CY520 Ohio Academy Online Security Trends Discussion

Anonymous

Question Description

Q) Your boss mentions that recently a number of employees have received calls from individuals who didn't identify themselves and asked a lot of questions about the company and its computer infrastructure. At first, he thought this was just a computer vendor who was trying to sell your company some new product, but no vendor has approached the company. He also says several strange e-mails requesting personal information have been sent to employees, and quite a few people have been seen searching your company's trash dumpsters for recyclable containers. Your boss asks what you think about all of these strange incidents. Respond and be sure to provide recommendations on what should be done about the various incidents.

Instructions : 1) Refer chapters 1,2,3 from book attached and also from external papers.

2) Original responses should not be a word for word rehashing of what is stated in the readings, but rather an integration of the concepts and additional insights, either from real world experience or additional sources. It should be a 500 word response to the question. FINALLY, you must cite your sources after every sentence which contains information from one of your sources. Just putting a citation at the end of a paragraph or section is not sufficient.

Also, do not state "The author" or "the text". Use proper APA style. This is Last Name of Author (Year).

Unformatted Attachment Preview

chapter 1 Introduction and Security Trends Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure or nothing. —HELEN KELLER In this chapter, you will learn how to Define computer security Discuss common threats and recent computer crimes that have been committed List and discuss recent trends in computer security Describe common avenues of attacks Describe approaches to computer security Discuss the relevant ethical issues associated with computer security hy should we be concerned about computer and network security? All you have to do is turn on the television or read the newspaper to find out about a variety of security problems that affect our nation and the world today. The danger to computers and networks may seem to pale in comparison to the threat of terrorist strikes, but in fact the average citizen is much more likely to be the target of an attack on their own personal computer, or a computer they use at their place of work, than they are to be the direct victim of a terrorist attack. This chapter will introduce you to a number of issues involved in securing your computers and networks from a variety of threats that may utilize any of a number of different attacks. W The Computer Security Problem Fifty years ago companies did not conduct business across the Internet. Online banking and shopping were only dreams in science fiction stories. Today, however, millions of people perform online transactions every day. Companies rely on the Internet to operate and conduct business. Vast amounts of money are transferred via networks, in the form of either bank transactions or simple credit card purchases. Wherever there are vast amounts of money, there are those who will try to take advantage of the environment to conduct fraud or theft. There are many different ways to attack computers and networks to take advantage of what has made shopping, banking, investment, and leisure pursuits a simple matter of “dragging and clicking” (or tapping) for many people. Identity theft is so common today that most everyone knows somebody who’s been a victim of such a crime, if they haven’t been a victim themselves. This is just one type of criminal activity that can be conducted using the Internet. There are many others and all are on the rise. Definition of Computer Security Computer security is not a simple concept to define, and has numerous complexities associated with it. If one is referring to a computer, then it can be considered secure when the computer does what it is supposed to do and only what it is supposed to do. But as was noted earlier, the security emphasis has shifted from the computer to the information being processed. Information security is defined by the information being protected from unauthorized access or alteration and yet is available to authorized individuals when required. When one begins considering the aspects of information, it is important to realize that information is stored, processed, and transferred between machines, and all of these different states require appropriate protection schemes. Information assurance is a term used to describe not just the protection of information, but a means of knowing the level of protection that has been accomplished. Tech Tip Historical Computer Security Computer security is an ever-changing issue. Fifty years ago, computer security was mainly concerned with the physical devices that made up the computer. At the time, computers were the high-value items that organizations could not afford to lose. Today, computer equipment is inexpensive compared to the value of the data processed by the computer. Now the high-value item is not the machine, but the information that it stores and processes. This has fundamentally changed the focus of computer security from what it was in the early years. Today the data stored and processed by computers is almost always more valuable than the hardware. Computer security and information security both refer to a state where the hardware and software perform only desired actions and the information is protected from unauthorized access or alteration