Site icon Eminence Papers

Security Assessment Report

Security Assessment Report

Computing platforms consist of hardware and software components. The hardware components include the devices used to input data into the computer, the devices used to process the instructions, the output devices, and the storage devices. Examples of input devices include keyboards, and an example of an output device can include a monitor. Examples of storage devices can include hard disks and random access memory (RAM), and processing devices include the central processing unit (CPU). The software component of a computing platform is made up of the operating system and the applications. The application software refers to the software that is used by the user to perform a specific task on the computer. An example of an application is Microsoft Word, which the user can use to type and edit different types of documents. The operating system refers to the software that acts as the in-between the applications and the computer hardware. Examples of operating systems include the Windows operating system, which was developed by Microsoft Corporation; the Mac operating system, which was developed by Apple Inc.; and the Linux operating system, which was developed by an open-source community.

The software used in a computing platform can be divided into two categories based on their mode of development and distribution. The two categories include open-source software and commercial software. Commercial software is developed and distributed by an organization to provide a financial profit to the organization. Examples of commercial application software are Microsoft Office and Windows and Mac operating systems. Open-source software, on the other hand, is developed and distributed freely by the open-source community. In the open-source community, different developers can copy and modify the source code of the software to improve it or to fix the bugs identified in the software.

There are different advantages to using open-source software. One of the advantages of using open-source software is that the users have more control over the activities performed by the software. By analyzing the software, users can identify the features that are not useful to them, remove them, and add the features they want. Another advantage of open-source software is that it can be used to improve the skills of developers. This is achieved through the ability of the open-source software to be editable. By learning how to edit the source code of the application, the developers can learn how to create better applications. The existence of different versions of open-source software makes it hard for attackers to come up with different techniques to compromise the security of the software. This leads to better security of the open-source software when compared to commercial software, which is another advantage of open-source software. Another advantage of open-source software is its stability. Different developers work on open-source software, which removes the possibility of the software lacking support in case the initial developer stops providing the support. While open-source software can be obtained at no cost, the developers of the software can make a financial gain by providing different services and support related to the software.

The current advancements in technology have enabled different services to be available over the Internet. The use of such technology is referred to as cloud computing. Examples of cloud services include Google Docs and Dropbox. Cloud computing removes the need for an organization to add more infrastructure. This is one of the advantages offered by cloud computing. Different models of cloud computing can be used by an organization. Examples include Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) in which the vendor is supplying either a platform such as an operating system and an infrastructure respectively. Another model that can be implemented using cloud computing is Software as a Service (SaaS). In this model, the vendor provides software over the Internet.

When developing security mechanisms for an organization, different design principles are crucial for the development of effective security mechanisms. One of the issues to consider when designing security measures is the different attackers likely to attack the computer system. These attackers can range from script kiddies who are not likely to cause much damage to the organization to motivated criminal attackers who are motivated to commit a crime. The attackers are also likely to be previous aggrieved employees or current employees who are not aware of different network security measures. Another issue to consider is the different objectives of network security. These objectives include integrity, confidentiality, and availability. Integrity aims at ensuring that the data in the network is not modified by unauthorized individuals, while confidentiality aims at making sure that the data in the network is not accessed by unauthorized individuals. Availability, on the other hand, aims to ensure that the data in the network and the different network resources can be accessed by authorized users at any time.

Insider Threats

Different types of threats are likely to occur in an organization. The impacts of these threats in an organization are different depending on the threat that affects the organization. Some of the most common threats include intruders, email attachments and viruses, suppliers and vendors, employees, and physical events. Physical events threats refer to the different events that are likely to occur that lead to the different data and resources in the network being unavailable. These events can include earthquakes and fires. The email attachments and viruses threat are likely to corrupt the data in the system or even encrypt important data in the system and demand payments to provide the decryption key. Vendors and suppliers in an organization are sometimes given certain rights in the system. The vendors and suppliers can also abuse the privileges granted to them and access confidential data in the system. This is a similar case to employees of an organization who are likely to access data they are not authorized to access. When this occurs, the type of attack is referred to as an insider attack. Attacks in an organization can also be caused by intruders who employ different measures to gain unauthorized access into the system. In most cases, the intruders have a malicious intention to access the system without authorization. Regardless of the type of threat that affects an organization, the organization is likely to make financial losses as a result of the attack.

