A team of Argentinian hackers calling themselves Team Hacker Argentino recently hacked and defaced more than 40 Chinese educational websites in an ongoing online operation in support of Syrian president Bashar Ul Assad. The operation is code named #OpFreeSyria. The hackers left a defacing message on all the websites including an audio and a message defending the Syrian government and asking other governments in the world not to interfere with Syria.
All the targeted sites were educational owned by the government and the private sector. It is still a mystery why the Chinese educational sites were the target yet the Chinese government has a soft stance on Syrian government just like Russia.
The Team Hacker Argentino has successfully hacked more than 443 random sites for the Operation FreeSyria in the past few days. Some of the websites still show the defaced message “No more war, We do not want war with Syria, think of the innocent people dying because of stupid politicians are not in favor of the government of the wars we discover’’
As an educational organization, it is imperative that proper mechanisms are developed to counter threats. This may include operational, technological and human controls.
SECURITY POLICY
The University shall implement and maintain administrative, physical and technical safeguards that sufficiently protect the confidentiality, integrity, and availability of institutional information created, maintained and transmitted through the university networks. A information security policy details the institutional controls employed to safeguard information systems, computerized devices and infrastructure technology. The underlying factors of this policy are to achieve an ideal access of least privilege, separation of duties for the creation, use and dissemination of information. The following controls will be provided according to the approved information security standards and will be commensurate with the asset value and risk identified by the Chief Security Officer and the Executive Head of the University.
The operational controls intended to safeguard the University networks, information systems, applications, and information can be implemented and maintained in either of the following ways.
- Change configuration and management processes
- Conduct flaw remediation process
- Countermeasure a malicious code and unauthorized software
- Control the transfer, copying, and device handling of storage media and related devices
- Secure application development lifecycle or SDLC
- Create and maintain contingency planning, business recovery and continuity processes
- Maintain hardware, software, system build and access standards
IT ACCESS CONTROL POLICY
4.4 Network Access control
4.4.1 Network use Policy
The university will provide connection to the network for the purpose of research and learning. Network access should be used for academic purposes alone. Students will be granted access to permitted networks while other networks will only be accessed after specific authorization has been granted (Gildas Avoine, 2007).
4.4.2 Authentication for external connection
All remote users will be authenticated in order to access information resources such as financial transactions and examinations. The Chief Security Officer will be responsible for providing this service.
4.4.3 Remote diagnostic Port Protection
Modems attached to systems are protected from unauthorized use by disconnecting diagnostic ports not in use. Third party users must be authenticated before accessing devices through remote ports.
4.4.4 Network segregation.
A risk assessment based on the cost and the impact of routing and gateway technology is performed to grant third parties necessary controls to access networks.
New networks that are developed and tested are segregated from the rest of the University internal network through firewalls to eliminate the effects of malfunctioned software’s.
Confidential information should be segregated and assigned different servers.
4.4.5 Wireless network policy
Wireless networks at the University should be restricted to lock out intruders and third parties.
Computers connected via wireless technology should be restricted to the University library and lecture halls.
4.6 Mobile computing
The university will institute policies that control the use of laptop computers, PDAs and mobile phones on its network.
Security assessment will be carried out based on the following (Gollmann, 2011);
- Introduction of malicious programs on the network
- Use of cryptographic techniques
- Network connection and its use in public places
- Multimedia access
- Access control
Implementation of the above mentioned security policy may be altered by lack of awareness and poor management. Access control privileges are critical for the security of information in an organization. As such, information should be confidential, available and of highest integrity. In order to go past such impending issues, organizations can align relevant standards to define and govern access rights. Industry best practices ensure that only authorized persons only access what is required of them. Likewise, storage of passwords, account information and s must be well stipulated according to defined standards as well as existing federal and state go laws.
3
In order to combat security vulnerabilities, organizations have devised ways of security information in their networks and information systems. The University has implemented intrusion detection systems, cryptographic features and IP security controls.
Mail servers are also the targets of attack because they communicate with untrusted third parties leaving weakness points. Examples of email security issues include:
- Sensitive information relayed to unauthorized persons in an unauthorized manner
- Alteration of information within the mail servers or under transmission between the sender and the receiver
- Malicious attacks from external attackers on a mail server host
Misconfigurations of the mail server that allows it to send spam messages. In order to protect the University from all these vulnerabilities various methods and technologies can be purchased. Pretty Good Privacy is a program used in encryption and decryption e-mail over the internet. It is also used to send digital signatures that allow the receiver to verify the identity of the sender. This guard against message alteration attempts for en route messages. The program is used by corporations that require a high level of security and sensitivity. The program is considered a de facto standard in email security. PGP works using the public key system. Each user is accorded an encryption key and a private key that is exclusively known to that user alone. A message is encrypted using a public key. Upon receipt, the message is decrypt using the private key. PGP is available in two versions; RSA and Diffie-Hellman. RSA uses IDEA logarithm to generate short keys for the entire message. Diffie-Hellman uses CAST algorithm for the short key and Diffie-Hellman to encrypt the short key.
DomainKeys Identified Mail Signatures (DKIM) is a standard for defining a domain-level authentication framework for e-mails. It uses a public key cryptography and key server technology to allow verification of the origin and contents of the messages using either mail transfer agents or mail user agents. The objective of this framework is to aid in the signing domain and assert responsibility for a message thereby protecting the message signer identity and the integrity of the messages they convey. Spam and phishing are controlled through the implementation of DKIM. DKIM imparts responsibility to an organization for the message it sent and on transit.
