Security officer - Essay Example

? Security Officer Question On November of this year, a teenager was charged with releasing separate DDoS attacks on Oxford University and Cambridge University. He was found to have conducted 17 counts of computer misuse, such as failing to offer passwords to the universities encrypted storage devices (Dunn, 2012). Also, nearly 100 universities servers across the globe were infringed by group of hackers identified as Team GhostShell. The group dumped students’ records onto the internet. The servers including those from Harvard University, Stanford University, University of Pennsylvania, as well as University of Michigan experienced the attacks on their Websites within their premises, and which were created autonomously for faculty members and departments. The group had managed to access over 120,000 students records from the breached servers, before publicly posting them online (Kingkade, 2002). The information included the names, cell-phone numbers, email addresses, and students’ login credentials. The hackers breached multiple servers within each of the universities thus accessing departmental Websites. Another instance is when a University of Nebraska, performed a data dump by gaining access to the university server that stores user passwords (DataBreaches.net, 2012). The cyber criminals targeted the university employees and students’ accounts, resulting in the targeted persons to spread the malware which then stole their personal information, as well as log-in credentials. The attacker had frequently phished for employees’ emails from LinkedIn, and sending students mass emails from social networking sites, before sending them emails asking for account information having attachments infected with a malware. The criminals then managed to come up with a Website that saw students and other faculty to view the data he had taken from the servers. In another incidence, the University of Arizona, experienced major computer breaches which saw student discovering their personal information they gave to the university by just conducting a simple Google search (Privacyrights.org, 2012). The hackers sent targeted emails or spear-phishing, with links to a Webpage that was designed to deceive the university employees responsible for student data, into inputting passwords. The emails comprised attachments which used an unknown gap in one of their flash software. Also, computer-protection issues at Ohio University saw the institution alumni being exposed to identity theft after hackers acquired their social security numbers. Some were not even able to conduct online shopping or obtain banking. The alumni data were compromised in a massive computer and security breach (Privacyrights.org, 2012). Question 2 The initial initiative is to educate employees and students on the various forms of cyber fraud scheme, such as informing them not to respond and even open attachments or links coming via unsolicited e-mails (Gallaher, Link, & Rowe, 2008). Secondly, workstation normally used for the institution online services are not used for common web browsing, e-mailing, or even social networking. The institutions internal and departmental activities are performed from more than one dedicated computer not used for online activities. There is also the constant use of spam filters, for instance SpamTitan costs as little $2 every user per year. The universities now use an IT security system that covers inside the institution, instead of the perimeter. Therefore, they employ consultants who understand what their users are conducting, and then locate any form of suspicious activities inside. Therefore, security information and event management referred to as SIEM by Wipro, deals with operational security, and log management requirements across an IT infrastructure. It cost $90 for a patch deployment for every system. It is offered in a managed services replica through its Soc-in-a-Box on a RSA platform. They monitor the university network traffic searching for any distrustful patterns (Wipro Technologies, 2012). Other higher education institutions apply technology which segregates employee-created network activities and student generated activities into a distinct network. The goal is to halt unintentional release of viruses into institution-critical systems. Trustwave GRC starting from $50,000 to $500,000 provides a compliance regulation plus security management knowledgebase, coupled with robust workflow and enterprise risk reporting capabilities (TrustWave, 2012). With Verisign iDefense the universities acquires access to actionable cyber-intelligence associated vulnerabilities, malicious code, as well as global threats. It also provides transnational arrangement of security experts acting as extension of the university teams. There is also the installation of real-time anti-virus along