Security Threats and Countermeasures for Carringbush Limited - Case Study Example

Security Threats and Countermeasures for Carringbush Limited Author Author’s Affiliation Date Table of Contents Table of Contents 2 Distributed Denial of Service Attacks 4 Malicious software or Malware 4 Viruses 4 Worms 5 Countermeasures 5 Session Hijacking 5 Countermeasures 5 SQL Injection 6 Countermeasures 6 Hacking a Web Server 6 Countermeasures 7 Hacking a wireless network 7 Countermeasures 7 Executive Summary Without a doubt, computer and network security has turned out to be a serious challenge for governments, organizations and individuals. Though, everyday there emerge a large number of security tools, techniques, practices, guidelines and theories to help these parties secure their computing resources however at the same time security attackers are becoming more and more knowledgeable and skilled to ditch these security measures. They always remain in search of latest mechanisms and security holes that they could exploit in order to launch a wide variety of security attacks. At the present, security professionals apply a variety of security tools and techniques to determine the security level of their organizations. The major objective of this report is to present an analysis of some of the major threats and their consequences. This report is written in the context of a specific organization of company Carringbush Limited that is a large size Australian organization. The organization has been dealing with a wide variety of stakeholders. So the organization needs to pay a considerable attention to its security in all aspects of the organization. This report will cover a wide variety of aspects with respect to Carringbush Limited. In this scenario, this report will discuss some of the major issues and threats that Carringbush Limited can face and the ways it can adopt to deal with these issues. Importance of Security for Carringbush Limited In the past few years, there have emerged a wide variety of security threats not only for business organizations but also for the individual users. Without a doubt, computer or network security always remains a serious challenge for businesses as well as individuals. Though, there are many ways to avoid and deal with these security threats, but completely avoiding such a wide variety of security threats is almost impossible. However, by using some effective measures their impacts can be reduced to a certain extent. In this scenario, organizations use a wide variety of latest security measures to implement and avoid some of the serious security threats. This kind of testing tools and techniques allow organizations to detect any security hole in the application (Kirsch, 2013; Ray, 2004). Basically, the Carringbush Limited is a large size organization that deals with a wide variety of stakeholders, so it can face serious security issues from inside and outside the organization. In this scenario, it is essential for Carringbush Limited to implement strict security measures to ensure the smooth working of its business processes. Threats that Carringbush Limited can face As discussed above, Carringbush Limited can face a number of different security threats with serious consequences. Given below are some of the major threats and their consequences: Distributed Denial of Service Attacks One of the major threats that Carringbush Limited can face can be a DOS (denial of service) attack, which is one of the most critical security threats in which an organization or individual is unable to access services that should be accessible in normal conditions. Additionally, a distributed denial of service (DDOS) attack is a kind of DOS attack in which a large number of hacked computers (also known as a botnet) are used to attack a single target (an individual or an organization) (Rouse, 2007). In DDOS attack, a large number of computers take part to launch a strong attack against a victim. However, the systems that take part in this attack are also the victims of this attack since they have already been infected through a virus or a Trojan. In this scenario, in a DDoS attack, a target is attacked through a heavy data traffic flooding the target coming from a large number of different locations and systems. In fact, sometimes these attacks are launched using thousands of compromised computer systems. As a result, it becomes almost impossible for the system administrator to avoid the attack by not allowing a single system. In addition, as a result of this attack a system administrator cannot differentiate between attack traffic and authentic user traffic because of a large number of points of origin. This attack makes use of some of the key elements, these are outlined below: Malicious software or Malware “A program that is used to threaten the computer security, it destroys the confidentiality, integrity and availability, and in some cases it completely destroys specific things for which they are created.” A malicious software can harm operating system (OS) boot files, or can infect user’s data with different types of malwares (Stallings & Brwon, 2012). Viruses A computer virus is a program that tries to repeat itself or executes the program into another scripting code or in an executable file. And when it completes its replication in executing files then we usually say that machine is infected, when we try to execute the machine, this virus automatically execute in machine (Stallings & Brwon, 2012). A virus is used to conduct the denial of service attack. In addition, this attack is performed in the following phases: Dormant Phase Propagation Phase Triggering Phase Executing Phase When viruses are inserted in any system or network they are in the dormant phase. Dormant phase means virus is in idle state, and just waiting for an event which executes it. After entering into the network it has the capability to propagate itself to destination places for which it is created. These places can exist anywhere in the overall system. After that the virus waits for triggering for an event when virus executed by specific event, these events can be anything like by opening