SlideShare a Scribd company logo

Research_Paper_ISSC461_Intindolo

Download as DOC, PDF
John Intindolo
John Intindolo
1 of 20
Running head: INFORMATION SECURITY ATTACKS 1 Information Security Attacks John Intindolo ISSC461- IT Security: Countermeasures American Public University
INFORMATION SECURITY ATTACKS 2 Abstract Information Security is essential to everyone and anyone who owns a computer. The people who rely on the Confidentiality, Integrity, and Availability (commonly referred to as the CIA Triad of Network Security) vary from large to small and everyone in between. There could be an organization with thousands of employees connected to a network over multiple locations to handle their everyday business needs. Then again a much smaller network such as that of the common family man who relies on his computer for budgeting expenses as well as keeping up with friends and family (through social media websites like Facebook and Twitter) will also rely on Information Security. The differences between those two are huge, but the common thing that they share is the need to keep their information secure. Passwords, financial information, customer contacts, credit card numbers, and files are among the things in need of protection. Hackers want to get their hands on this data for a multitude of reasons that range from destroying, seizing, exposing, disabling, stealing, or altering it. This is known as an Information Security attack. There are many different ways that a hacker can choose to perform an attack, but for the purpose of this paper some of the most common types will be discussed. The common types of attack discussed in this paper are as follows: Denial-of-Service Attacks (DOS), Trojan Horses, Worms, Logic Bombs, Buffer Overflow, as well as Attacks Performed by Hackers. These attacks will be described for what they are, how they may be prevented from happening, and in the event of one occurring how to mitigate their impact on an organization’s network.
INFORMATION SECURITY ATTACKS 3 Table of Contents Information Security Attacks.......................................................................................................1 John Intindolo................................................................................................................................1 Abstract...........................................................................................................................................2 Introduction....................................................................................................................................4 What is Information Security?.....................................................................................................5 What is an Information Security Attack?...................................................................................5 Areas of Vulnerabilities...............................................................................................................5 Social Enginerring.................................................................................................................. 6 Mail Servers............................................................................................................................6 Improperly Configured Firewall.............................................................................................7 Filtering Routers..................................................................................................................... 7 Intercepted Data Transmited to Mail Servers.........................................................................8 Overlooked Security Vulnerabilites............................................................................................ 8 Patching................................................................................................................................... 8 Weak Passwords..................................................................................................................... 9 Mobile Devices.......................................................................................................................9 USB Flash Drives................................................................................................................. 10 Types of Attacks........................................................................................................................10 Denial-of-Service Attack.......................................................................................................10 Trojan Horses.........................................................................................................................11 Worms....................................................................................................................................12 Logic Bombs..........................................................................................................................12 Buffer Overflow.....................................................................................................................13 When a program or process attempts to store more data in a temporary data storage area (or buffer) than it is intended to hold it is called a buffer overflow. The data that cannot fit into a buffer will overflow into other buffers and corrupt or even overwrite the valid data within them. This makes a buffer overflow an attack on the computer or network’s integrity. The extra data may contain codes with instructions that the attacker designed to damage files, change data, or give them access to confidential data...........................................................13 Prevention.....................................................................................................................................13 Denial-of-Service Attack...........................................................................................................13 Trojan Horses.............................................................................................................................14 Worms........................................................................................................................................14 Logic Bombs..............................................................................................................................14 Buffer Overflow.........................................................................................................................15 Mitigation.....................................................................................................................................15 Denial-of-Service Attack...........................................................................................................15 Trojan Horses.............................................................................................................................16 Worms........................................................................................................................................16 Logic Bombs..............................................................................................................................17 Conclusion....................................................................................................................................17 References.....................................................................................................................................19
INFORMATION SECURITY ATTACKS 4 Introduction In today’s world almost everyone relies on computers in one way or another. A person may use their computer to do a multitude of things including: paying bills, surfing the web, balancing their finances, or staying connected with family and friends through social media websites such as Twitter and Facebook. Businesses are also relying on computers and the Internet to handle their day-to-day activities such as financial data, employee records, customer information, sensitive company data, and inventory. The question that remains is how does one protect all of this data? The answer to that is by using Information Security. Information Security relies on careful and well-thought out planning from the Security Administration Team, and without the co-operation of everyone connected to the network it will fail. That means security procedures must be followed by anyone on the network, whether it be the CEO of the company or a customer service representative. What is the reasoning behind an Information Security attack? Information Security attacks involve an attempt to destroy, expose, or alter information and can be performed for a variety of reasons including the following: to steal valuable information or data (such as customer information), steal financial information (such as credit card and bank account numbers), sabotage network connectivity (to disrupt business operations), and even to protest against an organizations beliefs. In fact, in 855 incidents of 174 million compromised records, a recent study shows that protest was a motive in twenty-five percent of attacks against large organizations (“3 New Things,” 2013, p. 4). There a many different types of attacks that an attacker has at their disposal, but the most common will be discussed here. Those include DoS attacks, Trojan Horses, Worms, Logic Bombs, and Buffer Overlow. In addition to the attacks themselves the proper forms of prevention and mitigation will also be detailed.
INFORMATION SECURITY ATTACKS 5 What is Information Security? Information Security is the practice of defending information from being accessed, used, disclosed, modified, inspected, recorded, or destroyed by someone who is unauthorized to do so (“Definition of information security,” 2012). In other words, Information Security can be described as maintaining the Confidentiality, Integrity, and Availability (commonly referred to as the CIA Triad) of an entire organization. Information Security is essential to businesses and home users alike. In today’s world nearly everything and everyone is connected to the Internet is some shape or form. An organization’s network going down due to an attack can be the difference in the company sustaining business or faltering altogether. It is for this reason that information security attacks are a huge threat to the CIA of an organization’s network. So what is an Information Security attack? What is an Information Security Attack? An Information Security attack is any “attempt to destroy, expose, alter, disable, steal, or gain unauthorized access to or make unauthorized use of an asset” (“Information technology- security,” 2014, p.1). As stated earlier the world of today is one that relies heavily on computers and the Internet. Technology is constantly evolving and that means that hackers are constantly finding new ways to attack computers and networks as well. To perform an Information Security attack, a hacker must first find a vulnerability. A vulnerability is a weakness within a product that allows an attacker to compromise the CIA of said product. There are many different ways that an attacker can discover a vulnerability. Knowing what they are and how to fix them will be key to stopping a hacker from infiltrating the organization’s network. Areas of Vulnerabilities As stated earlier there are many different ways for a hacker to attack a system and many places where networks can become vulnerable. By knowing the most common areas and types of
