Cyber Security - Coursework Example

? Cyber security 02-02 Cyber security According to www.thefreedictionary.com, anything that is at a risk of emotional or physical grievance is vulnerable. Talking about cyber security, vulnerability is a security weakness; anything that can be harmed easily or destroyed effortlessly is said to be ‘vulnerable’. Every now and then new programs are developed and information technology managers are harassed by hackers as their systems are always vulnerable to external threats. In the current age of union of communication and technology, one cannot resist or keep away from being affected by internet, cyber space, cell phones and computers. However as we marvel our lives due to these technologies and feel blessed, we can’t stop thinking about our own security and safety over the cyber space. Either it be physical security, personal information security or security of our computer’s hardware and soft ware, we are concerned about our safety. Then what basically is cyber security? It is guarding your physical and personal data from any vulnerability such as a digital asset accumulated in your computer, hard disk or any of the memory drives. (Cyber Security (2010)) Firstly, you need to search that what kinds of vulnerabilities you can meet on the internet and what should you do to counter them. There are many distinct types of vulnerabilities and each one of them is serious in its own sense and asks for solutions to overcome it. The higher the vulnerability is, the more complicated or intricate measure would be taken to implement security measures to protect your own self. Beginning from plain malicious codes or malware to grave viruses which can erase all the data on your computers or gulp all the contents of your windows; hackers can utilize your personal data for their deceitful purposes. These are risks that if not properly addressed can create acute problems for you. (Cyber Security (2010)) Often these malicious codes or spyware get into your computer when you enter a new website or open an unknown mail. Every application has some loop holes which are identified by hackers and then it becomes easier for them to exploit your programs. They get access to these files and copy and harm computer applications by clinging themselves to either the junk mail you receive or through your local network provider. These deceitful codes are usually very intricate and tricky so that a normal person using Personal computer cannot access them. IT professionals spend huge amount of their time to solve these codes. These codes are not only restricted to spyware and malware but also consist of bugs, worms and viruses which are a cause of a lot of damage. (Cyber Security (2010)) These malicious codes are very harmful indeed but there is a bigger imposter than them. These are the attackers or hackers. They are much hazardous and harmful then these mere codes. Codes and Viruses can only do what they are designed to do by the original programmer. However, these attackers and hackers are living people who can obtain the necessary information they require and then use it for their own malicious purposes. But sometimes hackers might just be having fun! They want to try their hacking skills and get into your computer just to know how to hack and learn it rather than for any sort of personal benefit. (Cyber Security (2010)) Top Cyber Security Vulnerabilities The Database of National Vulnerability Version 2.2 is vulnerability management data which is run by the United States government and is characterized by SCAP (Security Content Automation Protocol). This data helps in computerization of management of vulnerability, all security measures you can take to avoid it, and obedience or agreement to these measures. National Vulnerability Database also consists of safety checklists, safety associated software mistakes, any mis-configurations, names of products, and also collision metrics. The 7th annual IT Security Automation conference was held by the National Vulnerability Database from October 31st, 2011 to November 2nd, 2011. It focused on different security issues that are the concern of today’s IT managers focused on the ways to address these weaknesses. (National Vulnerability Database (2011)) Some of the weaknesses of the information technology that managers still have to face in today’s world are: Software that remains unprotected even today- Email attacks has always been a susceptible part of the information technology system. These targeted attacks are also known as ‘spear phishing’ which take a rather negative advantage of clients. These risky software include free downloads of programs such as Adobe Flash, Microsoft Office, Adobe PDF Reader, and Quick Time. Currently, it is the chief source of infection in computer systems that are connected to the internet. These vulnerabilities are known as ‘client-side vulnerabilities’ and are taken negative advantage by the attackers when clients visit contaminated web pages. The pop-ups that come up when users are downloading programs even from trusted websites are a constant vulnerability to the Information Technology managers as it creates a bad image of their company or website.. The infected computers proliferate to other computers as well and servers are corrupted likewise. In many instances, the decisive agenda of the attacker is to grasp all data from the organizations they want to steal information from and also to open doors for other hackers as well. (D. Rohit , D. Mike, E. Marc ,K. James, (September 2009)) Vulnerable Websites-Some users are prone to infected websites which are available at