specific file, when the user opens a specific file, it enters to execution phase and starts damaging the system or files (Stallings & Brwon, 2012). Worms A worm is also a type of malware but it is an independent program, which is capable of moving from one machine to another machine or network or host. By moving into target systems they find the vulnerabilities or weak holes, and then propagate. They are independent because they never wait for the execution of a specific type of program or event (Stallings & Brwon, 2012). Countermeasures There are many countermeasures that Carringbush Limited can adopt to deal with this attack. A system administrator can apply a variety of restrictions on the amount of traffic that can be processed by their server. However, it also makes difficult for system administrator to differentiate between legal and illegal traffic. Additionally, the system administrator can also filter the traffic if they can identify the source of the attacks. In addition, a variety of other techniques can also be applied such as the use of intrusion detection systems, firewalls, and so on (Webopedia, 2014; Strickland, 2014). Session Hijacking There is another significant threat that Carringbush Limited can face and it is session hijacking, which is also a very common security threats in which an attacker takes control over the session of a Web user by secretly attaining the session ID and using their ID to demonstrate themselves as an owner of that ID. The basic purpose of this attack is to access a legal account illegally and making use of this account to carry out illegal activities. For instance, once an attacker is able to access an account illegal, he can use this account to conduct different acts such as using the network services, copying or destroying data and a wide variety of other tasks. Basically, an attacker gets this session ID from URL (universal resource locator) in which a cookie stores this session ID. Whenever a communication procedure is launched between a client and a server, an authentication process is established and an attacker takes advantage of this process by interfering online. In addition, this kind of attack can be detected or undetected depending on the nature and strength of the attack and the knowledge of the user. However, when a user feels that a web site is not responding in a normal way in response of a user’s input or not working, it can be due to session hijacking (Rouse, 2006; Shelly, et al., 2005). Countermeasures Basically, in this attack, an attacker makes use of cookies so first of all there is need for Carringbush Limited to protect system cookies and setting their values as unpredictable. In addition, various other steps can also be taken such as distributing session cookies through SSL, setting the HTTP characteristic of the session cookie to accurate, making it uncomplicated to finish sessions, and restricting the path and domain as much as conceivable. Additionally, system administrators should put considerable effort to secure cookies (Gooch, 2013). SQL Injection SQL Injection is one of the most critical web based security attacks in which an attacker exposes a database connected with a web application by sending a SQL command to a web application. Additionally, in a SQL Injection attack a web application makes use of the user input without applying appropriate encoding or validation mechanism on a database query or command. In fact, this input is transferred to the SQL interpreter as an SQL query without any validation. By launching this attack, an attacker attempts to get access to the database that is connected to a web application. In this scenario, the basic objective of an attacker is to get access to a database in which significant data is stored regarding the customer or an organization. This attack allows an attacker to build, update, copy, read, modify, or remove data stored in the database. The majority of SQL Injection attacks are launched to access private data like that credit card number, social security numbers or other monetary data. Moreover, an attacker uses high level mechanism to transfer user input to the SQL interpreter and force it to complete illegal actions (DuPaul, 2014; DuPaul, 2014). Countermeasures There are many ways to deal with a SQL Injection attack. This attack can be avoided by implementing appropriate input validation procedures. For instance, user’s input should be validated in contrast to predefined type, rules for length and syntax as well as against business scenarios. Additionally, access to a database should be privileged and it should be strictly monitored. In addition, a database user should be assigned to a particular web application as well as they should not be able to access other applications. Moreover, all the stored procedures that are not occupied should be removed (DuPaul, 2014). Hacking a Web Server When a web server is hacked it does not remain under the control of an owner and hacker has a complete or partial control over the server. As a result, a hacker can have partial or complete control over server in order to make use of it for carrying out illegal activities. Normally, a hacker hacks a web server for carrying out a wide variety of illegal activities such as (Media Temple, Inc., 2014): A hacker can use hacked server to launch attacks against other systems. In this scenario, a hacker uses server’s CPU, bandwidth, memory and other resources. A hacker can hack a server to send a large number of spam emails to others using the details of hacked server. A hacker can use this server to install a phishing website in an attempt to get access to private data. Normally, there are two ways that can be used by a hacker for hacking a server (Media Temple, Inc., 2014): One of the basic causes of a server being hacked can be misplacement of the password. In this scenario, a hacker may access the server by guessing or stealing a password of a user who uses the server. In other case a hacker gains access to a server by detecting and exploiting a security hole in various applications like that Joomla, WordPress or Drupal. Countermeasures In order to avoid such