Report on Current Trends in Information Security
The internet is termed as a revolutionary change in respect with the technological and societal changes it has brought about. The ease of access and exchange of information has become a phenomenon that is replacing old concepts. Companies are outsourcing their services to companies located overseas through the internet. The place and time of working has been greatly impacted by the internet. People work from the comfort of their homes at any time of day and night possible through internet connectivity.
Through seamless exchange of information over the internet, security concerns have been raised. The three major information security areas authentication, authorization and confidentiality has been compromised via the internet through hacking, malware and spyware programs. For example, mishandled passwords or codes may lead to stealing of information from the computer systems which in essence has severe consequences in terms of individuals and the companies affected.
Malware
Global threats are associated with thefts of intellectual property and trade secrets directed at companies to inhibit competition in economic and military terms. Examples are hacking of company networks through DoS to cause disruption of services or damage credibility. Current threats range from simple attacks such as those executed through portable devices to hacking. According to a report released this year by the bi-monthly magazine Foreign Affairs department of U.S. the 2008 military system attack originated from a flash disk inserted into a U.S military laptop in the Middle East. The malware is called Agent.btz. and it is a variation of the SillyFDC worm. . The malicious code subsequently spread undetected to classified and unclassified systems and gave attackers a chance to transfer information to servers on their control.
The attack was termed as a wake-up call that implied a turning point in the US fight against cyber crime. The report is important because it highlights and creates the awareness of threats facing the military. Although the method of attack was simple through a flask disk, it caused severe impacts.
The attack compromised thousands of military data including weapons blueprints, surveillance data and operational plans. Other infrastructure tied to the internet in the United States include emergency response services, hospital systems, traffic control systems, power and water supply systems.
Network attacks
Stepping stone chains involves indirect connection of an intruder through a sequence of hosts known as stepping stones. Stepping stone attacks are as a result of intermediary hosts that were initially compromised and are available for further use.
This means that attackers launch the attacks from other computers apart from their own that they previously compromised to conceal their tricks. Intruders assemble a collection of accounts of compromised hosts and then conduct a new attack through logging in to a series of host before finally launching the assault on the target.
Networks rely on the truth and without accurate information, they don’t work correctly. Attackers use lies to deceive networks and systems attached to a particular network thereby impacting their operation. Source address spoofing is a mechanism of lying about a packets return address.
Identity theft
Identity theft is a crime that is characterized by wrongly acquisition and use of another person’s data in deceptive and fraudulent manner typically for economic or other purposes. With the consumerization of IT BYOD standards present new security challenges. BYOD utilize mobile platforms which access resources such as Wi-Fi via public means. Cases of identity theft are likely to increase as criminals target the mobile computing platforms, which are evidently more vulnerable. According to the Australian Bureau of Statistics Personal fraud Survey 2011-2012, Australians have lost over $1 billion due to personal fraud and identity theft. More alarming, is that Australians aged between 15 and 30- who are enthusiastic about technology and mobile gadgets were victims of at least one incident of identity fraud in the last one year.
Spoofing
Attackers have used source address spoofing to institute denial of service attacks against commercial servers and networks. Though the phenomenon is still widely misunderstood relevant measures have been undertaken to make the attacks unsuccessful. Users can become a victim of address spoofing and more worryingly a source of attacks based on source address spoofing unless the user understands how it works and take measures to prevent it.
IP spoofing is a means of IP address forgery where an attacker masquerades as a trusted host to conceal his identity. An attacker obtains the IP address of the legitimate host and alters packet headers so as to make it look like that of the source which is the legitimate host. A user who visits the sited is redirected to the spoofed content created by the attacker and as such the attacker gains access to sensitive information and network resources. Apart from this, the attacker could alter sensitive information, install malware and take control of the compromised computer in order to send out spam.
Google first reported a highly sophisticated attack on its corporate networks in mid-December 2010 leading to the theft of its intellectual rights (Schwartz, 2013). The attack was sophisticated and targeted affecting almost 20 other companies in the field of internet, finance, technology, multimedia and chemicals. The attack was dubbed Operation Aurora by McAfee security because it employed Aurora or Hydraq Trojan horse application.
VULNERABILITIES
The centralization of all WebCenter operations, information and data at one location makes it more vulnerable to external and internal attacks. The company’s intellectual property, business data, backup information and other essentials such as employee data are susceptible to compromise if inefficient security protocols and measures are not developed and implemented. Malicious or unintentional security breaches and attacks lead to business discontinuity, disruption, unreliability, inefficiency as well as eventual company and client losses. An example of such an incident is the NASDAQ malware attacks directed at the Directors Desk to cause security violations in 2011.
For instance, according to Bruce Schneider CITO of BT, Google attackers exploited the wiretap backdoors mandated by the US to give access to the activist accounts. Google created a backdoor access system into the Gmail accounts of the activist accounts and this is the feature that the Chinese attackers exploited to gain access.
