Potential Security Threats and Challenges for Hybrid Cloud Solution - Coursework Example

? Cyber Security Question Nature of These Internet Activists Internet activists make use of the Web as tools for publication, coordination, and lobbying and coordinate their actions through their members, whereby action plans are e distributed via e-mail or posted on their Web sites (Gardner & Kobtzeff, 2012). Unlike traditional hackers, internet activists seek to influence policies of governments or corporations across the globe. Secondly, internet activist use a variety of information which can assist them to use the internet effectively for their cause, such as outreach, and advocacy tools. Some of the internet activist just like hackers tends to disrupt normal online operations of the target organization, in addition to blocking online access to targeted facilities. Moreover, internet activist focus on electronic civil disobedience done by creating partnerships plus coalitions that function independently, for instance the Protest.Net and Action Alert known for posting time and place for movements (Tavani, 2010). Internet Activists utilize the web for the most part in a non-intrusive manner, so as to press on with their grounds in the most proficient manner. That is why they operate websites which provide information regarding matters relatable to their cause, and offer links to sites which are of attention to their cause. In addition, they provide information concerning upcoming events and generally aid non-disruptive activities. For instance, they employ virtual sit-ins plus blockades, in addition to e-mail bombs (Jordan, 2002). Traditional hackers on the other hand use web hacks, computer break-ins, together with the spread of computer viruses plus worms. They attack corporations’ networks to make use of data for their financial gain, or in some instances for industrial espionage (Gardner & Kobtzeff, 2012). Traditional hackers unlike internet activists, employ more malicious and unsettling motives plus means, such as illegally using user accounts with privileges to run codes, with the intention of damaging and corrupting data, or stealing data plus software so as to stop genuine authorized users. They tend to disrupt normal operations and result in serious damage. However, both make use of certain tactics in particular e-mail spoofing and Distributed Denial of Service attacks on corporations with the intention of damaging the corporation’s public image, such as cracking techniques used for defacing Web sites. For instance, traditional hackers employ attack software, such as Aping@commands that attacked NATO sites during Kosovo war, and they seek to deluge the target server with network packets (Denning, 2002). They are also highly skilled when it comes to network design, and the techniques of avoiding security procedures. But, internet activists emphasize membership through e-mail newsletters, notices, and alerts concerning upcoming events. Both possess the power to interrupt and harm their opposition via electronic measures (National Communications System (U.S.), 2000). Current Monitoring Technologies Used To Detect Intrusions One of the present monitoring technologies applicable for a company that might be a target are the signature based and the anomaly based Network Intrusion Detection Systems (Ghosh, 2010). Such technologies are designed to detect possible intrusions like malicious acts, computer attack or intrusion of a virus. Enormous Network Intrusion Detection Systems server are placed on the links comprising a backbone network, so as to monitor every traffic, and the smaller systems are placed to keep an eye on traffic directed to an exact server, gateway, or even a router (Brazier & et tal, 2011). Consequently, the technology alerts the appropriate person upon detection. For instance, the Intrusion Prevention System makes use of high-tech multi-threaded architecture comprising virtual sensors which scales to shield even the most expanse enterprise networks. When it is deployed in conjunction with Security Information and Event Management or with Automatic Security Manager, it helps in the automatic recognition, location, separation and remediation of the security threats. The Intrusion Prevention System incorporates seamlessly by way of Network Access Control, thus facilitating post hook up scrutiny of behavior immediately network access has been established (Roebuck, 2011). Overall, the highly developed in-line IPS is premeditated to obstruct attackers and to diminish denial of service attacks, in addition to guaranteeing safety measures of the VoIP communications. It works by alerting about the attack, and then plunging the aberrant packets, before terminating the session when it comes to TCP plus UDP grounded attacks. Thus, it dynamically sets up a firewall and even role-based right of entry control rules. They can be employed internally to the boundary of the company firewall so as to monitor traffic which passes any given link in the network comprising web, mail servers with database plus storage servers. This ensures infected server does not infect others (Cabestany, Rojas, & Joya, 2011). Post-Incident Procedures The first post-incident procedures include neutralizing the network invaders. This can entail disconnecting the system from the network and internet, or generating and putting into place access control lists within the firewalls plus router. Secondly, the management needs to report the attack to law enforcement agency, while the incident response center takes over the assessment. This entails conducting imaging of the entire system so as to analyze the attack. Thirdly, there is the identification of the modifications performed to the system files, data files, configuration files, the configuration settings and any deleted data. A clean install should be used to recover the compromised system and then hardened from other attacks (Liston & Skoudis, 2006). It is also crucial to record information concerning the name and the IP addresses of the machine, the operating system version, and the service packs. This involves recording every running processes plus services and network attack information. In particular, the application