[Document

THE UNIVERSITY OF ZAMBIA subtitle]

IN CONJUCTION
WITH ZAMBIA ICT COLLEGE
SUDENT NAME: MEBBERT CHIYANGI ID-1913556
NIZA SINKAMBA ID-1913682
ELIJAH SOKONI ID-1913617
MAJOR MWANSA CHAMPO-1913637

COURSE: SEC (BIT101)

GROUP OF 4 ASSIGNMENT: make finding on threats handled
using cryptography, vectors and where vectors where diploid due to
Guest User
negligence, and softwares used to hack, threats they carry as well as the
[Email address]
solution used to counter against them.

LECTURER: MR P. KAIRA
 TABLE OF CONTENTS
CHAPTER 1
1.0 ABSTRACT……………………...…………………………2
2.0 THREAT SHANDLED USING CRYPTOGRAPHY.......2
2.1 Man In The Middle………………………………….2
2.2 Physical Theft………………………..………………2
2.3 Dns Spoofing………………………………………….2
2.4 Piracy…………………………………………………3
3.0 VECTORS………………………………………………….3
3.1 Cases Where Vectors Were Diploid………………..3
3.2 Equifax………………………………………….……3
3.3 The Computer Breach At Jpmorgan Chase ………3
3.4 Talk Talk……………………………………….…….4
4.0 SOFTWARES USED TO HACK……………...…..4
4.1 Metasploit Framework…………………………...….4
4.2 John The Ripper……………………………….…….4
4.3 N-Mapcain And Able………………………….……..5
4.4 Hydra…………………………………………………5
5.0 THREATS…………………………………………….……5
6.0 SOLUTIONS…………………………………………...…….5

pg. 1
 NETWORK THREATS
CH 1.0 ABSTRACT
This research is done to make finding on threats handled using cryptography, vectors and where
vectors where diploid due to negligence, and softwares used to hack, threats they carry as well as
the solution used to counter against them. Videos and reports to more finding can be obtain using
the hyperlinks created,
TEAM
The research was done by the following members
MEBBERT CHIYANGI ID-1913556
NIZA SINKAMBA ID-1913682
ELIJAH SOKONI ID-1913617
MAJOR MWANSA CHAMPO-1913637

CH 2.0 THREATS HANDLED USING CYPTOGRAGPHY

CRYPTOGRAPHY this is a process or science of converting clear text to cypher text in the
presence of adversaries to protect classified information, cooperate secretes also personal
information

CH 2.1 Man-in-the-middle attack is a type of cyberattack where a malicious actor

inserts him/herself into a conversation between two parties, impersonates both parties and
gains access to information that the two parties are trying to send each other.
Encryption protects against this, by encrypting the packets sent between two parties such
that if an attack like this ever occurred, the attacker cannot know the contents of the
message.
Video
CH 2.2 Physical Theft: In a theft threat if an attacker stole a Hard drive there is need
to encrypt by using bit-to prevent an attacker to see or access the information on it. If the
contents of the Hard drive or any storage media are encrypted, even if it was booted with
a different operating system, the contents will still remain encrypted.

CH 2.3 DNS Spoofing: DNS (Domain Name System) is the technology that translates
domain names to the IP addresses of the server it corresponds to. DNS spoofing is a type
of attack in which an attacker intercepts a DNS request and returns the address that leads
to its own server instead of the real address. The use of encrypted communications can

pg. 2
 prevent against this. An attacker might stage a DNS spoofing an attack, they will find it
difficult to spoof the encryption certificate. The victim of the attack will then get a
warning telling them that the certificate could not be verified.
Video

CH 2.4 Piracy: Using digital signatures can prevent against illegal replication of
documents, files or software. Digital signatures are created using Public-Key Encryption.
Digital signatures require each user to have public and private keys that are
mathematically linked. When a document is signed, it creates a crypto code which is
embedded in the document. At the time of verification, the signers public key is used to
reveal the digital code and to verify the document. report

CH 3.0 VECTORS
(Stevens, 2016) An attack vector is a path or means by which a hacker can gain access to a
computer or network in order to deliver a payload or malicious outcome, Hackers use these
vectors to exploit vulnerabilities in the systems in order to take control over sensitive data
Many types of cybersecurity breaches that affect the three principles of security fall into three
different attack vectors:

 Phishing Attacks
 SQL Injection Attacks
 DDOS Attacks

Bad actors use these attack vectors to infiltrate a network or disrupt access to sensitive data,
whether that is personally identifiable information (PII), payment card information, health care
information, intellectual property, or another type of data.

