ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3

Cybersecurity

1 | P a g e

Cybersecurity

Issues, Challenges and Security Controls

Image: Courtesy of Google

By

Asad Zaman

Information Assurance Capstone-‐670 (Research Paper)

November 2011.

For

Dr. James Clark

University of Maryland University College (UMUC)

Cybersecurity

2 | P a g e

Table of Contents

1. Abstract…………………………………………………………………………………………………………………………………...…3 2. Introduction……………………………………………………………………………………………………………..…………………4 3. Background…………………..…………………………………………….…………………………………………….……………….6 4. Cybersecurity issues & Challenges -‐ Federal Information Systems……………………………………………..6 5. Cybersecurity Issues and Challenges -‐The Corporations, Institutes, and Service Providers..….…..8 6. Cybersecurity Tools………………….……………………………….………………………………………………………………12

A). Cybersecurity Measures………………………………………………………………………………………………………13 7. Cybersecurity Method………………………………………………………………………………………………………………15

A). Cryptography ………………………………………………………………………………………………………………………15 B). Firewall…………………………………………………………………………………………………..……………………………16 C). Application gateway…………………………………………………………………………………………………………….17 D). Pocket Filtering……………………………………………………………………………………………………………………18 E). Hybrid………………………………………………………………………………………………………………………………….19

8. Cybersecurity Management Issues………………………………………………………………………….………………..20 9. Recommendation on Network security…………………………………………………………………………………….21 10. Wireless ……………………………………………………………………………………………………………………………………21 11. Cybersecurity Technology…………….……………………………………………………………………..…..……………….23

A). SSL-‐VPN……………………………………………………………………………………………………………………………….23 B). Intrusion Detection Prevention System……………………………………………………………………………….24

12. Conclusion………………………………………………………………………………………………………..………..……………24 13. Bibliography……………………………………………………………………………………………………………………………..25

Figure

Figure 1: Sample application of gateway……………………………………………………………………………………………….18

Figure 2: Sample Pocket filtering……………………………………………………………………………………………………………19

Cybersecurity

3 | P a g e

1. Abstract

Physical world is increasingly supported by a cyberspace or internet infrastructure. This

infrastructure enables new business models, enhances communications, makes personal lives

more convenient, and contributes to national defense. The flip side of this increased reliance,

however, is that vulnerable to threats to cyberspace infrastructure. Network outages, data

compromised by hackers, propagating viruses, and other incidents affect lives in ways that

range from inconvenient to life-‐threatening. Cybersecurity necessitates a comprehensive

national policy to protect electronically transmitted and stored information from intrusion.

The President of the United State (U.S.) declared that the U.S. economic prosperity in 21st

century depends on cybersecurity. In the face of severe exigencies of threat, several nations

and organizations are addressing the issue independently as well as jointly. Cybersecurity

threats are increasing day by day and making high speed wired/wireless network and internet

services, insecure and unreliable. Security measures works more importantly towards fulfilling

the cutting edge demands of today’s growing internet use. The need is also induced in to the

areas like defense, where secure and authenticated access of resources are the key issues

related to information security.

This paper described the important measures and parameters regarding large

industry/organizational requirements for establishing a secure network as well as issue and

challenges in cybersecurity. Wi-‐Fi networks are very common in providing wireless network

access to different resources and connecting various devices wirelessly. There are need of

different requirements to handle Wi-‐Fi threats and network hacking attempts. This paper also

Cybersecurity

4 | P a g e

explores important security measures related to cybersecurity, so that a fully secured network

environment could be established in an organization.

2. Introduction

As government agencies, private sector corporations, the military, and even retail shoppers

shift their activities to the Internet, cybersecurity becomes increasingly important. In October

2010, the President of the United States (U.S.) called upon U.S. people to recognize the

importance of cybersecurity. He emphasized on the confidentiality of sensitive information,

integrity of e-‐commerce, and resilience of cyber infrastructure. The President requested for a

universal co-‐operations to reduce cyber risk (http://www.whitehouse.gov/the-‐press-‐

office/2010/10/01/presidential-‐proclamation-‐national-‐cybersecurity-‐awareness-‐month).

Cyberspace touches nearly every part of daily lives. It's the broadband networks beneath us

and the wireless signals around us, the local networks in our schools and hospitals and

businesses, and the massive grids that power our nation. It's the classified military and

intelligence networks that keep us safe, and the World Wide Web that has made us more

interconnected than at any time in human history. We must secure our cyberspace to ensure

that we can continue to grow the nation’s economy and protect our way of life

(www.whitehouse.gov/cybersecurity).