session log information, system occasion log information, and security instance log information including DNS logs, the DHCP logs, and file replication logs. The key areas to gather evidence includes system logs, Network logs, System state and Network state. Afterwards, sniffers should be used to recreate the sessions as this would help in analyzing the succession of events which took place. In addition, they will help to detect unusual network behaviors created by hackers. The final phase involves conducting penetration testing so as to assess the security status of the defense system and to determine if there are other unnoticed existing vulnerabilities (Liston & Skoudis, 2006). Question 2 Potential Security Threats One potential security threat in using social networking in sharing patients’ information is the attacks from hackers. The use of social networking runs the risk of making sensitive information concerning the patient to be extensively shared across the globe plus entire network community. For instance, it will be easier for personal details such as prescriptions, form of disease, or surgical complications to be exposed, considering that in clinical practice it is reckless to share publicly patient information and which is a definite violation of privacy legislations. It is possible, that many users do not grasp the longer-term privacy implications of their actions (American Society for Healthcare Risk Management, 2011). Most of the attacks on the patients social networks are basically malicious attacks having no explicit intentions, while others have motives of accessing individual patients data for their own selfish ends. Some of the techniques commonly applied includes, password cracking, sweepers, DNS attacks and packet forging spoofing. The most advanced attacks includes the use of hijacking sessions, instant messaging appliances, stealth diagnostics and self replicating codes. The hackers tend to use the network vulnerabilities to engage in compromising the hospital networks, crucial applications and operations. The most common vulnerabilities that attackers use in such a system, involves associate extranets, wireless LANs, vulnerable VPNs, constantly-on broadband connections, and internal unauthorized personnel access (American Society for Healthcare Risk Management, 2011). Given that hospital facilities need to observe security updates policies that are synchronized with guidelines stipulated by diverse regulatory agencies that govern them, their systems are left vulnerable to any infection or the stealing of sensitive information using disabling audits. Such a system also exposes patients’ data to theft, since some attackers seek to acquire the patients’ information about insurers, and vendors. They tend to use remote access and vulnerable EHR system, like VPNs, WLANs, as well as PC-based remote directing software and unknown access levels. Another security threat is the interception of patient scheduling and communication through web server, and which have underlying operating systems that are not configured to be conventional to those of the dealer security checklists. Also, they take advantage of the transfer of patient information via emails to spread worms and malwares (American Society for Healthcare Risk Management, 2011). Online Patient Care System The online patient care system should be integrated and focused on anticipated threats and their lessening, instead of focusing on simple procedures like firewall or incursion prevention system. This requires a layered means to security whereby the any failure of one system will not likely result in Interference of network resources. The components of a secured online patient care system should comprise Endpoint Security Software applications, so as to counter viruses, most of the spyware, and any malware threats especially when updated frequently and maintained. The Endpoint Security Software application should be applied on every host inside the facility in order to make the host from being interfered (Gregg & Haines, 2012). The system should also contain a protected network infrastructure in terms of hardware plus software components, and which ought to support perimeter security, infringement protection, and identity services. Moreover, the security management mechanisms should possess a centralized intelligence for administering the monitoring and managing of other aspects of the security solution. The firewalls needs to be configured correctly with proper features enabled and allocated on regular basis in order to validate operational effectiveness. The facility VPNs, WLANs as well as the PC-based distant control software should be integrated to permit only registered systems access (Gregg & Haines, 2012). In trying to keep the server safe from attacks by hackers, there needs to be configuration of the underlying operating system, to conform to dealer security checklists. Security patches should be installed rapidly in order to abolish web-based application susceptibility. They should also use private leased-line facilities in order to avoid the risk of a communal broadband service. Security Issues Related To Outsourcing Firstly, the outsourcing partners can be unable to stabilize the network as it is a rather different environment from most of the public networks they operate, and this can lead to continual breaches from attackers. Secondly, there is the threat of breach of privacy, and given that this is a military organization, patient information among the military personnel is more scrutinized and regulated than the private outsourcing sector requirements. Thus, it can become hard to determine who will control the patients’ personal information when a private vendor is managing the online patient care system for the military. For instance, it is hard to ensure that they comply with HIPAA, SOX, or the Gramm-Leach-Bliley patient data security requirement. Thirdly, the complexity of the online patient care system security process implies an increased susceptibility to information breaches when outsourced to another party. The reason being that many outsourcing IT firms do not spend more effort in understanding every aspects involved and thus are more probable