Tuesday, May 5, 2020
Experimental Analysis of Cyber Security â⬠Free Samples to Students
Question: Discuss about the Experimental Analysis of Cyber Security. Answer: Introduction: Cybersecurity are measures and activities which protect computers, computer networks, computer hardware and software and other elements of cyberspace from disruption and attacks. An individual should understand the different forms of attacks that they are likely to encounter so as to put in the best level of security they can. There exist different threats facing cyber security. These threats include hacking among others as discussed below. There are different types of hacking i.e. the hacktivist, the black hat and the white hat. Most of the hackers follow a proper methodology in order to lessen the risk of being caught. Hackers perform a preliminary survey that is the pre-attack step whereby the hackers collect, identify and record details about the respective corporation or individual. Secondly, the hacker undertakes a scanning and listing process. In this process the novice hackers utilize powerless scanners to find holes in ones network. The success of this process depends on the security of the network that is being hacked (Wang and Lu, 2013 pg. 1366). The hacker proceeds to the next step provided a weak spot has been identified in the said network. In this step, the hacker tries to penetrate the network using the loop holes in the network. The network intruder spreads damage from system to system by infiltrating the weakness in ones web server software. Their privilege escalates to a point where they get access to more resources and is mostly not noticed by administrators or users (OConnell, 2012 pg. 198). This is not due to the negligence of such users, but it is due to the manner in which the hackers intrude their networks. In most cases, they use technical skills that are not easily noticed by any normal user. The hacker has to maintain control of the system once he/she has penetrated the network. The hacker specialist hides their presence in the web server and remain in control. At this stage one is helpless and is left with the option to rebuild ones entire system all over again. The hacker can do serious damage in this case where the hacker has access to the network but the network owners are unawares. Hackers uses this opportunity to steal crucial information from an organization which they can then use for monetary gains. At some point, it may not be just for monetary gains but some just hack into systems with an aim of causing disruptions. Most hackers make their own backdoors in which case they gain full access to the system or network. With these backdoors, they are capable of accessing the network just like any other authorized personnel in the said network. All event logs are deleted and they install their own files, which will then allow them to access the system without being noticed, and can never be traced in any way possible. Remote Access Trojans can be used remotely, which is a highly destructive malware which is commonly known as RAT. By this stage, can we actually recover our system from the hacker who wants to sell it to the highest bidder on underground networks? Compliance with Cyber Security The importance of rules in any civilization cannot be over emphasized. Among the basic rules in the computer world, is the rule against installing third party software on company systems (Javaid, Sun, Devabhaktuni and Alam, 2012 pg. 585) This rule is however, broken by most employees and thus puts the companys computer systems at risk. This is a classic example of non-compliance with cyber security policies of a company. Employees who violate this rule should be punished accordingly and take responsibility of the damage caused by a cyber-attack caused by such behavior. Non-compliance to this policy includes things employees term as trivial. For instance, employees may log in to their social media accounts using the companys computers. This has the same effect with visiting some websites in the internet that put the computer at a risk of cyber-attack (Jouini, Rabai and Aissa, 2014 pg. 492). Such actions put the computers at a risk of IP spoofing. Additionally, emailing sensitive data from home to work puts the data in risk. This owes to the fact that data in transit as to be encoded and such encoding can only be achieved by a secure company network. Hacking data in transit can be done by amateur hackers because the general encryption of emails has been decoded time and again. In other cases, connecting company devices to unsecure networks puts the companys sensitive data at risk. Again, the unsecure networks put data hat in transit at risk and again computers that are connected to such networks can be hacked. This might seem like a simple rule, but employees have to be reminded not to store passwords in word or text documents (Javaid et al. 2012 pg. 588). This is because they can be easily accessed. In this case, the hacker does not need any hacking skills whatsoever to access the companys sensitive data. These little programs are very intelligent in terms of their functionality and complete a job or their intended purpose as quickly as possible. They usually developed by hackers, where they utilize these programs to scan the system networks obtaining crucial data or information in the process. The information obtained through unknown access points and weak places in software patches which are