Upload
asad-zaman-mba-msc
View
13
Download
1
Tags:
Embed Size (px)
Citation preview
Cybersecurity
1 | P a g e
Cybersecurity
Issues, Challenges and Security Controls
Image: Courtesy of Google
By
Asad Zaman
Information Assurance Capstone-‐670 (Research Paper)
November 2011.
For
Dr. James Clark
University of Maryland University College (UMUC)
Cybersecurity
2 | P a g e
Table of Contents
1. Abstract…………………………………………………………………………………………………………………………………...…3 2. Introduction……………………………………………………………………………………………………………..…………………4 3. Background…………………..…………………………………………….…………………………………………….……………….6 4. Cybersecurity issues & Challenges -‐ Federal Information Systems……………………………………………..6 5. Cybersecurity Issues and Challenges -‐The Corporations, Institutes, and Service Providers..….…..8 6. Cybersecurity Tools………………….……………………………….………………………………………………………………12
A). Cybersecurity Measures………………………………………………………………………………………………………13 7. Cybersecurity Method………………………………………………………………………………………………………………15
A). Cryptography ………………………………………………………………………………………………………………………15 B). Firewall…………………………………………………………………………………………………..……………………………16 C). Application gateway…………………………………………………………………………………………………………….17 D). Pocket Filtering……………………………………………………………………………………………………………………18 E). Hybrid………………………………………………………………………………………………………………………………….19
8. Cybersecurity Management Issues………………………………………………………………………….………………..20 9. Recommendation on Network security…………………………………………………………………………………….21 10. Wireless ……………………………………………………………………………………………………………………………………21 11. Cybersecurity Technology…………….……………………………………………………………………..…..……………….23
A). SSL-‐VPN……………………………………………………………………………………………………………………………….23 B). Intrusion Detection Prevention System……………………………………………………………………………….24
12. Conclusion………………………………………………………………………………………………………..………..……………24 13. Bibliography……………………………………………………………………………………………………………………………..25
Figure
Figure 1: Sample application of gateway……………………………………………………………………………………………….18
Figure 2: Sample Pocket filtering……………………………………………………………………………………………………………19
Cybersecurity
3 | P a g e
1. Abstract
Physical world is increasingly supported by a cyberspace or internet infrastructure. This
infrastructure enables new business models, enhances communications, makes personal lives
more convenient, and contributes to national defense. The flip side of this increased reliance,
however, is that vulnerable to threats to cyberspace infrastructure. Network outages, data
compromised by hackers, propagating viruses, and other incidents affect lives in ways that
range from inconvenient to life-‐threatening. Cybersecurity necessitates a comprehensive
national policy to protect electronically transmitted and stored information from intrusion.
The President of the United State (U.S.) declared that the U.S. economic prosperity in 21st
century depends on cybersecurity. In the face of severe exigencies of threat, several nations
and organizations are addressing the issue independently as well as jointly. Cybersecurity
threats are increasing day by day and making high speed wired/wireless network and internet
services, insecure and unreliable. Security measures works more importantly towards fulfilling
the cutting edge demands of today’s growing internet use. The need is also induced in to the
areas like defense, where secure and authenticated access of resources are the key issues
related to information security.
This paper described the important measures and parameters regarding large
industry/organizational requirements for establishing a secure network as well as issue and
challenges in cybersecurity. Wi-‐Fi networks are very common in providing wireless network
access to different resources and connecting various devices wirelessly. There are need of
different requirements to handle Wi-‐Fi threats and network hacking attempts. This paper also
Cybersecurity
4 | P a g e
explores important security measures related to cybersecurity, so that a fully secured network
environment could be established in an organization.
2. Introduction
As government agencies, private sector corporations, the military, and even retail shoppers
shift their activities to the Internet, cybersecurity becomes increasingly important. In October
2010, the President of the United States (U.S.) called upon U.S. people to recognize the
importance of cybersecurity. He emphasized on the confidentiality of sensitive information,
integrity of e-‐commerce, and resilience of cyber infrastructure. The President requested for a
universal co-‐operations to reduce cyber risk (http://www.whitehouse.gov/the-‐press-‐
office/2010/10/01/presidential-‐proclamation-‐national-‐cybersecurity-‐awareness-‐month).
Cyberspace touches nearly every part of daily lives. It's the broadband networks beneath us
and the wireless signals around us, the local networks in our schools and hospitals and
businesses, and the massive grids that power our nation. It's the classified military and
intelligence networks that keep us safe, and the World Wide Web that has made us more
interconnected than at any time in human history. We must secure our cyberspace to ensure
that we can continue to grow the nation’s economy and protect our way of life
(www.whitehouse.gov/cybersecurity).