to make blunder in deciding on the service level agreement security requirements (Tipton & Nozaki, 2011). Another risk posed by outsourcing the online patient care system, is attacks through the service provider networks, especially through social engineering as a result of due diligence and insufficient operating processes. Furthermore, the military organization will be exposing its patient to additional unauthorized access to internal IT facilities and information due to the connected services. Due to the above risk associated with outsourcing, it is essential to perform he security risks assessment connecting to outsourcing prior to acquiring required services from the supplier. The major assessment should be strength of protection provided by present security controls. If the security risks are elevated, the decision to outsource needs to be reconsidered. However, when outsourcing is inevitable, the organization needs to spell out its security requirements and which should be commensurate with confidentiality, integrity and availability requirements of the patient information and communication services (Tipton & Nozaki, 2011). Question 3 Challenges for Hybrid Cloud Solution Given that the personal records data have to pass outside the firm firewall and all the way through the access network, this renders the information susceptible to any attack vectors. Hence, one of the challenges that would face the corporation hybrid cloud solution in terms of security and reliability is preserving of physical plus logical security over the firm clients, especially due to embedded mobile apparatus, like smart phones. The size as well as portability of such devices can easily lead to failure of physical management, since built-in security can be prevailed over or circumvented with no difficulty by a knowledgeable attacker. This is mainly due to the delivery of cloud application being done through custom-built applications, instead of Web browser. Also, the rising use of social media and private Webmail, increasingly provide means for social engineering assaults which can negatively affect security of the clients’ personnel records. Another threat is that cloud computing applications can be easily accessed by backdoor Trojan, or keystroke logger, and other forms of malware operating on any of the client device (Furht & Escalante, 2010). Due to massive-scale cloud solution sharing services with shaky WAN connection along with complicated interactions involving transactional application and customer data integration, the reliability dealings for pure conventional networks may not be applied so as to guarantee the cloud platform dependability. Hence, even though reliability during execution of any information requested is critical, it is definitely difficult to ascertain. The nonexistence of any network connection will possibly severely restrict end user ability to access information (Halpert, 2011). Questions for Prospective Cloud Providers The most important question for the provider to answer is what are the support security and privacy claims they have, such as certification with compliance reviews. The reason being that, understanding the policies and technical controls employed by the cloud provider are significant for assessing the security plus privacy risks. Secondly, what technology does the cloud provider user for their services? This is because they have great implications when it comes to security, reliability and privacy of the structure. Such information would be used to assess the system architecture so as to devise a complete depiction of the protection, especially in mitigating risk by using appropriate techniques with procedures for the incessant monitoring of state of the system (Speake & Winkler, 2011). Thirdly, do they use manual, programmed or else instantaneous backup? The reason being that, most highly developed backup along with file sync need to provide instantaneous data syncing, whereby personal records are saved to the cloud immediately upon being modified. The fourth question is what is the provider level when it comes to data durability statistics? Since the probability that any given file will become corrupted whilst stored on the firm servers, should not be highly irrevocably corrupted. This would also entail finding out what are the types of clouds being offered, is it public, private, hybrid or community (Speake & Winkler, 2011). Also, what is the Geo-redundancy of their user data, given that Data centers needs to be more secure and immune from natural disasters and other catastrophes? Or do they have no less than two geographically diverse sites for storage. Other critical questions includes how meticulous are their service-level agreement? Since they have to take into consideration uptime guarantees, and events response times in particular the remedies. Additionally, how do they deal with intellectual property, especially software handled and are they bound to provide the company physical access to the servers housing the personal record (Halpert, 2011). Security measures It is important that the company should be the owner of the encryption keys, so as to ensure user data plus passwords are not stolen. Also, encrypted information originating from multiple sources stored on similar storage device should have a means to take apart the data. Secondly, the firm should allow clients who operate with few resources as possible, so as not to overload the space given. This is because it is crucial not to overuse unpublished APIs, DHCP or FTP, in particular when performing tasks like firmware upgrades. Thirdly, there needs to be a disaster recovery protocol put in place, so as to preserve user data. Thus, proper access control lists needs to be implemented, so as to restrict access to information. For instance, un-connected Chinese wall model is considered more than single Sign On links due to their strong links (Boursas, 2011). Question 4 Cyber Security Concerns Associated With Mobile Devices There are a number of cyber security risks related with the use and reliance on mobile devices. Firstly, the increase of mobile applications has made it possible for any employee to carry massive, complex and sensitive information inside