Cybersecurity is the measure to safeguard organizational computing assets from cyber

threats and vulnerabilities. While computers provide increased features and functionality, they

also introduce new risks. Any piece of electronic equipment, such as computer, cell phone, car

navigation device, PDA, etc. that uses some kind of computerized component is vulnerable to

software imperfections and vulnerabilities. The risks increase if the device is connected to the

Cybersecurity

5 | P a g e

internet or a network that an attacker may be able to access. The outside connection provides

a way for an attacker to send information to or extract information from the connected device.

Both wired and wireless connections are vulnerable to cyber threats. Attackers may be able to

take advantage of these technological advancements to target devices previously considered

"safe." For example, an attacker may be able to infect cell phone with a virus, steal phone or

wireless service, or access the data on PDA. Not only do these activities have implications for

users’ personal information, but they could also have serious consequences if any corporate

information is stored on the device. Computing devices should never be left unattended in

public or easily accessible areas. All patches, firmware updates, and software updates must be

installed immediately after it is released by the vendor – installing them will prevent attackers

from being able to take advantage of known problems or vulnerabilities. A strong and unique

password which is difficult for thieves to guess should be used for each computing device, and

option to remember password should be disabled. Network connections, including wireless

connections, should be kept disabled when they are not in use. All data, especially the privacy

data, should be stored encrypted. When data is encrypted, unauthorized people can't view

data even if they can physically access it; the data owner must remember the encryption

password to decrypt data, otherwise even the owner will be unable to see data (McDowell &

Lytle, 2008).

Even the U.S. President, Barack Obama, in his address on May 29, 2009 to the National

Security Council (NSC), declared that America's economic prosperity in the 21st century would

depend on effective implementation of cybersecurity. Obama mentioned cyber threat as one

of the serious economic and national security challenges and cautioned about the risk of

Cybersecurity

6 | P a g e

privacy data, identity theft, botnet, spyware, malware, spoofing, phishing, cyber threats, and

cyber criminals. He mentioned that about 1.5 billion people worldwide use Internet and it is

growing rapidly. The President highlighted that e-‐commerce in U.S. accounted for $132 billion

retail sales in 2008. Obama estimated that cyber criminals stole $1 trillion worth of intellectual

property in 2008 worldwide (Obama, 2009). Cybersecurity can be defined as protection of

networks and their services from unauthorized alteration, destruction, or disclosure, and

provision of assurance that the network performs in critical situations and have no harmful

effects for neither user nor for employee (Jegal, 2008). It also includes provisions made in an

underlying computer network infrastructure, policies adopted by the network administrator to

protect the network and the network-‐accessible resources from unauthorized access.

3. Background

Computer networks were developed in the 1960s to help a small group of scientists to

communicate among themselves. The Internet was developed in 1969 in an effort to link a few

computers in scientific labs across the Unites States, especially for military research, and

financed by Pentagon through the Advanced Research Project Agency (ARPA). The first

network was called ARPANET. In 1989, the Internet was transformed to World Wide Web

(WWW) allowing millions of people to access. In the early 1990s, the development of Netscape

Navigator even made the WWW easier to use. Today, the Internet is used by millions of people

on a daily basis (Stevenson, 2000).

4. Cybersecurity Issues & Challenges (The Federal Information Systems)

Federal agencies are facing a set of emerging cybersecurity threats that are the result of

increasingly sophisticated methods of attack and the blending of once distinct types of attack into

Cybersecurity

7 | P a g e

more complex and damaging forms. Examples of these threats include spam (unsolicited

commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and

spyware (software that monitors user activity without user knowledge or consent). To address

these issues, GAO was asked to determine (1) the potential risks to federal systems from these

emerging cybersecurity threats, (2) the federal agencies' perceptions of risk and their actions to

mitigate them, (3) federal and private-sector actions to address the threats on a national level, and

(4) government faces a wide challenges to protecting federal systems from these threats. Spam,

phishing, and spyware pose security risks to federal information systems. Spam consumes

significant resources and is used as a delivery mechanism for other types of cyber attacks;

phishing can lead to identity theft, loss of sensitive information, and reduced trust and use of

electronic government services; and spyware can capture and release sensitive data, make

unauthorized changes, and decrease system performance. The blending of these threats creates

additional risks that cannot be easily mitigated with currently available tools. Agencies'

perceptions of the risks of spam, phishing, and spyware vary. In addition, most agencies were not

applying the information security program requirements of the Federal Information Security

Management Act of 2002 (FISMA) to these emerging threats, including performing risk

assessments, implementing effective mitigating controls, providing security awareness training,

and ensuring that their incident-response plans and procedures addressed these threats. Several

entities within the federal government and the private sector have begun initiatives to address

these emerging threats. These efforts range from educating consumers to targeting cybercrime.

