Lecture 6.txt

Full Transcript

Tor is a group of volunteered servers which can be used to provide
anonymity on the Internet. Tor users use the Internet by connecting
through a series of virtual tunnels rather than making a direct
connection.

How Tor works: To create a private network path using Tor, the Tor
client builds an encrypted connection path, called "Onion Routing,"
through multiple nodes. The path is built one node (hop) at a time. Each
node only knows the node it received data from and the node it sends
data to. No single node knows the entire path. The client negotiates
different encryption keys for each hop, ensuring that no node can trace
the full data path. This process ensures anonymity and privacy for the
user's internet activity.

Once a Tor routing has been established, various types of data can be
exchanged. It is also possible several different sorts of software
applications can be deployed over the Tor network. Because each node
sees no more than one hop in the circuit, neither an eavesdropper nor a
compromised node can use traffic analysis to link the connection's
source and destination. Example: Tor Browser, Tor Messenger etc.

Tor has been very effective but research has been doing to break Tor by
compromising Tor nodes. User's misconfiguration can lead to compromise
of anonymity.

IPSec is a set of open standards that ensure secure communication at the
IP layer. It provides three main security features: Data
Confidentiality: This ensures that the data being sent is encrypted and
can't be read by unauthorized parties. Data Integrity: This ensures that
the data hasn't been tampered with during transmission. Any changes to
the data can be detected. Data Authentication: This verifies that the
data comes from a trusted source, ensuring the identity of the sender.

IPsec can protect data flows between Øa pair of hosts (host-to-host),
Øbetween a pair of security gateways (network-to-network), Øor between a
security gateway and a host (network-to-host).

DNS encryption

Every time you visit a website, your device makes a DNS query to find
the IP address of the site. This query and the response it gets back are
typically unencrypted. This unencrypted data reveals the websites you're
visiting, which can be monitored by anyone who can see your network
traffic, such as your Internet Service Provider (ISP) or a third party.
This can lead to privacy concerns, such as targeted ads based on your
browsing habits or more serious breaches like censorship or
surveillance. To address these privacy concerns, DNS encryption methods
have been proposed.

GPG (GNU Privacy Guard) is a tool that provides cryptographic protection
for data. It is widely used for securing communications, encrypting
files, and verifying the integrity and authenticity of information. GPG
is based on the OpenPGP standard and is a free and open-source
alternative to PGP (Pretty Good Privacy).

An APT is a highly skilled and resourceful adversary that uses
sophisticated techniques and multiple attack vectors (cyber, physical,
deception) to achieve its goals. APTs typically target governments or
organizations with valuable digital assets. Top targets include sectors
like education, finance, high-tech, government, consulting, energy,
chemical, telecom, healthcare, and aerospace. Unlike traditional attacks
that spread widely, APTs focus narrowly on specific, pre-defined targets
to maximize impact. APT actors are often skilled hackers working in
coordinated groups, possibly within government or military units, or
hired by governments and private companies. They have significant
financial and technical resources, allowing them to sustain long-term
operations and utilize advanced attack tools and zero-day
vulnerabilities. APT attacks are characterized by their persistence and
longevity, often remaining undetected for months or even years.
Attackers continually adapt their methods and efforts, unlike
traditional attackers who may abandon a target if initial attempts fail.
APTs use stealthy tactics to remain undetected, such as hiding within
normal network traffic and using encryption to obscure their activities.
They employ advanced techniques like zero-day exploits to avoid
detection, in contrast to traditional attackers who often use more overt
methods that trigger defensive responses.

Zero-day vulnerability refers to a security hole in software that is yet
known to the public including software vendors or to antivirus vendors.
Although the vulnerability is not yet publicly known, it may already be
known by attackers who are quietly exploiting it.

Zero-day exploit refers to code that attackers use to take advantage of
a zero-day vulnerability.

------------------------------------------------------------------------

When using a VPN, all the data (IP packets) sent between the user's
device (or hacker) and the VPN server is encrypted using the IPsec. VPNs
were initially designed to allow employees to securely access their
company's network from remote locations, ensuring secure communication
and access to resources as if they were in the office. When using a VPN,
all the user's internet traffic goes through the VPN server. This means
any activity, such as browsing websites or sending emails, appears to
come from the VPN server, not the user's actual location. Because the
internet traffic appears to originate from the VPN server, the user's
real physical location is hidden. This can make it look like they're
accessing the internet from a different place, potentially anywhere in
the world. A properly configured VPN can provide a high level of
anonymity, making it difficult to trace online activities back to the
user. This is because the user's IP address (which can reveal their
location) is masked by the VPN server's IP address.

methods of protecting a hacker's identity: Change MAC address. Use
public WiFi with VPN. Using public WiFi without VPN is actually very
dangerous. Boot a machine from a "live CD" (running totally in the RAM).
Do not leave any logs in your machine.

Black market where criminal hackers trade in exploit code and
vulnerability information to break into systems; White market where
researchers and hackers disclose vulnerability information to vendors,
in exchange for money; Gray market where some defense contractors sell
zero-day exploits and vulnerability information to militaries,
intelligence agencies and law enforcement to use for surveillance and
offensive computer operations.