Explore chapters and articles related to this topic
Digital Transformation and the Cybersecurity of Infrastructure Systems in the Oil And Gas Sector
Published in Edward Ochieng, Tarila Zuofa, Sulafa Badi, Routledge Handbook of Planning and Management of Global Strategic Infrastructure Projects, 2020
An example of how hackers can exploit encrypted communication is the Secure Socket Layer (SSL) strip. This method allows the attacker to capture usernames and passwords on secure hypertext transfer protocols (HTTPS) websites. In short, the SSL strip is an MITM attack that focuses on the victim's browser communications and changes HTTPS to hypertext transfer protocol (HTTP). In this case, some users might notice that the URL has changed to HTTP and will not fall victim to this attack, but others might not recognise or understand the change. Furthermore, numerous open source tools can be used to intercept the secure communication (HTTPAS, 2016). Therefore, oil and gas organisations need to observe that the SSL/TLS protocol can also be compromised without altering any security features on the website. The hacker can even bypass security measures using open source tools such as Wi-Fi Pineapple and Kali Linux tools for hackers (Oh et al., 2017). Oh et al. (2017) found in their experiment that over 45 percent of popular websites are susceptible to one of the attacks that can exploit vulnerabilities in the SSL/TLS protocol. Due to these vulnerabilities, the communication between two hosts will not be secure, and the confidentiality and integrity of the conversation will be compromised. Consequently, an attacker can conduct an MITM attack on the system.
Security test MOODLE: a penetration testing case study
Published in International Journal of Computers and Applications, 2020
Akalanka Karunarathne Mudiyanselage, Lei Pan
The MacBook runs two operating systems – the first OS with IP address 10.0.0.2 is its native OSX hosting MySQL database services for Moodle; and the other with IP address 10.0.0.17 is a Kali Linux virtual machine for launching security attacks.The tower PC with IP address 10.0.0.26 runs Windows Server 2008 hosting an LDAP service for Moodle authentication.The Thinkpad laptop with IP address 10.0.0.18 runs Ubuntu Server hosting web services which supports Moodle’s front end. From the end-user’s perspective, this is the entry point to logon to their Moodle site.