Cybersecurity is the measure to safeguard organizational computing assets from cyber
threats and vulnerabilities. While computers provide increased features and functionality, they
also introduce new risks. Any piece of electronic equipment, such as computer, cell phone, car
navigation device, PDA, etc. that uses some kind of computerized component is vulnerable to
software imperfections and vulnerabilities. The risks increase if the device is connected to the
Cybersecurity
5 | P a g e
internet or a network that an attacker may be able to access. The outside connection provides
a way for an attacker to send information to or extract information from the connected device.
Both wired and wireless connections are vulnerable to cyber threats. Attackers may be able to
take advantage of these technological advancements to target devices previously considered
"safe." For example, an attacker may be able to infect cell phone with a virus, steal phone or
wireless service, or access the data on PDA. Not only do these activities have implications for
users’ personal information, but they could also have serious consequences if any corporate
information is stored on the device. Computing devices should never be left unattended in
public or easily accessible areas. All patches, firmware updates, and software updates must be
installed immediately after it is released by the vendor – installing them will prevent attackers
from being able to take advantage of known problems or vulnerabilities. A strong and unique
password which is difficult for thieves to guess should be used for each computing device, and
option to remember password should be disabled. Network connections, including wireless
connections, should be kept disabled when they are not in use. All data, especially the privacy
data, should be stored encrypted. When data is encrypted, unauthorized people can't view
data even if they can physically access it; the data owner must remember the encryption
password to decrypt data, otherwise even the owner will be unable to see data (McDowell &
Lytle, 2008).
Even the U.S. President, Barack Obama, in his address on May 29, 2009 to the National
Security Council (NSC), declared that America's economic prosperity in the 21st century would
depend on effective implementation of cybersecurity. Obama mentioned cyber threat as one
of the serious economic and national security challenges and cautioned about the risk of
Cybersecurity
6 | P a g e
privacy data, identity theft, botnet, spyware, malware, spoofing, phishing, cyber threats, and
cyber criminals. He mentioned that about 1.5 billion people worldwide use Internet and it is
growing rapidly. The President highlighted that e-‐commerce in U.S. accounted for $132 billion
retail sales in 2008. Obama estimated that cyber criminals stole $1 trillion worth of intellectual
property in 2008 worldwide (Obama, 2009). Cybersecurity can be defined as protection of
networks and their services from unauthorized alteration, destruction, or disclosure, and
provision of assurance that the network performs in critical situations and have no harmful
effects for neither user nor for employee (Jegal, 2008). It also includes provisions made in an
underlying computer network infrastructure, policies adopted by the network administrator to
protect the network and the network-‐accessible resources from unauthorized access.
3. Background
Computer networks were developed in the 1960s to help a small group of scientists to
communicate among themselves. The Internet was developed in 1969 in an effort to link a few
computers in scientific labs across the Unites States, especially for military research, and
financed by Pentagon through the Advanced Research Project Agency (ARPA). The first
network was called ARPANET. In 1989, the Internet was transformed to World Wide Web
(WWW) allowing millions of people to access. In the early 1990s, the development of Netscape
Navigator even made the WWW easier to use. Today, the Internet is used by millions of people
on a daily basis (Stevenson, 2000).
4. Cybersecurity Issues & Challenges (The Federal Information Systems)
Federal agencies are facing a set of emerging cybersecurity threats that are the result of
increasingly sophisticated methods of attack and the blending of once distinct types of attack into
Cybersecurity
7 | P a g e
more complex and damaging forms. Examples of these threats include spam (unsolicited
commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and
spyware (software that monitors user activity without user knowledge or consent). To address
these issues, GAO was asked to determine (1) the potential risks to federal systems from these
emerging cybersecurity threats, (2) the federal agencies' perceptions of risk and their actions to
mitigate them, (3) federal and private-sector actions to address the threats on a national level, and
(4) government faces a wide challenges to protecting federal systems from these threats. Spam,
phishing, and spyware pose security risks to federal information systems. Spam consumes
significant resources and is used as a delivery mechanism for other types of cyber attacks;
phishing can lead to identity theft, loss of sensitive information, and reduced trust and use of
electronic government services; and spyware can capture and release sensitive data, make
unauthorized changes, and decrease system performance. The blending of these threats creates
additional risks that cannot be easily mitigated with currently available tools. Agencies'
perceptions of the risks of spam, phishing, and spyware vary. In addition, most agencies were not
applying the information security program requirements of the Federal Information Security
Management Act of 2002 (FISMA) to these emerging threats, including performing risk
assessments, implementing effective mitigating controls, providing security awareness training,
and ensuring that their incident-response plans and procedures addressed these threats. Several
entities within the federal government and the private sector have begun initiatives to address
these emerging threats. These efforts range from educating consumers to targeting cybercrime.