The attackers used multiple exploits and multiple tailor-made Trojans for different targets. According to Microsoft, a new vulnerability in Internet Explorer was used to launch the attack. Unconfirmed reports claimed that malicious PDF targeting a hole in Adobe Reader were suspected to be the entry point but Adobe Systems reputed the claim insisting that there was no evidence to prove so.
This lead to Adobe patching a so-called “zero day hole” in Reader and Acrobat that was discovered earlier in mid-December that had been exploited in attacks in the wild to deliver Trojan horse programs and allow backdoor access on computers.
CONTROL
Threats evolve every single day. As new threats emerge companies such as WebCenter need to develop dynamic mechanisms of combating and mitigating them. In order to continuously monitor the evolution of new attacks and develop mechanisms to prevent and mitigate its effects, periodic review of the threats should be carried out. These reviews examine and assess the evolution schemes of new threats and the target areas as well as weakness point. This is done through collaborative involvement of the concerned parties in research institutions, conferences, trainings and seminars. These events have the advantage over individual reviews because it involves many stakeholders with different versions of vulnerabilities and solutions. Collaborative learning is essential in this era of the internet revolution due to the emerging challenges posed by widespread computer applications.
According to security awareness programs among employees are the critical control measures for a company such as WebCenter. Human awareness is an essential practice that ensures that the management of tools and processes and adherence to company policy is successful. However, the method of carrying out the awareness differs with companies and institutions. Each institution has a tailor-made program that suite it staff.
Formulation of security policies is important because policies serve as guidelines for the use, access, storage and transfer of information between related parties. Policy formulation processes outlines the mechanisms in which information should be retrieved, used, and stored, and the personnel that are authorized to use it. This controls the flow of information to the wrong persons thereby reducing the risks of misuse and modification. Information in the digital age is vulnerable to numerous attacks originating from different sources. Attacks such as viruses, malware, and spyware among other degrade the quality and integrity of information.
Security policies manage employee access privileges in WebCenter. Access control privileges are critical for the security of information in an organization. As such, information should be confidential, available and of highest integrity. In order to go past such impending issues, organizations can align relevant standards to define and govern access rights. Industry best practices ensure that only authorized persons only access what is required of them. Likewise, storage of passwords, account information and s must be well stipulated according to defined standards as well as existing federal and state go laws.
Network intrusion controls
Stepping stone attacks can be controlled through the following mechanism
- Detecting the stepping stone is important because it helps flag suspicious activity and maintain logs incase a breaking is subsequently detected as originating from a local sited.
- It also helps detect inside attackers laundering their connections through external hosts and enforce policies regarding transit traffic
- Lastly, it allows the detection of insecure combinations of legitimate connections such as clear-text Telnet sessions that expose SSH passphrase.
In order to get spoof proof, ISP practice ingress filtering is applied to filter and drop any packets with spoofed source addresses. For instance Cisco Express Forwarding is an advanced IP switching technology that is designed for high performance layer 3 IP switching with optimum performance.
Attacks from trusted hosts can be minimized by administrators through implementation of hierarchical or one time password and data encryption techniques. Users and administrators can protect themselves and their networks by installing firewalls that block outgoing packets with source addresses that differ from the IP address of the user’s computer or its network.
WebCenter is an internet service company. The security of its resources and those of its clients is essential to the continuity of their business. Currents trends in computing such as the clouds present a new front for cost minimization but at the same time present security challenges. It is imperative that efficient security controls comprising of technical, operational and physical are factored as a core factor to its operations.
References
Bace, R. (2009). Vulnerability assessment: Computer Security Handbook . John Wiley & Sons.
Bejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond Intrusion Detection. Pearson Education.
Ciampa, M. D. (2011). Security+ Guide to Network Security Fundamentals. Cengage Learning.
Dan Shoemaker, P. W. (2011). Cybersecurity: The Essential Body of Knowledge. Cengage Learning.
Issue, J. S. (2012). An Overview of Current Information Systems Security Challenges and Innovations. Journal of Universal Computer Science, 1598-1607.
Kramer, F. S. (2009). Cyberpower and national security. Springer.
Mansfield-Devine, S. (2011). DDoS: threats and mitigation. Network Security. Springer .
Nye, J. S. (2008, Decenber). Cyber insecurity. Project Sindicate.
Rudolph, K. (2009). Implementing a security awareness program:Computer Security Handbook. John Wiley & Sons, Inc.
Sandhu, R. H. (2009). Identification and Authentication. In Computer Security Handbook. John Wiley & Sons.
Shelly, G. B. (2009). Discovering Computers 2009:. Cengage Learning,.
Schwartz, M. J. ( 2013, May 21). Google Aurora Hack Was Chinese Counterespionage Operation. InformationWeek Security .
Zinni, T. &. (2009). Leading the charge leadership lessons from the battlefield to the boardroom. Springer.