pls add references 1 a, what is privacy in an information security context?how h
ID: 3560146 • Letter: P
Question
pls add references
1 a, what is privacy in an information security context?how has this changed over the years? moreover whats the difference between our physical privacy and digital privacy ?and which one are we most concerned with in our current definitiono of information security?
B what must an attacker do for a sniffer attack to succeed?what protocols are vulnerable to such attacks what counter measures should you place on your networked infrastructure to mitigate such attacks?how can an attacker gain access to secure network to use a sniffer system?
C) Explain why this phase is true:physical access negates all previously appliedcounter measures.
Explanation / Answer
1. a)
In context of information security, Privacy is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Information privacy is considered an important aspect of information sharing. With the advancement of the digital age, over the years, personal information vulnerabilities have increased. Information privacy now-a-days may be applied in various ways including encryption, authentication and data masking - each attempting to ensure that information is available only to those with authorized access. (Ref. Techopedia)
Physical privacy could be defined as preventing "intrusions into one's physical space or solitude". This would include such concerns as: preventing intimate acts or hiding one's body from others for the purpose of modesty; apart from being dressed this can be achieved by walls, fences or privacy screens. However, the concept of digital privacy can best be described as the protection of the information of private citizens who use digital mediums. Digital privacy centers on the fact that using digital mediums to conduct affairs, whether personal or professional, can leave digital footprints.
We are concerned about Digital Privacy as in context of Information Security.
1. b)
The attacker must first gain access to a network to install the sniffer. Sniffing is a passive attack using Sniffer Programs those trap the packets. Following protocols are vulnerable to such attack:
Some of the counter measures for preventing sniffing are :
Social engineering offers the best way for an attacker to gain access to a network to install a physical sniffer device. By convincing an unwitting employee to instruct the attacker as to the whereabouts of the networking equipment, the installation of the sniffer can be accomplished.
c)
Physical access allows an attacker to plug into an open Ethernet jack. Hand-held devices that run operating systems with full networking support make this attack feasible. Originally, the attacker would have to be in a secluded area with dedicated access to the Ethernet. An attacker can sit with a laptop and run a variety of tools against the network. Being internally based puts them behind the firewall and intrusion detection system. This makes the attacker in a convenient place to impair the network. That is why Physical access negates all previously appliedcounter measures.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.