Network Security from Hackers - Essay Example

Hackers gain access to RSA tokens The attack was lounged in a form of a Trojan with recently-discovered Adobe Flash zero day flaw CVE 0609 (Litan, 2011). The Trojan was sent to some RSA employees through email. The user downloaded the Excel spreadsheets from the emails titled as “2011 Recruitment Plan” (Litan, 2011) which captured their attention even though the mail were in junk mail. With this opening to the RSA system, the attackers extracted the information until they obtained access to their targeted system where the data files were stolen. 2. According to the details of the occurrence of the incident, it should admit that this type of attack could have been avoided. In order to prevent such attacks in the future the following measures should be thoroughly applied. The employs should be enforced with strict regulation when it comes to dealing with spam mail. The employees should be educated on how to avoid suspicious emails (Minimizing the impact of the RSA SecurID breach, 2011). Security monitoring technologies should be used to monitor changes in user privileges and also add manual approvals to critical infrastructure and software (Minimizing the impact of the RSA SecurID breach, 2011). Also the infrastructure hosting critical software should be hardened and they should be monitored closely for remote and physical access. Help desks activities and any other activities that may result in information leakage should also be examined (Minimizing the impact of the RSA SecurID breach, 2011). Finally the process of applying latest patches and updates to security products and operating systems hosting them should be done more seriously. 3. Since the attack has taken place recently the full damage is too early to be predicted. According to RSA’s FAQ for the customers the threat of direct attack to the customers have been denied since the information stolen is useless, without the information held by individual customers (Inc.). Because of that RSA is confident there no immediate reason to call back any products. Currently the company has interrupted some distribution operations of some products. The full estimate of the loss can only be measured with time. 4. The devices that could be implemented to fend off this particular type of attack are listed below. IDP Series Intrusion Detection and Prevention Appliances (Security Products and Services, 2011) ISG Series Integrated Security Gateways (Security Products and Services, 2011) NetScreen Series Security Systems (Security Products and Services, 2011) Unified Access Control (Security Products and Services, 2011) SSG Series Secure Services Gateways (Security Products and Services, 2011) NetWitness Live (NetWitness Products and Services, 2011) NetWitness Informer (NetWitness Products and Services, 2011) NetWitness SIEMLink (NetWitness Products and Services, 2011) 5.  Linux based server and client operating systems are less susceptible to malware attacks. 6. The local user should apply them selves with strict rules handling any type of spam mail or downloading attachments from unknown sources. Also they should avoid sharing their important credentials (usernames, passwords) with strangers. Even though the company effort and training to avoid spam based attack has not paid off. It is a good lesson to everyone (Litan, 2011). Timely updates of you anti virus software and to be alert to threats are also essential. Enforcing strong password policies is also important. Peer-to-peer app DC++ hijacked for denial-of-service attacks: 1. By utilizing the thousands of computers in DC++ file sharing service network this DoS have been launched against 40 companies over the last three months (Reimer, 2007). If such attack is launched using a single computer the attacker is easy traceable. So overcoming this barrier, using DC++ network’s thousands of computers, a Distributed Denial of Service (DDoS) has been launched by overwhelming a particular web server’s ability to respond to the requests of legitimate users (Reimer, 2007). 2.   From the web server perspective this kind of attack can be mitigated by using an application level firewall that has deep packet inspection capabilities (Furtunã). 3. The monetary and time loss due to Denial of Service on cooperate web servers must be enormous. Estimating the lost will be a difficult task since the scope is extensive. 4. The devices that could be implemented to fend off this particular type of attack are listed below. The InJoy Firewall™ (deep-packet-inspection) HP Threat Management Services zl Module (Specifications, 2011) 5. The operating systems in the Linux/Unix family can be used to avoid small scale DoS attacks (Furtunã). 6. From the DC++ service user’s perspective the proper upgrade the older version of DC++ software. Patching DC++ hubs running on DC++ older software is also essential (Furtunã). 63 percent of schools suffer IT security breaches: 1. The main factor identified from the study that cause these types of attacks are, uncontrolled access to social media and connecting external devices to networks (security, 2011). 2. Monitor and limit social media access. Conduct awareness programs and educate the user on latest threats. Practice a registration system for rendering permission to for external device such as iPhones, iPads and Laptops within the school’s network (security, 2011). Apply and update malware protection systems. 3. The study on the issue has revealed that 45% schools 2-5 occurrences of network downtime, where 6-10 occurrences have been experienced by 13% of the schools. In the worst case, occurrences more than 10 times have experienced by 6% of the schools (security, 2011). 4. The devices that could be implemented to fend off this particular type of attack are listed below. Panda Cloud Office Protection (security, 2011) WatchGuard Reputation Enabled Defense (Stop Web Threats ) ZoneAlarm Free Firewall with Cloud-Based Security (Check Point Announces ZoneAlarm Free Firewall with Cloud-Based Security, 2010) 5.   Redhat Linux server operating systems Ubuntu Desktop Edition for clients 6. As a solution for this problem the school must look to implement user authentication systems such as active directories and apply tiered access to each user type (Security Products and Services, 2011). Even if certain school has not limited the connection of external device to the network, a user should consider the risk of such activity to them selves as well as to the network. They can apply self discipline in this case by using devices with in the school’s network, strictly for essential matters only. Works Cited Check Point Announces ZoneAlarm Free Firewall with Cloud-Based Security. (2010, May 24). Retrieved April 12, 2011, from http://www.checkpoint.com: http://www.checkpoint.com/press/2010/052410-zonealarm-free-firewall.html deep-packet-inspection. (n.d.). Retrieved April 12, 2011, from http://www.fx.dk: http://www.fx.dk/firewall/deep-packet-inspection.html Furtunã, A. (n.d.). DC++ and DDoS attacks – the full story. Retrieved April 12, 2011, from http://stormsecurity.wordpress.com: http://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/ Inc., R. (n.d.). Retrieved April 11, 2011, from www.rsa.com: http://www.rsa.com/products/securid/faqs/11370_CUSTOMER_FAQ_0311.pdf Litan, A. (2011, April 01). RSA SecurID attack details unveiled – lessons learned. Retrieved April 11, 2011, from gartner.com: http://blogs.gartner.com/avivah-litan/2011/04/01/rsa-securid-attack-details-unveiled-they-should-have-known-better/ Minimizing the impact of the RSA SecurID breach. (2011, March 11). Retrieved April 11, 2011, from http://www.maravis.com: http://www.maravis.com/minimizing-the-impact-of-the-rsa-securid-breach/ NetWitness Products and Services. (2011). Retrieved April 12, 2011, from netwitness.com: http://netwitness.com/products-services Reimer, J. (2007). Security. Retrieved April 12, 2011, from http://arstechnica.com: http://arstechnica.com/security/news/2007/05/peer-to-peer-app-hijacked-for-denial-of-service-attacks.ars Security Products and Services. (2011). Retrieved April 12, 2011, from http://www.juniper.net: http://www.juniper.net/as/en/products-services/security/ security, P. (2011, March 23). Retrieved April 12, 2011, from http://press.pandasecurity.com: http://press.pandasecurity.com/wp-content/uploads/2011/03/Panda-K12-Education-IT-Security-Study_03.23.11.pdf Specifications. (2011, February 24). Retrieved April 12, 2011, from www1.hp.com: http://h18000.www1.hp.com/products/quickspecs/13376_na/13376_na.HTML Stop Web Threats . (n.d.). Retrieved April 12, 2011, from www.watchguard.com: http://www.watchguard.com/products/xtm-software/reputation-enabled-defense.asp Read More