their pocket. Given that mobile devices have a high chance of falling into the hands of unauthorized user through device turnover the member of staff can sell, or trade-in the device or in some instances simply loses or throws away the device, and any person who can come across it can keep track of the organization information (Androulidakis, 2012). Secondly, mobile devices have numerous ways by which employees can access corporate information, as they are ubiquitous and becoming more and more indispensable. The fact that mobile devices possess extensive surface of possible entry levels for compromise such as short-range communication procedure like Bluetooth, email client and Infra-red, this present more viable paths for attackers to exploit owing to the ultra portability of most of the contemporary mobile devices, especially smart phones (Bayuk, 2012). For instance, when communicate is done through SMS, an attacker just needs to bypass the single time passwords and credential information via out of band channels. Also, Low phase access to hardware through the operating systems can offer attackers the capability to record, view and to listen to any organizational voice conversations, videos and photos. Furthermore, freely available and built-in GPS and GSM antenna easily offers attacker information to easily locate exactly where the device is situated. Additionally, most mobile devices do not possess blueprint structures to receive security application updates, due to unreliable techniques to offer updates, and this renders them vulnerable to enhanced spywares and malwares (Bayuk, 2012) Software Development Process for Mobile Applications With the intention of helping authentication, approval, and validation of web services on mobile applications, a Two-Tier Enterprise Application is created at the front of the database and APIs of the since web services are open publicly for use by any user of the application (Howard, 2010). This helps to validate the data as well as the user right to connect with web service, by performing initial server-side checks. This mechanism involves wrapping application API or otherwise the database with business layer, so as to conduct further processing when it comes to validation. Other web service mobile applications are PI security which utilizes a type of token-based verification, such as OAuth or in some instances in-built session server-side structures like ASP.NET or the Ruby on Rails (Dwivedi, Clark, & Thiel, 2010). Under such mechanism, after sending the username plus password, the device receives a distinctive token following the approval of the sender identity by authentication service, and after that token is relayed back to web service on every succeeding requests, which is then utilized on the server surface to establish the distinctiveness of the user before expiring after a given period of idleness (Dwivedi, Clark, & Thiel, 2010). So as to avoid the token from being captured through packet sniffing, especially on wireless connection attacks, the software has been integrated such that every communication among mobile users and the organization web server is performed across an SSL-secured link (Liu, 2011). The Security plus Trust Services or APUI is put into practice in order to permit the MIDlets to communicate to the Subscriber Identity Module cards via the Application Data Unit Protocol (Liu, 2011). The MIDlets acquire access rights via protection domains using byte code confirmation mechanism as the confidential data is encrypted using a key which is not stored on the mobile device. References American Society for Healthcare Risk Management . (2011). Risk Management Handbook for Health Care Organizations, 3 Volume Set. New York: John Wiley & Sons. Androulidakis, I. (2012). Mobile Phone Security and Forensics. New York: Springer. Bayuk, J. L. (2012). Cyber Security Policy Guidebook. John Wiley & Sons. Boursas, L. (2011). Systems and Virtualization Management: Standards and the Cloud:. Springer. Brazier, F. M., & ettal. (2011). Intelligent Distributed Computing V:Proceedings of the 5th International Symposium on Intelligent Distributed Computing - IDC 2011, Delft, the Netherlands - October 2011. New York: Springer. Cabestany, J., Rojas, I., & Joya, G. (2011). Advances in Computational Intelligence. Springer. Denning, D. E. (2002). Activism, Hacktivism, and Cyberterrorism:The Internet as a Tool for Influencing Foreign Policy. Washington DC: Georgetown University . Dwivedi, H., Clark, C., & Thiel, D. (2010). Mobile Application Security. McGraw-Hill Prof Med/Tech. Furht, B., & Escalante, A. (2010). Handbook of Cloud Computing. Springer. Gardner, H., & Kobtzeff, O. (2012). The Ashgate Research Companion to War: Origins and Prevention. London: Ashgate Publishing, Ltd. Ghosh, S. (2010). Cybercrimes:A Multidisciplinary Analysis. New York: Springer. Gregg, M., & Haines, B. (2012). Casp Comptia Advanced Security Practitioner Study Guide: Exam Cas-001. John Wiley & Sons. Halpert, B. (2011). Auditing Cloud Computing: A Security and Privacy Guide. John Wiley & Sons. Howard, R. (2010). Cyber Security Essentials. CRC Press. Jordan, T. (2002). Activism!:Direct Action, Hacktivism and the Future of Society. Chicago: Reaktion Books. Liston, T., & Skoudis, E. (2006). Counter hack reloaded:a step-by-step guide to computer attacks and effective defenses. Boston: Prentice Hall Professional Technical Reference. Liu, H. H. (2011). Software Performance and Scalability:A Quantitative Approach. John Wiley & Sons. National Communications System (U.S.). (2000). The electronic intrusion threat to national security and emergency preparedness (NS/EP) internet communications an awareness document. DIANE Publishing. Roebuck, K. (2011). Ips - Intrusion Prevention System:High-Impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors. Lightning Source Incorporated. Speake, G., & Winkler, V. (. (2011). Securing the Cloud: Cloud Computer Security Techniques and Tactics. Boston: Elsevier. Tavani, H. T. (2010). Ethics and Technology:Controversies, Questions, and Strategies for Ethical Computing. New York: John Wiley & Sons. Tipton, H. F., & Nozaki, M. K. (2011). Information Security Management Handbook, Volume 5. CRC Press. Read More