the search engines and only accessing these sites create hazardous consequences for them. Of the total attacks conducted on the internet, about sixty percent of them are through un-trusted websites. Even vulnerabilities are created to turn trusted websites into malevolent websites designed to exploit customers. More than eighty percent of the vulnerabilities constitute of Cross-Site Scripting and SQL injection defects in open-source and applications built by customers. Even though massive attacks are through websites and they are publicized on a large scale, still owners of the web sites often fail to address these vulnerabilities. Therefore, they are ignorant devices for attackers to harm the visitors of the sites who believe that these are trusted ones. (D. Rohit , D. Mike, E. Marc ,K. James, (September 2009)) Increasing Zero-Day Vulnerabilities- The number of zero-day vulnerabilities has augmented during the past couple of years worldwide. People are learning more and more about zero-day vulnerabilities as studied by many autonomous teams determining these vulnerabilities at different points in time. Most of the vulnerabilities are still yet to be discovered. The number of highly trained Information Technology researchers working for both software firms and government is very less. Until this shortage persists, common men and organizations will not be able to protect their systems against attacks of zero-day. (D. Rohit , D. Mike, E. Marc ,K. James, (September 2009)) Operating Systems Vulnerability- Perhaps the root of all evil is the Operating System Vulnerability. Conficker/Downadup is the main worm for Operating System. Almost 90 percent of the attacks are for the Operating Systems and from May-June 2009 to July-August 2009, there has been a massive outbreak of attacks on the operating systems. (D. Rohit , D. Mike, E. Marc ,K. James, (September 2009)) Operating System Vulnerability The vulnerability to Operating System is the biggest of all vulnerabilities because it is what your whole computer is about. Attacks are always imperceptible and quiet. An attack can’t be a good one if it is surrendered by the attackers and the defender wins. The philosophy of war also state that attacks should be on weaker forces than your own and thus this phenomenon is applied on computer attackers as well. Trojan houses, viruses and other types of malevolent programs may attach themselves to other legal programs and files and can destroy your computer in minutes. When operating system is gone, hardware is nothing than a piece of trash. These malicious software store themselves on the hard disk or memory drive and are perceived with programs that can observe their behavior or patterns. (Pfleeger, C. P., & Pfleeger, S. L. (2012)) Operating System vulnerability should be the primary concern for organizations as it is the core structure for your windows. Microsoft is concerned about MS11-083 as it is dangerous because any successful exploit could permit any attacker to get complete control of this susceptible system. However, it is not that weak as the technical difficulty level is very high in achieving the exploitation successfully. Symantec Security Response Security Intelligence Manager, Joshua Talbot, said that they are estimating that an attacker will attempt to control the entire operating system in about four to five hours. But, if an attacker is efficient, he can do the required task in a very less time. (B. Tony (Nov 8, 2011)) nCircle Security Operations Director, Andrew Storms views Microsoft decision as peculiar as he believes that MS11-084 has the most security and should not be rated as Moderate by the company. He states that the bulletin of MS11-084 is very common with the Duqu virus increasing zero-day vulnerability. He threatens the company by warning them against these new bugs and susceptible viruses. As Microsoft states the existence of Duqu virus in its Microsoft Leaves Duqu Worm Exploit Unpatched, it is in actuality creating more hype for the zero-day flaws than it should rather focus on the more vulnerable operating system in its Security Intelligence Report. Microsoft is constantly working to solve the subject of vulnerability of the Operating system but it still remains a big concern for Microsoft as well as different organizations throughout the globe.(B. Tony (Nov 8, 2011)) Impact of Operating System Vulnerability on Organizations Operating System is the basis of all operations and programs handled on the computer. If an operating system is vulnerable, organization may not function well as it cannot rely on its operating system for its operations. A well organized and non vulnerable operating system is what needed by companies. Firms develop different software to counter these vulnerabilities. For instance Mark Russinovich of Sony made a root kit revealer to run on the systems. Sony focused on using this root kit instead of a utilities file manager to get into the computer. This root kit revealer was able to identify all root kits that antivirus software is usually unable to identify. (Pfleeger, C. P., & Pfleeger, S. L. (2012)) Counter Measures for Vulnerability Countermeasures tackle the vulnerabilities by reducing the chances of occurrence of attackers invading your system or viruses attacking your system. They focus on the factors that are the cause of these threats. (Shaping Software (30 March 2008)) Some of the counter measures to mitigate the impacts of vulnerability of Operating Systems are: Design Simplicity- Simplicity of design is not an easy task for Operating System developers as operating systems are not easy to design. Computer