Similar efforts are not, however, being made to assist and educate federal agencies. Although
federal agencies are required to report incidents to a central federal entity, they are not
consistently reporting incidents of emerging cybersecurity threats. Pursuant to FISMA, the
Cybersecurity
8 | P a g e
Office Management and Budget (OMB) and the Department of Homeland Security (DHS) share
responsibility for the federal government's capability to detect, analyze, and respond to
cybersecurity incidents. However, government a wide guidance has not been issued to clarify to
agencies which incidents they should be reporting, as well as how and to whom they should
report. Without effective coordination, the federal government is limited in its ability to identify
and respond to emerging cybersecurity threats, including sophisticated and coordinated attacks
that target multiple federal entities (Wilschsen, 2005).
5. Cybersecurity Issue & Challenges (The Corporations, Institutes, and Service Providers)
A Deloitte study in 2010 found that cyber threats posed to organizations have increased
faster than potential victims, the cybersecurity professionals, can cope with them. This placed
organizations at significant risk. Cyber criminals are increasingly adept at gaining undetected
access and maintaining a persistent, low-‐profile, long-‐term presence in IT environments. An
underground economy has evolved around stealing, packaging, and reselling information.
Malware authors for hire provide skills, capabilities, products, and outsourced services to cyber
criminals. These include, among others, identity collection and theft, data acquisition and
storage, stealthy access to systems, misdirection of communications, keystroke identification,
identity authentication, and botnets. Security models today are primarily “reactive,” and cyber
criminals are exploiting that weakness. Many security organizations may be leaving themselves
vulnerable to cyber crime based on a false sense of security, perhaps even complacency, driven
by non-‐agile security tools and processes. Many are failing to recognize cyber crimes in their
information technology (IT) environments and misallocating limited resources to lesser threats.
Cybersecurity
9 | P a g e
For example, many organizations focus heavily on foiling hackers and blocking pornography
while potential cyber crimes are going undetected and unaddressed (DeZabala & Baich, 2010).
There are concerns that Apple uploads clients’ data, up to 73MB a night, from every iPhone
device in-‐use. Apple is claiming that they are uploading location data only. Uploading up to 73
MB of location data every night? Is that true? What Apple is really uploading? Are they
harvesting keyboard cache, GeoTag (location data), date, time, photo library, WiFi connection
logs, and personal interest of users supplemented with name, phone number, and email
address? All combined, this set of information has a huge value in the underground market of
personal data. This data is enough for a dubious spouse to prove that the partner was not in
office at a given date and time? Is Apple infringing the data privacy of its users? As a
precaution, Apple users should regularly clean the browser’s recent searches and the keyboard
cache. Germany’s justice minister, Sabine Leutheusser-‐Schnarrenberger, has already asked
Apple to tell the State Data Protection Officials about the kind of data that Apple is gathering on
individual iPhone users in Germany. Apple is also asked to outline the purpose of collecting this
data and how long the data will be stored (Brien, 2010; Seriot, 2010).
Although there are popular believes that only computer programs can get infected with
virus software, but that is not necessarily true. In fact, almost any electronic device that runs
automatically can get infected with malware (virus, worm, etc.), and even cell phones are not
safe from cyber crimes. IKEE is the first known iPhone worm. This worm changes the iPhone’s
wallpaper and displays a photograph of 1980s singer Rick Ashley with the words “IKEE is never
goanna give you up.” The programmer of this worm, a 21-‐year old Australian programmer, was
Cybersecurity
10 | P a g e
subsequently hired by the Australian iPhone development company, Mogeneration. Typically,
iPhone runs software in its standard configuration that is cryptographically signed only by
Apple, but iPhone hackers found ways to circumvent this limitation by creating a modified
version of iPhone operating system (OS) that runs other software codes. Installing such a
firmware is called “jailbreaking.” It is estimated that about 6–8% of all iPhone are “jailbroken”
and hackers can steal users’ data now, including users’ privacy and sensitive data, from
jailbroken iPhones remotely (Seriot, 2010).
Cybercrime, such as identity theft electronically, is a federal crime in the USA. It is one
of the most prevalent nuisances of the 21st century, the digital revolution, and the radical
transformation of world for its widespread Internet use. Not only has this revolution changed
the way people live and do business, it has also expanded the spectrum of illegal activities.
Cybercrime has many faces -‐ from computer hacking and online piracy of copyrighted content
to spam, spyware, malware, or any of a host of other issues, unimaginable a few decades ago.
It is not yet clear how the law is faring against this ever elusive opponent (Demarco, 2009).
