IT Security Threats and Countermeasures - Literature review Example

IT Security Threats and Countermeasures Introduction The technological advancement has leaped mankind to another level in terms of communication, business processes, acquisition of knowledge, management etc. The invention of internet has made the whole world come closer on the same platform. The emergence of e-learning has replaced the conventional forms of educational practices with online modes of acquisition of education and collaboration. The field of business has benefitted from the introduction of e-commerce and information management systems. Alongside all the advantages of IT, there exists an appalling consequence that compels the organizations to invest hefty amounts- IT security threats. This paper shall discuss the most commonly witnessed IT security threats, along with the counter measures that are used to safeguard data and systems. 2. Overview Computer technology has evolved with the passage of the years. These incremental improvements have been coupled with the increasing spiteful activities in the world of technology. Intruders and hackers have gotten more technology savvy with the evolution of newer systems and technologies. Cyber crimes are increasing drastically every year even in the presence of effective security systems. “Computer crime reports increase 22 percent in 2009: Crime News-Crime Prevention” included figures from FBI Internet Crime Complaint Center’s 2009 report; the year 2009 faced 22% increase in cyber crimes as compared to the year of 2008. National Institute of Standards and Technology Administration defined IT security as the protection of an automated information system to ensure that the key attributes of the computing resources (hardware, software, data and telecommunications) are preserved, namely confidentiality, integrity and availability. The report explained these three attributes in the following manner: Confidentiality can be defined as a requirement that compels the owner or bearer of the information or computing resource to protect it from exposure to any third parties. Integrity can be defined as the requirement that compels the owner or bearer of the information or programs to protect it from being changed by any unauthorized entity. Availability can be defined as the requirement that compels the owner of the information or computing resource to ensure that the service is available to all the legitimate users at all times. 3. Threats to IT Security 3.1 Denial of Service (DoS) Attack Denial of service attacks are aimed to bombard a certain server with excess number of requests to affect the availability of the server. A server is capable of granting requests to a certain number of users; the bombardment of requests from an unreliable host or multiple hosts makes the server incapable of servicing the legitimate users. McDowell stated that malicious intent users perform such spiteful activities to hinder the provision of service and likely to crash the systems with the overload of requests. Distributed denial of service attacks (DDoS) are initiated from multiple hosts, rather than the participation of a single host. 3.1.1 Repercussions of the Attack Roberts stated that the nation of Mynamar faced a massive denial of service attack in 2010 when their Ministry of Post and Telecommunication were attacked by denial of service. The investigation of the matter revealed that it was initiated from numerous sources thereby making it a distributed attack. It involved 10 to 15 Gbps of traffic to make the servers unavailable to legitimate users. This type of attack threatens the availability of the systems and services. 3.1.2 Countermeasures CAPTCHAs technology was introduced in the world of computing numerous years back to avoid the menace of denial of service attacks. Ahn, Blum, Hopper and Langford stated that CAPTCHAs are defined as small graphical images which constitute of scrambled text. The text is scrambled in such a manner that a human can only identify the characters correctly, rather than automated handwriting recognition applications. The presence of CAPTCHAs helps the organization to filter the computer automated requests (illegitimate hosts) from the ones initiated by humans. 3.2 Malware Attacks Malware is defined as any application or piece of code that is installed on a system in an automated manner without the consent or knowledge of the owner. Malware consists of many types of security attacks, namely viruses, worms, Trojan horse etc. These types of malware can be transferred or installed on the systems via email attachments, compromised links or images on websites, online advertisements etc. The user may only click upon these sources and the malware is automatically installed on the system. Viruses are capable of multiplying themselves on a network or system with the intention to cause harm to even more systems. Oldfield stated that viruses attach themselves with any program in the system and initiate their operations when the programs are launched. Viruses and worms harm the data by corrupting it, destroying it or modifying it. Trojan horses are those types of malware that provide access to the intruder such that he can access all the information and files in the owner’s system without his knowledge. It would not be wrong to state that Trojan horse attacks provide a backdoor access to the intruders into the system. Trojan horse might be running under an authentic name or process due to which it may not be detected by anyone. The source of this malware can also be from the internet, alongside the actions to run CDs from unreliable parties. 3.2.1 Repercussions of the Attack Such attacks threaten the attributes of availability, confidentiality and integrity of the data and computing resources that might be residing in the system under attack. The intruders can steal the data and use it for numerous malicious uses. Companies that offer products and services tend to have greater responsibility to protect their systems from malware attacks since their systems consist of extensive data regarding their customers and past sales records. Information is the key to success in the modern age since strategic management systems can provide valuable analysis on the basis of transactional and sales data. Customer buying trends and behaviors can be identified by means of past sales records. Customer details and information theft results in identify thefts and credit card frauds; intruder and hackers write malicious programs to steal data for such purposes therefore extensive efforts should be exerted to ensure greater IT security. McCullagh provided information about one of the largest identity frauds in recent history; the intruder stole millions of credit card and debit card information from different companies’ servers and withdrew millions of cash from ATM machines with the respective data. He was able to buy a condo, a diamond ring and multiple watches with that stolen money. 3.2.2 Countermeasures Harris defined the greylisting method that is used to reduce the number of unwanted emails receiving by any host. This method advocates the identification of the following fields from the received emails: IP address of the sender Address of the envelope sender Address of the envelope recipient These fields from unwanted emails are recorded and maintained for future reference. The emails that are received from a combination of these values are returned by the user since they are considered to be unwanted. Users are educated about not browsing unauthentic websites and clicking on links that may seem suspicious. 