Network security and encryption is also a concern of a network administrator. Ma
ID: 3877566 • Letter: N
Question
Network security and encryption is also a concern of a network administrator. Many encryption schemes are based on number theory and prime numbers; for example, RSA encryption. These methods rely on the difficulty of computing and testing large prime numbers. (A prime number is a number that has no divisor except for itself and 1.)
For example, in RSA encryption, one must choose two prime numbers, p and q; these numbers are private but their product, z = pq, is public. For this scheme to work, it is important that one cannot easily find p or q given z, which is why p and q are generally large numbers.
Choose an example of p and q and compute their product z. Justify your selection.
Assume that you wish to make a risk assessment and you wish to determine how probable it may be for a hacker to determine p and q from z. You wish to use discrete probability for this computation. For the sake of example, you choose to assess z = 502,560,410,469,881. Say that a hacker will attempt to find p and thus q by randomly selecting a potential divisor and testing to see if it divides 502,560,410,469,881. (You know that p = 15,485,867 and q = 32,452,843, but the hacker does not.) For example, the hacker may choose 1021; however, upon inspection the hacker will see that 1021 does not divide z.
For all questions below, please show all your work and/or justify your answers.
Given this problem, what is the sample space of the problem? Hint: In this context, the sample space is the set of all possible values that the hacker may select.
Given the sample space defined above, what events correspond to a successful guess by the hacker? Hint: An event is a subset of the sample space.
Given the above, what is the probability that the hacker will successfully guess p and/or q?
Assume the hacker selects five numbers to test.
What is the probability that all five attempts will fail? Show your work.
What is the probability that one of the five attempts will succeed? Show your work.
Explanation / Answer
Basic Data Breach Types and Prevention
DNS mocking outline
DNS Spoofing
A bargained DNS record, or "harmed reserve," can restore a vindictive answer from the DNS server, sending a clueless guest to an assailant's site. This empowers aggressors to take client certifications and take responsibility for accounts.
Cloudflare Solution
DNSSEC checks DNS records utilizing cryptographic marks. By checking the mark related with a record, DNS resolvers can confirm that the asked for data originates from its legitimate name server and not a man-in-the-center aggressor.
Snooping Data chart
Snooping of Data In-Transit
Aggressors can catch or "snoop" on decoded client sessions to take delicate client information, including accreditations, for example, passwords or Visas numbers.
Cloudflare Solution
Quick SSL/TLS encryption at the edge of Cloudflare's system, computerized testament administration, and support for the most recent security guidelines empower the protected transmission of touchy client information without dread of presentation.
Beast Force Login Attempts graph
Beast Force Login Attempts
Aggressors can wage "lexicon assaults" via mechanizing logins with dumped qualifications to beast constrain their way through a login-secured page.
Cloudflare Solution
Cloudflare offers granular control through Rate Limiting to recognize and piece hard-to-distinguish assaults at the system edge, characterized by custom decides that set demand edges, timeout periods, and reaction codes.
Vindictive Payload Exploits outline
Vindictive Payload Exploits
Assailants can abuse application vulnerabilities however malignant payloads. The most well-known structures incorporate SQL infusions, cross-site scripting, and remote record considerations. Each of these can uncover touchy information by running pernicious code on applications.
Cloudflare Solution
Naturally sift through ill-conceived activity focusing on the application layer through web application firewall (WAF) rulesets, including GET and POST-based HTTP asks. Empower pre-manufactured rulesets, for example, OWASP Top 10 and Cloudflare application-particular. Fabricate rulesets to determine sorts of movement to square, test, or let through.