Similar efforts are not, however, being made to assist and educate federal agencies. Although

federal agencies are required to report incidents to a central federal entity, they are not

consistently reporting incidents of emerging cybersecurity threats. Pursuant to FISMA, the

Cybersecurity

8 | P a g e

Office Management and Budget (OMB) and the Department of Homeland Security (DHS) share

responsibility for the federal government's capability to detect, analyze, and respond to

cybersecurity incidents. However, government a wide guidance has not been issued to clarify to

agencies which incidents they should be reporting, as well as how and to whom they should

report. Without effective coordination, the federal government is limited in its ability to identify

and respond to emerging cybersecurity threats, including sophisticated and coordinated attacks

that target multiple federal entities (Wilschsen, 2005).

5. Cybersecurity Issue & Challenges (The Corporations, Institutes, and Service Providers)

A Deloitte study in 2010 found that cyber threats posed to organizations have increased

faster than potential victims, the cybersecurity professionals, can cope with them. This placed

organizations at significant risk. Cyber criminals are increasingly adept at gaining undetected

access and maintaining a persistent, low-‐profile, long-‐term presence in IT environments. An

underground economy has evolved around stealing, packaging, and reselling information.

Malware authors for hire provide skills, capabilities, products, and outsourced services to cyber

criminals. These include, among others, identity collection and theft, data acquisition and

storage, stealthy access to systems, misdirection of communications, keystroke identification,

identity authentication, and botnets. Security models today are primarily “reactive,” and cyber

criminals are exploiting that weakness. Many security organizations may be leaving themselves

vulnerable to cyber crime based on a false sense of security, perhaps even complacency, driven

by non-‐agile security tools and processes. Many are failing to recognize cyber crimes in their

information technology (IT) environments and misallocating limited resources to lesser threats.

Cybersecurity

9 | P a g e

For example, many organizations focus heavily on foiling hackers and blocking pornography

while potential cyber crimes are going undetected and unaddressed (DeZabala & Baich, 2010).

There are concerns that Apple uploads clients’ data, up to 73MB a night, from every iPhone

device in-‐use. Apple is claiming that they are uploading location data only. Uploading up to 73

MB of location data every night? Is that true? What Apple is really uploading? Are they

harvesting keyboard cache, GeoTag (location data), date, time, photo library, WiFi connection

logs, and personal interest of users supplemented with name, phone number, and email

address? All combined, this set of information has a huge value in the underground market of

personal data. This data is enough for a dubious spouse to prove that the partner was not in

office at a given date and time? Is Apple infringing the data privacy of its users? As a

precaution, Apple users should regularly clean the browser’s recent searches and the keyboard

cache. Germany’s justice minister, Sabine Leutheusser-‐Schnarrenberger, has already asked

Apple to tell the State Data Protection Officials about the kind of data that Apple is gathering on

individual iPhone users in Germany. Apple is also asked to outline the purpose of collecting this

data and how long the data will be stored (Brien, 2010; Seriot, 2010).

Although there are popular believes that only computer programs can get infected with

virus software, but that is not necessarily true. In fact, almost any electronic device that runs

automatically can get infected with malware (virus, worm, etc.), and even cell phones are not

safe from cyber crimes. IKEE is the first known iPhone worm. This worm changes the iPhone’s

wallpaper and displays a photograph of 1980s singer Rick Ashley with the words “IKEE is never

goanna give you up.” The programmer of this worm, a 21-‐year old Australian programmer, was

Cybersecurity

10 | P a g e

subsequently hired by the Australian iPhone development company, Mogeneration. Typically,

iPhone runs software in its standard configuration that is cryptographically signed only by

Apple, but iPhone hackers found ways to circumvent this limitation by creating a modified

version of iPhone operating system (OS) that runs other software codes. Installing such a

firmware is called “jailbreaking.” It is estimated that about 6–8% of all iPhone are “jailbroken”

and hackers can steal users’ data now, including users’ privacy and sensitive data, from

jailbroken iPhones remotely (Seriot, 2010).

Cybercrime, such as identity theft electronically, is a federal crime in the USA. It is one

of the most prevalent nuisances of the 21st century, the digital revolution, and the radical

transformation of world for its widespread Internet use. Not only has this revolution changed

the way people live and do business, it has also expanded the spectrum of illegal activities.

Cybercrime has many faces -‐ from computer hacking and online piracy of copyrighted content

to spam, spyware, malware, or any of a host of other issues, unimaginable a few decades ago.

It is not yet clear how the law is faring against this ever elusive opponent (Demarco, 2009).