The most frequent form of identity theft is the fraudulent use of someone’s name and
identifying data to obtain credit, merchandise, and services (COPS, 2006). The Internet has
made it easier for individuals and organizations to communicate and conduct business online;
hence, e-‐commerce is growing. According to eMarketer, an estimated 152 million individuals
ages 14 and above shopped online in 2009. With the growth of e-‐commerce, identity theft
problems have also grown in many parts of the world. Tremendous efforts have been made in
Cybersecurity
11 | P a g e
the past decade by governments and businesses to understand these issues and to find-‐out
solutions for combating these problems (Ji, Smith-‐Chao, & Min, 2008).
The growth potential of e-‐commerce has its own vulnerabilities also. The chance of
security failure, including disclosure of privacy information, is high. The confidentiality,
integrity, and availability (CIA) are at stake. Perhaps the most important reason for both
businesses and consumers to partially refrain from establishing and participating in e-‐
commerce is the potential for loss of privacy data. A single highly publicized security breach in
privacy data can erode confidence in the business and can not only damage the reputation of
the firm, but cause widespread repercussions in the e-‐commerce industry (Farahmand &
Navathe, 2005). The internet has presented opportunities for companies to bombard the
consumers with various marketing information, especially in online advertisements. Some of
these techniques infringe data privacy and leaves consumers with security issues. Dobosz,
Green, & Sisler (2006) found that DoubleClick collecting PII of Internet users although it claims
that it does not.
A Federal Trade Commission survey conducted in 2003 estimated the annual number of
victims of some form of identity theft at 9.91 million adults or about 4.6 percent of the United
States population. Actual dollar losses for businesses and victims in the United States are
estimated roughly at $53 billion for 2004. These figures do not take into account expenses
incurred by the victims to recover losses; the cost to the criminal justice system to detect,
investigate, and prosecute offenders; or the expenditures of time and money to develop,
promulgate, and enforce legislation to control this crime (COPS, 2006). The total one-‐year
Cybersecurity
12 | P a g e
fraud amount for 2006 is estimated at $55.7 billion, and the average number of hours that each
victim devotes to resolving fraudulent transactions and negative credit reporting issues is
thought to be 40 hours per victim (Fonte, 2008).
It is essential to reduce the opportunities for criminals’ misusing the data that they steal
because thieves are resourceful and security systems are imperfect. Strong law enforcement is
necessary to punish the identity thieves. The recent increasing sophistication of identity
thieves meant that law enforcement agencies at all levels of government must increase the
resources they devote for investigating identity related crimes (Gonzales & Majoras, 2007).
According to the U.S. Federal Trade Commission (FTC) survey, about 9.9 million Americans were
victims of identity theft in 2002. Losses from such crimes totaled $48 billion. Consumers
reported $5 billion in out-‐of-‐pocket expenses to fix the problem (Africa news, 2003). The
federal trade commission (FTC) publication in 2008 – “Take Charge: Fighting Back Against
Identity Theft” is rich in contents identifying the prevailing risks, such as tax fraud, banking
fraud, and credit fraud in identity theft and data privacy risks, resolving problems, and
minimizing recurrence (FTC, 2008).
There is a growing awareness among e-‐commerce customers that they must stay ahead
of the risks, because risk is everywhere; even using a teller machine is a potential risk where a
criminal might watch the personal identification number (PIN) over the shoulder and use it later
or sell it to others for their financial gains (Bhakta, 2008).
6. Cybersecurity Tools
Cybersecurity
13 | P a g e
Nowadays many commercial and some DOD or DOE installations have networks which
include various supercomputer models incorporated in them. It would be interesting to know if
products cater for such environments too along with the associated pricing algorithm. New
techniques and advances in the field of “real-‐time” auditing in the area of IDS, Intrusion
Detection Systems, now look for signs of intrusions or variations in the normal operations in
real time. Thus bringing auditing of ICT network systems into more of an a ‘prior system than
previous known. Previous ICT auditing systems looked more like the classical accounting and
financial auditing tools applied to computing. There is still that element present. However;
today the computer is the network and the network is the computer and it is a dynamic system
which lends itself to real-‐time auditing. This is a dimension beyond yesterday’s computer
auditing functionality (Clark, 2011).
Below are named few tools and a very brief functionality used to secure the network:
• N-‐map Security Scanner is a free and open source utility for network exploration or security
auditing.
• Nessus is the best free network vulnerability scanner available.
• Wire shark or Ethereal is an open source network protocol analyzer for UNIX and Windows.
• Snort is light-‐weight network intrusion detection and prevention system excels at traffic
analysis and packet Logging on IP networks.
• Net Cat is a simple utility that reads and writes data across TCP or UDP network connections.
• Kismet is a powerful wireless sniffer.
