Four Fundamental Cyber Security Components - Essay Example

?Cyber security is said to be a big issue for business costing not only lost revenue but damaged reputations and lost custom. Your task is to investigate the need for cyber security and analyze the threats from which it protects business. Name: Course: Tutor: Date: Executive summary This paper gives a detailed report on investigation on the need for cyber security and analyzes the threats from which it protects business. Cyber security is indeed a big issue for business costing not only lost revenue but damaged reputations and lost custom due. There are four key factors that are critical in cyber security. This is information confidentiality, integrity authenticity and availability. Any cyber security program strives to ensure these four fundamental cyber security components. Information confidentiality enables the organization’s sensitive information to be a secret so that it does not fall into the hands of unauthorized persons for example the competitors. Information integrity ensures that the data that is stored is accurate and serves the purpose and is always up to date. Data availability enables information to be present any time the organization required. This is by preventing any vulnerability for example denial of service. This can give the competitor firm an avenue of bringing down the company by capitalizing on the weakness of the other company and at the same time enhancing its strength. The investigation was conducted by administering questionnaire to cyber security experts of various organizations. Interviews were also conducted with CISO of both business and non profit organizations. In addition, a thorough review of the existing literature on cyber threats and cyber security was conducted. Table of Contents Cyber security is said to be a big issue for business costing not only lost revenue but damaged reputations and lost custom. Your task is to investigate the need for cyber security and analyze the threats from which it protects business. 1 Name: 1 Course: 1 Tutor: 1 Date: 1 Table of Contents 3 Findings and Analysis 4 Threats targeting infrastructure (Invalidated input) 4 Threats targeting the user system access rights (broken access control attacks) 6 Other forms of attack 12 Conclusions 13 Recommendations 14 Appendices 17 Introduction The cyber security is a critical factor that underpins the security of an organization. A cyber security is a basis or the foundation of organization’s security for its information assets. Cyber attacks are a deliberate or unintentional unauthorized task, which cannot be avoided or is in avoidable that that is capable of causing a vagary on the cyberspace resources. The scope of cyber attack is expands from hardware, software, data that is stored, data in transit, people, documents and other hardware needed like printer cartridges. Findings and Analysis The organization information system is a critical asset that calls for utmost security. For instance, employee’s personal identification information, development plan and financial data are very critical to an organization. This information can fall into two broad categories. There are information that are secured or protected by the state and federal law and those that are based on contractual obligation (Jue 2012). The deliberate or accidental exposure of this information to illegal personnel can be detrimental to the university. The different types of attack that are detriment to cyber security are Threats targeting infrastructure (Invalidated input) Problem and situation The most prevalent threat to client computers is Keylogging and spyware. This is a malware that is built to illegally obtain, track and block the right of a user to get access to the system. An example of this attack is where someone or an individual tries to log on to the system or a website like an email account but the system or the site fails to authenticate the user. This threat is related to backdoor attack command. These are weapons that give remote access that are created to divert the functionality of the system. Physical theft of assets such as software, hardware and networking devices is another attack that can lead to denial of service. An example of this is where the network cables of a certain internet providing company are stolen every forth night. This resulted into the clients switching to the competing service provider. It was later realized that the loss of network cables were aided by the other competing company. There is another new form of attack called ram scraper, this is a program or virus that targets the data that is contained in the ram with the intention of modifying it before being processed and completely deleting it (Middleton 2005). This form of attack can be prevented by use of very powerful antivirus which can disintegrate the program. In addition, this malware are transferred via the internet therefore any document that is downloaded from the internet must be scanned for virus. Solution To prevent this system administrators should establish a mechanism where if the user complaints of such issue the system should prompt the user by asking some questions relating to the account. The only way of preventing physical attack is by ensuring physical security of the laid network devices are protected from any attack like theft since breakdown in the physical network setup leads to denial of service. Evaluation- all the attack mentioned in this section can be categorized under Denial-of-Service Attack since they all target drives at stopping the user of the system or even the network from getting the intended service. Threats targeting the user system access rights (broken access control attacks) Problem and situation One of the threats that target the user system access right