The most frequent form of identity theft is the fraudulent use of someone’s name and

identifying data to obtain credit, merchandise, and services (COPS, 2006). The Internet has

made it easier for individuals and organizations to communicate and conduct business online;

hence, e-‐commerce is growing. According to eMarketer, an estimated 152 million individuals

ages 14 and above shopped online in 2009. With the growth of e-‐commerce, identity theft

problems have also grown in many parts of the world. Tremendous efforts have been made in

Cybersecurity

11 | P a g e

the past decade by governments and businesses to understand these issues and to find-‐out

solutions for combating these problems (Ji, Smith-‐Chao, & Min, 2008).

The growth potential of e-‐commerce has its own vulnerabilities also. The chance of

security failure, including disclosure of privacy information, is high. The confidentiality,

integrity, and availability (CIA) are at stake. Perhaps the most important reason for both

businesses and consumers to partially refrain from establishing and participating in e-‐

commerce is the potential for loss of privacy data. A single highly publicized security breach in

privacy data can erode confidence in the business and can not only damage the reputation of

the firm, but cause widespread repercussions in the e-‐commerce industry (Farahmand &

Navathe, 2005). The internet has presented opportunities for companies to bombard the

consumers with various marketing information, especially in online advertisements. Some of

these techniques infringe data privacy and leaves consumers with security issues. Dobosz,

Green, & Sisler (2006) found that DoubleClick collecting PII of Internet users although it claims

that it does not.

A Federal Trade Commission survey conducted in 2003 estimated the annual number of

victims of some form of identity theft at 9.91 million adults or about 4.6 percent of the United

States population. Actual dollar losses for businesses and victims in the United States are

estimated roughly at $53 billion for 2004. These figures do not take into account expenses

incurred by the victims to recover losses; the cost to the criminal justice system to detect,

investigate, and prosecute offenders; or the expenditures of time and money to develop,

promulgate, and enforce legislation to control this crime (COPS, 2006). The total one-‐year

Cybersecurity

12 | P a g e

fraud amount for 2006 is estimated at $55.7 billion, and the average number of hours that each

victim devotes to resolving fraudulent transactions and negative credit reporting issues is

thought to be 40 hours per victim (Fonte, 2008).

It is essential to reduce the opportunities for criminals’ misusing the data that they steal

because thieves are resourceful and security systems are imperfect. Strong law enforcement is

necessary to punish the identity thieves. The recent increasing sophistication of identity

thieves meant that law enforcement agencies at all levels of government must increase the

resources they devote for investigating identity related crimes (Gonzales & Majoras, 2007).

According to the U.S. Federal Trade Commission (FTC) survey, about 9.9 million Americans were

victims of identity theft in 2002. Losses from such crimes totaled $48 billion. Consumers

reported $5 billion in out-‐of-‐pocket expenses to fix the problem (Africa news, 2003). The

federal trade commission (FTC) publication in 2008 – “Take Charge: Fighting Back Against

Identity Theft” is rich in contents identifying the prevailing risks, such as tax fraud, banking

fraud, and credit fraud in identity theft and data privacy risks, resolving problems, and

minimizing recurrence (FTC, 2008).

There is a growing awareness among e-‐commerce customers that they must stay ahead

of the risks, because risk is everywhere; even using a teller machine is a potential risk where a

criminal might watch the personal identification number (PIN) over the shoulder and use it later

or sell it to others for their financial gains (Bhakta, 2008).

6. Cybersecurity Tools

Cybersecurity

13 | P a g e

Nowadays many commercial and some DOD or DOE installations have networks which

include various supercomputer models incorporated in them. It would be interesting to know if

products cater for such environments too along with the associated pricing algorithm. New

techniques and advances in the field of “real-‐time” auditing in the area of IDS, Intrusion

Detection Systems, now look for signs of intrusions or variations in the normal operations in

real time. Thus bringing auditing of ICT network systems into more of an a ‘prior system than

previous known. Previous ICT auditing systems looked more like the classical accounting and

financial auditing tools applied to computing. There is still that element present. However;

today the computer is the network and the network is the computer and it is a dynamic system

which lends itself to real-‐time auditing. This is a dimension beyond yesterday’s computer

auditing functionality (Clark, 2011).

Below are named few tools and a very brief functionality used to secure the network:

• N-‐map Security Scanner is a free and open source utility for network exploration or security

auditing.

• Nessus is the best free network vulnerability scanner available.

• Wire shark or Ethereal is an open source network protocol analyzer for UNIX and Windows.

• Snort is light-‐weight network intrusion detection and prevention system excels at traffic

analysis and packet Logging on IP networks.

• Net Cat is a simple utility that reads and writes data across TCP or UDP network connections.

• Kismet is a powerful wireless sniffer.