INFORMATION SECURITY ATTACKS 6 vulnerabilities an Information Systems Security Practitioner can secure them before they are able to be exploited by a hacker. With that said the first area of vulnerability to speak of is social engineering. Social Enginerring. Social Engineering is a technique used by hackers to gain information about an organization that will help them gain access to the system. The term refers to a hacker manipulating someone within an organization into doing something or giving information that will divulge confidential information to the hacker. This approach essentially makes hackers using social engineering tactics modern day con artists. Before hacking a computer network they will use social engineering to hack into the mind of people within an organization that they have targeted. The difference between the two according to Savitz & Teller is, “Hacking a system requires knowledge of programming vulnerabilities, hacking the human mind requires a different kind of knowledge – specifically, what types of e-mails or links is the victim most likely to click on” (2012, p.40). The best way to guard against these types of attacks is keeping employees informed of how hackers are targeting victims, and integrating that information into training programs. Mail Servers. Mail Servers are another common target for hackers trying to obtain access to network resources. Whenever connected to the Internet a company is at risk of being attacked. According to Smith, “Given a typical TCP connection, the attacker may sniff its contents, insert or modify data, or even hijack the connection completely” (2011, p. 687). The best defense against connection-based attacks is through the use of SSL encryption. SSL encryption prevents attackers from sniffing, connection hijacking, and (through authentication) even sites which deceive the
INFORMATION SECURITY ATTACKS 7 victim into thinking it is the mail server to steal login credentials. Another form of protection for mail servers is for an Information Security Professional to ensure that the OS and e-mail applications are both updated and have the latest security patches installed. Improperly Configured Firewall. Firewalls protect the computer network’s ports, and an improperly configured firewall can allow a hacker to scan for vulnerabilities that can lead to an attack using port scanning tools such as Nmap. In fact according to a Higgins, “Around 85 percent of the 100 network administrators surveyed in Tufin Technologies’ 2011 Firewall Management report say that half of their firewall rule changes eventually need to be fixed because of improper setup” (2011). The best way to properly secure the firewall is through optimizing the firewall policy. This can be done with a firewall analyzer which can do such things as automatically identify and remove unused rules and objects, re-order rules based on the frequency of matched traffic, and consolidating similar rules into one rule. Filtering Routers. A Filtering Router is also a common target of hackers who have aggressive SNMP scanners and brute-force programs that when successfully attacked can easily turn the router into a bridge that will allow the hacker unauthorized access to the organization’s network (“Techniques adopted by,” 1998). Stopping a hacker from network mapping can be done by installing TCP wrappers on all external hosts. What this does is ensure that only trusted parties are able connected to the network’s hosts’ critical ports such as ftp, telnet, ssh, etc.
INFORMATION SECURITY ATTACKS 8 Intercepted Data Transmited to Mail Servers. Data that is transmitted over the company’s network to mail servers provides a “bull’s eye” target for hackers and can be easily intercepted. Hackers can use a victim’s e-mail to look for passwords sent, or other sensitive data transmitted. However, it may not be what is in an e- mail message that a hacker wants to see, but rather it is the victim’s login credentials that they may want instead. This can be done through social engineering that was outlined earlier. The best practice for secure e-mail transmission is to use encryption. One such program that provides e- mail encryption is Symantec which is more commonly known by its former name PGP Encryption. Symantec’s Gateway Email Encryption secures email without having to burden its users with automatic encryption and decryption of sensitive email, provides multiple flexible options for email delivery, and centralizes administration of encryption policies and management which reduces implementation time (“Symantec gateway email,” 2014). Overlooked Security Vulnerabilites Network security is “the control of unwanted intrusion into, use of, or damage to communications on your organization’s computer network” (Stewart, 2011, p.4). The concept itself seems easy enough, but when actually putting the idea into practice things can get much more complicated. With that said, sometimes when securing a network certain things get overlooked that can lead an attack. The first network security vulnerability that is overlooked is patching. Patching. Patching is the process of updating a computer program or its supporting data, fixing bugs and security vulnerabilities, and improving the overall performance or usability of programs. An attacker will have an easier time attacking a security vulnerability that exists in software that is not
INFORMATION SECURITY ATTACKS 9 updated with the latest patches. In fact, all it takes is for a single missing patch or misconfiguration of software for an attacker to bring down the entire network (Buris, 2013, p. 19). The two items that need to be patched are software and the operating system itself. One reason that many overlook this vulnerability in relation to software is because they require manual patching (unlike the automated patching systems which secure the OS). Another common mistake made is failing to reboot the system following the employment of a patch. The patch is not fully installed until a system reboot takes place, which makes doing so extremely important. The best way to make sure that the company’s patching process is working as intended is to perform penetration tests (which can search for misconfigurations and missing patches) on a regular basis. Weak Passwords. Another common vulnerability is the use of weak passwords. Weak passwords make an attacker’s life easy, so common things such as birthdays, anniversary, children’s names, etc. should be avoided at all costs. Instead strong hard to guess passwords should be used combining a mixture of upper and lower case letters, numbers, and characters. Furthermore, it is important to regularly change the password as well. Mobile Devices. Mobile devices are yet another common vulnerability existing in Information Security today. One of the reasons for this is because they often do not have passwords enabled. Additionally files and sensitive data stored on mobile devices should also be encrypted. Two- factor authentication should always be used when conducting sensitive transactions on mobile devices as well. A two-factor authentication is more secure than just simply using a password, and is recommended because a password could be guessed, stolen, or eavesdropped by an attacker. Having a second form of authentication will make it more difficult for the attacker to gain
INFORMATION SECURITY ATTACKS 10 unauthorized access to the mobile device. Two-factor authentication refers to two different “factors” of something the user knows, has, or is being required to authenticate. According to Fineburg, “Installing tracking and/or remote-wipe software in the event devices are misplaced, and end user training” are some other security measures that can help to protect against this security vulnerability(2012, p.26). USB Flash Drives. USB flash drives are the last vulnerability in this piece. This vulnerability is overlooked so much that a USB flash drive carrying an attack program was able to perform an attack inside of a classified U.S. Military network. An attack on U.S. military systems in 2008 originated with a flash drive plugged into a military computer located in the Middle East (Lemos, 2010). USB flash drives present a vulnerability that could lead to a buffer-overflow attack and enable an attacker to bypass Windows security and obtain administrative access to a user’s computer. The best way to secure this vulnerability is by only allowing the use of USB flash drives that are encrypted and password-protected. Additionally software should be used that allows administrators access control over removable media devices (such as USB flash drives). Types of Attacks As mentioned previously, there a many different ways that an attacker can attack a system, but only the most common are going to be discussed here. Not only are these attacks the most common, but any and all of them could be a massive threat to the CIA of an organization’s network. Denial-of-Service Attack. Denial of Service or DoS attacks are not only one of the most common attacks, but they are perhaps the most devastating as well. The purpose behind a DoS attack is to deny the victim
INFORMATION SECURITY ATTACKS 11 access to authorized services or data. The two different categories of DoS attacks are those that crash services and those that flood services. Flooding attacks are used to overload a system or application by sending too many requests than the server or application can handle, thus causing it to crash. Blocked access could be the result of an attacker exploiting a vulnerability in an application which would then cause it to crash, preventing access requests from getting to the server, or for manipulating access data control (Pleeger, 2012, p. 603). An example of a DoS attack would be a ping flood which floods the server with thousands of ping packets and causes the victim’s server to crash when it can no longer handle the amount of requests. Another form is a Distributed Denial of Service (DDoS) attack which is the same as a DoS except it uses many computers and Internet connection or a botnet to perform the attack rather than just one. In the case of a DDoS it is impossible to stop a serious DDoS, but there are ways to lessen its damage. Trojan Horses. A Trojan Horse is type of malware program containing malicious code that is designed to trick the victim into believing it is something it is not, and once the victim’s computer has become infected it will carry out whatever action it was designed to perform. An example of this is an e- mail attachment that appears to be from a trustworthy source. In most cases a Trojan Horse infection will cause the data to become lost, stolen, or the system itself may become unstable (freezing, blue screen errors, etc.). Another role that a Trojan Horse may play is that it may act as a backdoor for the attacker, which allows the attacker to gain unauthorized access to the victim’s computer without their knowledge. The name itself is derived from Greek mythology where a wooden horse with Greek soldiers hidden inside was used to deceive the people of Troy that the
INFORMATION SECURITY ATTACKS 12 Greek army had admitted defeat. At night however, the hidden soldiers came out of the wooden horse opened the gates and allowed the rest of the Greek army to enter, and in turn win the war. Worms. A worm is a standalone malware computer program that continuously replicates itself to spread to other computers. Security vulnerabilities are exploited on the victim’s computer and a worm relies on this to spread itself throughout the network. While many worms are designed to only spread without changing the systems they pass through, they can cause a disruption in availability due to the increased network traffic. Typically a worm is installed inadvertently by a victim who opens an email attachment or a message with executable scripts. Logic Bombs. A logic bomb is a line of code within a system or a piece of malware which triggers malicious behavior when a specified condition has met. For example, a logic bomb will go off when the amount of time the attacker set has been met. Another example would be that an attacker would have a logic bomb set to trigger when a victim does not respond to a command. Typically this is an insider attack performed by a privileged user who knows what security controls need to be bypassed so that it may go undetected until detonation.