is Abuse of system access rights. This kind of attack is mostly executed by the employees in a company in and intention of vengeance or sabotage. Detecting such issue is cumbersome since the intrusion will be taking place internally and hence task tracking may be a challenge. The employees use his or her right to access the system to make alteration and modification of data with the intension of financial gains for example in an employee in the IT department of a water providing company can reduce the consumption figures of some specific accounts then liaise with the holders of those accounts for payment. The second is unauthorized access via default credential. This threat mostly affects the system users who give commonly known username and password as default credential. A good example of this attack is where the system administrator in an institution put the name of the college as both username and password. This is very vulnerable to attackers because they capitalized on brute force attack. Third is violation of acceptable system user policies. In some companies, the system once logged in by the user will remain on till logged out. A user can negligently abandon the system while logged in and go out, this can give an opportunity to unauthorized person to access the system and facilitate any harmful event like altering the data with the intention of causing an embarrassment to the company or the owner. An example of this is where somebody forgets to log out from his email account and another person comes and send abusive or vulgar mails to some group of people. This can be detriment to the user’s attribute because everybody believes that the message comes from the rightful owner of the account. Another situation, which targets user system, is unauthorized access via weak ACLs or wrong configuration of an ACL (access control list). This gives a loop hole to attackers to get access to the system and perform destructive task that can hinder the operation of a system or complete denial of services. The other situation is brute-force attack where someone with an intention of hacking the system tries a large number of usernames and passwords till he get the correct one. In addition, there software that is able to calculate the password by iterating through a very large database of credential details to come up with the correct password. Some attackers have universal password which crack all other passwords (Rittinghouse,2009). Another very dangerous situation is where somebody’s credential are stolen and used to gain unauthorized access to the system by pretending to be the owner of those credential details. An example is where robbers takes the visa card of and individual and demands for the credential. They will then use this to withdraw cash from the ATM machines. Another example is where an employee in a bank steal his fellow employee’s username and password then use it to access the system then make fund transfer. The owner of that credentials will suffer without knowing the culprit since this attack also originate from inside the organization and hence difficult to detect. Solution and evaluation To stop this kind of digital attack, the company should put in place a tracking system which will compare each consumption figure with the average of the previous five or more months and hence gives an approximate value. In addition, the data security manager should utilize the advantages that the windows active directory has (Yar 2006). The Microsoft windows group policy is applied in grouping the different categories of users that are suppose to get access to some particular information. It is a key component that gives specific setups for particular group of users. To avoid this, the default credential should be unique as in; it should not be related to the name of the institution or the company ( Wall 2009). Weak access credential and brute force attack can be eliminated by ensuring that employee that uses the system must log on using a user name and password that expires every two weeks and should be renewed by making a request so that the administrator is aware. To stop this attack, the system developers should limit the number of attempt that one can enter the password before the system completely block. This can be enabled by using the GPO in the active directory where the system block by either redirecting the user interface of the system or completely hide. It can also make the form inactive or ask for verification using related questions Violation of acceptable system user policies can be eliminated by having in place effective user policy document and creating awareness on the importance of strictly observing organization’s user policy. The employees should be careful on how to use the system by ensuring that the log out process has been affected anytime you can to quit from using the system. Unauthorized access via weak ACLs or wrong configuration of an ACL can be prevented by basically ensuring that all access control is strongly and rightly configured and in case of any incident of attack. On the other hand, theft of user login credential can be prevented by use of built-in fingerprint scanners that are integrated in the ATM machine. This has the ability to learn the user’s fingerprint so that anytime you need to log in, you identify yourself by placing you finger on the scanner and the laptop boots. (Salomon 2007). Evaluation Critical evaluation of the above threats reveals that all the above attacks can be classified as Broken Access Control are all the attacks that targets the authentication of a user like credential theft, unauthorized access via default credential and brute-force attack. Some are Broken Authentication and Session Management though taken as a sensitive attack can be disastrous if the involved field