1 page and 3 sources per question……Please do not use the same source for more than one question.
Please separate the questions with its sources.
Please explain what is ClamXav. (1 page)
Please name and describe two cryptographic techniques. (1 page)
What is the function of a network sniffer? (1 page)
Please describe the structure of the event log header. (1 page)
What is keyword searching? (1 page)
Please explain what is ClamXav?
ClamXav is a well-known Mac OS security application developed by Mark Allan to check for viruses. The app has been developed since 2004 under Sourcefire VRT and has been free to the public ever since. The antivirus software is built on the command-line ClamAV engine which happens to be open source (EC- Council, 2016). Before running the app, it is important to back up all data since the software has a history of moving files on the computer. The software best works on the Mac OS X, PPC Macs 10.3, 10.4 and Intel Macs 10.4. ClamXav functions include monitoring folders, logging results, monitoring changes, and moving files into quarantine. This software differs from other commercial programs since it does not come attached with Android or Windows software (Scharr, 2014). Owners are allowed to choose the files to be scanned hence reducing the workload on the software. One can also schedule their scans to run while they are away or performing other tasks. ClamXav however does not scan through downloaded files in real-time like most antivirus programs. It instead performs better when scanning over storage devices for malicious files. When it finds infected material, it notifies the user and tells the possible threats posed by the infection. A variety of tools are then offered to mitigate the threat. The infected files are mostly put into quarantine as the user determines the best approach to deal with the threat. One can tear the files and delete them depending on their preference. ClamXav functions can also be paused and resumed and they are not overbearing to the OS (Barylick, 2014). Overall, ClamXav is a recommendable Mac OS antivirus since it is free and open source.
Barylick, C. (2014). Advice from an Apple Tech: ClamXav is a valuable troubleshooting tool. Retrieved from https://www.macworld.com/article/2152047/advice-from-an-apple-tech-clamxav-is-a-valuable-troubleshooting-tool.html
EC-Council. (2016). Ethical Hacking nd Countermeasures: Secure Network Operating Systems and Infrastructure. Cengage Learning
Scharr, J. (2014). ClamXav for Mac Review. Retrieved from https://www.tomsguide.com/us/clamxav-mac-security-antivirus,review-2347.html
Please name and describe two cryptographic techniques.
Cryptography is defined as the science of writing in a secret manner to support confidentiality, key exchange, integrity, authenticity and non-repudiation (Kessler, 2020). Two techniques of cryptography are symmetric and asymmetric key cryptography. While symmetric encryption decrypts and encrypts messages using the same key, asymmetric enforces the use of two non-identical keys that are mathematically related. Symmetric cryptography encryption has its roots deep in history since the skill was highly used across military and government communications. Today, the technique is widely used across the world of computers. Symmetric cryptography relies on both the sender and the receiver relying on a single key to write and understand the message (Binance, Undated). The process involves the use of plain texts and cipher texts to decode the hidden message. In some cases, the encryption is too dense such that the cipher text has to be written back to the plain text using the key. For computers, block and stream ciphers are some of the strategies used to decode hidden symmetric key messages. The asymmetric cryptography technique is also regarded as the public key cryptography (Globalsign, Undated). This technique relies on a private key to decrypt and the public key to encrypt messages. The public keys are easily shared but only the user with the private key can create changes or digital signatures. Private keys are not shared and are stored within the user’s computer within the OS or software. Even if public keys are shared, they are usually too large for one to cram their contents and one cannot rely on the data within the public key to compute a private key. No matter the complexity, both symmetric and asymmetric cryptographic techniques are design to protect messages from unauthorized viewers.
Binance. (Undated). What is Symmetric Key Encryption? Retrieved from https://www.binance.vision/security/what-is-symmetric-key-cryptography
Globalsign. (Undated). What is Public key cryptography? Retrieved from https://www.globalsign.com/en/ssl-information-center/what-is-public-key-cryptography
Kessler, Gary. (2020). An Overview of Cryptography. Retrieved from https://www.garykessler.net/library/crypto.html
What is the function of a network sniffer?