and is available to authorized users when required. Historical Security Incidents By examining some of the computer-related crimes that have been committed over the last 30 or so years, we can better understand the threats and security issues that surround our computer systems and networks. Electronic crime can take a number of different forms, but the ones we will examine here fall into two basic categories: crimes in which the computer was the target, and incidents in which a computer was used to perpetrate the act (for example, there are many different ways to conduct bank fraud, one of which uses computers to access the records that banks process and maintain). We will start our tour of computer crimes with the 1988 Internet worm (Morris worm), one of the first real Internet crime cases. Prior to 1988, criminal activity was chiefly centered on unauthorized access to computer systems and networks owned by the telephone company and companies that provided dial-up access for authorized users. Virus activity also existed prior to 1988, having started in the early 1980s. The Morris Worm (November 1988) Robert Morris, then a graduate student at Cornell University, released what has become known as the Internet worm (or the Morris worm). The worm infected roughly 10 percent of the machines then connected to the Internet (which amounted to approximately 6000 infected machines). The worm carried no malicious payload, the program being obviously a “work in progress,” but it did wreak havoc because it continually re-infected computer systems until they could no longer run any programs. Citibank and Vladimir Levin (June–October 1994) Starting about June of 1994 and continuing until at least October of the same year, a number of bank transfers were made by Vladimir Levin of St. Petersburg, Russia. By the time he and his accomplices were caught, they had transferred an estimated $10 million. Eventually all but about $400,000 was recovered. Levin reportedly accomplished the break-ins by dialing into Citibank’s cash management system. This system allowed clients to initiate their own fund transfers to other banks. Kevin Mitnick (February 1995) Kevin Mitnick’s computer activities occurred over a number of years during the 1980s and 1990s. Arrested in 1995, he eventually pled guilty to four counts of wire fraud, two counts of computer fraud, and one count of illegally intercepting a wire communication and was sentenced to 46 months in jail. In the plea agreement, Mitnick admitted to having gained unauthorized access to a number of different computer systems belonging to companies such as Motorola, Novell, Fujitsu, and Sun Microsystems. He described using a number of different “tools” and techniques, including social engineering, sniffers, and cloned cellular telephones. Tech Tip Intellectual Curiosity In the early days of computer crime, much of the criminal activity centered on gaining unauthorized access to computer systems. In many early cases, the perpetrator of the crime did not intend to cause any damage to the computer but was instead on a quest of “intellectual curiosity”—trying to learn more about computers and networks. Today the ubiquitous nature of computers and networks has eliminated the perceived need for individuals to break into computers to learn more about them. While there are still those who dabble in hacking for the intellectual challenge, it is more common today for the intellectual curiosity to be replaced by malicious intent. Whatever the reason, today it is considered unacceptable (and illegal) to gain unauthorized access to computer systems and networks. Omega Engineering and Timothy Lloyd (July 1996) On July 30, 1996, a software “time bomb” went off at Omega Engineering, a New Jersey–based manufacturer of high-tech measurement and control instruments. Twenty days earlier, Timothy Lloyd, a computer network program designer, had been dismissed from the company after a period of growing tension between Lloyd and management at Omega. The program that ran on July 30 deleted all of the design and production programs for the company, severely damaging the small firm and forcing the layoff of 80 employees. The program was eventually traced back to Lloyd, who had left it in retaliation for his dismissal. Worcester Airport and “Jester” (March 1997) In March of 1997, telephone services to the FAA control tower as well as the emergency services at the Worcester Airport and the community of Rutland, Massachusetts, were cut off for a period of six hours. This disruption occurred as a result of an attack on the phone network by a teenage computer “hacker” who went by the name “Jester.” The Melissa Virus (March 1999) Melissa is the best known of the early macro-type viruses that attach themselves to documents for programs that have limited macro programming capability. The virus, written and released by David Smith, infected about a million computers and caused an estimated $80 million in damages. Tech Tip Speed of Virus Proliferation The speed at which the Slammer worm spread served as a wakeup call to security professionals. It drove home the point that the Internet could be adversely impacted in a matter of minutes. This in turn caused a number of professionals to rethink how prepared they needed to be in order to respond to virus outbreaks in the future. A good first step is to apply patches to systems and software as soon as possible. This will often eliminate the vulnerabilities that the worms and viruses are designed to target. The Love Letter Virus (May 2000) Also known as the “ILOVEYOU” worm and the “Love Bug,” the Love Letter virus was written and released by a Philippine student named Onel de Guzman. The virus was spread via e-mail with the subject line of “ILOVEYOU.” Estimates of the number of infected machines worldwide have been as high as 45 million, accompanied by a possible $10 billion in damages (it should be noted that figures like these are extremely hard to verify or calculate). The Code Red Worm (2001) On July 19, 2001, in a period of 14 hours, over 350,000 computers connected to the Internet were infected by the Code Red worm. The cost estimate for how much damage the worm caused (including variations of the worm released on later dates) exceeded $2.5 billion. The vulnerability was a buffer-overflow condition in Microsoft’s IIS web servers, had been known for a month. The Slammer Worm (2003) On Saturday, January 25, 2003, the Slammer worm was released. It exploited a buffer-overflow vulnerability in computers running Microsoft SQL Server or SQL Server Desktop Engine. Like the vulnerability in Code Red, this weakness was not new and, in fact, had been discovered and a patch released in July of 2002. Within the first 24 hours of Slammer’s release, the worm had infected at least 120,000 hosts and caused network outages and the disruption of airline flights, elections, and ATMs. At its peak, Slammer-infected hosts were generating a reported 1TB of wormrelated traffic every second. The worm doubled its number of infected hosts every 8 seconds. It is estimated that it took less than 10 minutes to reach global proportions and infect 90 percent of the possible hosts it could infect. Website Defacements (2006) In May of 2006, a Turkish hacker using the handle iSKORPiTX successfully hacked over 21,000 websites in a single effort. The rationale for his actions was never determined, and over the next few years he hacked hundreds of thousands of websites, defacing their cover page with a statement of his hack. A nuisance to some, those affected had to clean up their systems, including repairing vulnerabilities, or he would strike again. Cyberwar? (2007) In May of 2007, the country of Estonia was crippled by a massive denialof-service (DoS) cyberattack against all of its infrastructure, firms (banks), and government offices. This attack was traced to IP addresses in Russia, but was never clearly attributed to a government-sanctioned effort. Operation Bot Roast (2007) In 2007, the FBI announced that it had conducted Operation Bot Roast, identifying over 1 million botnet crime victims. In the process of dismantling the botnets, the FBI arrested several botnet operators across the United States. Although seemingly a big success, this effort made only a small dent in the vast volume of botnets in operation. Conficker (2008–2009) In late 2008 and early 2009, security experts became alarmed when it was discovered that millions of systems attached to the Internet were infected with the Downadup worm. Also known as Conficker, the worm was believed to have originated in Ukraine. Infected systems were not initially damaged beyond having their antivirus solution updates blocked. What alarmed experts was the fact that infected systems could be used in a secondary attack on other systems or networks. Each of these infected systems was part of what is known as a bot network (or botnet) and could be used to cause a DoS attack on a target or be used for the forwarding of spam e-mail to millions of users. U.S. Electric Power Grid (2009) In April 2009, Homeland Security Secretary Janet Napolitano told reporters that the United States was aware of attempts by both Russia and China to break into the U.S. electric power grid, map it out, and plant destructive programs that could be activated at a later date. She indicated that these attacks were not new and had in fact been going on for years. One article in the Kansas City Star, for example, reported that in 1997 the local power company, Kansas City Power and Light, encountered perhaps 10,000 attacks for the entire year. By 2009 the company experienced 30– 60 million attacks. Try This! Software Patches One of the most effective measures security professionals can take to address attacks on their computer systems and networks is to ensure that all software is up to date in terms of vendorreleased patches. Many of the outbreaks of viruses and worms would have been much less severe if everybody had applied security updates and patches when they were released. For the operating system that you use, go to your favorite web browser to find what patches exist for the operating system and what vulnerabilities or issues the patches were created to address. Fiber Cable Cut (2009) On April 9, 2009, a widespread phone and Internet outage hit the San Jose area in California. This outage was not the result of a group of determined hackers gaining unauthorized access to the computers that operate these networks, but instead occurred as a result of several intentional cuts in the physical cables that carry the signals. The cuts resulted in a loss of all telephone, cell phone, and Internet service for thousands of users in the San Jose area. Emergency services such as 911 were also affected, which could have had severe consequences. The Current Threat Environment The threats of the past were smaller, targeted, and in many cases only a nuisance. As time has gone on, more organized elements of cybercrime have entered the picture along with nation-states. From 2009 and beyond, the cyberthreat landscape became considerably more dangerous, with new adversaries out to perform one of two functions: deny you the use of your computer systems, or use your systems for financial gain including theft of intellectual property or financial information including personally identifiable information. Advanced Persistent Threats Although there are numerous claims as to when advanced persistent threats (APTs) began and who first coined the term, the important issue is to note that APTs represent a new breed of attack pattern. Although specific definitions vary, the three words that comprise the term provide the key elements: advanced, persistent, and threat. Advanced refers to the use of advanced techniques, such as spear phishing, as a vector into a target. Persistent refers to the attacker’s goal of establishing a long-term, hidden position on a system. Many APTs can go on for years without being noticed. Threat refers to the other objective: exploitation. If an adversary invests the resources to achieve an APT attack, they are doing it for some form of long-term advantage. APTs are not a specific type of attack, but rather the new means by which highly resourced adversaries target systems. GhostNet (2009) In 2009, the Dalai Lama’s office contacted security experts to determine if it was being bugged. The investigation revealed it was, and the spy ring that was discovered was eventually shown to be spying on over 100 countries’ sensitive missions worldwide. Researchers gave this APT-style spy network the name GhostNet, and although the effort was traced back to China, full attribution was never determined. Operation Aurora (2009) Operation Aurora was an APT attack first reported by Google, but also targeting Adobe, Yahoo, Juniper Networks, Rackspace, Symantec, and several major U.S. financial and industrial firms. Research analysis pointed to the People’s Liberation Army (PLA) of China as the sponsor. The attack ran for most of 2009 and operated on a large scale, with the groups behind the attack consisting of hundreds of hackers working together against the victim firms. Stuxnet, Duqu, and Flame (2009–2012) Stuxnet, Duqu, and Flame represent examples of state-sponsored malware. Stuxnet was a malicious worm designed to infiltrate the Iranian uranium enrichment program, to modify the equipment and cause the systems to fail in order to achieve desired results and in some cases even destroy the equipment. Stuxnet was designed to attack a specific model of Siemens programmable logic controller (PLC), which was one of the clues pointing to its objective, the modification of the uranium centrifuges. Although neither the United States nor Israel has admitted to participating in the attack, both have been suggested to have had a role in it. Duqu (2011) is a piece of malware that appears to be a follow-on of Stuxnet, and has many of the same targets, but rather than being destructive in nature, Duqu is designed to steal information. The malware uses command and control servers across the globe to collect elements such as keystrokes and system information from machines and deliver them to unknown parties. Flame (2012) is another piece of modular malware that may be a derivative of Stuxnet. Flame is an information collection threat, collecting keystrokes, screenshots, and network traffic. It can record Skype calls and audio signals on a machine. Flame is a large piece of malware with many specific modules, including a kill switch and a means of evading antivirus detection. Because of the open nature of Stuxnet—its source code is widely available on the Internet—it is impossible to know who is behind Duqu and Flame. In fact, although Duqu and Flame were discovered after Stuxnet, there is growing evidence that they were present before Stuxnet and collected critical intelligence needed to conduct the later attack. The real story behind these malware items is that they demonstrate the power and capability of nation-state malware. Sony (2011) The hacker group LulzSec reportedly hacked Sony, stealing over 70 million user accounts. The resulting outage lasted 23 days, and cost Sony in excess of $170 million. One of the biggest issues related to the attack was Sony’s poor response, taking more than a week to notify people of the initial attack, and then communicating poorly with its user base during the recovery period. Also notable was that although the credit card data was encrypted on Sony’s ...
Purchase answer to see full attachment

Tutor Answer

nkostas
School: Purdue University

Attached.

Running head: SECURITY TRENDS

1

Security Trends
Name
Institution
Date

SECURITY TRENDS

2
Responding to Security Issues

With the growth and expansion of the internet, it has become quite easy for people to
commit fraudulent activities online. With a computer or server, an anonymous person can
defraud any company provided they have the necessary information. Information regarding a
company and its operations should not be disclosed to unauthorized persons; unauthorized access
should be thwarted, whatever the cost. Many threats and security issues surround our computer
systems and networks (Conklin et al., 2015). Anonymous questions about computer
infrastructure should not be taken lightly. This is so because; perpetrators can target the
computer or use computers to carry out their illicit acts. Just like in the case of Cyberwar 2007,
any person requesting information about company computers might use the data to cripple the
functional roles of the firm.
The person making phones to ask about the ...

flag Report DMCA
Review

Anonymous
Top quality work from this guy! I'll be back!

Similar Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors