Aviation Security Prerequisites - Essay Example

? Full Paper Aviation Security After September terrorist attacks, developed countries have significantly changed the way of countering vulnerabilities from terrorism. Enormous amount of resources were utilized for mobilizing them on a very short time period. These mobilized resources were aligned to counter apparent cyber threats from terrorist attacks. Likewise, in the entire hoax, there was a requirement of evaluating homeland security that also pertains to Information technology infrastructure. The Information technology infrastructure was not the only consideration, as these attacks affect vulnerabilities pertaining to federal information systems and any organization that acquires information systems. However, there were several laws that were passed in the congress after September 11 terrorist attacks. In the process, a series of homeland security presidential directives were issued for sustaining domestic security (Vacca, 2009). However, on the other hand, despite an economic turmoil from September 11 attacks, the aviation industry continues to grow at a rapid pace and is considered as a fundamental transformation. Moreover, there is also a significant change for managing air traffic via net-centric approach (Markarian, Kolle, & Tarter, n.d). The acquisition of this change will replace the traditional approach for controlling air traffic that is constructed on Information technology solutions. By focusing on aviation security, there is a significant increase in utilizing computerized systems onboard of an air carrier. Likewise, these systems facilitate high airborne and internally located system connectivity, operational and maintenance requirements (Markarian, Kolle, & Tarter, n.d). Moreover, the net-centric ATM connectivity raises concerns for cyber security threats and vulnerabilities. Propagation threats are critical because it is capable of rapidly broadcasting traffic on the Internet along with bypassing intrusion detection systems (Hatahet, Bouabdallah, & Challal, 2010). Likewise, for augmenting the primary phase of work propagation, it uses a ‘hit list’ comprising of overflowed users i.e. users consuming heavy bandwidth. By identifying users, worm spreads itself at a rapid pace when compared to traditional spreading worms (Hatahet, Bouabdallah, & Challal, 2010). Moreover, this type of attack saves a considerable amount of scanning time by only attacking a visible target. In the context of any cyber threat to an airport, the airport cannot be the primary target, as the Spanair flight JK5022 crash was successful by one of the contributions from a Malware (Markarian, Kolle, & Tarter, n.d). System Wide Information Management (SWIM) that is a program for delivering foundation that is vital for renewing the national airspace system in to an operation that is represented as ‘network-centric’ (Markarian, Kolle, & Tarter, n.d). Likewise the SWIM is sponsored by the umbrella of SESAR for Europe and in the United states, it is sponsored by NextGen. Commonly, the SWIM program is stated as ‘aviation intranet’ (Markarian, Kolle, & Tarter, n.d). Likewise, by utilizing ‘publish and subscribe mechanisms’, the intranet will demonstrate a ‘net- centric’ approach. Apart from all these advantages, there are always cyber threats that are associated with it. As mentioned earlier about the net-centric approach, that will utilize point to point connectivity, any single vulnerability will result in a complete network compromise because of distributed application and network resources. Aviation information systems must be resilient, redundant, ensure integrity of data and most importantly ‘always available’. These features are associated with safety principles that are applicable to operational functions in the aviation industry. For instance, control messages are communicated from the control tower to the pilot, who is one of the crew members on the flight. Any mistake or manipulation in communicated messages may result in a catastrophic event or disaster that may take lives of many. Likewise, the nature of these messages is in real time, they are also accessible to all staff involved in the communication process. These messages are transmitted by a transmitter that is connected to a computerized machine. If a cyber-terrorist manages to take control of the communication server or system, he may be able to manipulate messages for warning flight levels, weather reports etc. However, for minimize risks and vulnerabilities; certification is a key aspect that addresses design, deployment and operational processes. Certification process takes a lot of time and addresses systems that are considered as high availability systems. Likewise, it also addresses patch management issues that frequently updates security patches on systems. There is no way of completely securing a network, system and applications. However, periodic penetration testing and code reviews are conducted by professional security professionals and consultants for exploiting vulnerabilities and security flaws within an application. It is now considered as a fundamental fact that if any application is connected and operates on the network, it can be exploited and compromised. Organizations are keen to build a layered defense of protection to counter cyber threats from internal and external entities. Likewise, there is a requirement of constantly monitor live traffic from and to the World Wide Web, remote connections, real time interaction of users