Assume you are working for an organization concerned with security in its custom

Question

Assume you are working for an organization concerned with security in its customer relations. You have been tasked to study possible measures to prevent losses due to possible email from attackers directing users to a malicious clone of your organization’s web site. (a.k.a. “Phishing”)

a) Identify one way in which authentication methods may aid in protecting users from phishing.

b) Identify one way in which asymmetric encryption methods may aid in this effort and one way in which

asymmetric encryption methods may hamper this effort.

Explanation / Answer

a) Authentication method

One of the authentication method is using One Time Password (OTP) in email or as message in phone. This will be unique for user. And after authenticating user with OTP, he/she should be allowed access further.

b) Asymmteric Encryption is a way of encryption which has 2 keys, one for encryption and one for decryption. It is more secured than symmetric encryption.

One of the asymmetric encryption method is to use digitally signed emails. Sender will generate a keypair and shares the public key with the receiver. Sender then signs( encrypt) the message with its private key and send. Reciever recieves the message and decrypt it using the pu lic key shared by sender earlier.

But asymmetric encryption can haper this effort too. The problem is with the exchange of keys. It is vulnerable to 'man in middle' attacks where some other person can impersonate the reciever and gets the public key shared by sender. In that case , the middle man will be able to decode message at will.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.