Ethical Hacking in the Digital World - Research Paper Example

? ETHICAL HACKING Challenge The MD5 selected by the CA as the hashing algorithm for creating digital signatures has its own vulnerabilities. First, MD5 is unsecure given that it does not posses the ability of generating unique identifiers of a fixed size with the ability of blocking data of arbitrary size. A secure hash algorithm must posses the ability of the unlikely of producing two different inputs to the algorithm of generating the same digest. The moment in which an algorithm is able to produce the same digest for two different blocks of data otherwise referred to as collision resistance. Therefore one of the vulnerabilities of MD5 is its possibility of resulting into collision attacks. The algorithm also gives room for any attacker to generate a collision. The practical abilities of such attacks results into the impersonation of the trusted roots CA by the attackers. The MD5 trustworthiness is reduced the moment an attacker posses the ability to construct forged data in various forms with the ability of causing software using MD5 (Simpson, 2010-03-17). All these underlying vulnerabilities are caused by a cryptographic primitive making the specific exploitation scenarios vary largely depending on the form of data that is prone to attack and the validation of the software. Microsoft has though tried to issue specific patch for flame which does not though eliminate completely the vulnerabilities caused by MD5 hence they recommend that – every CA that still makes use of MD5 should stop with immediate effect and to migrate to better hash functions. Those with certificates signed by MD5 should see on how to replace them immediately. The CA should therefore ensure that sensible cryptographic measures are used depending on the tasks they want performed in their respective organizations (Simpson, 2006). Challenge 2 MEMO TO: Bob Kaikea FROM: Network security Team DATE: 20th February 2013 SUBJECT: Port numbers and services that run on most networks A port number in computer networking is mostly the part of the addressing information that is employed in knowing who the senders and receivers and senders of messages within a network as used with TCP/IP connections (Simpson, 2010-03-17). The port numbers allow for the sharing of information by different applications on the same computer to share resources and they work like telephone extensions. The well known ports are an example of Port 80 that which explains to us what a port really is describing it as a virtual data used by software components to interact. Another is the DHCP which is the Dynamic Host Configuration protocol. The DHCP server listens on this port and allocates your link the properties it has requested, e.g. IP address, network mask, default gateway and DNS server. Both ports 20 and 21 are known as random ports. While 21 is known as the TCP and is well designed for FTP control, the port 20 is the active FTP type and is designed for the actual transfer of data. Ports 23, 25, 53 and 110 are ports outside the range and they would be used to transfer actual data without the specified range. 23 is the Telnet, 25 acts for the simple mail transfer, 53 is the domain name saver and 110 acts as the Post Office Protocol version 3 (Simpson, 2006). In analyzing the services currently running for the Alexander Rocco Corporation, the ports being used must be keenly looked at to enhance the recovery of the ways to be used to curb the vulnerabilities. Challenge 3 Ethics and morality most so in the computer environment more or less revolves around the same thing that is ethics being a moral philosophy where one makes a moral choice and sticks to it. In our case it refers to the moral guidelines that an individual sticks to when using computers and computers networks including the encryption algorithms. It is unethical and therefore against the law to do the following when it comes to computers and computer networks. An individual should not indulge into using office computers to do personal work, one should never read information not theirs either form email or from a friends networking sites without the friends permissions. Plagiarism which is the use of another persons work from the net without recognizing them is a crime that none should be found committing. As has been recorded in the past from computer crackers and hackers, one should never be found sending any form of computer virus via email to any computer or computer network. One should never hack into the systems of other individuals or organization, at the same time pirated software should never be sold in the market whether at night or at day time (Simpson, 2006). It should be noted that the learning and the reimplementation from open source software is a violation of the licence hence against the law whether morally or legally and it attracts a penalty of more than $25,000 or both. When and algorithm licence expires it ought to be replaced with another given that learning from search open source projects will be regarded as plagiarism. The illegality is also reinforced from the fact that such information is not enforced by the copyright laws. Derived from this, people who posses the ability to break into a hashing algorithm and post their findings into the internet must be arrested and arraigned in court given the extent of the illegality of their acts. The information posted by them is also considered unrefined and unsafe for consumption; this is the highest act of breach of ethics and immorality (Simpson, 2010-03-17). The act by the reporters to post the source codes in the t-shirts was a step in the right direction given that it enhanced awareness on the illegality by the encryptors. It is the encryptors of the DVDs to be taken into account for their wrongful acts and the harm that they cause to the consumers of such information. Any company who realizes they are using illegal software must stop forthwith and report such acts to authorities (Baase, 1997). They should then replace them with those which meet the required standards. It calls for us all to curb this menace of unethical behaviour and immorality in ICT. References Baase, S. (1997). A gift of fire: social, legal, and ethical issues in computing. Upper Saddle River, N.J.: Prentice Hall. Simpson, M. T. (2006). Hands on ethical hacking and network defense. Boston, MA: Thomson Course Technology. Simpson, Michael T. (2010-03-17). Hands-On Ethical Hacking and Network Defense (Pages 368 - 369). Delmar Learning. Kindle Edition. Read More