INFORMATION SECURITY ATTACKS 13 Buffer Overflow. When a program or process attempts to store more data in a temporary data storage area (or buffer) than it is intended to hold it is called a buffer overflow. The data that cannot fit into a buffer will overflow into other buffers and corrupt or even overwrite the valid data within them. This makes a buffer overflow an attack on the computer or network’s integrity. The extra data may contain codes with instructions that the attacker designed to damage files, change data, or give them access to confidential data. Prevention Prevention is one way to fight against these attacks. If the proper security measures are taken then it is possible that the attack never occurs. At least that holds true in most cases. However, no network is completely secure from an attack, and if an attacker wants to attack you they will find a way in. While it is not possible to completely prevent every attack from happening, taking extra security measures may just force the attacker focus on an easier target. Your network does not have to be the most secure, only more secure than those around it. Denial-of-Service Attack A DoS attack can is hard to prevent, but the best way may be follow several practices. These practices will help to stop an attack from happening again. Keeping an audit trail describing changes and their reasons for changing, a list of Standard Operating Procedures and Emergency Operating Procedures, having administrators know and understand network configuration in detail, perform test not just locally but over the Internet as well (to simulate customer activity and allow you find network problems from the customers perspective), train personnel on old configurations and their purpose when hired as well as during annual auditing, and finally think
INFORMATION SECURITY ATTACKS 14 like a hacker to discover where vulnerabilities exist in the network and can be corrected (Cretzman & Weeks, 2014). Trojan Horses Trojan Horses often go undetected by common virus scanners, and that is why in addition to a virus scanner being installed on each network computer an anti-malware program should be installed. An anti-malware program such as Malwarebytes Anti-Malware will block a Trojan Horse attempting to infect your PC before it has a chance to. Be sure to constantly update the program as well because it will ensure that the program has the latest threat definitions installed. Worms Due to the fact that worms are installed from email attachments the best way to prevent a worm attack is by never clicking on a link or opening an email attachment that you are unsure of being from a trusted source. Another precaution to take is to make file extensions visible, which expose double extensions files such a .jpg.exe. What this means is the picture file you thought you were downloading is actually an executable program attempting to infect your network. Additionally, anti-virus and anti-malware programs as mentioned previously will help as well. Logic Bombs The best methods for preventing logic bombs are performed in several ways. The first is through having backups in place to aid in recovery of a security incident. This way a restore may be performed to before the logic bomb was installed. Another method is through the use of Separation of duties. This divides the tasks and privileges for specific security measures among multiple people, and in turn reduces the ability of an attacker to perform a logic bomb attack. Lastly, a great preventive method would be using a third party for system and log monitoring.
INFORMATION SECURITY ATTACKS 15 Careful review of system logs can determine if any changes have occurred or malicious software has been added to the system. Buffer Overflow One good defensive technique for preventing buffer overflow attacks is through filtering HTML code and characters that may cause problems with the database, and thus creates a vulnerability that may be exploited. Another measure that could be take is to download SigFree which is an online signature-free out-of-the-box application-layer method for blocking code- injection buffer overflow attack messages” by targeting Internet services such as web service (Wang, Pan, Liu & Zhu, 2008, p.1). Fixing security vulnerabilities will help put an end to buffer overflow attacks occurring. Mitigation As previously stated, not every attack is preventable. There will be an instance where an attack has occurred, and stopping the attack from spreading or becoming worse is integral to maintaining the CIA of your network. Lessening the damage done could be the difference of a business failing or succeeding (especially in this day and age where businesses rely on the availability of their network for day to day business).That is where mitigation comes in. Denial-of-Service Attack In order to mitigate a DoS attack the first step is to scan packets with a monitoring tool. A DoS Attack can be detected through the use of a packet monitoring tools such as Wireshark. Wireshark capture lives traffic entering or exiting a specific port so that it may be analyzed. Through the use of Access Control Lists (ACL) rules the damage of a DoS attack can be minimized. Doing so will stop incoming traffic from the attacking network. ACL are performed by entering rules into the router’s command line interface in the following manner: “Conf t” which configures the terminal of the router, an “Access List” (with a
INFORMATION SECURITY ATTACKS 16 given number followed by the attackers ip address) is then created on the second line for a specific router and its ports, the third line command is “Interface f0/1” which is used to enter that specific interface to make necessary changes, and on the fourth the line the command “ip access- group 1 in” is entered and invited to the interface f0/1 which denies all ip packets from the attacker’s ip address (Sridhar, 2011, p. 19). The problem with this form of mitigation is that it blocks all hosts from the server and not just the attackers. Another form that is used by most data providers is called rate limiting. What this does is “places a cap or sets up a threshold limit of traffic that the server would be able to stand” (Sridhar, 2011, p. 20). It does still allow traffic from the attacking system to enter, so the best form of mitigation would be to use a combination of ACL rules and rate limiting to oversee the traffic flow better. Trojan Horses Using an anti-spyware program such as the previously mentioned Malwarebytes will also help in the event that a Trojan Horse has infected your network. It will scan for them and delete them, or if it is not possible to be deleted it will be quarantined and logged to prevent any further damage from being done. Worms Once a worm has been discovered there are certain steps that need to be taken in order to remedy the situation. The procedures that should be followed are: Containment, Inoculation, Quarantine, Treatment, and Planning (Kaya, 2010., p. 11). The first step is to contain the worm so that it does not continue to replicate onto other systems within the network. Next is to patch all systems to ensure that uninfected systems do not become infected. As Kaya explains, “The quarantine phase involves finding each infected machine and disconnecting, removing, or blocking them from the network” to prevent other unpatched machines on the network from being infected (2010, p. 14). The next phase is the treatment phase which is cleaning and patching all infected
INFORMATION SECURITY ATTACKS 17 systems. Lastly, is the planning phase which should be a set of procedures to be followed to minimize the extent of the attack, as well as detailed information on who has to do what in the event of an attack occurring again. Logic Bombs Using system and log monitoring will enable you to detect when a logic bomb is installed. Some forms of mitigation could be to first remove the affected host from the network until the origin of the logic bomb is detected. From there you can remove it from the network. Another possibility is to restore the affected host’s last backup, but in doing so verify that the bomb is no longer there. If the bomb is on the backup as well it could restart the trigger or explode immediately. Conclusion Information Security is important to anyone who owns a computer, no matter how big or small their company or organization. Maintaining the CIA of the organization’s network is vital to their success and in some cases even their ability to operate at all. There are so many different types of attacks out there that hackers will use to try and compromise the CIA of an organization, and therefore it is important to understand what these attacks are and what purpose they serve. Once the “what” and “why” of the attacks is understood, the next step is to determine how to prevent an attack altogether. Lastly, since there is no full-proof security plan it is vital to have a plan in place on how to mitigate an attack once it has taken place. Understanding what the attack is, knowing how to prevent an attack, and knowing how to mitigate the effects of an attack will help to ensure the CIA of the organization’s network.
INFORMATION SECURITY ATTACKS 18
INFORMATION SECURITY ATTACKS 19 References (2014). Information technology- security techniques- information security management systems- overview and vocabulary. (3rd ed.). Switzerland: ISO copyright office. Retrieved from http://standards.iso.org/ittf/licence.html 3 New Things to Know About Information Security. (2013). Security Director's Report, 13(2), 4- 5. Burris, J. (2013). Network Security: The What and How of Patching. New Jersey Banker, 18-19. Cretzman, M., & Weeks, T. (2014). Best practices for preventing dos/denial of service attacks. Retrieved from http://technet.microsoft.com/en-us/library/cc750213.aspx Definiton of information security. (2012). Retrieved from http://oit.unlv.edu/network-and- security/definition-information-security Fineberg, S. (2012). Firms on high alert to boost security. Accounting Today, 26(1), 26-29. Higgins, K. J. (2011). Survey: Half of firewall rules improperly configured. Retrieved from http://www.darkreading.com/perimeter/survey-half-of-firewall-rules- improperly/231903107?itc=edit_stub Kaya, D. (2010). Mitigating worm attacks [PowerPoint slides]. Retrieved from http://www.slideshare.net/dkaya/mitigating-worm-attacks Lemos, R. (2010). Could usb flash drives be your enterprise's weakest link?. Retrieved from http://www.darkreading.com/management/could-usb-flash-drives-be-your- enterpris/227200081 References
INFORMATION SECURITY ATTACKS 20 Pleeger, Charles (2012). Analyzing Computer Security: A Threat / Vulnerability / Countermeasure Approach. ISBN: 978-0-13-278946-2. Prentice Hall-Pearson Publication. Savitz, E., & Teller, T. (2012). Social Engineering: Hacking The Human Mind. Forbes.Com, 40. Smith, R.E., PhD. (2011). Elementary Information Security. Burlington, MA: Jones & Bartlett Learning. Sridhar, S. (2011). Denial of service attacks and mitigation techniques: Real time implementation with detailed analysis. The SANS Institute. Retrieved from https://www.sans.org/reading-room/whitepapers/detection/denial-service-attacks- mitigation-techniques-real-time-implementation-detailed-analysi-33764 Stewart, J. M. (2011). Network Security, Firewalls, and VPNs, Sudbury, MA: Jones and Bartlett Learning – ISBN: 9780763791308 Symantec gateway email encryption. (2014). Retrieved from http://buy.symantec.com/estore/categoryDetailPage/productCode/PGP-GEE-EXP- LEM_Vx_12MO_PC/skuType/Product Techniques adopted by 'system crackers' when attempting to break into corporate or sensitive private networks. (1998). Retrieved from http://stat.duke.edu/comp/security/antionline_doc.html Wang, X., Pan, C., Liu, P., & Zhu, S. (2008). Sigfree: A signature-free buffer overflow attack blocker. IEEE Transactions on Dependable and Secure Computing, 5(4), 1-15.

