Question

If we have centralized control of access in an organization, from C-I-A (Confidentiality, integrity, availability) perspective, which item will be difficult to enforce? (b) One of the realities of the modern Internet is that new network vulnerabilities will be discovered almost daily. You can also count on those vulnerabilities being exploited soon after they are found. An entire industry is growing and profiting from these discoveries, whether they are used maliciously or used to lead to the prevention of future exploitation. As a security consultant, in your words, explain how a possible attack can be launched against the victim specifically through emails. Explain the attack with detailed justification. (c) What is the eventual drawback of using overly complex multifactor authentication schemes?

Answer 1

a.) If we have centralized control of access in an organization, from C-I-A(Confidentiality, integrity, availability), which item will be difficult to enforce --

• If we have centralized control of access in an organization, from confidentiality, integrity and avalability then the maintaining confidentiality of the organization should be more complex.
• Confidentiality -- Every organization have their information which needs to be protected from unauthorized parties. The confidenitial information of an organization can be product detail information, bank account statements, trade secrets, government documents and organization's personal information.
• Protecting these information is very important part of the information security.
• The confidential information can be protected by encryption. encryption make sure that only right people can read the information.
• Integrity --
• Integrity of information represent protection of information from being modified by unauthorized parties.
• Cryptography plays an important role ensuring data integrity. the methods which are used to protect data include hashing of data you receive and comparing it with hash of original message.
• Availability -- Availibility of information represent that authorized parties are able to access the information when needed.
• But nowdays denying access to information is very common attack, primary goal of DDos attack is to deny users for the website access to the resources of the site.

b.) One of the realities of the modern internet is that new network vulnerabilities will be discovered almost daily. you can also count on those vulnerability being exploided soon after they are found. an entire industry is growing and profiting from these discoveries, wether they are used maliciously or used to lead to the prevention of future exploitation, as a security consultant, explain how a possible attack can be launched against the victim specifically through emails. explain the attack with detail justification --

• One of the realities of modern internet is that new network is risie to security vulnerability and challenges.  
• The risk assessment and protection of the organization is very critical. the employee of the organization should be provided training for using new technology and security breaches.
• Possible attacks can be launced against victim specifically through emails. these attacks can be "Phishing" and "spaming"
• The cyber criminals uses email, instant messaging and social media to gather information of the organization. these information can be login credential.
• In phishing the criminal sends fraud email. their intension behind sending the email is trick the ricipient into installing malware on his device or sharing personal or financial information.
• Spam -- it is junk mail. and unsolicited email. spam can sends harmful links and maleware.
• The main goal of this to gather sensitive information like social security number, and bank account information.

c.) What is the eventual drawback of using ovrelay complex multifactor authentication schemes --

• Time consuming -- Time to login in your system and verifying mobile devices can be inconvenient.
• Blocked access -- If you do not set up backup resources and do not have access to TOTP generator for authenticating user access, then you will not be granted access for application or system.
• Can be expensive -- Multi factor authentication can be expensive if the organization is using the solution requires to integrate with existing identity solutions.
• Inconsistencies -- It is very hard to implement multifactor authentication in entire organization.
• Complexity -- Physical authenticators require additional drivers which csn be adding diamension of complexity for deployment support and maintainance. it requires constatly chacking as per the environments changes.