new and then exploit them to their benefit (Benzel, 2012 pg. 142). Given their ability to complete any singular task assigned to them very well, it is a challenge to protect ones organization against them. Bots are used to locate the simplest method of access in the early stages of an attack. Thus, Bots are good to some extent, but if used by individuals with bad motives, then it delivers good results to them/. They can be employed to scan ones system integrity (Mo, et al. 2012 pg. 201). Making your system networks less vulnerable to external attacks or any potential intrusion keeps the hackers away, making them to proceed looking for their targets which are vulnerable (Wang and Lu, 2013 pg. 1358). The advantage of employing bots to a system is that they can be used repeatedly and are cheap as long as they are used correctly. The main question to ask yourself when purchasing a bot is: are they most efficient as defenders or as destroyers? Bring Your Own Device This case mostly applies to plugging in your USB Flash Drive from one computer to another. For example, you want to share some files from your computer to another friends computer or from your home computer to an organizations computer (Bonaci, et al. 2915). You just have to plug in and begin your presentation, but then why is this considered to be a not so good idea? A virus like Malware may not have been detected by your home computer security software which has now infected your USB Flash Drive. As you connect it to any other computer, you spread the virus to the enterprise network it belongs to (Aloul, et al. 2012 pg. 5). As a result, the virus gains access to the weakest points of the system and propagates across any other computer connected to that enterprise network as long as files are transferred from that computer to another of the same network. According to Von Solms and Van Niekerk (2013 pg. 99), HP conducted a survey and found that 96% of the personal devices such as computers and mobile phones had privacy issues and over 70% having insufficient data encryption. This also means that wearable technologies can lead to unforeseen damages, not only to the affected devices but also to the users. This is the major underlying reason that has made most of the organizations to come up with regulations and policies which give benefits such as the utilization of personal devices to supplement the companys gadgets. In this manner, the company reduces considerable in terms of expenditure as well as the security concerns. In this case, if a third party compromises the device, your software will be invaded thus allowing your files and documents to be accessed (Dunn Cavelty, 2013 pg. 115). The most frequent question is that can you use your phone or USB Flash Drive to take some files from work to look at them at home? The best way to face this dilemma is through installing some protection software in your phone. This makes it easier to detect any unwanted virus, whether it is from your phone or the work computer (Yan, et al. 2012). It is also the easiest way to protect the company operated software. Individuals should always be informed on such matters as, the kind of data they and information they possess in their various devices, and how they should safeguard them against external threats. It is always advisable to have systems that are immune to external attacks, and also, networks should be robust to avoid any malicious attack and keep away hackers due to complexities involved. References Aloul, F., Al-Ali, A.R., Al-Dalky, R., Al-Mardini, M. and El-Hajj, W., 2012. Smart grid security: Threats, vulnerabilities and solutions. International Journal of Smart Grid and Clean Energy, 1(1), pp.1-6. Benzel, T., 2012. The science of cyber security experimentation: the DETER project. In Proceedings of the 27th Annual Computer Security Applications Conference (pp. 137-148). ACM. Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T. and Chizeck, H.J., 2015. To make a robot secure: An experimental analysis of cyber security threats against teleoperated surgical robots. arXiv preprint arXiv:1504.04339. Dunn Cavelty, M., 2013. From cyber-bombs to political fallout: Threat representations with an impact in the cyber-security discourse. International Studies Review, 15(1), pp.105-122. Javaid, A.Y., Sun, W., Devabhaktuni, V.K. and Alam, M., 2012, November. Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In Homeland Security (HST), 2012 IEEE Conference on Technologies for (pp. 585-590). IEEE. Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496. Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A. and Sinopoli, B., 2012. Cyberphysical security of a smart grid infrastructure. Proceedings of the IEEE, 100(1), pp.195-209. OConnell, M.E., 2012. Cyber security without cyber war. Journal of Conflict and Security Law, 17(2), pp.187-209. Rowe, D.C., Lunt, B.M. and Ekstrom, J.J., 2012, October. The role of cyber-security in information technology education. In Proceedings of the 2012 conference on Information technology education (pp. 113-122). ACM. Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers security, 38, pp.97-102. Wang, W. and Lu, Z., 2013. Cyber security in the Smart Grid: Survey and challenges. Computer Networks, 57(5), pp.1344-1371 Yan, Y., Qian, Y., Sharif, H. and Tipper, D., 2012. A survey on cyber security for smart grid communications. IEEE Communications Surveys Tutorials.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.