Network Security Failure Cases - Research Paper Example

? Network Security Failure Case Studies Network Security Failure Case Studies Introduction The advent ofcomputer technology and internet has changed the mode of life for humans. It is due to these inventions that mankind has witnessed remarkable conveniences, alongside excessive threats to the security of individuals and company’s intellectual assets. Just as technology improves to provide greater security and access control measures, malicious intent users, like hackers and intruders, also get more technologically smart. Numerous instances have been recorded in recent history that have compromised the security of individuals and companies and have cost them hefty amounts. Such two instances have been discussed in the paper, along with the probable reasons of the security breach and preventive measures that should be taken for such matters in the future. 2. Sony PS3 Security Breach Sony Online Entertainment (PlayStation Network) is one of the market leaders in providing online games to its users around the world. Many users subscribe to the service to purchase games and online activities. In April 2011, the company faced a major setback regarding their service and data assets. The impact was so massive that they failed to offer their services even after two weeks of the incident. 2.1 Nature of the Attack Sony PlayStation network experienced denial of service attacks from one or more cybercriminals in April, 2011. According to Stuart and Arthur (2011a); the extravagance of the denial-of-service attacks occupied the company to such a great extent that another on-going attack went unnoticed by the authorities, i.e. cybercriminals were also trying to attempt the intrusion attack around that same time. Another aspect that seems evident from the data theft activities is that the sophistication and extensive planning of the attack made it undetectable. Two weeks later, the company realized that their data assets had also been stolen from Sony Entertainment Online multiplayer domain. The intruders gained access to $77 million records of the customers of the company that had their names, postal addresses, email addresses, credit card information and birthdates. Later, the company admitted that more than $25 million had also been stolen from an outdated database of 2007 that contained data of similar nature. The massive theft of credit card information and personal information are feared to result in catastrophic instances of identity thefts and other misuse of data for a long period of time. Arthur (2011) provided the information that the data server, that contained information from the year 2007, was known to constitute of records of international users from Austria, Germany and few other countries. Therefore, this attack has not only threatened the image of Sony in the local markets, but also internationally. 2.2 Causes of the Attack Batty (2011) reported the information that an unknown file named ‘Anonymous’ was found on one of their servers that had a message to warn the authorities about more attacks. This proves that the intruders had successfully gained access of their servers and systems and therefore managed to copy millions of data records for their use. The means of gaining access or intrusion in the systems can be based on multiple factors. Some of the most probable ones have been discussed below: Some employees might not be aware of the security policies that are supposed to be followed to safeguard the security of the data assets of the company; hence their negligence caused the exposure of sensitive login information. Hackers may have targeted some employees’ systems and sent them spam, phishing emails or advertisement links on social networks to lead the employees to a compromised source. Upon the download of any malicious attachments or entry at unauthentic websites, the malicious software is automatically transferred to the system of the user (with or without the knowledge of the user). This software can perform automated malicious activities or acquire access rights of the system for the intruder. Remote Access Tools (RATs) are commonly used to download malicious software in the user’s system in an automated mode. Symantec Corporation (2010) highlighted another innovative method that is commonly adopted by hackers and intruders; the analysis of the URL of the company’s website. The hackers insert instructions in the URL such that malicious software is downloaded at the desired servers, thereby providing access to the data. This method can prove to be very effective since it reduces the chances of being detected by the administrator. Any of the above mentioned instances could have been the reason of granting access to the intruders who copied millions of data records to an unknown location. However, Symantec Corporation (2010) provided a comprehensive explanation of the phases that all of such data thefts undergo; incursion (intervention in the system), discovery (searches for desired data), capture (required data is captured) and exfiltration (data is sent back to a location for the intruders). Figure 1: Phases of intrusion activities (Symantec Corporation, 2010) Stuart and Arthur (2011b) stated that Sony has been criticized for another misconduct regarding the theft of valuable customer records; the data records were not stored in an encrypted format. This aspect makes it easier for the hackers to use the data in different spiteful activities as it would not require any decoding. Encryption of data would have inhibited the use of the data records in activities such as identity thefts, online shopping etc. 2.3 Prevention Strategy for Future Attacks The security policies and procedures should be communicated repeatedly at all levels to reduce any chances of negligence from the employees. All the hosts’ systems should be equipped with effective intrusion detection systems to alert the concerned personnel about instances of any malicious activity. A large company, like Sony, must have installed their systems with intrusion detection systems; however, a common act of negligence is observed when the systems are not updated with the latest patches and versions of the software applications. These updates reduce the threats of latest security breaches in the market. Another recommendation for Sony is to keep their records in encrypted formats on the data storage servers to reduce the chances of usage of the information even if it is stolen. Sony PlayStation data theft is considered to be massive since all of the credit cards were genuine and had been used in online transactions before. This kind of genuine information is more likely to be used in identity thefts and credit card frauds. The data would have proved to be irrelevant for the hackers if an effective encoding algorithm would have been used to encrypt the data. Another factor should be considered regarding the encoding of data; even the outdated data server should be kept in encoded formats to keep the old customers’ data secure from security threats. 