IP security protocols such as RFC 2401-2412 and 2104 exchange keying material using IKE (RFC2409) and protects the flow of data using the AH (RFC2402). IKE is limited to the authenticated exchange of keying material and related policy information between end-points of a security association. However the availability of administrative entities that impose constraints on gateways and router files. This calls for endpoint security association for secure discovery and negotiations of access controls information. The IPSP address this problem by specifying a repository-independent information model to support IP security policies.
3
In fighting crimes, governments and organizations have developed strategies that ensure safe storage, retrieval and maintenance of information security policies. Likewise laws and regulations punish offenders who interfere with the university information and resources. In the United States, the Department of Defense prosecutes cases of identity theft and fraud. The congress passed Identity Theft and Assumption Deterrence Act which prohibits the use or transfer and without legal authority a means of identification of another person. The transfer must be unknowingly and with the intention to commit, abet or aid unlawful actions that constitutes the violation of the law or constitutes felony. The offense in most situations carries a punishment of 15 years imprisonment and a fine. It also led to criminal forfeiture of the personal property used to commit the offense
Compliance with the Federal Information Security Management Act (FISMA) is also critical in order to ensure interoperability and clearance to connect or use federal information technology architecture. FISMA clearly sets out comprehensive frameworks ensure the protection of government information, assets and operations against manmade and natural threats, with massive implications on private enterprises (Choi, Fershtman, & Gandal, 2009). The National Institute of Standards and Technology Act , established Title 15, Chapter 7, forms a critical part of both FISMA as well as information security regulations. NIST is mandated to develop standards, guidelines and related methods to ensure that information systems run by federal agencies, their contractors and other enterprises are secure, other mitigating national security risks.
The minimum requirements set out under Title 44, section 3532 (b)(2). NIST does also develops guidelines and standards including the least requirements for the provision of information security for the operation of agencies, while at once carrying out responsibilities envisaged in the Computer Security Division (NIST, 2013). Under section 1(a), NIST shall set standards that would be employed in categorizing all information systems and information maintained or collected by federal agencies, their contractors as well as other private enterprises, including the proposition of categories, guidelines and standards. In meeting its legal mandate, NIST has set forth nine steps necessary for organizations to ensure compliance both with FISMA and other standards (US Governement Accountability Offices, May 2005). These include:
- Categorization of information that requires protection
- Selection of the least baseline controls to be maintained by the agencies and organizations
- Evaluation and refinery of risk assessments procedures and controls
- Documentation of controls implemented as part of the security plan
- Implementation of the varied security controls within proper information systems
- Assessment of the security controls effectiveness before and during the implementation
- Continuous monitoring of the security controls in order to ensure that they are meeting their set goals (NIST, 2013)
- Determination of the agency-level risks to the business case and mission
- Authorization of the information systems for processing
NIST special publication 800-53 Application provides the guidelines for organizations in the process of system audits to discover security and system needs. The guidelines are formalized and documented to facilitate the implementation of accountability and audit policies.
The Act stipulates the effective methods for account management, access enforcement, control of information flow, duty separation and least privileges. For example, NIST 800-53 is used to manage factors such as session controls, automatic marking, and management of publicly-accessible content, user-based collaboration and access control. The information security access control policy given below is an example.
In ensuring compliance with existing US laws and regulations, NIST, for instance has outlined nine protocols that organizations must follow.
4
Forensic analysis tools are used to gather evidence of a crime. Using forensic toolkits, the process is conducted in stages to sufficiently retrieve and preserve evidence of crime. Identification is the detection stage of a crime. The investigation is prompted by reports to the head system administrator that the university database servers and network system was compromised and vulnerable to a intrusion attack. The administrator may have reported suspicious activity and behavior of a workstation after opening a mail attachment which was found to be blank. Likewise, network logs indicate abnormal behavior and cannot be relied on unless a thorough investigation is done. Verification of the incident involved locating the affected workstation and plugging a laptop into the network so that a scan could identify the opened port. The administrator can inserted a CD-ROM of the incident response tools into the system and logged in order to copy data relating to running processes and open ports.
The University uses a Snorts IDS running on Linux systems. The system has a signature based detection that utilizes valid network data and signatures to detect and analyze suspicious and unwanted traffic. Anomaly based systems filters and alerts when the network traffic is incorrect or abnormal. This is the case for the University since the IDS logs are of questionable integrity. The intrusion detection systems employ more than one signature in a NIDS library. This gathers for proprietary industrial controller data transmitted between discrete devices and often flagged in anomaly-based systems. The cost of forensic investigation toolkits vary according to vendors and the complexity of the attack.
The network- based intrusion and detection systems have an advantage of wide coverage where the entire network can be covered using a single NIDS. In addition, it has minimal install/upgrade effects on the network and avoids DoS that has the capability of affecting the host. It also has the benefits of identifying network layer errors as well as the independent operating environment.
References
Bill Nelson, A. P. (2009). Guide to Computer Forensics and Investigations. Cengage Learning,.
Casey, E. (2009). The Handbook of Digital Forensics and Investigation. Academic Press.
Fitzgerald, T. (2012). Information Security Governance Simplified: From the Boardroom to the Keyboard. CRC Press.
Kizza, J. M. (2009). A guide to computer network security. Springer.
Mark W. Huber, C. A. (2008). Information Systems: Creating Business Value. Wiley.
Nye, J. S. (2008, Decenber). Cyber insecurity. Project Sindicate .