Recommended

Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
A Cyber Security Review
A Cyber Security ReviewA Cyber Security Review
A Cyber Security ReviewSimon Moffatt
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 

Recommended

Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
A Cyber Security Review
A Cyber Security ReviewA Cyber Security Review
A Cyber Security ReviewSimon Moffatt
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information SecuritySimoun Ung
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018Sanjana Khound
 
Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveGovernment
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019BluePayProcessing
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT PresentationDaniel McGarvey
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail SecurityIBM Software India
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Paul Ferrillo
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Smith
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security ServicesRainer Mueller
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity reportKevin Leffew
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
AksumChar
AksumCharAksumChar
AksumCharsyed bava bakrudeen abdul jabhar
 
Android 6.0 Marshmallow
Android 6.0 MarshmallowAndroid 6.0 Marshmallow
Android 6.0 MarshmallowDigital Screaming
 

More Related Content

What's hot

American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information SecuritySimoun Ung
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018Sanjana Khound
 
Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveGovernment
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019BluePayProcessing
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT PresentationDaniel McGarvey
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail SecurityIBM Software India
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Paul Ferrillo
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Smith
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity reportKevin Leffew
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 

What's hot (20)

American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018
 
Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military Perspective
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT Presentation
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail Security
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
 
Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 

Viewers also liked

новоолександрівська зош
новоолександрівська зошновоолександрівська зош
новоолександрівська зошservisosvita
 
Calgary’s Attractions for You and Your Little Ones
Calgary’s Attractions for You and Your Little OnesCalgary’s Attractions for You and Your Little Ones
Calgary’s Attractions for You and Your Little OnesEmily Mark
 
Student Work - A. Richardson
Student Work - A. RichardsonStudent Work - A. Richardson
Student Work - A. RichardsonAmy Richardson
 
quality resume
quality resumequality resume
quality resumeVenkat V
 
Water chemistry for kindasa 1
Water chemistry for kindasa 1Water chemistry for kindasa 1
Water chemistry for kindasa 1Inaam Khan
 

Viewers also liked (16)

AksumChar
AksumCharAksumChar
AksumChar
 
Android 6.0 Marshmallow
Android 6.0 MarshmallowAndroid 6.0 Marshmallow
Android 6.0 Marshmallow
 
новоолександрівська зош
новоолександрівська зошновоолександрівська зош
новоолександрівська зош
 
Mazda RX8 Tab Kit
Mazda RX8 Tab KitMazda RX8 Tab Kit
Mazda RX8 Tab Kit
 
D-Vivid Consulting A
D-Vivid Consulting AD-Vivid Consulting A
D-Vivid Consulting A
 
Vol2
Vol2Vol2
Vol2
 
El repositorio LINDAT de CLARIN en LINHD _ ReTeLe 2016
El repositorio LINDAT de CLARIN en LINHD _ ReTeLe 2016El repositorio LINDAT de CLARIN en LINHD _ ReTeLe 2016
El repositorio LINDAT de CLARIN en LINHD _ ReTeLe 2016
 
Calgary’s Attractions for You and Your Little Ones
Calgary’s Attractions for You and Your Little OnesCalgary’s Attractions for You and Your Little Ones
Calgary’s Attractions for You and Your Little Ones
 