to applications, Internet gateways and client interactions with the applications. Code reviews are essential, as patches from vendors must be tested first before implementation into the live environment. However, for effective implementation of patches, patch management practices must be documented and standardized. Likewise, there are efficient tools available for performing effective patch management. Secondly, configuration management also plays an essential role for ensuring security for mission critical aviation applications. For instance, if a faulty hardware component is replaced with the new one, it is important to address issues with hardware compatibility, as any mal functioned device may introduce vulnerability. Thirdly, change management procedures must also be document and approved from the respective application owners prior any changes to the application. For instance, change request form requiring any changes within the application can be approved and documented for ensuring no vulnerable spots in the architecture and infrastructure. All the identified attack interfaces must be addressed by taking following factors into consideration (Mitigating security threats by minimizing software attack surfaces.2008): Uninstall and prevent unnecessary features Default utilities and programs that are installed within the operating systems must be utilized (If required) Strong access management by user authentication Remove all default passwords on the application server Configure only required protocols on the application server Limiting the unnecessary codes from the application Applying metrics to measure the attack surface on periodic basis Disabling unwanted protocols on the application server Nowadays, hackers encapsulate a malicious code or a script for attacking a web page by using several techniques including obfuscation, polymorphism and encryption. As the anti-virus program detects viruses by signatures, malicious codes are able to bypass them by using these techniques. These types of methods are known ad passive attacks (Gharibi & Mirza, 2011). Likewise, encryption is the best security control that can be implemented for securing the code and ciphering the user data. Secondly, polymorphism is a technique that replicates an application partially so that it appears just like the original application. Similarly, for hiding the source code of an application, obfuscation techniques can be applied for making the code complex to exploit and analyze while keeping complete functionality (Gharibi & Mirza, 2011). These three factors need to be handled to provide better security. In order to tackle all three factors, Christian Fruhwirth, recommended an event based intrusion detection system. The system will support these three factors by (Krugel, 2002): Advanced tools incorporated with IDS to detect intrusions and eliminate attacks Standardized frameworks to handle legal compliance Efficient security management application tools to handle information security Moreover, an article was published related to compromise recovery and incident handling. The article highlighted mishaps from concerned security administrators for installing default programs from a compact disc. These stored programs on a compact disc facilitates hackers to breach security by storing porn contents, configuring an illegal server, initiating attacks on other information assets and breaching server on the network. In order to eliminate all these cyber threats and vulnerabilities, reviewing and learning the functionality of cyber threats is essential. This will certainly reduce the probability of security incidents that may impose cascading risks (Compromise Recovery and Incident Handling. 2003). One more research was conducted related to a Proposed Integrated Framework for Coordinating Computer Security Incident Response Team. Conventionally, computer security incident response teams (CSIRT) are responsive for viruses, hacking and unauthorized access of employees. The CSIRT is defined as “Computer security incident response team (CSIRT) is a term used by the CERT Coordination Center (CERT/ CC) to describe a service organization that responds to computer security incidents” (Computer Security Incident Response Team. 2007). The research transformed these teams in to efficient tools that will maintain efficiency of mission critical operations, compliance along with new regulations pertaining to the aviation industry. Those organization possessing incident response teams follows a systematic approach and steps to recover the system efficiently from any security breach or incident. Moreover, the existence of teams eliminates loss or information theft and service disruption. Furthermore, the information gained by detecting and resolving an incident, facilitates support teams to be more efficient for handling future incidents. Likewise, these teams are called security incident response teams (SIRT). They are triggered when a security breach shows its existence within the network. However, these teams conduct investigation of suspect workstations and servers. For instance, if a server is responding slowly, or a workstation is broadcasting messages will be examined for any possible issue. After specifying the incident that is related to security, the incident recovery steps are performed accordingly to assure adequate information collection and documentation. There are cases where security incidents also involves the contribution of law enforcement agencies such as National