Question

Analyze the different threats to privacy and anonymity across the following layers of the TCP/IP model: physical, data link, network, transport, and application. Suggest a solution for each threat cited in this question

Answer 1

The following are the most threats across the physical,datalink,network,transport and application layers:

• .TCP/IP Hijacking
• Network Sniffer
• Password Hackers
• Server Hijacking
• DoS Attack

1. TCP/IP HIJACKING

1. An authorized user gains access to a genuine network connection of another user
2. By increasing his sequence number(key number that may match to others ), other ways is using middle man attacking(by using tools both end user communications will pass through hacker system)
3. To get access to two systems communication, steel data.
4. 23rd March 2000
5. This kind of attacks take place in networks

2. Network Sniffer

1. a software tool that monitors or sniffs out the data flowing over computer network .
2. Sniffers (Software or hardware specially designed for capturing data) take snap shots of data transferring to in a network
3. To capture data.
4. 2nd October 2002
5. This kind of attacks take place in networks

3. Password Hackers

1. Password hacking also known as password cracking, is a method of recovering passwords from data transmitted by or stored on a computer.
2. Guessing and brute force are two methods used to hack passwords.

Individuals with knowledge of the password users personal information may guess at the password and choose possibilities based on that users date of birth, pet, relative or other information. The brute force method involves attempting to input every possible password combination to retrieve a password.

1. user and administrator can use to retrieve forgotten passwords. unauthorized users can use to hack passwords and gain access to a secured system
2. don't have information
3. Personal systems and servers

4. Server Hijacking

1. Server hijacking is a malicious exploit in which a hacker or other party redirects users through the use of a rogue DNS server or other strategy that changes the IP address to which an Internet user is redirected. DNS hijacking can leave users unaware of where they are going in terms of using specific servers during an Internet session.
2. install a malware on your computer that changes the DNS so that whenever your browser tries to resolve a URL, it contacts one of the fake DNS servers instead of real DNS servers
3. To get user entries like user name and passwords(banking logins, mail logins etc)
4. not sure about the date but it started not more then a decade back
5. Banking sites, mailing sites etc

Prevention techniques:

Encrypting the session value will have zero effect. The session cookie is already an arbitrary value, encrypting it will just generate another arbitrary value that can be sniffed.

The only real solution is HTTPS. If you don't want to do SSL on your whole site (maybe you have performance concerns), you might be able to get away with only SSL protecting the sensitive areas. To do that, first make sure your login page is HTTPS. When a user logs in, set a secure cookie (meaning the browser will only transmit it over an SSL link) in addition to the regular session cookie. Then, when a user visits one of your "sensitive" areas, redirect them to HTTPS, and check for the presence of that secure cookie. A real user will have it, a session hijacker will not.

The method often used to steal session id is by installing a malicious code on the client website and then the cookie is stealing. The best way to prevent session hijacking is enabling the protection from the client side. It is recommended that taking preventive measures for the session hijacking on the client side. The users should have efficient antivirus, anti-malware software, and should keep the software up to date.

There is a technique that uses engines which fingerprints all requests of a session. In addition to tracking the IP address and SSL session id, the engines also track the http headers. Each change in the header adds penalty points to the session and the session gets terminated as soon as the points exceeds a certain limit. This limit can be configured. This is effective because when intrusion occurs, it will have a different http header order.