6. Cybersecurity Measures:

Cybersecurity

14 | P a g e

(Marin, 2005) defined the core practical networking aspects of security including

computer intrusion detection, traffic analysis, and network monitoring aspects of network

security. (Flauzac, 2009) has presented a new approach for the implementation of

distributed security solution in a controlled collaborative manner, called grid of security, in

which community of devices ensures that a device is trustworthy and communications

between devices can be performed under control of the system policies. (Wu Kehe, 2009)

has defined information security in three parts -‐ data security, network system security and

network business security, and the network business security model. A theoretical basis for

security defense for enterprise automatic production system has also been established. A

Public Key Infrastructure (PKI)-‐based security framework for wireless network has been

defined by (Wuzheng 2009). In this paper various tools and treatment related to

cryptography and network security has been defined. The latest issues related to network

security technology and their practical applications like Advance Encryption Standard (AES),

CMAC mode for authentication and the CCM mode for authenticated encryption standards

are also discussed in a very elaborative way. In addition, various hacking attempts and their

detection, remedial are also discussed in a very efficient way. Nowadays, transfer of

information in a safer and secure way over a network has become a major challenge for the

industry. The attacks and the network security measures define that how using the network

security tools, a better, healthy and safe network can be designed and maintained for an

organization/industry. This paper focuses on the issues through which Cybersecurity can be

managed and maintained more efficiently in an organization.

Following measures are to be taken to secure the network

Cybersecurity

15 | P a g e

• A strong firewall and proxy to be used to keep unwanted traffic out.

• A strong Antivirus software package and Internet Security Software package should be

installed.

• For authentication, use strong passwords and change every 30 days basis.

• When using a wireless connection, use a robust password.

• Employees should be cautious about physical security.

• Prepare a network analyzer or network monitor and use it when needed.

• Implementation of physical security measures like closed circuit television for entry areas and

restricted zones.

• Security barriers to restrict the organization's perimeter.

• Fire asphyxiators can be used for fire-‐sensitive areas like server rooms and security rooms.

7. Cybersecurity Method

According to one of my UMUC professor that Security is on one hand a race of imagination,

trying to outthink the bad guys, but it is also a very regimented, details oriented, carefully

thought out pattern of activity. The imagination and the cybersecuity method are expressed

regarding the cybersecurity war (Samid, 2009). In a never-‐ending loop, cybersecurity experts

develop new ways to prevent continually emerging threats, and hackers develop more

sophisticated technology to circumvent information security systems. Below are named a few

methods and a brief discussed.

A. Cryptography

Today’s information systems and the information that they contain are considered to be

major assets that require protection. Cryptography relies on ciphers (after encrypted plaintext),

Cybersecurity

16 | P a g e

which is nothing but mathematical functions used for encryption and decryption of a message.

To ensure the security of information in increasingly prevalent e-‐commerce, e-‐business, and to

protect private data from hackers and saboteurs, among the others, cryptography is one of the

key techniques that ensure confidentiality and integrity of information. The information used

by government and business is contained in computer systems consisting of groups of

interconnected computers that make use of shared networks, often referred to as the Internet

or Cyberspace. Since the Cyberspace is shared by diverse and often competing organizations

and individuals, information systems should protect themselves and the information that they

contain from unauthorized disclosure, modification and use. Cryptography is often used to

protect information from unauthorized disclosure, to detect modification, and to authenticate

the identities of system users. Cryptography is particularly useful when data transmission or

authentication occurs over communications networks for which physical means of protection

are often cost-‐prohibitive or even impossible to implement. Thus, cryptography is widely used

when business is conducted or when sensitive information is transmitted over the Cyberspace.

Cryptography also provides a layer of protection for stored data (in addition to physical and

computer security access controls) against insiders who may have physical and possibly logical

(e.g., system administrator) access to, but not the authorization to know or modify, the

information Cryptographic techniques (Pandey, 2011).

B. Firewall

Firewalls are devices or programs that control the flow of network traffic between networks

or hosts that employ differing security postures. At one time, most firewalls were deployed at

network perimeters. This provided some measure of protection for internal hosts, but it could

Cybersecurity

17 | P a g e

not recognize all instances and forms of attack, and attacks sent from one internal host to

another often do not pass through network firewalls. Because of these and other factors,

network designers now often include firewall functionality at places other than the network

perimeter to provide an additional layer of security, as well as to protect mobile devices that

are placed directly onto external networks. Threats have gradually moved from being most

prevalent in lower layers of network traffic to the application layer, which has reduced the

general effectiveness of firewalls in stopping threats carried through network communications.