with anti-spyware firewalls. In addition, there is the use of malware detection and elimination soft wares, done in conjunction with permitting automatic updates, blocking pop-up windows and permitting scheduled scans (Janczewski, 2008). The computers attached to the university network possess fixed end-point with corporate standards, in addition to anti-malware and intrusion Prevention for detecting activities of malware, and not just the malware itself as it tries to infect the system or link to a botnet. The Host Firewall helps in obstructing inbound along with outbound connections (Gori, 2009). Routers together with firewalls are used to avert unauthorized access to the network. Various processes have been put in place by other higher education institutions in preventing cyber crimes from reoccurring (Stair & Reynolds, 2011). This includes application of attribution technologies for student and faculty accessing personal information through online logging into personal accounts. This requires recognizable IP range and an in code used in retrieving account information. Some universities have put in place Layered security techniques having the rule of defense- in-depth, and which compartmentalizes the system such that when one particular security approach fails, another mechanism is there to limit the extent of  penetration (Gallaher, Link, & Rowe, 2008). Furthermore, others have multi-layered approaches, whereby they have combined their student and faculty physical information, their user information, such as password, together with a biometric information (Stair & Reynolds, 2011). In terms of physical access, their internal computers are controlled via key-card access (Gori, 2009). Most of them have created secured end points using a boundary around their network using firewalls and it acts as a single-way valve, thus permitting the system within to link out to the Internet, and at the same time barring connections from outside towards the inside. This is combined with secure web gateways or proxy servers that are embedded in anti-malware tools. Other universities are using domain-Keys known as Mail DKIM with a sequence of standards which identify impersonated student and faculty email (Gallaher, Link, & Rowe, 2008). It also blocks certain form of spam which impersonate like phishing emails. Moreover, web-application firewalls coupled with Intrusion Prevention Systems are used to detect and obstruct attacks hidden in applications (Stair & Reynolds, 2011). In order to deal with eavesdropping of their information and data, the universities apply encryption together with authentication of every message. Thus, the encryption takes place at numerous layers of the institution network. Multiple encryptions systems are used simultaneously, and the Link-layer encryption is applied through established wireless standard known as IEEE 802.as well as the Wi-Fi Protected Access data-link encryption standard, referred to as MACSec (Gori, 2009). Given that one of the major section of vulnerability for the universities internet is core-routing protocols comprising their network, DNS/ Authentication in DNSSEC aids in ensuring that the institution zone administrator offer authoritative information when it comes to their DNS domain (Stair & Reynolds, 2011). This ensures that DNS is not modified accidentally or even maliciously, especially when done in conjunction with integrity checking while in transfer or under storage. This ensures that the users are not directed to deceptive and criminal web sites (Janczewski, 2008). On the university server side, the key safeguard is encryption of their password database, and addition of two-phase authentication. This entails a small token being assigned to a particular user which then displays the particular minute password which must be joined with the regular user password. Others do apply biometric tools like fingerprints, and the displaying of a Quick Response code, and authentication dialog to verify identity. The Security Assertion Markup Language is now a common technology for authentication applications applied in OpenID or OpenAuth. Security Assertion Markup Language is an XML-based principle for exchanging authentication, right of use, and authorization data, it allows the university department to make assertions concerning the identity, along with attributes, of a student to other university entities (Kingkade, 2002). Question 3 The New York Article 156 of its Penal Code criminalizes unauthorized utilization and access of a computer or system, computer tampering, illegal duplication of computer connected material, as well as criminal possession of computer related material (FindLaw, 2012). Class A misdemeanor occurs when there is the intentional use, with no authorization of a computer system protected by password and other security feature. The New York