6. Cybersecurity Measures:
Cybersecurity
14 | P a g e
(Marin, 2005) defined the core practical networking aspects of security including
computer intrusion detection, traffic analysis, and network monitoring aspects of network
security. (Flauzac, 2009) has presented a new approach for the implementation of
distributed security solution in a controlled collaborative manner, called grid of security, in
which community of devices ensures that a device is trustworthy and communications
between devices can be performed under control of the system policies. (Wu Kehe, 2009)
has defined information security in three parts -‐ data security, network system security and
network business security, and the network business security model. A theoretical basis for
security defense for enterprise automatic production system has also been established. A
Public Key Infrastructure (PKI)-‐based security framework for wireless network has been
defined by (Wuzheng 2009). In this paper various tools and treatment related to
cryptography and network security has been defined. The latest issues related to network
security technology and their practical applications like Advance Encryption Standard (AES),
CMAC mode for authentication and the CCM mode for authenticated encryption standards
are also discussed in a very elaborative way. In addition, various hacking attempts and their
detection, remedial are also discussed in a very efficient way. Nowadays, transfer of
information in a safer and secure way over a network has become a major challenge for the
industry. The attacks and the network security measures define that how using the network
security tools, a better, healthy and safe network can be designed and maintained for an
organization/industry. This paper focuses on the issues through which Cybersecurity can be
managed and maintained more efficiently in an organization.
Following measures are to be taken to secure the network
Cybersecurity
15 | P a g e
• A strong firewall and proxy to be used to keep unwanted traffic out.
• A strong Antivirus software package and Internet Security Software package should be
installed.
• For authentication, use strong passwords and change every 30 days basis.
• When using a wireless connection, use a robust password.
• Employees should be cautious about physical security.
• Prepare a network analyzer or network monitor and use it when needed.
• Implementation of physical security measures like closed circuit television for entry areas and
restricted zones.
• Security barriers to restrict the organization's perimeter.
• Fire asphyxiators can be used for fire-‐sensitive areas like server rooms and security rooms.
7. Cybersecurity Method
According to one of my UMUC professor that Security is on one hand a race of imagination,
trying to outthink the bad guys, but it is also a very regimented, details oriented, carefully
thought out pattern of activity. The imagination and the cybersecuity method are expressed
regarding the cybersecurity war (Samid, 2009). In a never-‐ending loop, cybersecurity experts
develop new ways to prevent continually emerging threats, and hackers develop more
sophisticated technology to circumvent information security systems. Below are named a few
methods and a brief discussed.
A. Cryptography
Today’s information systems and the information that they contain are considered to be
major assets that require protection. Cryptography relies on ciphers (after encrypted plaintext),
Cybersecurity
16 | P a g e
which is nothing but mathematical functions used for encryption and decryption of a message.
To ensure the security of information in increasingly prevalent e-‐commerce, e-‐business, and to
protect private data from hackers and saboteurs, among the others, cryptography is one of the
key techniques that ensure confidentiality and integrity of information. The information used
by government and business is contained in computer systems consisting of groups of
interconnected computers that make use of shared networks, often referred to as the Internet
or Cyberspace. Since the Cyberspace is shared by diverse and often competing organizations
and individuals, information systems should protect themselves and the information that they
contain from unauthorized disclosure, modification and use. Cryptography is often used to
protect information from unauthorized disclosure, to detect modification, and to authenticate
the identities of system users. Cryptography is particularly useful when data transmission or
authentication occurs over communications networks for which physical means of protection
are often cost-‐prohibitive or even impossible to implement. Thus, cryptography is widely used
when business is conducted or when sensitive information is transmitted over the Cyberspace.
Cryptography also provides a layer of protection for stored data (in addition to physical and
computer security access controls) against insiders who may have physical and possibly logical
(e.g., system administrator) access to, but not the authorization to know or modify, the
information Cryptographic techniques (Pandey, 2011).
B. Firewall
Firewalls are devices or programs that control the flow of network traffic between networks
or hosts that employ differing security postures. At one time, most firewalls were deployed at
network perimeters. This provided some measure of protection for internal hosts, but it could
Cybersecurity
17 | P a g e
not recognize all instances and forms of attack, and attacks sent from one internal host to
another often do not pass through network firewalls. Because of these and other factors,
network designers now often include firewall functionality at places other than the network
perimeter to provide an additional layer of security, as well as to protect mobile devices that
are placed directly onto external networks. Threats have gradually moved from being most
prevalent in lower layers of network traffic to the application layer, which has reduced the
general effectiveness of firewalls in stopping threats carried through network communications.