Insider attacks are likely to originate from former aggrieved employees of the organization. When an organization does not revoke the network privileges of a previous employee who was not contented with the way they were treated at the organization, then the organization can become a victim of an insider attack. Moreover, current employees of the organization can also cause insider attacks. Additionally, insider threats can be caused by individuals who have been granted access to the organization’s computer network. These individuals can include contractors or business associates. Yusop and Abawajy (2014) note that insider threats can cause data integrity, confidentiality, and availability to be lost in an organization’s network. The impact of insider threats can be severe. This is because the insider knows the different security measures that are implemented in the organization and how to avoid them. This knowledge can enable the insider to commit an attack on the organization without the organization being aware until the effects of the attack are seen. (Yusop and Abawajy, 2014)

Advancements in technology have prompted most organizations to adopt the use of cloud computing. The different models of cloud computing enable an organization to implement different features on the cloud. This can include the software, the platform, and even the infrastructure. The availability of a cloud computing service provider removes the need for an organization to purchase different components of a network. This, however, removes some of the activities that are performed by network administrators in the organization. These activities can include the maintenance and management of the network components. This presents a security concern in the organization. (Yusop and Abawajy, 2014) Despite the removal of the most likely to be incurred cost in purchasing the network components, the organization is likely to suffer from insider attacks through the cloud computing services they use. An insider in the cloud computing services provider is likely to access the confidential data in the system. Since the attacker has been granted access to different aspects of the organization’s network, the attack is less likely to be discovered until the impacts of the attack can be seen. Apart from an insider attacker who works for the cloud computing services provider, another type of insider attacker is an employee of the organization who exploits the vulnerabilities in the cloud services offered. (Claycomb and Nicoll, 2012) By gaining unauthorized access to the cloud service, the employee can copy or even modify the data in the system.

Different measures can be employed to mitigate the different insider attacks on cloud services. One of the measures includes conducting a thorough assessment of the cloud computing service provider before acquiring their services. Another measure is ensuring that the different security measures are not conducted by the provider only. The organization should also implement different security measures to protect the information in the network. This security measure would also include the system administrator of the organization being informed of the different security measures implemented to protect the organization’s network. Additionally, the organization can also limit the privileges of the employees as well as those of the cloud computing service provider employees. (Claycomb and Nicoll, 2012)

Monitoring and Analyzing Network Activities

The identification of threats in a network can be achieved by conducting network monitoring and analysis. Monitoring and analyzing the different network activities can help identify vulnerabilities in the network and potential network attacks. Network monitoring and analysis tools can also be implemented to identify malfunctioning components in the network. (So-In, 2009) Different tools are available to conduct monitoring and analyses in a network. One of the tools is the Network Mapper (Nmap), which is used to identify the different components and services in a network. Nmap can also be used to identify open ports in the network and the security risks in the network. Another network monitoring tool is Nessus. Nessus can be used to identify security vulnerabilities in the network and notify the network administrator if any vulnerabilities are identified.

Some network monitoring tools also provide the functionality of correcting the security vulnerabilities that are identified in the network. Examples of these tools include GFI LanGuard and Wireshark. The Snort network monitoring tool is used as an intrusion detection system (IDS) and an intrusion prevention system (IPS). Therefore, the different functionalities of Snort include detecting any attempts to gain unauthorized access into the system, notifying the network administrator of the unauthorized access attempt, and employing measures to prevent the attacker from gaining access to the system. Tools such as Fport and PortPeeker are responsible for monitoring the different ports in the network and recording the network traffic on the ports. Similarly, the SuperScan tool is used to check for any open ports in the network that use either the TCP or UDP protocols. The different network monitoring tools are not only useful to the network administrators but also to the attackers who use them to search for open ports that they can use to access the network.

Firewalls

A firewall refers to a system that is used to restrict or allow network traffic to get into or to leave a network, therefore, increasing the security of the network. (Anicas, 2015) The network administrator is responsible for defining the different rules that the firewall follows to filter the traffic going in and out of the network. The different types of firewalls include packet filtering firewalls, stateful firewalls, and application layer firewalls. The packet filtering firewalls analyze the packets in the traffic and are not concerned with the connection state of the traffic. The stateful firewalls, on the other hand, determine the connection state of the traffic before implementing the firewall rules. The application firewalls analyze the payload of the traffic to determine what type of rule to implement. Zhan and Wang (2015) noted that the increase in network traffic calls for an effective method of checking the network packets. Hence, there is a need for the use of the deep packet inspection mode of packet filtering. The different rules that can be implemented in a firewall include the accept rule, the reject rule, and the drop rule. The accept rule is used to allow traffic to pass through the firewall, the reject rule is used to deny the traffic from passing through the firewall, and the drop rule is also used to deny the traffic from passing through the firewall. The difference between the drop rule and the reject rule is that the reject rule will provide feedback that the receiver cannot be reached, while the reject rule will not provide any feedback.