Transportation Safety Board, concerned managers, board of directors and security professionals. Incidents in the context of adverse events demonstrate a negative impact such as a system crash, flooding of network packets, unauthorized access of system privileges, viruses, malicious codes etc. and referred as a policy violation for computer security policies and standard security practices. Security is a set measures for deterrence, prevention, detection and correction of security threats that can damage or divulge information either locally or when transmitted via the control towers. Hence, certain security mechanisms that are designed to detect, prevent and restore security after an attack is an absolute vital. Consequently, one of the most commonly considered traditional devices Firewalls are recommended to secure a systems, applications and networks. Likewise, a firewall now contains many features and packet filtering technology. Firewall is defined as “a combination of hardware, software, and procedures that controls access to an intranet. Firewalls help to control the information that passes between an intranet and the Internet. A firewall can be simple or complex, depending on how an organization decides to control its Internet traffic. It may, for example, be established to limit Internet access to e-mail only, so that no other types of information can pass between the intranet and the Internet” (Firewall.2007). Firewalls are network security devices that are categorized in hardware-based firewalls and software-based firewalls. Mission critical redundant systems must be protected via layered defense and hardware based firewalls that must monitor data transmission on continuous basis. The hardware-based firewalls are more secure, as they are not dependent on the operating system. On the other hand, software-based firewalls are dependent on the operating system that may demonstrate risks. The choice from these options depends on the cost as well. However, a full features firewall may protect the computer network from hackers or cyber criminals. It will detect, block and quarantine viruses and malicious codes that attempt to compromise the aviation network. Moreover, configuration on the local area aviation network must demonstrate a graphical user interface to ensure that each preventive measure is active and running (Agnitum outpost persona firewall pro 2.0.2004). As all modifications and logs are stored in a firewall, that are divergent of distribution on different hosts on the aviation network. Firewall also provides the protocol-filtering capability as it filters protocols and services associated with them in order to secure them from exploitation. Moreover, firewall hides inbound communication of the airport network from the outbound interface that is also called a wide area aviation network (ADVANTAGES OF FIREWALL). In addition, firewalls also provide centralized management. This is an ultimate advantage for the aviation network security staff within an organization as the management and configuration of the overall aviation network is possible by accessing a device. Security and access policies can also be configured centrally on the device, as the firewall is the first point of contact for data packets before making their presence to the inbound aviation network. Aviation network administrators or security specialists conduct the administration and configuration of a firewall. Later, these concerned personnel monitors and modify changes as per the requirements of aviation processes and policies. The features of a typical firewall facilitates security specialist with a great extent. Many products in the market are designed to offer more than one WAN port connections as they are categorized in low bandwidth usage and high bandwidth usage. Consequently, administrators can connect a lower bandwidth connection in the low bandwidth usage port and high bandwidth connection can be used to connect high profile users who require high bandwidth Internet connectivity. As two connections can be terminated on the firewall, load-balancing features are also achievable. Moreover, if any connection from the two mediums goes offline, the firewall switches the traffic on the other medium that is operational resulting in efficient WAN aviation network connectivity (Soho firewalls.2002). Furthermore, firewalls are integrated with proxy servers to provide an optimum level of security for the aviation network. Although, some configuration procedures are mandatory to follow in order to establish firewall security based on configurations. A typical packet filtering firewall is required. The packet filtering firewalls judge the behavior of each packet and then verifies the rule base that includes exceptions and firewall security policies in order to deny or grant permission to a particular data packet. After receiving a data packet, the firewall will determines whether the packet requires proxy filtering. Consequently, firewall plays a role as a dynamic filter on a control channel linking the application layer and the proxy layer. This combined security mechanism significantly amplifies security for the aviation network (Nelson, 1998). Firewall also operates as a circuit level gateway. As per network dictionary, it is defined as “A circuit level gateway is sometimes described as a second generation firewall. It is a fast unrestricted passage through the firewall based on predefined rules maintained in the TCP/IP kernel.” The architecture of a circuit