operating system designers must minimize the cost of overheads, also deal with interruptions and background switches and at the same time provide high speed to users. When analyzing the vulnerabilities of operating system, adding security measures to it by developing malware software becomes a hideous task. Good engineers suggest that security software should be developed at the beginning of building Operating system to avoid further complications in the future. Design Simplicity is based upon the following: (Pfleeger, C. P., & Pfleeger, S. L. pages 348-350 (2012)) Encrusted Design- A basic operating system is made up of four layers. Hardware, Kernel, Operating system and user. Every layer can have a sub layer of its own. For instance kernel has five different layers in SCH83. At the user layer, quasisytem programs are very common such as graphical user interface and database managers which have their own distinct security layers. (Pfleeger, C. P., & Pfleeger, S. L. pages 348-350 (2012)) Trust of layers- A secure operating system is divided into layers made up of concentric circles with inner most circle being the most trusted of all and also the most sensitive. The upper layers are there to protect the inner layers. The dependability of a process is determined by its nearness to the centre. To protect the layers of Operating system, they should be separated such that they are distinct but also working in collaboration with each other. Separation can be of various types: logical, temporal, physical and cryptographic. We imply that logical separation is best for logical design and so on. A basic part of the operating system must control and operate the accesses of all of the layers to implement separation. Each lower level layer represents the higher level layers and is essential for their functionality as described by Peter Neumann for Provably Operating System. Each layer takes into account all layers under it. (Pfleeger, C. P., & Pfleeger, S. L. pages 348-350 (2012)) Compactness- Security kernel only performs security functions, which is why it is very small. (Pfleeger, C. P., & Pfleeger, S. L. pages 348-350 (2012)) Modifiability- Any apparent alterations to security devices are easier to make and test. (Pfleeger, C. P., & Pfleeger, S. L. pages 348-350 (2012)) Verifiability- As the security kernel is very tiny, it should be examined carefully. For instance all formal method should be used to make sure that all security measures are taken into account by the design. (Pfleeger, C. P., & Pfleeger, S. L. pages 348-350 (2012)) Interfere with your data- Use confusing data and also use signing in multiple times, also make sure to use powerful form of authorization, use protocols that can deal with interference across the communication channels, and also use protected links with protocols which give complete message. Denial- Make protected trails of audits, make use of digital identities Disclosure of Information- Ensure confidentiality of message by using secured protocol links, and never save passwords or any other secreted information in plain alphabets. (J.D. Meier, A. Mackman, M. Dunner, S. Vasireddy, R. Escamilla and A. Murukan (Janaury 2006)) Anti Virus Software- an Antivirus software is made so that it can detect viruses and then prevent them from harming your operating system by fixing them. They are an all time countermeasure. (Conrad, E., Misenar, S., & Feldman, J. (2010)) You as an organization have to eschew these types of situations that are the reason you need to know about cyber safety and what to do to save yourself and your computers from these vulnerabilities. You have to find out how weak your computer systems are. You need to configure your virus protection software and firewall from time to time to make sure that your operating system can avoid such attacks. It is very important to constantly update your windows and all software as well so that you have an updated version of operating system which is better able to fight these vulnerabilities. Another good method would be to keep passwords on everything, every file and folder and password should contain symbols, numbers and alphabets. These passwords will act as a protection for your systems and assist you in keeping all systems safe. You should also take assistance from IT experts from time to time. (Cyber Security (2010)) References Diaz, Javier Jimenez. "SANS: Top Cyber Security Risks - Executive Summary." SANS Information, Network, Computer Security Training, Research, Resources. Web. 05 Feb. 2012. . National Vulnerability Database: automating vulnerability management security measurement and compliance checking. Gaithersburg, Md.: National Institute of Standards and Technology. Web 05 2012. http://nvd.nist.gov/ Pfleeger, C. P., & Pfleeger, S. Lawrence. (20112012). Analyzing computer security: a threat/vulnerability/countermeasure approach. Upper Saddle River, NJ: Prentice Hall. Bradley, Tony. "Microsoft Leaves Duqu Worm Exploit Unpatched | PCWorld Business Center." Reviews and News on Tech Products, Software and Downloads | PCWorld. Web. 05 Feb. 2012. http://www.pcworld.com/businesscenter/article/243405/microsoft_leaves_duqu_worm_exploit_unpatched.html Cyber Security. Web. 05 Feb. 2012. . "Shaping Software » Blog Archive » Threats, Attacks, Vulnerabilities, and Countermeasures."Shaping Software. Web. 05 Feb. 2012. . "Threats and Countermeasures." MSDN a?? Explore Windows, Web, Cloud, and Windows Phone Software Development. Web. 05 Feb. 2012. .: Top of Form Conrad, E., Misenar, S., & Feldman, J. (2010). CISSP study guide. Burlington, MA: Elsevier. Bottom of Form Read More