However, firewalls are still needed to stop the significant threats that continue to work at lower
layers of network traffic. Firewalls can also provide some protection at the application layer,
supplementing the capabilities of other network security technologies. There are several types
of firewalls, each with varying capabilities to analyze network traffic and allow or block specific
instances by comparing traffic characteristics to existing policies. Understanding the capabilities
of each type of firewall, and designing firewall policies and acquiring firewall technologies that
effectively address an organization’s needs, are critical to achieving protection for network
traffic flows.
C. Application gateway
This is the first firewall and is sometimes also known as proxy gateways as shown in figure
1. These are made up of bastion hosts so they do act as a proxy server. This software runs at
the Application Layer of the ISO/OSI Reference Model. Clients behind the firewall must be
categorized & prioritized in order to avail the Internet services. This is been the most secure,
Cybersecurity
18 | P a g e
because it doesn't allow anything to pass by default, but it also need to have the programs
written and turned on in order to start the traffic passing.
Figure 1: A sample application gateway (Pandra, 2010)
D. Pocket Filtering
Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on.
By default, a router will pass all traffic sent through it, without any restrictions as shown in
figure 2. ACL’s is a method to define what sorts of access is allowed for the outside world to
have to access internal network, and vice versa. This is less complex than an application
gateway, because the feature of access control is performed at a lower ISO/OSI layer. Due to
low complexity and the fact that packet filtering is done with routers, which are specialized
computers optimized for tasks related to networking, a packet filtering gateway is often much
faster than its application layer cousins. Working at a lower level, supporting new applications
either comes automatically, or is a simple matter of allowing a specific packet type to pass
through the gateway. There are problems with this method; thought TCP/IP has absolutely no
Cybersecurity
19 | P a g e
means of guaranteeing that the source address is really what it claims to be. As a result, use
layers of packet filters are must in order to localize the traffic.
Figure 2: A sample packet filtering gateway (Pandra, 2010)
It can differentiate between a packet that came from the Internet and one that came from our
internal network. Also It can be identified which network the packet came from with certainty,
but it can't get more specific than that.
E. Hybrid System
In an attempt to combine the security feature of the application layer gateways with the
flexibility and speed of packet filtering, some developers have created systems that use the
principles of both. In some of these systems, new connections must be authenticated and
approved at the application layer. Once this has been done, the remainder of the connection is
passed down to the session layer, where packet filters watch the connection to ensure that only
packets that are part of an ongoing (already authenticated and approved) conversation are
being passed. Uses of packet filtering and application layer proxies are the other possible ways.
Cybersecurity
20 | P a g e
The benefits here include providing a measure of protection against your machines that provide
services to the Internet (such as a public web server), as well as provide the security of an
application layer gateway to the internal network. Additionally, using this method, an attacker,
in order to get to services on the internal network, will have to break through the access router,
the bastion host, and the choke router.
8. Security Management Issues
a) Ensuring the security strength of the organization is a big challenge nowadays. Organizations
have some pre-‐defined security policies and procedures but they are not implementing it
accordingly. Through the use of technology, we should impose these policies on people and
process.
b) Building and affirming high-‐quality resources for deployment and efficient management of
network security infrastructure. Adopting technologies that are easy and cost effective to
deploy and manage day-‐to–day network security operations and troubleshoots in the long run.
c) Ensuring a fully secure networking environment without degradation in the performance of
business applications.
d) On a day-‐to-‐day basis, enterprises face the challenge of having to scale up their
infrastructure to a rapidly increasing user group, both from within and outside of the
organizations. At the same time, they also have to ensure that performance is not
compromised.
e) Organizations sometimes have to deal with a number of point products in the network.
Securing all of them totally while ensuring seamless functionality is one of the biggest
challenges they face while planning and implementing a security blueprint.
Cybersecurity
21 | P a g e
f) The implementation and conceptualization of security blueprint is a challenge. Security is a
combination of people, processes, and technology; while IT managers are traditionally tuned to
address only the technology controls.
9. Recommendation of Network security controls
a) Organization should be prepared to cope with the growth of the organization, which in turn
would entail new enhancements in the network both in terms of applications and size. They
should plan security according to the changing requirements, which may grow to include
various factors like remote and third-‐party access.
b) Threats are no longer focused on network layer; application layer is the new playground of
hackers. Attack protection solutions must protect network, services and applications; provide
secure office connection, secure remote employee access, resilient network availability, and
controllable Internet access.
c) The ideal solution for internal security challenges is not only a conventional security product
but it must contain the threats (like worms), divide the network, and protect the desktop,
server and the data center.
d) About 70 percent of new attacks target Web-‐enabled applications and their number is
growing. Enterprises should, therefore, deploy Web security solutions that provide secure Web
access as well as protect Web servers and applications. The security solutions must be easy to
deploy, and they should also provide integrated access control (Pandey, 2011).