The implementation of a firewall can be through software or hardware. Some network components, such as the routers, can be used to provide the different functions provided by firewalls. Examples of software-based firewalls include Fail2ban, FirewallD, Uncomplicated Firewall (UFW), and iptables. The process of creating firewall rules includes the definition of the source and destination addresses. While defining the source and destination addresses, other features include the standard networks, hosts, network or host groups, and IPsec networks. The process also includes choosing whether to use Network Address Translation (NAT). Additionally, the different protocols, such as UDP, TCP, and ICMP, also have to be defined. The firewall rules have also been chosen. Additional settings that can be implanted include the use of time constraints and limitation of concurrent connections for a specific IP address.

Spoofing/Cache Poisoning Attacks

Spoofing attacks refer to attacks where the malicious program masks itself like another trusted program to gain the trust of the victim before compromising the security of the victim. An example of a spoofing attack is the IP address spoofing. In this attack, the attacker identifies a trusted IP address and copies the IP address into a packet header. The network security mechanisms, such as firewalls that make use of the IP address in the packet header to allow the traffic into a network, are tricked into concluding that the packet originated from a trusted source. This enables the attacker to successfully transmit malicious data into a network. (Rao, Sasankar, and Chavan, 2013) Cache poisoning is also conducted similarly to IP spoofing. In cache spoofing, the attacker replaces the IP address with spoofed addresses that contain malicious programs. The different proposed solutions to address the issue of IP spoofing include not using the source IP address to confirm the source of the packets and blocking packets from the internet that contain the IP address of one of the hosts in the local area network. (Rao, Sasankar, and Chavan, 2013)

Session hijacking attacks in a network refer to the instances where an attacker can intercept the communication between a user and a server and continue the session by blocking the user from the session. (Kamal, 2016) The attacker achieves this by getting access to the user’s session ID or key. Session IDs and keys can be obtained through various methods. These methods can include sniffing or Trojans. The different types of session hijacking include active session hijacking, passive session hijacking, and hybrid session hijacking. In an active session hijacking, the attacker takes over the session between the valid user and server by removing the valid user from the session and continuing the session using the session ID of the valid user. In a passive session hijacking, the attacker positions themselves between the valid user and the server and relays the packets between the server and the valid user. In this attack, as long as the session does not terminate between the valid user and the server, the attacker will be able to access the data being transferred between the two. In a hybrid session hijacking attack, the attacker makes use of both active and passive session hijacking attacks. (Kamal, 2016) The different recommended solutions to prevent session hijacking attacks include making use of SSL (Secure Sockets Layer) connections, using an HTTPS connection, implementing intrusion detection systems (IDS) and intrusion prevention systems (IPS), using token regeneration, defining a timeout for sessions, and encrypting session IDs. (Kamal, 2016)

References

Anicas, M. (2015, August 20). What is a Firewall and How Does It Work? Retrieved October 22, 2019, from https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-work.

Claycomb, W. R., & Nicoll, A. (2012, July). Insider threats to cloud computing: Directions for new research challenges. In 2012 IEEE 36th Annual Computer Software and Applications Conference (pp. 387-394). IEEE.

Kamal, P. (2016). State of the Art Survey on Session Hijacking. Global Journal of Computer Science and Technology.

Rao, K., Sasankar, A., & Chavan, V. (2013). Spoofing Attacks on Packets And Methods For Detection And Prevention Of Spoofed Packets. IJSEAT, 1(3), 039-044. Retrieved from http://www.ijseat.com/index.php/ijseat/article/view/7

So-In, C. (2009). A survey of network traffic monitoring and analysis tools. Cse 576m computer system analysis project, Washington University in St. Louis.

Yusop, Z. M., & Abawajy, J. (2014). Analysis of insider attack mitigation strategies. Procedia-Social and Behavioral Sciences, 129, 581-591.

Zhan, Y. R., & Wang, Z. S. (2015). Deep packet inspection based on many-core platform. journal of computer and communications, 3(05), 1.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


Security Assessment Report

Security Assessment Report (SAR): This should be an 8-10 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

Exit mobile version