is sensitive like the case of bank where finance can be transfers without the knowledge of the Threats targeting data and information on transit and Internet related Threats Problems and situation The most prevalent affects the data and information on transit is packet sniffing. Packet sniffing is a threat where the attacker monitors and collects the data in the network. The attacker can modify this data and send wrong data to the recipient or can divert the data causing denial of service. A situation where by the policy information or business transaction information of a company that is suppose to reach the stakeholders are redirected and send to the competing firm is a very good illustration. This can compromise data and information security in their business system in terms of confidentiality, integrity and availability. One of the internet related attack is social engineering. This is another attack that is more complicated since its origin is from the innocent person. This is a technique where the person is tricked into performing a computer operation that is harmful. The culprit can seduce the user for exampling telling him or her benefit that the person will get when he does such an activity. This method is mostly used by competitor firms where they convince the employee of the other competing firm to disclose information that is suppose to the top secret of the company. SQL injection is a unique attack that targets the web pages of the system application. It cuts down the communication between the database and the system application interface. This attack is common in organization where system implementation is taking place. An example is a situation where an attacker alters the name of the database and hence disconnects it from the user interface. In some situations, attacker uses authentication bypass methods where he or she can get access to the system without having to enter the credentials in order to authenticate him/her. This can be through a different IP address that routes the attacker via other links until he get access to the same system. Phishing is another form of social engineering which the attacker makes use of electronic communication to convince the person whom he is communicating to give the information that is supposed to be an intellectual property of the company (Rosenberg 2006). An example is where fraudster lures somebody to invest in business that does not exist with intention of defrauding that person in terms of finance. It can be eliminated by having in place the system that is records the identity details of that person so that tracking can be facilitated The key way of ensuring security of data and information on transit is making sure that the laid networks devices are protected from any vulnerable attack like theft since breakdown in the physical network setup weakness give an opportunity to attackers. Ensuring that the intellectual property is secured is a significant factor. This is by using VPN and secure sockets layers to ensure data confidentiality, integrity and non-repudiation (Trevor, 2011) The best measure that can be used to curb this is Practicing the principle of least privilege (PoLP) by limiting the number of the people who has the right to manipulate the database activates and also the punishment that individual that uses a computer to physically hurt another person or tries to commit a felony with an aid of a computer is made severe. Authentication bypass can be eliminated using Proxy authorship. In Proxy authorship the individual identity details are recorded and well documented. In case of any attack, the culprit can be identified. The action makes one fear to engage in any fraudulent activity because tracking. Although this method is very hard to completely eliminate, its vulnerability can be stopped by use of firewall to filter the information that is outsourced to the public domain. Use of firewall is also necessary because there are some information that are supposed to be know by the management only hence the information that the other employees get should be filtered. In their network, there should be two firewalls: enterprise firewall and DMZ firewall that are used to facilitate data confidentiality by filtering the information that the some employee’s access. Evaluation Critical evaluation reveals that, the major social network treats that affects other businesses are phishing and reputation risk and foot printing and information gathering. The primary reason is that the computers that are used by employee while doing the business transaction are the same they use to access the social network. For example a link can be posted on facebook that when an employee tries to follow, it can contain a virus that can affect the computer. An attacker can just gather the information about the company through business social network site and use that to damage the reputation of the company. To avoid all this businesses need to manage their social network at all cost (Malik 2007) Other forms of attack There are other cyber threats which cannot be classified under the above categories but there were profound during the investigation. These include electronic attack where electromagnetic energy is used to attack the user or assets with the intention of destroying the functioning of the system by either jamming or deception. It can be stopped by putting in place protective gears that barricade electromagnetic radiations. Attack on cars-the computerized devices that the car uses can be disabled by an attacking program. An example is where the driver’s input is ignored for example disabling brakes and stopping the engine. Can be stop by protecting the code not to get into the hands of unauthorized people. Social network attacks-this are virus and Trojan horses that takes one identity