10. Wireless
While wireless provides productivity and benefit, their explosive growth they also pose
risks to end users and organizations
Cybersecurity
22 | P a g e
Threats to wireless local area networks (WLANs) are numerous and potentially devastating.
Security issues ranging from misconfigured wireless access points (WAPs) to session hijacking to
Denial of Service (DoS) can plague a WLAN. Wireless networks are not only susceptible to
TCP/IP-‐based attacks native to wired networks, they are also subject to a wide array of 802.11-‐
specific threats. To aid in the defense and detection of these potential threats, WLANs should
employ a security solutions.
Wireless access points are increasingly serving as entry points to the Internet, increasing
connectivity options and security concerns. Particularly significant are public access points,
commonly known as hotspots, which are often located in heavily populated areas such as
airports, coffee shops, and hotels, appealing to both business and casual users, but offering
little or no security. The number of worldwide commercial hotspots reached 143,700 in 2006,
with an estimated 675,000 additional access points shipped during the year specifically for use
in public hot spots (Chenoweth, Minch & Tabor, 2010). The growth in hotspots is expected to
continue because they are inexpensive, new applications (such as voice over Wi-‐Fi) are
emerging, and the public is becoming accustomed to the mobility and ubiquitous Internet
access they provide. At the same time that wireless usage is increasing, computer and network
security is consuming an increasing amount of time and resources for individuals and
organizations. The spiraling number of viruses and outsider attacks has driven this increase and
has shortened the timeframe between vulnerability announcements and the appearance of
global exploits. Despite the increased risk, most wireless networks have little or no network
security implemented. Surveys have determined that approximately 60% of all wireless
Cybersecurity
23 | P a g e
networks use no form of encryption, and that even when encryptions enabled, approximately
75% are using wired equivalent privacy (WEP), which has several well-‐documented security
deficiencies (Chenoweth, Minch & Tabor, 2010). The problem is even more acute with public
hotspots because their users are more interested in ease of use than the level of security.
11. Security Technology
Leading security vendors offer end-‐to-‐end solutions that claim to take care of all aspects of
Cybersecurity. End-‐to-‐end solutions usually offer a combination of hardware and software
platforms including a security management solution that performs multiple functions and takes
care of the entire gamut of security on a network. An integrated solution is one that
encompasses not only a point-‐security problem (like worms/intrusion) but one that also
handles a variety of network and application layer security challenges. Available products can
be categorized in the following streams.
A. SSL-‐VPN
According to NIST SSL-‐VPN guidelines that the protection of sensitive information that is
transmitted across interconnected networks is critical to the overall security of an
organization’s information and information systems. SSL VPNs provide secure remote access
to an organization’s resources. A VPN is a virtual network, built on top of existing physical
networks, which can provide a secure communications mechanism for data and other
information transmitted between two endpoints. Because a VPN can be used over existing
networks such as the Internet, it can facilitate the secure transfer of sensitive data across public
networks. An SSL VPN consists of one or more VPN devices to which users connect using their
Cybersecurity
24 | P a g e
Web browsers. The traffic between the Web browser and the SSL VPN device is encrypted with
the SSL protocol or its successor, the Transport Layer Security (TLS) protocol (Frankel 2010).
A. Intrusion Detection Prevention Systems
An IPS combines the best features of firewalls and intrusion detection system to provide
a tool that changes the configurations of network access control points according to the rapidly
changing threat profile of a network. This introduces the element of intelligence in network
security by adapting to new attacks and intrusion attempts. Intrusion prevention has received a
lot of interest in the user community. Most organization evolves in their use of intrusion
prevention technology. Some will adopt blocking in weeks and rapidly expand their blocking as
they see the benefits of accurate attack blocking. Others will start slowly and expand slowly.
The key is to reliably detect and stop both known and unknown attacks real time. Traffic
monitoring in wired networks is usually performed at switches, routers and gateways, but an ad
hoc network does not have these types of network elements where the IDS can collect audit
data for the entire network. Network traffic can be monitored on a wired network segment, but
ad hoc nodes or sensors can only monitor network traffic within its observable radio
transmission range.
Cybersecurity
25 | P a g e
12. Conclusion
The cybersecurity problem is unlike any other security problem the nation has faced
before. It is epiphenomenal, a consequence of the computer and Internet revolution. This
beguiling device is now a part of twenty-‐first-‐century life—a tool for cataloguing recipes, and
essential for launching cruise missiles, flying airplanes, and operating nuclear power plants. The
ubiquity of the computer and the Internet, which links one computer to another, offers
tremendous efficiency and customizable convenience. However, this efficiency and
convenience come at a significant price. The cornerstone of America’s cyberspace security
strategy is and will remain a public–private partnership. The public–private partnerships that
formed in response to the President’s call have developed their own strategies to protect the
parts of cyberspace on which they rely. This unique partnership and process was and will
continue to be necessary because the majority of the country’s cyber resources are controlled
by entities outside of government. (NSSC 2003,1, 54).