CH 3.1 CASES WHERE VETECTORS WHERE DIPLOID

The report lists three cases where weakness was detected but was left unattended to letting the hackers to
take advantage and hacked the system

CH.3.2 EQUIFAX
In the First cases we are looking at Equifax data breach that resulted in 140 million which was
preventable but was venerable due to their failure to modernize the technologies, failed to patch system
when vulnerabilities were detected and data was stored on outdated subpar system. A video and report
shows more about the case.
Click the hyperlinks to get more insight videos and reports.

CH 3.3 The computer breach at JPMorgan Chase

pg. 3
the largest intrusion of an American bank to date — might have been thwarted if the bank had installed a
simple security fix to an overlooked server in its vast network, new York times report and video 1 also
video 2 shows more investigations

CH 3.4 TALK TALK

This case addresses to a DDOS attack that was carried against a British telecom company (TALK TALK)
video (Richard De Vere), a consultant at cyber security company The Antisocial Engineer, says he
contacted Talk Talk about a separate problem two weeks before the hack was made public. He had
discovered that several self-hosted websites that used the company’s talktalk.net domain were infected
with malware and could be used to aid social engineering attacks, report.

CH .4.0 SOFTWARES USED TO HACK

There is a lot of information security work that has to be considered by cyber security personnel
and to do this there is need to understand, and outthink your opponent and designing
conceptually safe and reliable systems. Many of the best tools that are there are the same ones
the hackers are using. To understand the holes in your system, you have to be able to see it in the
same way that your potential adversaries can see it. And that means looking through the same
analytical lenses at your networks and systems. These tools are also constantly evolving. Even
though the names remain the same, the ways they operate often change radically as new defenses
or mechanisms for attacking those defenses come into play. So staying current on the top tools in
the cybersecurity industry is a never-ending challenge
Here are the top general tools used to hack.

Click the logos to find out more on the hacking tools.

CH 4.1 Metasploit Framework

A collection of hacking tools and frameworks’ that can be used to execute various tasks. As a
penetration tool that makes hacking easy by scanning a and creating a a simple exploit on a
target system

CH 4.2 John the Ripper

John the Ripper is a fast password cracker with a lot of features that make it a breeze for slashing
through your password files. It auto detects hash types to take the guesswork out of the attack
and supports several popular encryption formats including DES, MD5, and Blowfish.

pg. 4
CH 4.3 N-map
This is a network mapper, flexible an powerful tool, it can bounce TCP and UDP packets around
like a pinball wizard, also slicing open misconfigured firewalls

CH 4.4 Cain and able

This is a password hacking and recovery software with multiple functionality it is mostly used to
initiate man in the middle (MITM) attacks, it permits most simple recovery of passwords by
sniffing a network, brute force and cryptal attacks and more (click here to see more

CH 4 .5 HYDRA
A fast network logon which support many different services, it is a paralised login cracker which
supports numerals protocols to tack

CH 5.0 THREATS
A threat is any activity that can lead to data loss/corruption through to disruption of normal
business operations. These include
Virus, Trojans, Worms, Spyware, Key loggers, Adware, Denial of Service Attacks, Distributed
Denial of Service Attacks Unauthorized access to computer systems resources such as data and
Phishing.

CH 6.0 SOLUTIONS
To find more on each of the solution click the hyperlinks
To protect computer systems from the above-mentioned threats, one must have logical security
measures in place. The following list shows some of the possible measures that can be taken to
protect cyber security threats.
To protect against viruses, Trojans, worms, etc. you need anti-virus software. In additional to the
anti-virus software and put port access control measures on the usage of external storage devices
and visiting the website that is most likely to download unauthorized programs onto the user’s
computer.
Unauthorized access to computer system resources can be prevented by the use of authentication
methods. The authentication methods can be, in the form of user ids and strong passwords, smart
cards or biometric, key log scrambler , also other resolution to phishing and adware are licked
Here etc.
Intrusion-detection/prevention systems can be used to protect against denial of service
attacks.There are other measures too that can be put in place to avoid denial of service attacks.
(Guru, 2019)

pg. 5
References
Guru, 2019. Guru99. [Online]
Available at: https://www.guru99.com/potential-security-threats-to-your-computer-systems.html#3
[Accessed 5th June 2019].
Stevens, M., 2016. bitsights. [Online]
Available at: https://www.bitsight.com/blog/attack-vectors-types-of-security-breaches%3fhs_amp=true
[Accessed 6th June 2019].
Williams, C., 2017. Centrify. [Online]
Available at: https://blog.centrify.com/the-uber-data-breach/
[Accessed 4th June 2019].

pg. 6