level gateway analyzes handshaking of packets in a data communication channels or sessions on the aviation network, to verify whether the channel is genuine or not. The traffic is filtered by analyzing rule base on the arrival of each packet. Moreover, circuit level gateway provides enhanced security for airport internal operations on the network by hiding particulars of workstations that have established a remote session from any computing device outside the aviation network. The computing device outside the aviation network will receive only the gateway address i.e. the firewall. As per network dictionary, application gateway is defined as “Application Level Gateway (ALG), also known as Application Layer Gateway, is a type of gateway that consists of a security component that augments a firewall or NAT employed in a computer network. It allows legitimate application data to pass through the security checks of the firewall that would have otherwise restricted the traffic for not meeting its limited filter criteria”. The application gateways are also categorized as software-based firewalls. These types of firewalls provide advantages in terms of securing a personal computer located internally from hackers and intruders. These firewalls provide in depth level of security and access control for the airport security staff. Likewise, these firewalls do not allow granting permission to any data packet related to COM and EXE extensions. In addition, to provide enhanced security, the firewall does not allow direct session of data communication with any node on the inbound aviation network. Consequently, application gateway firewall protects the aviation network of an organization with viruses, malicious codes, Trojans, unauthorized access and denial of service. Currently there are two conventional methods that can be deployed to detect cyber threats and vulnerabilities on the aviation network i.e. anomaly based IDS and signature based IDS. The signature based IDS analyze and identify specific patterns of attacks that are recognized by raw data that is in terms of byte sequences called strings, port number, protocol types etc. Likewise, apart from the normal operational pattern, signature based firewall detects any activity that is unusual from previously defined patterns. Moreover, the patterns are monitored with strict control algorithms. The signatures are stored in a signature repository. The prime object of a ‘signature based IDS’ is to search signatures in order to detect a threat or vulnerability that is similar to antivirus software that also detects viruses. The functionality includes the detection of attacks that are initiated directly towards the aviation network. Moreover, firewall tries to identify as many events as possible and therefore generate logs. The detection engine compares predetermined rules in order to deny or accept packets. The rules are categorized in two domains i.e. Chain headers and Chain options. The structure of a signature contains the following attributes: Identification number, Messages and Rules. This particular firewall adds optimal levels of security as it concentrates on aviation network activities constantly. Conclusion As the aviation industry operated on mission critical systems, not even a smallest of risk can be left out. Initially, we discussed about the ‘net-centric’ approach to demonstrate an end to end intranet application. Likewise, propagation threats were discussed that can be addressed by System Wide Information Management (SWIM) certification. Moreover, patch management along with obfuscation, polymorphism and encryption is also discussed that can effectively counter cyber threats and vulnerabilities. Furthermore, event based intrusion detection system and computer security incident response teams (CSIRT) were discussed to proactively monitor application, system and network. Security administration and configuration issues were also discussed. In addition, firewalls with advanced protection techniques such as Packet Filtering, circuit level gateway were discussed. Lastly, anomaly based IDS and signature based IDS were discussed to ensure ultimate protection to critical information systems interacting with live feeds. References Agnitum outpost persona firewall pro 2.0. (2004). District Administration, 40(2), 68-68. Circuit level Gateway/Firewall. (2007). Aviation network Dictionary, , 99-99. Firewall. (2007). Bloomsbury Business Library - Business & Management Dictionary, , 3113-3113. Gharibi, W., & Mirza, A. (2011). Software vulnerabilities, banking threats, botnets and malware self-protection technologies. International Journal of Computer Science Issues (IJCSI), 8(1), 236-241. Hatahet, S., Bouabdallah, A., & Challal, Y. (2010). A new worm propagation threat in BitTorrent: Modeling and analysis. Telecommunication Systems, 45(2), 95-109. doi:10.1007/s11235-009-9241-2 Krugel, C. (2002). Service specific anomaly detection for aviation network intrusion detection 2012(3/14/2012), 3/14/2012. doi:10.1145/508791.508835 Markarian, G., Kolle, R., & Tarter, A.Aviation security engineering: A holistic approach (artech house intelligence and information operations) Artech House. Mitigating security threats by minimizing software attack surfaces.(2008). Computer Economics Report, 30(5), 15-19. Nelson, M. (1998). Two faces for the firewall. InfoWorld, 20(41), 1. Soho firewalls. (2002). PC Magazine, 21(1), 29. Vacca, J. R. Computer and information security handbook Amsterdam ; Morgan Kaufmann, c2009. Read More