Beware of Social Engineering Attacks

We admit the real fact today, most of us people depend our lives on social media like Facebook, Instagram, Twitter, and Tumblr among others.

As we hook ourselves on social media sites, most of us unconsciously or deliberately forget to protect our privacy and we post all details of our personal information and daily routine of our lives.

Mostly people are using social media as their diary, posting their every minute day-to-day life from waking up in the morning until bedtime in the evening.

Social media is very useful to get information for personal gains, sharing and getting news updates but very risky when it comes to giving out your personal information especially when engaging with on-line sellers and always make sure you only deal with legits and not scammers.

We cannot really stop scammers use the social media like facebook, twitter, instagram, and others but I think the best way is we have to control (stop) ourselves sharing our personal information such as location, bank/credit card accounts, passwords, etc.

Not to mention those deliberate attacks to sneak in to your private life and steal your personal media files and ruin your lives by spreading some ‘scandalous videos and photos’.

I think the best way to prevent social media attacks is to know what these attacks are:

Phishing – this is the most common social media attacks using emails, social media at instant messaging and SMS to trick victims to provide sensitive information or visiting malicious URL.

Watering Hole – this type of attack consists of injecting malicious codes into the public web pages of a site that the targets used to visit. The method of injection is commonly used by cyber criminals and hackers. Once a victim visits the page on the compromised website a backdoor trojan is installed on his computer. This method is used for cybere espionage operation or state-sponsored attacks.

Whaling Attack – this is an evolution method of phishing attacks using sophisticated social engineering techniques to steal confidential information, personal data, access credentials. 

Pretexting – the term itself indicates the practice of presenting oneself as someone else to obtain private information by creating fake identity and use it to manipulate the receipt of information.

More information on social engineering attacks: https://resources.infosecinstitute.com/common-social-engineering-attacks/#gref 

 

IT Talk: The RS 5-Layer Computer Network Model

This was submitted to Google’s On-Line Course on IT Support Specialist (The Bits and Bytes of Computer Networking) Peer-Grade of 100%)

Let’s take a look what happens at the 5-Layer Network with two networks connected to the same router establishing a TCP connection. In this 5-Layer Network model, the description includes the detailed explanation of the physical layer, data link layer, network layer, transport layer, MAC address, IP address, TCP port, checksum check, routing table and TTL or Time To Live.

I have two networks – Network R and Network S. Network R has the address space of 9.168.130.0/24 while Network S has an address space of 124.119.132.0/24. Network R and Network S are both connected to the same Router T with an interface configured with an IP of 9.168.130.1 on Network R, and an interface at 124.119.132.254 on Network S.

Now, I am connecting a desktop I labelled Computer 1 in my office as the client and part of Network R with an IP address of 9.168.130.100 and another computer on Network S as a server in the IT Department referred to as Computer 2 with an assigned IP address of 124.119.132.100 with a web server listening on Port 80.

Sitting in my office and I need some data from the IT department in another location (node/network) using my PC as Computer 1 as an end user. This is the fastest way to get data using the computer network. I opened a browser and typed in 124.119.132.100 into the address bar. The web browser communicates with the local networking stack, part of the operating system responsible for handling networking functions.

In this process, the web browser is trying to establish a TCP connection to 124.119.132.100 at Port 80. As expected the networking stack will examine its own subnet. It sees that it lives on the Network R with address 9.168.130.0/24 which means that the destination 124.119.132.100 is on another Network S.

Then my PC identified as Computer 1 knows that it has to send data to its gateway configured as 9.168.130.1 for routing to a remote network. After this, Computer 1 will look at its ARP table to determine what MAC address of 9.168.130.1 is, but it doesn’t find any corresponding entry. It’s about time that Computer 1 crafts an ARP request for an IP address 9.168.130.1, which it sends to the hardware broadcast address of all Fs (FF:FF:FF:FF:FF:FF).

Eventually, this ARP discovery request is sent to every node on the local network, and when Router T receives the ARP message from Computer 1 with assigned IP address 9.168.130.1, it immediately responds to let Computer 1 knows about its own MAC address 00:11:22:33:44:55. Upon receiving this response and knowing its hardware address of its gateway and it’s now ready to start constructing the outbound packet.

My Personal PC which is Computer 1 has been asked by the web browser to form an outbound TCP connection, and outbound TCP port is needed. This the role of the operating system, identifying the ephemeral port of 50000 as available, then opens a socket connecting the browser to the port. The networking stack knows this as TCP connection already before it can actually transmits any of the data being asked by the web browser, and the connection must be established first.

Then after this, the networking stack starts to build a TCP segment, fills in all the appropriate fields in the header which includes a source port of 50000 and the destination port of 80, then a sequence number is chosen and is used to fill in the sequence number field.

Now, it is expected that the SYN flag is set, checksum for the segment is calculated and written to the checksum field. The TCP segment will pass along the IP layer of the networking stack, then constructing an IP header, the header is filled in with the source IP, the destination IP and TTL of 64. The TCP segment is inserted as the data payload for the IP datagram, then the checksum is being calculated and the constructed IP datagram needs to get to Computer 1’s gateway which has a MAC address of 00:11:22:33:44:55 and an Ethernet Datagram is constructed.

Then all fields must be filled with the appropriate data, most notably, the source and destination MAC addresses and finally the IP datagram is now inserted as the data payload of the Etherenet frame, and another Checksum is being calculated. Now we have an entire Ethernet frame ready to be sent across the physical layer.

Next, the network interface connected to Computer 1 sends the binary data as modulations of the voltage of an electrical current running across a CAT6 cable, which connects my PC and a network switch, that receives the frame and inspects the destination MAC address.

The network switch knows which its interfaces this MAC address is attached to, and forwards the frame across only the cable connected to this interface. The Router T can receive the frame and recognizes its own hardware address as the destination of the frame being sent.

Now, Router T takes the whole Ethernet frame encapsulation and calculates a checksum, comparing this with the checksum in the Ethernet frame header and if it matches, this means that all the data is CORRECT. Then it inspects the destination IP address and performs a lookup of this destination in the routing table.

After this, when Router T sees that every detail of the data is in order, then it’s ready to be sent to the Network S 124.119.132.0/24 with the destination address of Computer 2 124.119.132.100 on a locally connected network, then decrements the TTL by 1, then it calculates a new checksum, and creates a new IP datagram, then encapsulated by an Ethernet frame.

Then. the Ethernet frame is being sent out onto Network S and a switch ensures it gets sent out of the interface that Computer 2 is connected to. Computer 2 with IP address 124.119.132.100 immediately receives the Ethernet frame, identifies its own MAC address as the destination, and knows it’s intended for itself, then strips away the Ethernet frame, leaving it with the IP datagram, performs a CRC and recognizes that the date has been delivered intact.

After which, Computer 2 examines the destination IP address and recognizes that as its own, strips away the IP datagram, leaving it with the TCP segment and again, the checksum for this layer is examined, and everything checks out. Then Computer 2 examines the destination port 80 and the networking stack in computer 2 checks to ensure that there’s an open socket on port 80 which is in the listen state and held again by a web browser.

Upon seeing that this packet has the SYN flag set, Computer 2 examines the sequence number and stores it, since it will need to put that sequence number in the acknowledgment field once it crafts the response. After all of this, then it must get a single TCP segment containing a SYN flag from Computer 1 to Computer 2 then send the latter send back a SYN-ACK response to Computer 1 then after the same procedure has been completed, it will send back to Computer 2 an ACK flag.

This is I think a very detailed process of computer networking with my personal Computer 1 on Network R and Computer 2 on Network S on the other end connected to one Router T.