Om0016 quality management
Om0016 quality managementOm0016 quality management
Om0016 quality management
 
Fonts
FontsFonts
Fonts
 
Student Work - A. Richardson
Student Work - A. RichardsonStudent Work - A. Richardson
Student Work - A. Richardson
 
Ln q2
Ln q2Ln q2
Ln q2
 
Anderson scott ppp_1511_final
Anderson scott ppp_1511_finalAnderson scott ppp_1511_final
Anderson scott ppp_1511_final
 
Education Data
Education DataEducation Data
Education Data
 
quality resume
quality resumequality resume
quality resume
 
Water chemistry for kindasa 1
Water chemistry for kindasa 1Water chemistry for kindasa 1
Water chemistry for kindasa 1
 

Similar to Research_Paper_ISSC461_Intindolo

INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...Hansa Edirisinghe
 
Journal+Feature-InsiderThreat
Journal+Feature-InsiderThreatJournal+Feature-InsiderThreat
Journal+Feature-InsiderThreatAnthony Buenger
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemAustin Eppstein
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
Cyber Security Conference - Rethinking cyber-threat
Cyber Security Conference - Rethinking cyber-threatCyber Security Conference - Rethinking cyber-threat
Cyber Security Conference - Rethinking cyber-threatMicrosoft
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposedNumaan Huq
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloJohn Intindolo
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 

Similar to Research_Paper_ISSC461_Intindolo (20)

INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
 
Journal+Feature-InsiderThreat
Journal+Feature-InsiderThreatJournal+Feature-InsiderThreat
Journal+Feature-InsiderThreat
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystem
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
Cyber Security Conference - Rethinking cyber-threat
Cyber Security Conference - Rethinking cyber-threatCyber Security Conference - Rethinking cyber-threat
Cyber Security Conference - Rethinking cyber-threat
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digital
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Risky Business
Risky BusinessRisky Business
Risky Business
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_Intindolo
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 

More from John Intindolo

Power_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloPower_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloJohn Intindolo
 
ISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloJohn Intindolo
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloJohn Intindolo
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloJohn Intindolo
 
Research_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloResearch_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloJohn Intindolo
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloJohn Intindolo
 
Attack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloAttack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloJohn Intindolo
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloJohn Intindolo
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloJohn Intindolo
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloJohn Intindolo
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloJohn Intindolo
 
ISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloJohn Intindolo
 
ISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloJohn Intindolo
 
Project_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloProject_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloJohn Intindolo
 

More from John Intindolo (16)

Power_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloPower_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_Intindolo
 
ISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_Intindolo
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_Intindolo
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_Intindolo
 
Research_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloResearch_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_Intindolo
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_Intindolo
 
Attack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloAttack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_Intindolo
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_Intindolo
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_Intindolo
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_Intindolo
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
 
ISSC490_Project_John_Intindolo
ISSC490_Project_John_IntindoloISSC490_Project_John_Intindolo
ISSC490_Project_John_Intindolo
 
ISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloISSC361_Project_John_Intindolo
ISSC361_Project_John_Intindolo
 
Project_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloProject_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_Intindolo
 

