Computer Security for Attack Experiences - myassignmenthelp.com

Question: Discuss about theComputer Security and other Issues for Attack Experiences. Answer: Attack Experiences A friend described to me an instance when the bank he was working for was hit by a cyber attack two years ago. The criminals posed as clients, who wanted to open a bank account. They persuaded the accounts opening officer to plug in a disk drive in to his computer so that he could download the clients documents and images. The flash disk was infected with a virus which quickly spread to the other computers in the organization, attempting to hijack core banking credentials and other information. The attack did not inflict any type of damage since the IT department was fast in arresting its spread. At the same time, the bank was hesitant to divulge any details because they feared it would affect the trust customers had in them. The attack was mainly successful because the customer service agent was not following the company policy regarding the use of disk drives, regardless of whether they were personal or from third parties. The company could have blocked disk drive access from the computers to further ensure that people who failed to follow policy did not hurt the companys interests. The computers which were affected by the attack were quarantined and taken off the network, as IT auditors ascertained the extent of the spread. Thereafter, an antivirus capable of neutralizing the threat was procured and applied on the infected computers, as well as the network. The security system used by the company was also reviewed. Had the employee in question and other received thorough training on the danger that such devices posed, it is likely that the attack could have been prevented. The attack could also have been prevented through the use of software that blocks disk drive access to the computer, requiring the customers to bring their documents in hard copy or have photos taken at the bank. Ransomware Attacks The Wannacry, Petya and NotPetya ransomware attacks have recently hit the global computer networks, affecting systems from Ukraine to the United States and Australia. The attacks were able to get into the computer systems of government bodies and companies, lock them and demand payment to reopen them or decrypt data they held. The payment demand was in terms of bitcoins, to reduce the chances of being tracked down. The ransomware was highly successful, at least in terms of how fast and wide they spread. It was aided in this by the fact that it was highly sophisticated, the tools used to make it being stolen from the NSA. They used the vulnerabilities found in Microsoft Windows to bypass security systems, and used emails as one of the tools of spreading, making its pace fast and not easily detectable. According to information released by Kaspersky after the third attack, NotPetya, all companies were advised to update their security systems and operating systems. This was based on the belief that vulnerabilities which had since been fixed (before the attack) were used to hijack computers. Users were also warned not to open any emails they found suspicious while reviewing their security setup frequently. The perpetrators of the attacks demanded a payment in bitcoins be sent to them o that they could then give the victim a code to decrypt the files in their computers. Kaspersky and other computer systems security companies soon issued decryption tools to get rid of the ransomware. The decryption tool would roll back the effects of the ransomware, though this is an extensive process owing to the complex nature of the attack itself. Zero-Day Attacks The ransom ware described above Wannacry, Petya and others can also qualify as being zero-day attacks. The attacks were able to find vulnerabilities in Windows operating systems, which had not been patched before. The vulnerabilities were discovered by research going into years, and initially performed by the NSA. The NSA later lost these tools and information on the vulnerabilities, which were then used to fashion highly complex hacking tools in the form of the afore-mentioned ransomware. Other software has also come under attack. For instance, adobe flash player was the victim of attacks which had discovered a weakness in its code, which was then exploited before a patch could be developed by the company. The malware was discovered by actions of hackers who must have spent a considerable amount of time examining the code looking for possible loopholes to exploit. In early 2017, FireEye discovered an attack used to attack computer systems using vulnerabilities in Microsoft office. This attack was addressed in conjunction with Microsoft to coordinate a response. In 2015, FireEye also discovered an attack directed at Windows to steal credentials, the malware would hijack the system and encrypt data with a financial objective. To defend against zero-day attacks, computer services companies such as Adobe and Microsoft frequently release patches so as to address any vulnerability. Upon release, it is the duty of the user or company to ensure the patches have been run. Organizations can also do frequent checks on their computer systems with the aim of discovering any vulnerabilities, or attacks being perpetrated with the use of these vulnerabilities. Antivirus comparison Antivirus Provider Features Mcfee Mcfee (free) Norton bit defender Firewall Yes Yes Yes Yes antispam Yes Yes Yes Yes parental control NO Yes Yes Yes Backup NO NO Yes no Currently, I use a free antivirus, AVG it has a few features which I admire, and work for me. The antivirus I use is light on the computer. It does not affect the normal operations of the computer, though it extends the switch off time and reboots too. It has capabilities to protect against many forms of malware, including