Manhattan District Attorney Office through its numerous agencies, such as the Cybercrime and Identity Theft Bureau and Cybercrime and Identity Theft Bureau, deals with cybercrimes along with other computer related offenses. The local FBI office through the National Infrastructure Protection Center, and Computer Crime and Intellectual Property Section found are at the forefront of investigating and prosecuting computer crimes across the state. Also, New York applies the Federal Computer Fraud and Abuse Statute, which prohibits actions that abuse computer systems, especially through trespassing, damage, spying, and from being corruptly used as tools of fraud. Furthermore, the National White Collar Crime Center offers a website for reporting Internet fraud. The Computer Fraud and Abuse Act (CFAA) criminalize clear threats to cause damage to a computer, to steal data on the victim computer, and to publicly release data. The National Stolen Property Act bans certain described actions involving illegal transmission of stolen data under 18 U.S.C. § 2314 (Brenner, 2010).. Question 4 If it is a cybercrime arising inside New York, then the best statutes will be New York Penal Law 190.78, 156.10 and Penal Law 156.05 (FindLaw, 2012). This is because they are effective in convicting computer hacker attacks and other computer crimes as they attract weighty jail sentences of up to or more than one year. The statutes recognize that a lesser standard, rather than beyond a reasonable doubt is required by the law enforcement agents to reveal how the defendant accessed the computer or computer system. Furthermore, if the offense is classified as class “A” misdemeanor, then the punishment is up to one year in jail and when the damage surpasses $1,000, $3,000 and even $50,000 it becomes a rather more grave felony (FindLaw, 2012). Since some computer crimes, such as Computer Tampering can occur outside New York, the best statutes will be New York Penal Law 156.20, 156.27, 156.25 as well as 156.26 (FindLaw, 2012). The statutes just require them to prove that the defendant intentionally used and accessed the computer network without authorization. The statutes require that prosecutors reveal a relatively small requirement to establish facial sufficiency in any unauthorized use of a computer system or network. The computer crime fighting programs in New York includes the Computer Crime Unit which is responsible for forensic analysis, training and conducting computer network plus information-systems security breaches, in addition to training and researching on standardized operating procedures in the field of cyber security. The New York State Police, together with the state Office for Technology help in identifying cyber-based vulnerabilities, and to train institutions on how to identify threats to their network, especially systems intrusion. This initiative is supported by the National Cybercrime Training Partnership from the Department of Justice, by developing academic and professional coursework based on law enforcement knowledge, expertise, and abilities currently needed in combating computer crime. The state Citizens Crime Commission helps in evaluating cyber crime trends, and innovative proposals which integrate public and private sector partnerships and their technology (FindLaw, 2012). Question 5 Computer forensic investigative toolkit softwares will provide the university a means of analyzing data streams, like network data, disk drives or call records (Mohay, 2003). A good forensic tool will be the EnCase Enterprise Edition from Guidance software. This is because it is a network enabled occurrence-response system that provides immediate and inclusive forensic analysis, comprising volatile plus static data, within compromised servers or workstations across the network exclusive of disrupting operations. Secondly, Paraben’s P2 Examination Process is also a software suite comprising nine dissimilar software applications, such as forensic Replicator, E-mail Examiner, Text Searcher as well as Forensic Sorter Network E-mail Examiner. Thus, each of this application has immense amount of functionality which is compulsory for investigating cyber-crimes (Mohay, 2003). Other forensic tools includes, ILook Investigator and automated computer examination system both of which are used for identifying notorious files or Known Files Filter, especially executable files. Forensic Toolkit from Accessdata Corporation has an inbuilt KFF, which offers password recovery packages. This is incorporated with imaging volatile memory tools like write blockers, and integrity code generators and checkers. It obtains verifiable evidence through proprietary bi-stream imaging or evidence file. Furthermore, it mounts the image-EF in form of a read-only virtual drive, before reconstructing the file systems. Other forensic gathering tool