China
Africa
Explore chapters and articles related to this topic
Review of Layer 2 and Layer 3 Forwarding
Published in James Aweya, Designing Switch/Routers, 2023
The data or forwarding plane also plays a key role in the implementation of a number of network security mechanisms. It is now common knowledge that IP address spoofing may occur during a denial-of-service (DoS) attack. IP spoofing allows an intruder or malicious user to send IP packets to a destination with the intent of disguising it as genuine traffic, when in fact the packets are malicious and not actually genuine and should not be forwarded to the destination. This type of spoofing is harmful because it consumes network and destination host resources, and sometimes can bring down the operations of the network and the destination. Unicast Reverse Path Forwarding (uRPF) check [RFC3704] is a tool used to reduce the forwarding of IP packets that may be carrying spoofed IP addresses.
Network Security for EIS and ECS Systems
Published in Barney L. Capehart, Timothy Middelkoop, Paul J. Allen, David C. Green, Handbook of Web Based Energy Information and Control Systems, 2020
Internet protocol (IP) facilitates speedy, reliable and asynchronous communications between machines by dividing information into small packets that are easier to transmit across a network or between networks than if a dedicated communications channel were used. Each of these packets contains the IP address of the source of the transmission in a “header.”Since the IP header can act as type of return address, many attackers will engage in IP spoofing in order to falsify the identity of the network and computer from which they are attacking a targeted system. IP spoofing involves changing the IP address in packet headers in order to impersonate a different machine. When an attacker knows the address of other trusted computers with which the targeted machine communicates, he can route his impending attack through one of those machines and conceal his identity and location.
Privacy and Security of Data in IoT: Design Principles and Techniques
Published in Ricardo Armentano, Robin Singh Bhadoria, Parag Chatterjee, Ganesh Chandra Deka, The Internet of Things, 2017
When a malicious user impersonates the authorized user, he falsifies the data. Many of the existing IoT protocols do not authenticate the messages from a source or destination, results of which make the system more vulnerable to spoofing attacks. The spoofing attacks can be of different types like IP spoofing, e-mail spoofing, or network spoofing. To understand the concept better, let us go to reality where we get some of the phishing mails asking to update the profiles like Paypal. Many of us are aware of the fact that it is from the spoofed site. But some of us may fall into the trap of these websites and click the link to navigate to the spoofing site. This spoofing site is well designed such that it looks exactly similar to the original site. Thus, the attackers have the higher probability of stealing the sensitive information like credit or debit card details. There is a very popular spoofing occurs in the name of IP spoofing. This necessarily implies that the attacker tries to steal the information from a trusted computer network. IP spoofing is always carried out by the hacker for malicious actions. The attacker first modifies the source address field in the transmitted packet. When the destination opens up the connection for the forged source address, it can lead to a large number of attacks. This IP spoofing can be classified as many.
A survey of phishing attack techniques, defence mechanisms and open research challenges
Published in Enterprise Information Systems, 2022
The phisher targets the vulnerability available in the system due to the human causes (Hong 2012). The phishing attacks are classified into various categories based on how the attacker acquires the credentials of users. Figure 5 presents taxonomy of phishing attacking techniques. This section discusses the phishing attack on two environments, namely, desktop and mobile. In the desktop environment, attackers utilise social engineering and technical subterfuge techniques. Attackers execute social engineering-based attacks using the malicious website or sending the fake email that appears to be legitimate. Social engineering techniques are further categorised as email spoofing, website spoofing and spear phishing (Almomani et al. 2013). Technical subterfuge methods gain user’s information by installing malware (Jain and Gupta 2017).
Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter?
Published in Journal of Computer Information Systems, 2021
Hamidreza Shahbaznezhad, Farzan Kolini, Mona Rashidirad
E-Mail technology is an integral part of daily business and commercial communications. The total number of daily business and customer e-mails was expected to exceed 293 billion in 2019.13 According to the Verizon DBIR,2 over 30% of breaches involved phishing-spoofing attacks that attempt to mimic legitimate webpages or websites. Consequently, it is important that e-mail security countermeasures are adequately implemented. E-Mail security countermeasures apply a combination of technological, organizational, individual, and procedural requirements to protect against the adverse impact of phishing attacks. However, the implementation of these countermeasures is a difficult and complicated task for many organizations. Since users often fail to distinguish e-mails and fall prey to phishing attacks, phishing e-mails are designed to bypass technological controls and exploit human cognitive biases.
Advanced multi-factor user authentication scheme for E-governance applications in smart cities
Published in International Journal of Computers and Applications, 2019
The widespread acceptability of ICT based E-governance has led to the development of several applications which allow citizens to access data stored on the server of the government. User authentication becomes a critical issue. The proposed scheme is based on the password and smart card and provides high security. The informal verification proves that the proposed scheme is resistant to several attacks such as insider attack, user impersonation attack, stolen smart card attack, replay attack, man in the middle attack, server spoofing attack, parallel session attack and leak of verifier attack. It also provides essential security attributes such as mutual authentication, forward secrecy, user anonymity, etc. The formal verification of the scheme is conducted using AVISPA and it proves that the scheme is resistant to several active and passive attacks.