3. Worm Attack Another attack that has been witnessed at a greater frequency around the world is the worm attack. Viruses are known to attach to some software application to cause harm to the system, whereas worms are considered to be more dangerous and destructive as they do not depend on any other software application. They are self-contained applications that contain code of malicious intent. It may replicate itself on a single computer and spread across the whole network. Worms have known to consume internal memory space and network bandwidth to shut down the service or make it very slow. Schell and Martin (2010) explained that worms are also known to infect a system with Trojan that can make a host act like a zombie to send spam or other spiteful activities. 3.1 Nature of the Attack In 2009, the world underwent a major worm attack which was recorded to be worst of its kind after many years. The degree of the worm attack was so enormous that it infected around 9 million PCs in just a matter of 15 days. The name of the worm was Downadup. Security companies, like Symantec Corp, had warned the users about a potential security threat prevailing in the networks two months before the attack. This was the first alarm regarding the Downadup attack. After a few days, Microsoft also realized the probable threats in the networks and later, Downadup worm attack eventually initiated in Jan 2009. Keizer (2009) stated in his article on January 16 that the replication rate of this worm was very fast-paced since it infected 1.1 million PCs in only a single day. 3.2 Causes of the Attack Philips (2009) stated that the Downadup worm attack was more powerful as compared to other worms in the past since it mainly adopted a three-way attack strategy. One of the ways to spread the infection was to make use of the software bug that was resolved in 2008 by Microsoft; the bug was present in a file sharing service and was resolved by means of a patch few months before the worm attack. Any malicious intent data packet could be remotely sent to a PC that had not been updated with the required patch. Microsoft had also confirmed this form of attack and stated that the un-patched PCs were at risk the most. The other approach involved the brute force password attack strategy in which the attacker enters password combinations exhaustively till he achieves his purpose. According to Keizer (2009) in his article on January 20th; upon the infection of a single computer in an organizational network, the worm used to apply the brute force password approach on the administrative rights systems with the aim to gain access to the whole network. With the adoption of this approach, even the systems that had been updated with the Microsoft patch became vulnerable to the worm attack. An innovative approach and algorithm was used to spread the worm across the websites and social media platforms. The Blog Herald (2009) explained the procedure that the Downadup worm adopted for its exponential spread on the websites; The malicious application searched for an active web server from numerous addresses. Upon finding an active web server, it downloaded the application that had been programmed to perform malicious activities. The websites were not restricted to a set of defined domains. On the contrary, new domain names were created by the worm every day on the basis of timestamps from different sources, like Google.com. The random selection of domain names made it even more difficult to contain the damage of the Downadup worm. It targeted the domain names that were not even registered, thereby making the infections almost impossible to detect. Keizer (2009) pointed out in his article on January 20 that another means of spreading the infection involved the replication of the worm on removable devices like USB flash drives, memory sticks and cameras. The infected system used to copy a file “autorun.inf” in the main directory of the USB. Windows tends to auto-run the removable devices as soon as they are plugged in the system; therefore the systems used to get infected with the auto-run of the malicious application upon the insertion of the devices in the systems. Different purposes of this massive attack were concluded; the formation of an extensive botnet, theft of information like login details, personal details from the users’ systems. The probable reasons of the spread of the worm attack involved the negligence of the users in getting their systems updated with the latest patches of operating systems. Another major source was the interactive nature of the modern web that attracts users towards different forms of products and services; users tend to opt for unreliable and unauthentic advertisements that cause the spread of worms. 3.3 Prevention Strategies for Future Attacks The foremost prevention strategy that should be adopted by users is to keep their systems updated with the latest patches since it reduces the chances of intrusions and infections by a significant degree. Passwords should always be kept as a result of careful analysis and thought process to ensure that automated software application and malicious codes would not be able to guess them. This aspect should be stressed even more for systems that are possessed with administrative rights of a network since any type of negligence (with respect to keeping the password) can result in sacrificing the security of an extensive network. Besides keeping strong passwords, they should also be changed at regular intervals to ensure greater security and integrity of data. It is also proposed to disable the auto-run and auto-play for USB removable devices to reduce the chances of automated execution of any malicious applications. 4. Conclusions Technology has intervened in the lives of mankind and has made personal data more vulnerable than ever. Numerous instances have been witnessed in the past that have created disastrous conditions for individuals and organizations. Sony PlayStation network intrusion and Downadup worm attack are amongst the prominent ones in the recent history of computer security. Users need to take extensive preventive measures to ensure the security of their intellectual assets and data. References Arthur, C. (2011, May 3), Sony suffers second data breach with theft of 25m more user details, The Guardian. Batty, D. (2011, May 5), As PlayStation Network tries to get back online, Sony points to Anonymous, The Guardian. Keizer, G. (2009, January 16), Amazing worm attack infects 9 million PCs, ComputerWorld, Retrieved from http://www.computerworld.com/s/article/9126205/_Amazing_worm_attack_infects_9_mi llion_PCs Keizer, G. (2009, January 20), FAQ: How to protect your PC against the Downadup worm, ComputerWorld, Retrieved from http://www.computerworld.com/s/article/9126349/FAQ_How_to_protect_your_PC_agai nst_the_Downadup_worm?taxonomyId=17&pageNumber=1 Philips, E. (2009), How did Downadup infect my PC?, Retrieved from http://www.downadup.com/what-virus-downadup.php#ixzz1M6yBf7a9, Schell, B., Martin, C. (2010) Worm, Webster's New World Hacker Dictionary, Retrieved from http://computer.yourdictionary.com/worm# Stuart, K., Arthur, C. (2011a, April 27), PlayStation Network hack: why it took Sony seven days to tell the world, The Guardian. Stuart, K., Arthur, C. (2011b, April 27), PlayStation Network users fear identity theft after major data leak, The Guardian. Symantec Corporation, (2010), Anatomy of an attack: Types of hacker attacks and techniques, Retrieved from http://viewer.bitpipe.com/viewer/viewDocument.do?accessId=14614132 The Blog Herald, (2009, January 21), Downadup Spreads – Infects 1 in 16 PCs, Retrieved from http://www.blogherald.com/2009/01/21/downadup-spreads-infects-1-in-16-pcs/ Read More