The security measures should be designed and provided, first organization should know its
need of security on the different levels of the organization and then it should be implemented
for different levels. Security policies should be designed first before its implementation in such
a way, so that future alteration and adoption can be acceptable and easily manageable. The
Security system must be tight but must be flexible for the end-‐user to make him comfortable,
he should not feel that security system is moving around him. Users who find security policies
and systems too restrictive will find ways around them.
Cybersecurity
26 | P a g e
12. Bibliography:
Brooks, T.N. (2003). A thematic content analysis of identity theft: What it is and how to avoid it. The University of Texas at Arlington. UMI Microform No. 1416811
Bhakta, P. (2008). Identity theft: Examining the challenges. California State University. Retrieved from http://proquest.umi.com.ezproxy.umuc.edu/pqdweb?index=2&did=1548707731&SrchMode=2&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1262467011&clientId=8724.
Obama, B. (2009). Speech of the U.S. President to the National Security Council. White House. Retrieved from http://www.whitehouse.gov/administration/eop/nsc/cybersecurity
Chenweth, t., Minch, R., & Tobor, S. (February, 2010). Wireless Insecurity: Examining user
security behavior on public networks. Vol. 53 Issue 2, p134-‐138, 5p, 4. Retrieved from ACM database
Curtin, M. (March, 1997). Introduction to Network Security. Retrieved from
http://www.cs.cornell.edu/Courses/cs519/2003sp/slides/15_securitybasics.pdf DeZabala, T. & Baich, R. (2010).Cybercrime: A clear and present danger – Combating the
fastest growing cyber security Threat. Deloitte. Retrieved from http://www.deloitte.com/assets/Dcom-‐UnitedStates/Local%20Assets/Documents/AERS/us_aers_Deloitte%20Cyber%20Crime%20POV%20Jan252010.pdf
Flauzac, R., Nolot, F., Rabat, C., & Steffencel, L, A. (2009). Grid of Security: A New Approach
of the Network Security. International Conference on Network and System Security. PP. 67-‐72. Retrieved from ACM database.
Fonte, E. (2008, February). Who will pay the price for identity theft? The Computer & Internet Lawyer, 25(2).
Gonzales, R.A. & Majoras, P.D. (2007). Identity Theft -‐ A Strategic Plan, The President’s Identity Theft Task Force, Federal Trade Commission Publications
O’Brien, K. J. (2010). Germany asks Apple about iPhone data-‐gathering. Retrieved from http://www.pogowasright.org/?p=11907
Cybersecurity
27 | P a g e
Pandey, S. (2011). Modern Network Issue and Challenges. International Journal of Engineering Science & Technology, 2011, Vol. 3 Issue 5, p4351-‐357, 7p. Retrieved form Academic Search Complete.
Ji, S., Smith-‐Chao, S., & Min, Q. (2008). Systems Plan for Combating Identity Theft -‐ A Theoretical Framework. Journal of Service Science and Management, 1(2), 143-‐152. doi: 1788212021
Khan, M, A., Shah, G, A., & Sher, M, (August 2011). Challenges for Security in Wireless sensor Networks (WSNs). World Academy of Science, Engineering & Technology, Aug2011, Vol. 80, p390-‐396, 7p. Retrieved from EBSCO database.
Kelhe, W., Tong, Z., Wei, L., & Gang, M. (2009). Security Model Based on Network Business Security, In Proc. Of Int. Conf. on Computer Technology and Development. ICCTD, Val. 1, pp.577-‐580. Retrieved from ACM database
McDowell, M. & Lytle, M. (2008). Cybersecurity for electronic devices. U.S. Department of Homeland Security. Retrieved from http://www.us-‐cert.gov/cas/tips/ST05-‐017.html
Marin, G, A. (2005). “Network Security Basics”, In security & privacy, IEEE, Issue 6, Vol 3, pp. 68-‐72. Retrieved from ACM database.
Stevenson, E.H. (2000). Identity theft. The University of Houston Clear Lake. A Master Thesis. Retrieved from http://proquest.umi.com.ezproxy.umuc.edu/pqdweb?index=11&did=729227861&SrchMode=1&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1263089712&clientId.
Samid, G. (2009). The unending Cyber war. Publisher: DGS, Vitco, Mclean, VA. P. V
Wilschen, G. ( 2005). Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems: GAO Report. P1, 79p. Retrieved from MasterFile Premier.