Cyber Security: Considerations and Techniques
For Network-Based Protection
Dec 2018
Anthers: Supervisor:
Omar Abdullah Rashid Al-Gharibi (201600014) Dr. Thabit Mohammed
Mohammed Musallem Said Tabook (201401394)
Naser Humaid Rashid Al-Khalbani (201501345)
Contents
1. Introduction to Cyber Security………………………………………………………………………..2
1.1 Information Security: Is it an Art or a Science?………………………………………… 3
1.2 Security as Art……………………………………………………………………………………………… 3
1.3 Security as Science………………………………………………………………………………………..3
2. The need of Cyber security……………………………………………………………………………..4
3. Cyber Security Threats Considerations……………………………………………………………5
3.1 Threats………………………………………………………………………………………………….6
3.1.1 Software attacks…………………………………………………………………………..6
3.1.2 DDos attacks………………………………………………………………………………..7
4. Cyber Security solutions………………………………………………………………………………….8
5. Implementing Cyber Security………………………………………………………………………..10
6. Conclusion……………………………………………………………………………………………………13
7. Related Resources…………………………………………………………………………………………14
1. Introduction to Cyber Security
“In the last 20 years, technology has permeated every facet of the business environment. The business place is no longer static – it moves whenever employees travel from office to office, from office to home, from city to city. Since business have become more fluid… information security is no longer the sole responsibility of a small dedicated group of professionals… it is now the responsibility of every employee, especially managers.” Despite the fact that regularly neglected in PC security contemplations, individuals have dependably been at warmth to data security. Can be the weakest connection in an association's data security program. Furthermore, except if strategy, instruction and preparing, mindfulness, and innovation are legitimately utilized to keep individuals from incidentally or deliberately harming or losing data, they will remain the weakest connection. Social designing can go after the inclination to compromise and the ordinary idea of human mistake. It very well may be utilized to control the activities of individuals to acquire get to data about a framework.
Figure1: security strength
1.1 Information Security: Is it an Art or a Science?
Given the level of complexity in today’s information systems, the implementation of information security has often been described as a combination of art and science. Framework technologists, particularly those with a present for overseeing and working PCs and PC based frameworks; have for some time been associated with utilizing all around enchantment to keep the frameworks running and working not surprisingly. In data security such technologists are here and there called security artisans.
1.2 Security as Art
The administrators and technicians who implement security can be compared to a painter applying oils to canvas. A bit of shading here, a brush stroke there, sufficiently only to speak to the picture the craftsman needs to pass on without overpowering the watcher, or in security terms, without overly restricting user access.
1.3 Security as Science
Innovation created by PC researchers and architects—which is intended for thorough execution levels—makes data security a science and in addition a workmanship. Most researchers concur that explicit conditions cause for all intents and purposes all activities in PC frameworks. Pretty much every blame, security opening, and frameworks glitch is a consequence of the collaboration of explicit equipment and programming. In the event that the designers had adequate time, they could resolve and dispose of these flaws.
2. The needs of Cyber security
The aim of an information security program is to maintain systems and their contents by ensuring that they stay the same and not change because of any attack. Information security programs play a critical role in keeping the organizations’ systems safe by performing four important functions. First, these programs are protecting functionality of an organization. To protect the ability of an organization to function, both general management and IT management should apply information security. Secondly, information security programs ensure a safe operation of applications used on the organization’s IT systems. Any business, educational institution, or government agency needs to implement applications which represent organization’s infrastructure such as operating system platforms and electronic mail (e-mail), so the organization needs a safe environment for these applications. Moreover, these programs protect the data that the organization collects and uses. Any organization running within the modern state of connected and responsive services depends on information systems. Information systems and their data enable the creation and movement of goods and services even when deals are not online. Therefore, protecting both online and offline data are important aspects of information security. Finally, information security programs are protecting the organization’s technology properties.
There are various threats facing organizations and their systems, data and applications. The first one is exposing intellectual property of organization. Examples of that include software piracy which is illegal duplication of software-based intellectual property and copyright invasion. Another threat which organization may face is Software attacks by Viruses, worms, macros, refusal of service.
Breaking or disruption in quality of service is also threats information systems. A business’s information system relies on the successful operation of many systems depend on each other that can be disrupted by storms, employee sickness, or other unexpected accidents.
Another one is nature disasters such as floods, fires and earthquakes. Also human mistakes can be another threatening to an information system. Employees of any company represent a major threat due to the accidental errors that may happen during their work. For example entry of wrong data, accidental changing of data, putting classified information in unsaved places like desktop or on a Website, these all are human errors which –if happen- may lead to a serious problem according to the safety of an organization data.
However, technical hardware or software failures may sound silly but they may be great problem threats systems and their data. Other threats toward information systems include; information extortion, espionage, devastation or destruction of systems or data and using very old or outdated technologies. To conclude, now we have ensure that every organization needs to protect its systems and data using information system programs against a lot of threats that threat their data.
3. Cyber Security Threats Considerations
In order to protect yourself or your organization from any threats, the information needs to be protected and the threats you face are well known. Everyone knows that the number of threats increases as the organization is connected to the internet. Cyber security threats do not recognized as they come in different sizes and shapes. The computer security institute (CSI) survey (2009) refers to the considerable computer crime and security study. it found that 64% of the organizations are suffering from threats infections. In addition, the losses almost were $234,244 per respondent as reported.
3.1 Threats
A summary and identification of cyber security threats will be mentioned in this section.