phishing and other malicious attacks, while also having an easy-to-reach support center. It does not have a parental control or backup mechanism, which I think is a disadvantage. I have to run back-up manually, as opposed to Norton which enables this remotely. I would recommend Norton to users. It costs around 50 dollars for an annual subscription. It has several features which I think are great to have on a computer, while the price is not prohibitive. The free Mcfee also comes with several features, all for free. It is important to note that free antivirus has several limitations, especially when it comes to online protection. Again, Norton is best equipped to handle such threats. Blowfish Blowfish has held the reputation as one p0of the few whose code has never been cracked, since it was first launched in 1993. Blowfish has several strengths apart from this. Blowfish is designed to use a 448-bit key. The key can be cracked. However, it would take an impractical amount of resources, including time and equipment to break it. According to some estimates, millions of years would pass before the code is cracked. The only other avenue is trying lucky numbers, which is not an effective method of trying to break the code. By comparison, most browsers use keys which are either 40-bit or 128 bit. While the 128-bit key is considerably strong and hard to break, the 40bit key can be cracked through the use of a personal computer, and within hours. While other block ciphers are patented and sold, Blowfish is free, meaning that it is easier to access and use. This has helped enhance its spread among users around the world. Blowfish has its weaknesses. It is an old code, having been designed in the pre-2000 era. It was not made for some of the modern threats that computer advances have brought about. The creator of the tool has since been able to create a replacement, Twofish. The cipher is more difficult to crack, especially in instances where previous versions of Blowfish, such as the 40 and 64-bit version were susceptible to attack. The cipher is used currently to secure browsers among other security applications. Key Management Life Cycle Key Management Life Cycle diagram Destruction Archival Expiration Rotation Monitoring Deployment Backup CREATION The Key Management Life Cycle includes the steps outlined in the diagram and better annotated below. A key should be valid depending on its length. The longer it is, the longer the lifespan. Both the organization and the user have a shared responsibility to secure the keys. Creation - A key is generated by the key manager or a trusted third party. The attributes of the key are then stored in a special database, which is also encrypted. A keys activation happens automatically or manually, or it can be timed to activate at a point in time. Backup This involves storing a copy of the key in case of future loss or other instances. The process also includes encryption and storage. Deployment Deployment refers to the time when the key is being applied to secure the device in question. Prior to deployment, the key is additionally tested to ensure operations are compatible with other system properties, and avoid data loss or theft. Monitoring Monitoring the key is necessary to assess its success for the role it is supposed to perform. Rotation During rotation, the key encrypts all the data it should, this process is intensive and very important. Expiration Key rotation completion may signal the start of the end for use of the key. This also depends on the life cycle of encrypted information. Highly sensitive data also force keys to be in operation for a shorter time. Archival Archival of the key happens after it has been expired. This is done to for record keeping and for future instances when the encrypted information may be needed Removal form service the life of a key ends when it is destroyed, deleted or terminated. Network Firewall Comparison Fortinet Cisco FireEye Rule-based or application-aware Application-aware Application-aware Application-aware stateless or stateful filtering stateless stateless stateful Content filtering yes yes no IDS/IPS IPS IDS IDS Costs 1195 1500 9600 In view of the information outlined below, Cisco may be the best buy. It has a recognized name in the market and offers competent support. While FireEye also does the same, its price range is too high; though it could also be attributed to the value it brings the user, in terms of enhanced security, ease of use and ability to understand t more swiftly than the other two options. Case Project 8-5: Cloud Computing Benefits Cloud computing benefits Cloud computing is becoming more common in organizations. It allows for efficiency, while saving costs, especially since organizations no longer need to have physical servers to store and process information Vendors features and costs Vendor IaaS PaaS SaaS Storage Amazon EC2 (Elastic Cloud Compute) Amazon Web Services* Amazon Web Services* S3 (Simple Storage Service) Google n/a Google App Engine (Python, Java, Go) Google Aps Google Cloud Storage HP Enterprise Services Cloud Compute Cloud Application Delivery HP Software as a Service Enterprise Services Cloud Compute IBM SmartCloud Enterprise SmartCloud Application Services SaaS products SmartCloud Enterprise object storage Cloud computing and storage of learning material Cloud computing and storage can be applied in the storage and processing of academic material such as lectures and notes. The information would be quickly accessed by both lecturers and the students through protected accounts to the system. Cloud computing is feasible in this case because it may not be possible to store the information locally and have students access it through an intranet or specific computers. It is therefore important for the school to enhance efficiency by adopting cloud computing.