A network sniffer involves the use of a software or hardware with the relevant software to monitor the data passing through a network in real time. The software take snapshots of the data passing through the TCP/IP network without making changes to the packets (Mitchell, 2020). Traditionally, such kinds of software were used by professionals, but the availability of the internet has enabled more users to gain access to software’s. This tool can be used over a TCP/IP but in other cases can also work with complex network protocols such as Ethernet frames. There are both negative and positive functions of the tool as it can be used by professionals and hackers alike. Positive functions involve converting data to readable format, analyzing traffic, and recording traffic, showing IP information, capturing packets and decrypting them. It is also possible to acquire the name of the host and server through a network sniffer. As much as the tool serves as a testing program, hackers are known to use the same tools to aid in their malicious activity (Colasoft, Undated). Functions of a network sniffer for a hacker involve catching passwords, gaining high level authority within a network, disrupting network security, reading user information, and recording information. Through the use of this software tool, hackers are able to intercept critical information such as account names, credit ID, username and passwords and steal from unknowing suspects. Also, some modified network sniffers are able to perform modifications on the user’s information hence tampering with integrity. Overall, the main aim of network sniffing is checking for underlying security problems across a computer network (Total Phase, 2017). Identification of such issues aids network security personnel to mitigate the threat before it damages the system.
Mitchell, B. (2020). What is a Network Sniffer? Retrieved from https://www.lifewire.com/definition-of-sniffer-817996
Total Phase. (2017). What is a packet sniffer? Retrievef from https://www.totalphase.com/blog/2017/07/what-is-a-packet-sniffer/
Colasoft. (Undated). Network Sniffer. Retrieved from https://www.colasoft.com/resources/network-sniffer.php
Please describe the structure of the event log header.
Logs are defined as event records detailing the processes that take place within a computer (Loggly, Undated). Through such records, it is possible to identify errors or threats and troubleshoot. Since the logs use formats that are structured, it becomes easy to search and analyze processes from the internet information service, software applications, and operating system. Each event is represented by a header in the form of ELF_LOGFILE_HEADER which is a structure that is updated constantly depending on the frequency of new events being written on the log (Microsoft, 2015). The event log header is written at the beginning of the log to state more information concerning the relevant log. The ReportEvent function is called by a process which triggers an entry to the event log by the event-logging services recording the parameters of the process. There are two means of organizing event logs and they include non-wrapping and wrapping. The non-wrapping technique takes place during the creation or clearance of an event logger. It involves adding new records after the lastly recorded ones while the oldest records appear right below the header (Jacobs, 2018). For the wrapping technique, older records are replaced by new ones. The records are organized in a circular manner where buffing occurs when each new entry occurs. The size of an event log header is fixed whereby applications are supposed to report events to event-logging services for recording to take place in the event log file. Members of an event log header include header size, MaxSize, EndOffset, MinerVersion, MajorVersion, Signature, Flags, CurrentRecordNumber, Flags, StartOffset, Retention and EndHeaderSize. Both live and backup event logs are used whereby live event logs record live processes while backups hold a copy of the live log. Overall, the event log header structure is meant to record information that tells more of the event log.
Jacobs, M. (2018). Event Log File Format. Retrieved from https://docs.microsoft.com/en-us/windows/win32/eventlog/event-log-file-format
Loggly. (Undated). Ultimate guide to logging. Retrieved from https://www.loggly.com/ultimate-guide/windows-logging-basics/
Microsoft. (2015). ELF_LOGFILE_HEADER structure. Retrieved from https://docs.microsoft.com/en-us/windows/win32/eventlog/event-log-file-format
What is keyword searching?
With so much online activity going one, there is the need for people to find what they are looking for at ease. Keyword searching involves the use of phrases or words to aid search engines deliver relevant results to browsers (Brightedge, Undated). There is the use of algorithms to analyze the phrases or words within the search engines to help match the given keywords with available online material. Keywords make up the primary means to working with search engines since the more often one uses a phrase, the more relevant the results become. Unfortunately, there have been cases of people stuffing keywords to manipulate the search engine to find their content which does not align with the query. Over the years, search engines have improved their algorithms and are able to filter content to improve relevancy. However, the use of too many keywords may confuse the search engine while the use of fewer words may give a vast range of results (Pearanalytics, 2010). Keyword searching is executed over the URL, Bold or Italicized, Meta description, Image filenames, Body Content, H1 tag, and Title Tag. If the keywords being searched fall within more of the categories, then the likelihood of receiving relevant results increases. The function of keyword searching has been taken advantage of by digital marketers who intend to improve online marketing. Keywords have the ability to determine what a business is known for and hence draw people to their websites (Patel, 2020). Through the use of the right keywords, businesses are also able to keep up with the latest trends since they appear at the top of the latest searches. Integrating relevant keywords to content ensures that searches match up with the current Search Engine Optimization trends.
Brightedge. (Undated). Why are Keywords Important? Retrieved from https://www.brightedge.com/glossary/importance-of-keywords
Patel, N. (2020). Why Keyword Research is the Most Important Part of Digital Marketing. Retrieved from https://neilpatel.com/blog/keyword-research-important-part-digital-marketing/
Pearanalytics. (2010). Why Keyword Relevancy is So Impprtant. Retrieved from https://pearanalytics.com/why-keyword-relevancy-is-important/