information. The latest are the ones that navigate the whole social network with the intention of obtaining and sending your social live information and hence expose to risk of social network-based pests. This risk can be eliminated using high level of proxy authorship. Webcam hacking-this are Trojan program that can run the webcam in the laptop. It will take photos and videos of the user and send via internet. Example is where VIP private life activities are exposed without his knowledge via this attack. To eliminate this, the webcam should have a shutter. Medical device attacks- this is where the culprit send an attacking code that hinders the functionality of life saving devices. This attack can be prevented by ensuring that the code for embedded software that run these devices are kept as intellectual; property. The other attack is the one that targets the iPhones and cell phones that uses adroid operating system including VOIP. The attacker capitalizes on the weaknesses of having to zip the content of the program to enable it to be accommodated by the small memory. This is because the program neglects some coding that though not a must is needed to ensure maximum security of the data. (Cardwell 2007). Conclusions In an organization, it is not only the staff or the employees that specialized in data security that has the responsibility of ensuring that data is secured? Each and every employee in the organization has the responsibility of ensuring the information security. From the investigation above, it is evident that most cyber criminal targets the system access. This implies that the best way in ensuring cyber security in business organization and at the same time being economical to the company is by investing it the team’s technology. Technology is very dynamic and new things come every other time. When a principle instructs the vendor to direct or educate the employees on information system security the concerned employees feel that their contribution to the company is valued. This will encourage them to learn more and even be careful while handling the information system and also eliminate a situation whereby security is avoided since the security staff mistrusts the rest of the staff (Salomon, 2007). There is need for government to enforcement of cyber security act has helped the citizens or businesses to regain the glory of data and information privacy. The fear of one’s information getting into the hands of unauthorized individual will drastically reduced due to enforcement of severe penalties to any person found breaching this right. In addition, it has enabled more secure computerized financial transaction which had become a nightmare. With the enforcement of this law, the use of information technology has become better (Theohary 126) Recommendations I recommend that the guidelines on computer related crimes should be reviewed and amendment. This is to address the issue related handling the cyber crime culprits. Organizations need to visualize the severity magnitude of the crime and the rate at which such crime increases and hence the necessity of effective measure. They are also required to put into mind the consequences that are brought about by such crime considering the fact that the frauds that are computer related is through a very advanced technology (Wiles & Cardwell 2007). The bridge of privacy right, the intention of a crime for example denial of service and the monetary gain that one can get by engaging in a cyber related crime cannot be underrated. The vulnerability that the security of a nation, information about one’s health and sensitive infrastructure are exposed is critical enough to warrant a review of the laws governing computer use (BiblioBazaar 2009). The major sections that need amendment include sections 101A which mandates the body in charge to submit a report to the national congress on any undertaking and proposed punishment. The second is sections 102 and 103 which demanded that any entity that belongs to the government should be made open via service providers who provide electronic communication and any disclosure made should not be with an ill intention. It also demanded in section 104 for national data center where there will be maximum data security infrastructure and sophisticated tools for threat detection, fraud investigation and appropriate measures to protect sensitive information such as those for hospitals and the government. They should also impose a ban in the spread of material that can corrupt individuals mind such as pornography via the internet and any communication media in section 105 (Choi 2008) References BiblioBazaar, 2009, Cybersecurity Enhancement Act Of 2009, BiblioBazaar. Choi, L. 2008, Cybersecurity and homeland security, Nova Publisher. Lingihn, S. 2011, Cybersecurity Enhancement Act,General Books LLC. Theohary, C. 2011, Cybersecurity: Current legislation, executive branch initiatives,DIANE Publishing. Middleton, B. 2005, Cybercrime investigator's field guide,Auerbach Publications. Ransome, J & Rittinghouse J. 2009, VoIP security, Digital Press. Rosenberg, R. 2006, The social impact of computer, Emerald Group Publishing. Salomon, D. 2007, Data privacy and security. Springer. Trevor, J. 2011, Cyber Attack: Improving Prevention and Prosecution" Hearing Before the Subcommittee on Technology, Terrorism. General Books. Wall, D. 2009,Crime and the Internet, Routledge. Wiles, J., & Cardwell, K. 2007, The best damn cybercrime and digital forensics book period. Syngress. Yar, M.2006, Cybercrime and society, SAGE. Appendices Appendix 1-Man-in-the middle attack Appendix 2- packet sniffing Appendix 3: top five cyber threats according to homeland security report 2013. Appendix 4: Advanced Cyber Threats Evade Perimeters, Must Be Detected in the Network Interior. Read More