Research_Paper_ISSC461_Intindolo

  • 1. Running head: INFORMATION SECURITY ATTACKS 1 Information Security Attacks John Intindolo ISSC461- IT Security: Countermeasures American Public University
  • 2. INFORMATION SECURITY ATTACKS 2 Abstract Information Security is essential to everyone and anyone who owns a computer. The people who rely on the Confidentiality, Integrity, and Availability (commonly referred to as the CIA Triad of Network Security) vary from large to small and everyone in between. There could be an organization with thousands of employees connected to a network over multiple locations to handle their everyday business needs. Then again a much smaller network such as that of the common family man who relies on his computer for budgeting expenses as well as keeping up with friends and family (through social media websites like Facebook and Twitter) will also rely on Information Security. The differences between those two are huge, but the common thing that they share is the need to keep their information secure. Passwords, financial information, customer contacts, credit card numbers, and files are among the things in need of protection. Hackers want to get their hands on this data for a multitude of reasons that range from destroying, seizing, exposing, disabling, stealing, or altering it. This is known as an Information Security attack. There are many different ways that a hacker can choose to perform an attack, but for the purpose of this paper some of the most common types will be discussed. The common types of attack discussed in this paper are as follows: Denial-of-Service Attacks (DOS), Trojan Horses, Worms, Logic Bombs, Buffer Overflow, as well as Attacks Performed by Hackers. These attacks will be described for what they are, how they may be prevented from happening, and in the event of one occurring how to mitigate their impact on an organization’s network.
  • 3. INFORMATION SECURITY ATTACKS 3 Table of Contents Information Security Attacks.......................................................................................................1 John Intindolo................................................................................................................................1 Abstract...........................................................................................................................................2 Introduction....................................................................................................................................4 What is Information Security?.....................................................................................................5 What is an Information Security Attack?...................................................................................5 Areas of Vulnerabilities...............................................................................................................5 Social Enginerring.................................................................................................................. 6 Mail Servers............................................................................................................................6 Improperly Configured Firewall.............................................................................................7 Filtering Routers..................................................................................................................... 7 Intercepted Data Transmited to Mail Servers.........................................................................8 Overlooked Security Vulnerabilites............................................................................................ 8 Patching................................................................................................................................... 8 Weak Passwords..................................................................................................................... 9 Mobile Devices.......................................................................................................................9 USB Flash Drives................................................................................................................. 10 Types of Attacks........................................................................................................................10 Denial-of-Service Attack.......................................................................................................10 Trojan Horses.........................................................................................................................11 Worms....................................................................................................................................12 Logic Bombs..........................................................................................................................12 Buffer Overflow.....................................................................................................................13 When a program or process attempts to store more data in a temporary data storage area (or buffer) than it is intended to hold it is called a buffer overflow. The data that cannot fit into a buffer will overflow into other buffers and corrupt or even overwrite the valid data within them. This makes a buffer overflow an attack on the computer or network’s integrity. The extra data may contain codes with instructions that the attacker designed to damage files, change data, or give them access to confidential data...........................................................13 Prevention.....................................................................................................................................13 Denial-of-Service Attack...........................................................................................................13 Trojan Horses.............................................................................................................................14 Worms........................................................................................................................................14 Logic Bombs..............................................................................................................................14 Buffer Overflow.........................................................................................................................15 Mitigation.....................................................................................................................................15 Denial-of-Service Attack...........................................................................................................15 Trojan Horses.............................................................................................................................16 Worms........................................................................................................................................16 Logic Bombs..............................................................................................................................17 Conclusion....................................................................................................................................17 References.....................................................................................................................................19
  • 4. INFORMATION SECURITY ATTACKS 4 Introduction In today’s world almost everyone relies on computers in one way or another. A person may use their computer to do a multitude of things including: paying bills, surfing the web, balancing their finances, or staying connected with family and friends through social media websites such as Twitter and Facebook. Businesses are also relying on computers and the Internet to handle their day-to-day activities such as financial data, employee records, customer information, sensitive company data, and inventory. The question that remains is how does one protect all of this data? The answer to that is by using Information Security. Information Security relies on careful and well-thought out planning from the Security Administration Team, and without the co-operation of everyone connected to the network it will fail. That means security procedures must be followed by anyone on the network, whether it be the CEO of the company or a customer service representative. What is the reasoning behind an Information Security attack? Information Security attacks involve an attempt to destroy, expose, or alter information and can be performed for a variety of reasons including the following: to steal valuable information or data (such as customer information), steal financial information (such as credit card and bank account numbers), sabotage network connectivity (to disrupt business operations), and even to protest against an organizations beliefs. In fact, in 855 incidents of 174 million compromised records, a recent study shows that protest was a motive in twenty-five percent of attacks against large organizations (“3 New Things,” 2013, p. 4). There a many different types of attacks that an attacker has at their disposal, but the most common will be discussed here. Those include DoS attacks, Trojan Horses, Worms, Logic Bombs, and Buffer Overlow. In addition to the attacks themselves the proper forms of prevention and mitigation will also be detailed.
  • 5. INFORMATION SECURITY ATTACKS 5 What is Information Security? Information Security is the practice of defending information from being accessed, used, disclosed, modified, inspected, recorded, or destroyed by someone who is unauthorized to do so (“Definition of information security,” 2012). In other words, Information Security can be described as maintaining the Confidentiality, Integrity, and Availability (commonly referred to as the CIA Triad) of an entire organization. Information Security is essential to businesses and home users alike. In today’s world nearly everything and everyone is connected to the Internet is some shape or form. An organization’s network going down due to an attack can be the difference in the company sustaining business or faltering altogether. It is for this reason that information security attacks are a huge threat to the CIA of an organization’s network. So what is an Information Security attack? What is an Information Security Attack? An Information Security attack is any “attempt to destroy, expose, alter, disable, steal, or gain unauthorized access to or make unauthorized use of an asset” (“Information technology- security,” 2014, p.1). As stated earlier the world of today is one that relies heavily on computers and the Internet. Technology is constantly evolving and that means that hackers are constantly finding new ways to attack computers and networks as well. To perform an Information Security attack, a hacker must first find a vulnerability. A vulnerability is a weakness within a product that allows an attacker to compromise the CIA of said product. There are many different ways that an attacker can discover a vulnerability. Knowing what they are and how to fix them will be key to stopping a hacker from infiltrating the organization’s network. Areas of Vulnerabilities As stated earlier there are many different ways for a hacker to attack a system and many places where networks can become vulnerable. By knowing the most common areas and types of