However, firewalls are still needed to stop the significant threats that continue to work at lower

layers of network traffic. Firewalls can also provide some protection at the application layer,

supplementing the capabilities of other network security technologies. There are several types

of firewalls, each with varying capabilities to analyze network traffic and allow or block specific

instances by comparing traffic characteristics to existing policies. Understanding the capabilities

of each type of firewall, and designing firewall policies and acquiring firewall technologies that

effectively address an organization’s needs, are critical to achieving protection for network

traffic flows.

C. Application gateway

This is the first firewall and is sometimes also known as proxy gateways as shown in figure

1. These are made up of bastion hosts so they do act as a proxy server. This software runs at

the Application Layer of the ISO/OSI Reference Model. Clients behind the firewall must be

categorized & prioritized in order to avail the Internet services. This is been the most secure,

Cybersecurity

18 | P a g e

because it doesn't allow anything to pass by default, but it also need to have the programs

written and turned on in order to start the traffic passing.

Figure 1: A sample application gateway (Pandra, 2010)

D. Pocket Filtering

Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on.

By default, a router will pass all traffic sent through it, without any restrictions as shown in

figure 2. ACL’s is a method to define what sorts of access is allowed for the outside world to

have to access internal network, and vice versa. This is less complex than an application

gateway, because the feature of access control is performed at a lower ISO/OSI layer. Due to

low complexity and the fact that packet filtering is done with routers, which are specialized

computers optimized for tasks related to networking, a packet filtering gateway is often much

faster than its application layer cousins. Working at a lower level, supporting new applications

either comes automatically, or is a simple matter of allowing a specific packet type to pass

through the gateway. There are problems with this method; thought TCP/IP has absolutely no

Cybersecurity

19 | P a g e

means of guaranteeing that the source address is really what it claims to be. As a result, use

layers of packet filters are must in order to localize the traffic.

Figure 2: A sample packet filtering gateway (Pandra, 2010)

It can differentiate between a packet that came from the Internet and one that came from our

internal network. Also It can be identified which network the packet came from with certainty,

but it can't get more specific than that.

E. Hybrid System

In an attempt to combine the security feature of the application layer gateways with the

flexibility and speed of packet filtering, some developers have created systems that use the

principles of both. In some of these systems, new connections must be authenticated and

approved at the application layer. Once this has been done, the remainder of the connection is

passed down to the session layer, where packet filters watch the connection to ensure that only

packets that are part of an ongoing (already authenticated and approved) conversation are

being passed. Uses of packet filtering and application layer proxies are the other possible ways.

Cybersecurity

20 | P a g e

The benefits here include providing a measure of protection against your machines that provide

services to the Internet (such as a public web server), as well as provide the security of an

application layer gateway to the internal network. Additionally, using this method, an attacker,

in order to get to services on the internal network, will have to break through the access router,

the bastion host, and the choke router.

8. Security Management Issues

a) Ensuring the security strength of the organization is a big challenge nowadays. Organizations

have some pre-‐defined security policies and procedures but they are not implementing it

accordingly. Through the use of technology, we should impose these policies on people and

process.

b) Building and affirming high-‐quality resources for deployment and efficient management of

network security infrastructure. Adopting technologies that are easy and cost effective to

deploy and manage day-‐to–day network security operations and troubleshoots in the long run.

c) Ensuring a fully secure networking environment without degradation in the performance of

business applications.

d) On a day-‐to-‐day basis, enterprises face the challenge of having to scale up their

infrastructure to a rapidly increasing user group, both from within and outside of the

organizations. At the same time, they also have to ensure that performance is not

compromised.

e) Organizations sometimes have to deal with a number of point products in the network.

Securing all of them totally while ensuring seamless functionality is one of the biggest

challenges they face while planning and implementing a security blueprint.

Cybersecurity

21 | P a g e

f) The implementation and conceptualization of security blueprint is a challenge. Security is a

combination of people, processes, and technology; while IT managers are traditionally tuned to

address only the technology controls.

9. Recommendation of Network security controls

a) Organization should be prepared to cope with the growth of the organization, which in turn

would entail new enhancements in the network both in terms of applications and size. They

should plan security according to the changing requirements, which may grow to include

various factors like remote and third-‐party access.

b) Threats are no longer focused on network layer; application layer is the new playground of

hackers. Attack protection solutions must protect network, services and applications; provide

secure office connection, secure remote employee access, resilient network availability, and

controllable Internet access.

c) The ideal solution for internal security challenges is not only a conventional security product

but it must contain the threats (like worms), divide the network, and protect the desktop,

server and the data center.

d) About 70 percent of new attacks target Web-‐enabled applications and their number is

growing. Enterprises should, therefore, deploy Web security solutions that provide secure Web

access as well as protect Web servers and applications. The security solutions must be easy to

deploy, and they should also provide integrated access control (Pandey, 2011).

