secured with some sort of cryptography and the streamer cannot be confident what all that is about. The point is someone can make a breach into the network traffic as it’s possible making a breach into some device. On the other hand, when the traffic is streamed there can be a lot of job for cryptanalyst that needs to decrypt and analyze once sent content. From a security point of view, this matters for a reason communication tracking can be used by the illegal organizations in order to monitor someone’s activities on the web. As the consequence of such a campaign we can realize that so many community members as well as their infrastructure can be under the risk because the bad guys can come into the possession of the confidential information. Across the globe, there are so many network monitoring applications that can be applied to do some streaming and with the support of some cryptanalysis efforts reading once decrypted messages. Basically, the cryptanalyst is a person who is capable to transform the packets of the information into their plaintext form and make them being accessible to the rest of the team members. The fact is the cybercrime underworld has always been in position to do such a sort of the operations and undoubtedly is the threat to communities, businesses and government assets. It appears the hightech syndicates are the real global threat especially if we have in mind, they can be a very dangerous weapon in the hands of the rest of criminal and terrorist groups. The packet of the information is so complex set of the bits that depending on the 0s and 1s position in the array can mean a lot in the machine language sense. The two basic parts of the data packet are the payload and routing information that respectively cope with the message itself and the tracking path the packet must pass in order to be delivered from the starting point unless the final destination. The common type of the cryptography is end-to-end encryption or E2EE, so far. That kind of encryption means that the main message is ciphered at one device, then packed into the payload bits and finally sent to the destinating location. The entire communication network is so huge and very complicated, so in order to make the data transmission it’s necessary to get along with some path and prevent the encrypted payload getting streamed and read from its traffic route. The routing information or the path bits serve for the better packets distribution across the network. The E2EE is one of the best practice approaches in so many competitive armies and policing units as it serves for the quite reliable delivery of the messages. That sort of cryptography as anything else has its strong and weak sides and as it’s well-known the message is encrypted at the initial device and decrypted at the final destination, which means if those two devices are under the exposure the enemy can come in the possession of the accurate plaintext. Also, if anyone is doing the channeling of the communication asset that person can figure out the accurate interpretation of the payload itself. In other words, for the purposes of the good cryptanalysis it’s important to deal with the advanced knowledge of computer science and engineering and whatever goes through the channel deals with the array of the packet’s bits. If we know the position of each bit in that array we can make a choice between the 0 and 1, so – in other words, our chances to make the true guessing are half-half. In addition, it’s significant to take into consideration the meaning of ASCII characters that can give an opportunity to figure out how the open message could look like. For instance, any sentence within Cyber Defense eMagazine – January 2021 Edition 48 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
the plaintext ends up with some sign of interpunction, so there can be the entire variations of the possible decrypted information. In other words, as the E2EE is critical at its endpoints it can be quite concerning on its way through from the source to destination as the channel can be tapped and potentially broken in. In order to illustrate the link encryption, we can use an example of the highway with its entire infrastructure that serves in directing the traffic on. The driver on that road must know where he goes and he has the permission to rely on the traffic signalization. In other words, the usage of the maps and GPS navigation is allowed, but what those all if the driver does not know the pathway. It seems that the link encryption is more like sending the packet of the information through the well-protected channel which routing information bits are carefully encrypted. The only fining being available at that moment is the information about the next stop. So, if it is needed to apply some GPS navigation it’s necessary to go step-by-step. In other words, stop linkage information is included as the plaintext and reading so it’s possible to figure out where the next station to such a packet is. In so general terms, those stops can be considered as hops where the entire packet is decrypted and re-encrypted in order to obtain the