  • 6. INFORMATION SECURITY ATTACKS 6 vulnerabilities an Information Systems Security Practitioner can secure them before they are able to be exploited by a hacker. With that said the first area of vulnerability to speak of is social engineering. Social Enginerring. Social Engineering is a technique used by hackers to gain information about an organization that will help them gain access to the system. The term refers to a hacker manipulating someone within an organization into doing something or giving information that will divulge confidential information to the hacker. This approach essentially makes hackers using social engineering tactics modern day con artists. Before hacking a computer network they will use social engineering to hack into the mind of people within an organization that they have targeted. The difference between the two according to Savitz & Teller is, “Hacking a system requires knowledge of programming vulnerabilities, hacking the human mind requires a different kind of knowledge – specifically, what types of e-mails or links is the victim most likely to click on” (2012, p.40). The best way to guard against these types of attacks is keeping employees informed of how hackers are targeting victims, and integrating that information into training programs. Mail Servers. Mail Servers are another common target for hackers trying to obtain access to network resources. Whenever connected to the Internet a company is at risk of being attacked. According to Smith, “Given a typical TCP connection, the attacker may sniff its contents, insert or modify data, or even hijack the connection completely” (2011, p. 687). The best defense against connection-based attacks is through the use of SSL encryption. SSL encryption prevents attackers from sniffing, connection hijacking, and (through authentication) even sites which deceive the
  • 7. INFORMATION SECURITY ATTACKS 7 victim into thinking it is the mail server to steal login credentials. Another form of protection for mail servers is for an Information Security Professional to ensure that the OS and e-mail applications are both updated and have the latest security patches installed. Improperly Configured Firewall. Firewalls protect the computer network’s ports, and an improperly configured firewall can allow a hacker to scan for vulnerabilities that can lead to an attack using port scanning tools such as Nmap. In fact according to a Higgins, “Around 85 percent of the 100 network administrators surveyed in Tufin Technologies’ 2011 Firewall Management report say that half of their firewall rule changes eventually need to be fixed because of improper setup” (2011). The best way to properly secure the firewall is through optimizing the firewall policy. This can be done with a firewall analyzer which can do such things as automatically identify and remove unused rules and objects, re-order rules based on the frequency of matched traffic, and consolidating similar rules into one rule. Filtering Routers. A Filtering Router is also a common target of hackers who have aggressive SNMP scanners and brute-force programs that when successfully attacked can easily turn the router into a bridge that will allow the hacker unauthorized access to the organization’s network (“Techniques adopted by,” 1998). Stopping a hacker from network mapping can be done by installing TCP wrappers on all external hosts. What this does is ensure that only trusted parties are able connected to the network’s hosts’ critical ports such as ftp, telnet, ssh, etc.
  • 8. INFORMATION SECURITY ATTACKS 8 Intercepted Data Transmited to Mail Servers. Data that is transmitted over the company’s network to mail servers provides a “bull’s eye” target for hackers and can be easily intercepted. Hackers can use a victim’s e-mail to look for passwords sent, or other sensitive data transmitted. However, it may not be what is in an e- mail message that a hacker wants to see, but rather it is the victim’s login credentials that they may want instead. This can be done through social engineering that was outlined earlier. The best practice for secure e-mail transmission is to use encryption. One such program that provides e- mail encryption is Symantec which is more commonly known by its former name PGP Encryption. Symantec’s Gateway Email Encryption secures email without having to burden its users with automatic encryption and decryption of sensitive email, provides multiple flexible options for email delivery, and centralizes administration of encryption policies and management which reduces implementation time (“Symantec gateway email,” 2014). Overlooked Security Vulnerabilites Network security is “the control of unwanted intrusion into, use of, or damage to communications on your organization’s computer network” (Stewart, 2011, p.4). The concept itself seems easy enough, but when actually putting the idea into practice things can get much more complicated. With that said, sometimes when securing a network certain things get overlooked that can lead an attack. The first network security vulnerability that is overlooked is patching. Patching. Patching is the process of updating a computer program or its supporting data, fixing bugs and security vulnerabilities, and improving the overall performance or usability of programs. An attacker will have an easier time attacking a security vulnerability that exists in software that is not
  • 9. INFORMATION SECURITY ATTACKS 9 updated with the latest patches. In fact, all it takes is for a single missing patch or misconfiguration of software for an attacker to bring down the entire network (Buris, 2013, p. 19). The two items that need to be patched are software and the operating system itself. One reason that many overlook this vulnerability in relation to software is because they require manual patching (unlike the automated patching systems which secure the OS). Another common mistake made is failing to reboot the system following the employment of a patch. The patch is not fully installed until a system reboot takes place, which makes doing so extremely important. The best way to make sure that the company’s patching process is working as intended is to perform penetration tests (which can search for misconfigurations and missing patches) on a regular basis. Weak Passwords. Another common vulnerability is the use of weak passwords. Weak passwords make an attacker’s life easy, so common things such as birthdays, anniversary, children’s names, etc. should be avoided at all costs. Instead strong hard to guess passwords should be used combining a mixture of upper and lower case letters, numbers, and characters. Furthermore, it is important to regularly change the password as well. Mobile Devices. Mobile devices are yet another common vulnerability existing in Information Security today. One of the reasons for this is because they often do not have passwords enabled. Additionally files and sensitive data stored on mobile devices should also be encrypted. Two- factor authentication should always be used when conducting sensitive transactions on mobile devices as well. A two-factor authentication is more secure than just simply using a password, and is recommended because a password could be guessed, stolen, or eavesdropped by an attacker. Having a second form of authentication will make it more difficult for the attacker to gain
  • 10. INFORMATION SECURITY ATTACKS 10 unauthorized access to the mobile device. Two-factor authentication refers to two different “factors” of something the user knows, has, or is being required to authenticate. According to Fineburg, “Installing tracking and/or remote-wipe software in the event devices are misplaced, and end user training” are some other security measures that can help to protect against this security vulnerability(2012, p.26). USB Flash Drives. USB flash drives are the last vulnerability in this piece. This vulnerability is overlooked so much that a USB flash drive carrying an attack program was able to perform an attack inside of a classified U.S. Military network. An attack on U.S. military systems in 2008 originated with a flash drive plugged into a military computer located in the Middle East (Lemos, 2010). USB flash drives present a vulnerability that could lead to a buffer-overflow attack and enable an attacker to bypass Windows security and obtain administrative access to a user’s computer. The best way to secure this vulnerability is by only allowing the use of USB flash drives that are encrypted and password-protected. Additionally software should be used that allows administrators access control over removable media devices (such as USB flash drives). Types of Attacks As mentioned previously, there a many different ways that an attacker can attack a system, but only the most common are going to be discussed here. Not only are these attacks the most common, but any and all of them could be a massive threat to the CIA of an organization’s network. Denial-of-Service Attack. Denial of Service or DoS attacks are not only one of the most common attacks, but they are perhaps the most devastating as well. The purpose behind a DoS attack is to deny the victim
  • 11. INFORMATION SECURITY ATTACKS 11 access to authorized services or data. The two different categories of DoS attacks are those that crash services and those that flood services. Flooding attacks are used to overload a system or application by sending too many requests than the server or application can handle, thus causing it to crash. Blocked access could be the result of an attacker exploiting a vulnerability in an application which would then cause it to crash, preventing access requests from getting to the server, or for manipulating access data control (Pleeger, 2012, p. 603). An example of a DoS attack would be a ping flood which floods the server with thousands of ping packets and causes the victim’s server to crash when it can no longer handle the amount of requests. Another form is a Distributed Denial of Service (DDoS) attack which is the same as a DoS except it uses many computers and Internet connection or a botnet to perform the attack rather than just one. In the case of a DDoS it is impossible to stop a serious DDoS, but there are ways to lessen its damage. Trojan Horses. A Trojan Horse is type of malware program containing malicious code that is designed to trick the victim into believing it is something it is not, and once the victim’s computer has become infected it will carry out whatever action it was designed to perform. An example of this is an e- mail attachment that appears to be from a trustworthy source. In most cases a Trojan Horse infection will cause the data to become lost, stolen, or the system itself may become unstable (freezing, blue screen errors, etc.). Another role that a Trojan Horse may play is that it may act as a backdoor for the attacker, which allows the attacker to gain unauthorized access to the victim’s computer without their knowledge. The name itself is derived from Greek mythology where a wooden horse with Greek soldiers hidden inside was used to deceive the people of Troy that the
  • 12. INFORMATION SECURITY ATTACKS 12 Greek army had admitted defeat. At night however, the hidden soldiers came out of the wooden horse opened the gates and allowed the rest of the Greek army to enter, and in turn win the war. Worms. A worm is a standalone malware computer program that continuously replicates itself to spread to other computers. Security vulnerabilities are exploited on the victim’s computer and a worm relies on this to spread itself throughout the network. While many worms are designed to only spread without changing the systems they pass through, they can cause a disruption in availability due to the increased network traffic. Typically a worm is installed inadvertently by a victim who opens an email attachment or a message with executable scripts. Logic Bombs. A logic bomb is a line of code within a system or a piece of malware which triggers malicious behavior when a specified condition has met. For example, a logic bomb will go off when the amount of time the attacker set has been met. Another example would be that an attacker would have a logic bomb set to trigger when a victim does not respond to a command. Typically this is an insider attack performed by a privileged user who knows what security controls need to be bypassed so that it may go undetected until detonation.