3.3 Botnet Attacks Botnet attacks make the system become a part of a bigger network of compromised systems. The intruders aim to identify such system that are not protected by extensive security measures and can be hacked easily. Botnet malware are also activated in systems through the internet. Banday, Qadri and Shah stated that the botnet controller may be sending commands to the compromised systems as they serve as ‘zombies’ for the cyber criminal. The communication between the botnet controller and the botnet hosts may not even be direct to avoid its identification by the victims. The spammers pay the owners of such compromised networks to conduct their malicious activities through the zombies. The following figure shows the steps that are involved in the process of performing malicious activities via botnets: Figure 1: Steps in botnet attacks (“Botnet”) 3.3.1 Repercussions of the Attack A botnet controller or remote host might be controlling the system to perform malicious activities like send spam (unwanted) emails or becoming extremely slow in operations. Botnets might also be controlled to launch distributed denial of service attacks on different services without the knowledge of the owner of the system. Koch stated that a massive DDoS was initiated for large organizations, namely CNN, Yahoo! and Amazon in 2000, even though these companies must be equipped with the most effective security measures. 3.3.2 Countermeasures Edwards defined honeypots as a method to identify the botnet controller in the network. A system is kept isolated in the network that possesses certain degree of data and serves as an attraction for the botnet controller. Upon the actions of the botnet controller to acquire power of the system (in other words, make it a zombie), the network administrators pursue their investigation regarding the origin of the commands and the identity of the host that remotely controls the system. 3.4 Insider Attacks Alongside the presence of external security threats to IT security, there exists equally important source of attacks that often go unnoticed by organizations- insider attacks. The employees possess great degree of information about the assets and login credentials for the intellectual assets of the organization. Insider attacks are either done as a result of lack of awareness of the required security protocol or thirst for selfish monetary gains. “Network Security Part II: Attacks” revealed an alarming fact that 70% of the attacks are initiated as a result of involvement of the employees, either on a direct or indirect basis. 3.4.1 Repercussions of the Attack Social engineering is defined as a mode to trick the employee into leaking relevant information about the login credentials or sensitive information regarding the organizational intellectual assets. For example, the intruder might call the network administrator while posing to be a senior manager of the organization. The impostor may request immediate changes in his login credentials. Due to lack of awareness, the network administrator may get intimidated by the caller and change his passwords without following any form of security protocol. Figure 2: Social engineering process (Allen) 3.4.2 Counter measures Employees need to be educated about the prevailing attacks on networks and social engineering instances that can trick them into revealing important information about the organization. The employees should also be educated about keeping strong passwords such that they cannot be hacked or guessed by malicious intent users. 4. Conclusion IT security has become one of the inevitable expenses for any organization or individual since it threatens the integrity, confidentiality and availability of their computing resources and data. The attribute of integrity safeguards the correctness of data, confidentiality preserves the exposure of the computing resources and data from third parties and the attribute of availability ensures that the service is available to the genuine users, rather than servicing the illegitimate ones. Few of the most common security threats are denial of service, malware and botnet attacks. Denial of service attack threatens the availability of the computing resources since the illegitimate requests and bombardment of information at a specific server makes it deny service to the legitimate users. Malware attacks cause the installation of malicious software and application on the system of the user; such applications may be corrupting the data in the system, transmitting the data from the system to a remote host without the knowledge of the owner. Botnet attacks end up making the system a part of a compromised network that may be involved in malicious activities. The botnet controller controls all the systems in the compromised network and sends them commands to initiate spam attacks, denial of service attacks etc. Another form of attacks that threaten the confidentiality, integrity and availability of computing resources and data is the insider attack. Employees bear extensive information about the information assets of the company. The employees of an organization become consciously or unconsciously involved in the revealing of information to unreliable third parties. All security threats and vulnerabilities can be improved with the deployment of effective countermeasures, coupled with making employees knowledgeable about the required security protocols and prevailing security threats. References Ahn, Luis. Blum, Manuel. Hopper, Nicholas, Langford, John. (2003), CAPTCHA: Using Hard AI Problems for Security, Proceedings of Eurocrypt ’03. Allen, Malcolm. Social Engineering: A Means to Violate A Computer System, SANS Institute, 2006, Print. Banday, Tariq., Qadri, Jameel., Shah, Nisar. “Study of Botnets and Their Threats to Internet Security”, Sprouts: Working Papers on Information Systems, 9(24). “Botnet”, Botnet Knowledge.com n.d., Web. 1 December 2011. “Computer crime reports increase 22 percent in 2009: Crime News-Crime Prevention”, Crime in America. Net, 16 March. 2010, Web. 1 December 2011. Edwards, John. “The Rise of Botnet Infections”, Network Security Journal, 15 Sept. 2008, Web. 3 December 2011. Harris, Evan. “The Next Step in the Spam Control War: Greylisting”, Pure Magic Software.com, 2003, Web. 3 December 2011. Koch, C. “A Brief History of Malware and Cybercrime”, CIO, 4 June. 2007, Web. 2 December 2011. McCullagh, Declan. “T.J. Maxx hacker sentenced to 20 years in prison”, CNet News, March 2010, Web. 30 November 2011. McDowell, Mindi. National Cyber Alert System, US-CERT, 2009, Print. National Institute of Standards and Technology Administration, An Introduction to Computer Security: The NIST Handbook, 1995, Print. “Network Security Part II: Attacks”, Security Innovation, 2003. Web. 1 December. 2011. Oldfield, Paul. Viruses and spam what you need to know, Sophos, ISBN 0-9538336-1-5. Roberts, Paul. “Massive Denial Of Service Attack Severs Myanmar From Internet”, Threat Post, 3 November. 2010, Web. 30 November 2011. Read More