information about where further the packet should be delivered. The best practice has suggested that the most useful solution is the combination of the E2EE and link encryption for a reason the both – payload and routing information – are well-protected. That sort of cryptography is known as the super-encryption. The hop is any device in the network where once directed traffic can go and it can be the router, modem or server. The hop is also so sensitive point in the network because the hackers can identify that part of the IT infrastructure and try to attack the place where decryption of the packet itself takes place. That is especially the huge risk in case of the network monitoring for a reason the bad guys can find and exploit the places where the plaintext is widely accessible. In other words, the ongoing cyber criminals are extremely skillful individuals with the exceptional technical brightness that are capable to discover any weakness in the system and take advantage over so. The mix of the E2EE and link encryption gives the safer environment for data transport, but it’s still vulnerable to the high-tech attacks and campaigns. About the Author Milica D. Djekic is an Independent Researcher from Subotica, the Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica's research efforts are recognized with Computer Emergency Response Team for the European Union (CERT-EU), Censys Press, BU-CERT UK and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a person with disability. Cyber Defense eMagazine – January 2021 Edition 49 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: 3 Email Hacking Techniques to Watch
Page 3 and 4: The Rising Tide of Security Threats
Page 5 and 6: @MILIEFSKY From the Publisher… Ne
Page 7 and 8: Welcome to CDM’s January 2021 Iss
Page 9 and 10: Cyber Defense eMagazine - January 2
Page 23 and 24: 3 Email Hacking Techniques to Watch
Page 25 and 26: 3. Hijacking email threads When Emo
Page 27 and 28: etween the data sets and filter out
Page 29 and 30: The Bottom Line AIOps is a journey,
Page 31 and 32: handle the IT and security challeng
Page 33 and 34: Businesses Must Protect Their Most
Page 35 and 36: Tokenization also allows businesses
Page 37 and 38: Lately, Zero Trust is all the buzz,
Page 39 and 40: Let's look at what's the same. They
Page 41 and 42: Cryptocurrency Ransomware Is on The
Page 43 and 44: commission from you. That is why co
Page 45 and 46: The second national lockdown in Nov
Page 47: Communication Streaming Challenges
Page 51 and 52: create new global admins, add them
Page 53 and 54: Cybersecurity Maturity Model Certif
Page 55 and 56: est practices into your core busine
Page 57 and 58: Businesses Should See Security as A
Page 59 and 60: Businesses must increasingly focus
Page 61 and 62: Cybersecurity risk not only help un
Page 63 and 64: - Mapping sensitive data assets (su
Page 65 and 66: ACRR Formula The ACRR is based on t
Page 67 and 68: Development Model This indicated if
Page 69 and 70: About the Author Gyan Prakash is a
Page 71 and 72: Understanding the Industrial IoT Wh
Page 73 and 74: E-Merchants: Secure Your Online Sal
Page 75 and 76: Damaged Reputation - Damage can ext
Page 77 and 78: IT Automation Software and the Atta
Page 79 and 80: How To Keep Your Children Safe In R
Page 81 and 82: About the Author Nevin Markwart, Ch
Page 83 and 84: The cause? More remote work, fear o
Page 85 and 86: About the Author Jody Paterson is a
Page 87 and 88: Identifying personal data breaches
Page 89 and 90: Brave New World: Safari Content Blo
Page 91 and 92: AdGuard, EasyList and uBlock filter
Page 93 and 94: When Businesses Get Hacked- Who Are
Page 95 and 96: failing to enforce adequate securit
Page 97 and 98: Security and Remote Management: Wha
Page 99 and 100:
Looking Ahead to 2021, and Beyond A
Page 101 and 102:
workforces and education. However,
Page 103 and 104:
About the Authors Steve Hanna is th
Page 105 and 106:
As solutions for eXtended Detection
Page 107 and 108:
2. Threats against MSPs, cloud serv
Page 109 and 110:
Why 'Thinking Small' Is the Way to
Page 111 and 112:
Simplification of micro-segmentatio
Page 113 and 114:
commonly used by IT orgs -- can int
Page 115 and 116:
ServiceNow Discovery Documentation
Page 117 and 118:
Are Your Organization’s Critical
Page 119 and 120:
● Gaining insight into how attack
Page 121 and 122:
MITRE Shield introduces active defe
Page 123 and 124:
How Next-Gen Identity Governance an
Page 125 and 126:
• performing access reviews and c
Page 127 and 128:
and intent-based authentication pol
Page 129 and 130:
Innovation, Automation and Securing
Page 131 and 132:
management, as well as monitoring c
Page 133 and 134:
Peer-To-Peer Cybersecurity Insights
Page 135 and 136:
Transitioning to Remote Work: The A
Page 137 and 138:
Traqq also performs automatic track
Page 139 and 140:
6. Tool to Prevent Inefficient Task
Page 141 and 142:
Cyber Defense eMagazine - January 2
Page 143 and 144:
You asked, and it’s finally here
Page 145 and 146:
9 Years in The Making… Thank You
Page 147 and 148:
Page 149 and 150:
show all

Cyber Defense eMagazine January 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?