  • 13. INFORMATION SECURITY ATTACKS 13 Buffer Overflow. When a program or process attempts to store more data in a temporary data storage area (or buffer) than it is intended to hold it is called a buffer overflow. The data that cannot fit into a buffer will overflow into other buffers and corrupt or even overwrite the valid data within them. This makes a buffer overflow an attack on the computer or network’s integrity. The extra data may contain codes with instructions that the attacker designed to damage files, change data, or give them access to confidential data. Prevention Prevention is one way to fight against these attacks. If the proper security measures are taken then it is possible that the attack never occurs. At least that holds true in most cases. However, no network is completely secure from an attack, and if an attacker wants to attack you they will find a way in. While it is not possible to completely prevent every attack from happening, taking extra security measures may just force the attacker focus on an easier target. Your network does not have to be the most secure, only more secure than those around it. Denial-of-Service Attack A DoS attack can is hard to prevent, but the best way may be follow several practices. These practices will help to stop an attack from happening again. Keeping an audit trail describing changes and their reasons for changing, a list of Standard Operating Procedures and Emergency Operating Procedures, having administrators know and understand network configuration in detail, perform test not just locally but over the Internet as well (to simulate customer activity and allow you find network problems from the customers perspective), train personnel on old configurations and their purpose when hired as well as during annual auditing, and finally think
  • 14. INFORMATION SECURITY ATTACKS 14 like a hacker to discover where vulnerabilities exist in the network and can be corrected (Cretzman & Weeks, 2014). Trojan Horses Trojan Horses often go undetected by common virus scanners, and that is why in addition to a virus scanner being installed on each network computer an anti-malware program should be installed. An anti-malware program such as Malwarebytes Anti-Malware will block a Trojan Horse attempting to infect your PC before it has a chance to. Be sure to constantly update the program as well because it will ensure that the program has the latest threat definitions installed. Worms Due to the fact that worms are installed from email attachments the best way to prevent a worm attack is by never clicking on a link or opening an email attachment that you are unsure of being from a trusted source. Another precaution to take is to make file extensions visible, which expose double extensions files such a .jpg.exe. What this means is the picture file you thought you were downloading is actually an executable program attempting to infect your network. Additionally, anti-virus and anti-malware programs as mentioned previously will help as well. Logic Bombs The best methods for preventing logic bombs are performed in several ways. The first is through having backups in place to aid in recovery of a security incident. This way a restore may be performed to before the logic bomb was installed. Another method is through the use of Separation of duties. This divides the tasks and privileges for specific security measures among multiple people, and in turn reduces the ability of an attacker to perform a logic bomb attack. Lastly, a great preventive method would be using a third party for system and log monitoring.
  • 15. INFORMATION SECURITY ATTACKS 15 Careful review of system logs can determine if any changes have occurred or malicious software has been added to the system. Buffer Overflow One good defensive technique for preventing buffer overflow attacks is through filtering HTML code and characters that may cause problems with the database, and thus creates a vulnerability that may be exploited. Another measure that could be take is to download SigFree which is an online signature-free out-of-the-box application-layer method for blocking code- injection buffer overflow attack messages” by targeting Internet services such as web service (Wang, Pan, Liu & Zhu, 2008, p.1). Fixing security vulnerabilities will help put an end to buffer overflow attacks occurring. Mitigation As previously stated, not every attack is preventable. There will be an instance where an attack has occurred, and stopping the attack from spreading or becoming worse is integral to maintaining the CIA of your network. Lessening the damage done could be the difference of a business failing or succeeding (especially in this day and age where businesses rely on the availability of their network for day to day business).That is where mitigation comes in. Denial-of-Service Attack In order to mitigate a DoS attack the first step is to scan packets with a monitoring tool. A DoS Attack can be detected through the use of a packet monitoring tools such as Wireshark. Wireshark capture lives traffic entering or exiting a specific port so that it may be analyzed. Through the use of Access Control Lists (ACL) rules the damage of a DoS attack can be minimized. Doing so will stop incoming traffic from the attacking network. ACL are performed by entering rules into the router’s command line interface in the following manner: “Conf t” which configures the terminal of the router, an “Access List” (with a
  • 16. INFORMATION SECURITY ATTACKS 16 given number followed by the attackers ip address) is then created on the second line for a specific router and its ports, the third line command is “Interface f0/1” which is used to enter that specific interface to make necessary changes, and on the fourth the line the command “ip access- group 1 in” is entered and invited to the interface f0/1 which denies all ip packets from the attacker’s ip address (Sridhar, 2011, p. 19). The problem with this form of mitigation is that it blocks all hosts from the server and not just the attackers. Another form that is used by most data providers is called rate limiting. What this does is “places a cap or sets up a threshold limit of traffic that the server would be able to stand” (Sridhar, 2011, p. 20). It does still allow traffic from the attacking system to enter, so the best form of mitigation would be to use a combination of ACL rules and rate limiting to oversee the traffic flow better. Trojan Horses Using an anti-spyware program such as the previously mentioned Malwarebytes will also help in the event that a Trojan Horse has infected your network. It will scan for them and delete them, or if it is not possible to be deleted it will be quarantined and logged to prevent any further damage from being done. Worms Once a worm has been discovered there are certain steps that need to be taken in order to remedy the situation. The procedures that should be followed are: Containment, Inoculation, Quarantine, Treatment, and Planning (Kaya, 2010., p. 11). The first step is to contain the worm so that it does not continue to replicate onto other systems within the network. Next is to patch all systems to ensure that uninfected systems do not become infected. As Kaya explains, “The quarantine phase involves finding each infected machine and disconnecting, removing, or blocking them from the network” to prevent other unpatched machines on the network from being infected (2010, p. 14). The next phase is the treatment phase which is cleaning and patching all infected
  • 17. INFORMATION SECURITY ATTACKS 17 systems. Lastly, is the planning phase which should be a set of procedures to be followed to minimize the extent of the attack, as well as detailed information on who has to do what in the event of an attack occurring again. Logic Bombs Using system and log monitoring will enable you to detect when a logic bomb is installed. Some forms of mitigation could be to first remove the affected host from the network until the origin of the logic bomb is detected. From there you can remove it from the network. Another possibility is to restore the affected host’s last backup, but in doing so verify that the bomb is no longer there. If the bomb is on the backup as well it could restart the trigger or explode immediately. Conclusion Information Security is important to anyone who owns a computer, no matter how big or small their company or organization. Maintaining the CIA of the organization’s network is vital to their success and in some cases even their ability to operate at all. There are so many different types of attacks out there that hackers will use to try and compromise the CIA of an organization, and therefore it is important to understand what these attacks are and what purpose they serve. Once the “what” and “why” of the attacks is understood, the next step is to determine how to prevent an attack altogether. Lastly, since there is no full-proof security plan it is vital to have a plan in place on how to mitigate an attack once it has taken place. Understanding what the attack is, knowing how to prevent an attack, and knowing how to mitigate the effects of an attack will help to ensure the CIA of the organization’s network.
  • 19. INFORMATION SECURITY ATTACKS 19 References (2014). Information technology- security techniques- information security management systems- overview and vocabulary. (3rd ed.). Switzerland: ISO copyright office. Retrieved from http://standards.iso.org/ittf/licence.html 3 New Things to Know About Information Security. (2013). Security Director's Report, 13(2), 4- 5. Burris, J. (2013). Network Security: The What and How of Patching. New Jersey Banker, 18-19. Cretzman, M., & Weeks, T. (2014). Best practices for preventing dos/denial of service attacks. Retrieved from http://technet.microsoft.com/en-us/library/cc750213.aspx Definiton of information security. (2012). Retrieved from http://oit.unlv.edu/network-and- security/definition-information-security Fineberg, S. (2012). Firms on high alert to boost security. Accounting Today, 26(1), 26-29. Higgins, K. J. (2011). Survey: Half of firewall rules improperly configured. Retrieved from http://www.darkreading.com/perimeter/survey-half-of-firewall-rules- improperly/231903107?itc=edit_stub Kaya, D. (2010). Mitigating worm attacks [PowerPoint slides]. Retrieved from http://www.slideshare.net/dkaya/mitigating-worm-attacks Lemos, R. (2010). Could usb flash drives be your enterprise's weakest link?. Retrieved from http://www.darkreading.com/management/could-usb-flash-drives-be-your- enterpris/227200081 References
  • 20. INFORMATION SECURITY ATTACKS 20 Pleeger, Charles (2012). Analyzing Computer Security: A Threat / Vulnerability / Countermeasure Approach. ISBN: 978-0-13-278946-2. Prentice Hall-Pearson Publication. Savitz, E., & Teller, T. (2012). Social Engineering: Hacking The Human Mind. Forbes.Com, 40. Smith, R.E., PhD. (2011). Elementary Information Security. Burlington, MA: Jones & Bartlett Learning. Sridhar, S. (2011). Denial of service attacks and mitigation techniques: Real time implementation with detailed analysis. The SANS Institute. Retrieved from https://www.sans.org/reading-room/whitepapers/detection/denial-service-attacks- mitigation-techniques-real-time-implementation-detailed-analysi-33764 Stewart, J. M. (2011). Network Security, Firewalls, and VPNs, Sudbury, MA: Jones and Bartlett Learning – ISBN: 9780763791308 Symantec gateway email encryption. (2014). Retrieved from http://buy.symantec.com/estore/categoryDetailPage/productCode/PGP-GEE-EXP- LEM_Vx_12MO_PC/skuType/Product Techniques adopted by 'system crackers' when attempting to break into corporate or sensitive private networks. (1998). Retrieved from http://stat.duke.edu/comp/security/antionline_doc.html Wang, X., Pan, C., Liu, P., & Zhu, S. (2008). Sigfree: A signature-free buffer overflow attack blocker. IEEE Transactions on Dependable and Secure Computing, 5(4), 1-15.