10. Wireless

While wireless provides productivity and benefit, their explosive growth they also pose

risks to end users and organizations

Cybersecurity

22 | P a g e

Threats to wireless local area networks (WLANs) are numerous and potentially devastating.

Security issues ranging from misconfigured wireless access points (WAPs) to session hijacking to

Denial of Service (DoS) can plague a WLAN. Wireless networks are not only susceptible to

TCP/IP-‐based attacks native to wired networks, they are also subject to a wide array of 802.11-‐

specific threats. To aid in the defense and detection of these potential threats, WLANs should

employ a security solutions.

Wireless access points are increasingly serving as entry points to the Internet, increasing

connectivity options and security concerns. Particularly significant are public access points,

commonly known as hotspots, which are often located in heavily populated areas such as

airports, coffee shops, and hotels, appealing to both business and casual users, but offering

little or no security. The number of worldwide commercial hotspots reached 143,700 in 2006,

with an estimated 675,000 additional access points shipped during the year specifically for use

in public hot spots (Chenoweth, Minch & Tabor, 2010). The growth in hotspots is expected to

continue because they are inexpensive, new applications (such as voice over Wi-‐Fi) are

emerging, and the public is becoming accustomed to the mobility and ubiquitous Internet

access they provide. At the same time that wireless usage is increasing, computer and network

security is consuming an increasing amount of time and resources for individuals and

organizations. The spiraling number of viruses and outsider attacks has driven this increase and

has shortened the timeframe between vulnerability announcements and the appearance of

global exploits. Despite the increased risk, most wireless networks have little or no network

security implemented. Surveys have determined that approximately 60% of all wireless

Cybersecurity

23 | P a g e

networks use no form of encryption, and that even when encryptions enabled, approximately

75% are using wired equivalent privacy (WEP), which has several well-‐documented security

deficiencies (Chenoweth, Minch & Tabor, 2010). The problem is even more acute with public

hotspots because their users are more interested in ease of use than the level of security.

11. Security Technology

Leading security vendors offer end-‐to-‐end solutions that claim to take care of all aspects of

Cybersecurity. End-‐to-‐end solutions usually offer a combination of hardware and software

platforms including a security management solution that performs multiple functions and takes

care of the entire gamut of security on a network. An integrated solution is one that

encompasses not only a point-‐security problem (like worms/intrusion) but one that also

handles a variety of network and application layer security challenges. Available products can

be categorized in the following streams.

A. SSL-‐VPN

According to NIST SSL-‐VPN guidelines that the protection of sensitive information that is

transmitted across interconnected networks is critical to the overall security of an

organization’s information and information systems. SSL VPNs provide secure remote access

to an organization’s resources. A VPN is a virtual network, built on top of existing physical

networks, which can provide a secure communications mechanism for data and other

information transmitted between two endpoints. Because a VPN can be used over existing

networks such as the Internet, it can facilitate the secure transfer of sensitive data across public

networks. An SSL VPN consists of one or more VPN devices to which users connect using their

Cybersecurity

24 | P a g e

Web browsers. The traffic between the Web browser and the SSL VPN device is encrypted with

the SSL protocol or its successor, the Transport Layer Security (TLS) protocol (Frankel 2010).

A. Intrusion Detection Prevention Systems

An IPS combines the best features of firewalls and intrusion detection system to provide

a tool that changes the configurations of network access control points according to the rapidly

changing threat profile of a network. This introduces the element of intelligence in network

security by adapting to new attacks and intrusion attempts. Intrusion prevention has received a

lot of interest in the user community. Most organization evolves in their use of intrusion

prevention technology. Some will adopt blocking in weeks and rapidly expand their blocking as

they see the benefits of accurate attack blocking. Others will start slowly and expand slowly.

The key is to reliably detect and stop both known and unknown attacks real time. Traffic

monitoring in wired networks is usually performed at switches, routers and gateways, but an ad

hoc network does not have these types of network elements where the IDS can collect audit

data for the entire network. Network traffic can be monitored on a wired network segment, but

ad hoc nodes or sensors can only monitor network traffic within its observable radio

transmission range.

Cybersecurity

25 | P a g e

12. Conclusion

The cybersecurity problem is unlike any other security problem the nation has faced

before. It is epiphenomenal, a consequence of the computer and Internet revolution. This

beguiling device is now a part of twenty-‐first-‐century life—a tool for cataloguing recipes, and

essential for launching cruise missiles, flying airplanes, and operating nuclear power plants. The

ubiquity of the computer and the Internet, which links one computer to another, offers

tremendous efficiency and customizable convenience. However, this efficiency and

convenience come at a significant price. The cornerstone of America’s cyberspace security

strategy is and will remain a public–private partnership. The public–private partnerships that

formed in response to the President’s call have developed their own strategies to protect the

parts of cyberspace on which they rely. This unique partnership and process was and will

continue to be necessary because the majority of the country’s cyber resources are controlled

by entities outside of government. (NSSC 2003,1, 54).