includes, Byte Back from Tech Assist, Safeback 2.0 by New Technologies, Drive Image pro by Powerquest Corporation and Snapbakc DatArrest from Columbia data products (Mohay, 2003). Network intrusion detection systems such as Bro operate when operating in a flexible real-time manner and this offers timely alerts and even block directives meant for intrusion deterrence (Hinduja, 2007). Question 6 Keystroke loggers help in identifying any form of input fed into the computer, by generating a signal which is sent to appropriate computer application which is then intercepted in via a software program running in the backdrop or from an external physical device. The price of a solitary user licensed Keystroke logger goes from 70 USD. This will ensure employees and students do not misuse the university resources by stealing passwords, or any sensitive information that can be passed on to hackers (Mohay, 2003). Others include digital gathering information software, such as Bit-stream imaging, which is used in creating an image of every region of computer data carrier. Forensic software write-blockers are used to permit gathering of digital information from a hard-drive with no changing or shifting of the contents. There is also a Litigation Support tool which is used to gather, organize, examine and retrieve digital information for legal proceedings. They include forensic toolkit or FTK which forms images of hard drives; inspect emails, and gathering of steganography. Encase tool is used to create index of information on the computer, especially emails and deleted files. Efense provides cyber security software like Helix3pro that gathers digital information. Log records are gathered through the use of Splunk, since they memorize internet communications, as well as connections on numerous devices along the trail of transmission (Hinduja, 2007). Technologies that are used for gathering and evaluating digital information include bridges that connect to external hard drives to either a laptop or other computer. There is also Drive Copier that is used in copying a master-hard drive to various hard-drives for forensic copies. Cell-phone forensic analysis Tools are used in reading SIM cards. For instance, the Cell Seizure Investigator Stick by Paraben is a moveable cell-phone forensic and information gathering hardware plus software tool. The Call detail records are used to identify location with pattern of movements inside the mapped radio frequency area. EnCase and forensic Toolkit are used to gather cell-phones flash cards data while, Paraben Device Seizure, commercially available CellDEK, as well as Secure View can be used to gather data from PDAs such as blackberries. The prices range from $499 to $2499 (Punja & Mislan, 2008). References Brenner, S. W. (2010). Cybercrime: Criminal Threats from Cyberspace. ABC-CLIO. DataBreaches.net. (2012). Now-former student arrested in the University of Nebraska hack. Retrieved December 12, 2012, from Now-former student arrested in the University of Nebraska hack Dunn, J. E. (2012). Call of Duty hacker charged with DDoS attacks on UK Universities. Retrieved December 12, 2012, from http://news.techworld.com/security/3412807/call-of-duty-hacker-charged-with-ddos-attacks-on-uk-universities/ FindLaw. (2012). New York Computer Crimes Laws. Retrieved December 13, 2012, from http://statelaws.findlaw.com/new-york-law/new-york-computer-crimes-laws.html Gallaher, M. P., Link, A. N., & Rowe, B. R. (2008). Cyber Security: Economic Strategies and Public Policy Alternatives. Edward Elgar Publishing. Gori, U. (2009). Modelling Cyber Security:Approaches, Methodology, Strategies - : Human and Societal Dynamics. IOS Press. Hinduja, S. (2007). Computer Crime Investigations in the United States:Leveraging Knowledge from the Past to Address the Future. International Journal of Cyber Criminology , 1 (1), 1-26. Janczewski, L. J. (2008). Cyber Warfare and Cyber Terrorism. Idea Group Inc. Kingkade, T. (2002, 04 10). Hacktivists Hit Colleges: Major Universities Around The Globe Hacked By Team GhostShell In #ProjectWestWind. The Huffington Post . Mohay, G. M. (2003). Computer and Intrusion Forensics. Artech House. Privacyrights.org. (2012). Chronology of Data Breaches Security Breaches 2005 - Present. Retrieved December 13, 2012, from http://www.privacyrights.org/data-breach Punja, S. G., & Mislan, R. P. (2008). Mobile Device Analysis. SMALL SCALE DIGITAL DEVICE FORENSICS JOURNAL , 2 (1), 1941-6164. Stair, R. M., & Reynolds, G. W. (2011). Fundamentals of Information Systems [With Access Code]. Cengage Learning. TrustWave. (2012). Compliance Security Assessment. Retrieved December 12, 2012, from https://www.trustwave.com/GRC.php Wipro Technologies. (2012). The Total Cost of Security Patch Management. Retrieved December 14, 2012, from download.microsoft.com/download/1/7/b/.../TCO_SPM_Wipro.pdf Read More