attacks, the users must set strong password that are difficult to guess. They should use a mixture of alphabets and special characters such as @, # or %. In addition, whenever a user needs to use a service they must make sure that their connection is secure through a proper security mechanism. Moreover, system administrators must backup their data on a regular basis (Media Temple, Inc., 2014). Hacking a wireless network Basically, a wireless network uses wireless channel for the communication instead of wired channel and it operates through a number of access points. As a result, these communications can face a wide variety of security attacks. A wireless network can be hacked through a wide variety of security attacks. For instance, a hacker can launch a DOS attack against a wireless network by forcing APs (access points) to disclose their services set identifiers (SSIDs) during the network connection and communication. In this scenario, a hacker factually blocks the radio frequency (RF) signal of an access point and force the users to connect to a fake access point. In fact, a wireless network can be hacked through a number of ways. The basic objective of hacking is to get access to a network and make illegal use of its resources. In addition, this hacking also allows a hacker to access some of the critical information associated with a business and customers (Beaver, 2014). Countermeasures In view of the fact that a hacker can launch a variety of hacking attacks against a wireless network, hence there is not a specific way to deal with these multidimensional security attacks. However, users can adopt a mixture of security countermeasures in order to deal with these attacks (Beaver, 2014): First of all, the network users must make sure that their passwords are secure and no one can have access to their passwords. Carringbush Limited should regularly switch off their service set identifiers A virtual private network can be established by Carringbush Limited to secure a wireless network Carringbush Limited should implement an effective encryption technique to secure traffic flowing through its network (Beaver, 2014). Trends in IT Security With the passage of time, there are emerging significant changes in the field of IT. Without a doubt, there are emerging latest tools and technologies to help organizations resolve issues on the other hand, these technologies offer same opportunities to people who want to carry out illegal activities and cause harm to organizations. There are so many ways that these people can adopt to launch internal and external security attacks. For instance, an internal attack can be launched by an old employee who has access to organizational resources. In the same way, there are tools and techniques such as buffer overflow attacks that look for drawbacks in existing organizational resources in order to launch an attack. Though, there are considerable measures to help Carringbush Limited deal with these security threats however these security threats cannot be completely overcome. There is need for organizations such Carringbush Limited to establish training and education programs to help their employees learn about these threats and ways to overcome these challenges. Conclusion Security (whether software or hardware) always remains a serious challenge for the technology developers and they always keep trying to find out innovative ways, tools, techniques and technologies to deal with this challenge. On the other hand, hackers and attackers always remain in the search of security holes to exploit and get hold of others; resources. This paper has discussed some of the major kinds of a security attack. This paper has discussed the ways these attacks are launched along with some of the countermeasures to avoid them. This research concludes that there is not a single way to avoid these attack however their effects can be minimized by adopting certain security measures. In addition, it is the responsibility of system users that they keep themselves updated regarding the latest security threats. References Beaver, K., 2014. Countermeasures for Wireless Network Hack Attacks. [Online] Available at: http://www.dummies.com/how-to/content/countermeasures-for-wireless-network-hack-attacks.html [Accessed 27 April 2015]. DuPaul, N., 2014. Android Hacking. [Online] Available at: http://www.veracode.com/products/mobile-application-security/android-hacking [Accessed 29 April 2015]. DuPaul, N., 2014. SQL Injection Tutorial: Learn About Injection Attacks, Vulnerabilities and How to Prevent SQL Injections. [Online] Available at: http://www.veracode.com/security/sql-injection Gooch, A., 2013. Help Prevent Session Hijacking. [Online] Available at: http://blog.8thlight.com/adam-gooch/2013/03/01/help-prevent-session-hijacking.html [Accessed 29 April 2015]. Kirsch, C., 2013. Introduction to Penetration Testing. [Online] Available at: https://community.rapid7.com/docs/DOC-2248 [Accessed 25 April 2015]. Media Temple, Inc., 2014. Working with a hacked or compromised server. [Online] Available at: http://kb.mediatemple.net/questions/1577/Working+with+a+hacked+or+compromised+server#gs [Accessed 24 April 2015]. Ray, R., 2004. Technology Solutions for Growing Businesses. New York: American Management Association (AMACOM). Rouse, M., 2006. session hijacking (TCP session hijacking). [Online] Available at: http://searchsoftwarequality.techtarget.com/definition/session-hijacking [Accessed 29 April 2015]. Rouse, M., 2007. denial of service (DoS). [Online] Available at: http://searchsoftwarequality.techtarget.com/definition/denial-of-service [Accessed 26 April 2015]. Shelly, Cashman & Vermaat, 2005. Discovering Computers 2005. Boston: Thomson Course Technology. Stallings, W. & Brwon, L., 2012. Computer Security: Principles and Practice. 2nd ed. New Jersey: Prentice Hall. Strickland, J., 2014. How Zombie Computers Work. [Online] Available at: http://computer.howstuffworks.com/zombie-computer3.htm [Accessed 28 April 2015]. Webopedia, 2014. DDoS attack - Distributed Denial of Service. [Online] Available at: http://www.webopedia.com/TERM/D/DDoS_attack.html [Accessed 22 April 2015]. Read More