The security measures should be designed and provided, first organization should know its

need of security on the different levels of the organization and then it should be implemented

for different levels. Security policies should be designed first before its implementation in such

a way, so that future alteration and adoption can be acceptable and easily manageable. The

Security system must be tight but must be flexible for the end-‐user to make him comfortable,

he should not feel that security system is moving around him. Users who find security policies

and systems too restrictive will find ways around them.

Cybersecurity

26 | P a g e

12. Bibliography:

Brooks, T.N. (2003). A thematic content analysis of identity theft: What it is and how to avoid it. The University of Texas at Arlington. UMI Microform No. 1416811

Bhakta, P. (2008). Identity theft: Examining the challenges. California State University. Retrieved from http://proquest.umi.com.ezproxy.umuc.edu/pqdweb?index=2&did=1548707731&SrchMode=2&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1262467011&clientId=8724.

Obama, B. (2009). Speech of the U.S. President to the National Security Council. White House. Retrieved from http://www.whitehouse.gov/administration/eop/nsc/cybersecurity

Chenweth, t., Minch, R., & Tobor, S. (February, 2010). Wireless Insecurity: Examining user

security behavior on public networks. Vol. 53 Issue 2, p134-‐138, 5p, 4. Retrieved from ACM database

Curtin, M. (March, 1997). Introduction to Network Security. Retrieved from

http://www.cs.cornell.edu/Courses/cs519/2003sp/slides/15_securitybasics.pdf DeZabala, T. & Baich, R. (2010).Cybercrime: A clear and present danger – Combating the

fastest growing cyber security Threat. Deloitte. Retrieved from http://www.deloitte.com/assets/Dcom-‐UnitedStates/Local%20Assets/Documents/AERS/us_aers_Deloitte%20Cyber%20Crime%20POV%20Jan252010.pdf

Flauzac, R., Nolot, F., Rabat, C., & Steffencel, L, A. (2009). Grid of Security: A New Approach

of the Network Security. International Conference on Network and System Security. PP. 67-‐72. Retrieved from ACM database.

Fonte, E. (2008, February). Who will pay the price for identity theft? The Computer & Internet Lawyer, 25(2).

Gonzales, R.A. & Majoras, P.D. (2007). Identity Theft -‐ A Strategic Plan, The President’s Identity Theft Task Force, Federal Trade Commission Publications

O’Brien, K. J. (2010). Germany asks Apple about iPhone data-‐gathering. Retrieved from http://www.pogowasright.org/?p=11907

Cybersecurity

27 | P a g e

Pandey, S. (2011). Modern Network Issue and Challenges. International Journal of Engineering Science & Technology, 2011, Vol. 3 Issue 5, p4351-‐357, 7p. Retrieved form Academic Search Complete.

Ji, S., Smith-‐Chao, S., & Min, Q. (2008). Systems Plan for Combating Identity Theft -‐ A Theoretical Framework. Journal of Service Science and Management, 1(2), 143-‐152. doi: 1788212021

Khan, M, A., Shah, G, A., & Sher, M, (August 2011). Challenges for Security in Wireless sensor Networks (WSNs). World Academy of Science, Engineering & Technology, Aug2011, Vol. 80, p390-‐396, 7p. Retrieved from EBSCO database.

Kelhe, W., Tong, Z., Wei, L., & Gang, M. (2009). Security Model Based on Network Business Security, In Proc. Of Int. Conf. on Computer Technology and Development. ICCTD, Val. 1, pp.577-‐580. Retrieved from ACM database

McDowell, M. & Lytle, M. (2008). Cybersecurity for electronic devices. U.S. Department of Homeland Security. Retrieved from http://www.us-‐cert.gov/cas/tips/ST05-‐017.html

Marin, G, A. (2005). “Network Security Basics”, In security & privacy, IEEE, Issue 6, Vol 3, pp. 68-‐72. Retrieved from ACM database.

Stevenson, E.H. (2000). Identity theft. The University of Houston Clear Lake. A Master Thesis. Retrieved from http://proquest.umi.com.ezproxy.umuc.edu/pqdweb?index=11&did=729227861&SrchMode=1&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1263089712&clientId.

Samid, G. (2009). The unending Cyber war. Publisher: DGS, Vitco, Mclean, VA. P. V

Wilschen, G. ( 2005). Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems: GAO Report. P1, 79p. Retrieved from MasterFile Premier.