3.1.1 Software attacks
Software attacks are referred to a malicious code and software or malware. It occurs by individual or a group that deploys this software to attack a system. It is generated to harm, demolish, and reject a service to the targeted systems. Some examples of a common software malicious are virus, worms, Trojan and zombies.
• Virus: is a type of malicious software, which modifies the targeted computer programs when executed. It is consisted of some segments of code that make the actions when it is attached to a program like e-mail or others. There are several software had been established to help controlling the computer viruses.
• Worms: is another type of malicious software that replicates itself continuously until they fill the available memory and hard drive space. Code red, Sircam and Nimda are examples of a one class of worms.
• Trojan horses: Is software programs in which the true nature is hided and the designed behavior is reveled when activated. Normally it comes like an interesting part of software like readme.txt.
• Zombies: are malwares, which designed to be controlled by a remote party. The remote party is the command and control device that can make malicious activities using too many computers.
• Phishing scams: are considered as one of the tries, which aims to get the very sensitive username, passwords and financial information.
• Malware: is malicious software that propagates itself onto the targeted device. Therefore, by clicking a download link or opening an email attachment, the malware will install itself.
Figure 1: Cyber Security Threats
3.1.2 DDos attacks: is referring to distributed denial-of-service and it aims to make the computer or the network of an organization not available. In this section three kinds are discussed:
Layer-3/4 attacks: most o of the DDos attacks are focused on both transport and network layers. In this attack, the resources are consumed until the server is offline. In the other hand, it can increase the number of malicious traffic until the connection is temporarily not usable.
Reflector attacks: it is an IP-spoofing reflector attacks like (DNS and NTP), which trick the network resources to attacking subscribers. Moreover, its servers are used to flood the target with a worse traffic by amplification.
Figure 2: Reflector DDos attacks
Layer-7 attacks: the attacks which are the most difficult to be detected or make it less because it simulate the human behaviors as they interact with application user interface.
4. Cyber Security solutions
The major role of cyber security solutions is reducing the bad stuff that could cross the border between untrusted public Internet and a trusted private network. Or simply we can say that solutions act as gatekeeper between that which is ‘untrusted’ and that which is ‘trusted’.
Nowadays there are many different private and public network cyber security solutions which we will go over. First, intrusion detection system (IDS) is offline which typically installed behind a firewall. Its work is discovering and logging security events that affect the private network of a business. The second available solution is security information and event management Solutions(SIEM). It consists from two deferent security-related products. Security Information Management (SIM) systems are the first product which are technologies concerned on policy and standards compliance through the consolidation of logs, the analysis of data and the reporting of results. Security Event Management (SEM) systems are the second component which give technical help in the management of threats and security events in real time.
Device Cyber Security Software is the third solution where someone or an organization can use for cyber security. There are various types of anti-virus software available at these days that are sold by sellers. These software scan be installed on endpoint devices such as desktop PCs, laptops, tablets and smart phones. The last chance to detect inbound threat, typically, is done by these products. These products also are capable of scanning devices for bad software that has already been installed. These are complementary to network-based security solutions and not competing with them.
Moreover, network firewalls are one of these solutions that we talk about. They filter passage between an entrusted public network and trusted private networks. To add, the host-based firewalls rule passing in and out of a single device. However, firewalls have many disadvantages includes:
– Signatures-based pattern recognition is easy to utilize if any bot or hacker is watching the data packet patterns.
– Firewalls cannot help treating infected subscriber devices.
– Internal users cannot stop by firewalls from entering external websites with malicious code or running phishing scams.
Intrusion Prevention System (IPS) is another solution of cyber security. It is basically an IDS that is installed inline and based on what it detects, it takes an action. An IPS detects and stops attempts to compromise a host rather than network-level attacks traditionally. Also, Host-based IPS is one of these solutions which keep away individual devices such as enterprise workstations, servers and smart phones from unlawful access and malware coming from the entrusted public Internet. Another solution is Network-based IPS that is placed in front of the private network firewall to face the public internet. It does the same function as a host-based IPS but for an entire business or enterprise private network.
Moreover, Unified Threat Management (UTM) is also a cyber security solution. It is a combination of the firewall, IDP and IPS into one seamless solution for enterprise networks. UTMs are a try to strengthen the weakness of some solutions by combining individual use cases into one single, more manageable structure that protects the enterprisenetwork.UTM solutions have a limitation that is they do not have the granular harmony typical of traditional IDS and IPS solutions. Finally, Scrubbing Centers is the last solution of cyber security.
5. Implementing Cyber Security
Static code analysis solution is offered by thePolyspace© product family that addresses the challenges of cyber security like complying with security standards (CERT C), detecting the software defects (BUG FINDER) and proving the absence of critical vulnerabilities (CODE PROVER). There are In addition, network security simulator which plays a great rule in improving security features.NeSSi² allows network security provider to experiment with various framework steps and algorithms. All of this is for evaluation and comparison of intrusion detection efficiency and operational cost. There are many codes, which work for the same manner. However, in this project one example is given below that is uses MATLAB program for execution and it detects if the source file is similar to a compared file or not. Here, we used the function "visdiff". Therefore, two options are allowable to be used. One of them is to compare by the text and the other is by binary.
Figure 3: Matlab Function Comparing by (Text)
Figure 3: Matlab Function Comparing by (Binary)
6. Conclusion
Computer security endeavors to guarantee the privacy, uprightness, and accessibility of registering frameworks and their segments. Three central parts of a processing framework are liable to assaults: equipment, programming, and information. These three, and the correspondences among them, are powerless to PC security vulnerabilities. Thusly, those individuals and frameworks keen on bargaining a framework can devise assaults that misuse the vulnerabilities. A system strategy control arrangement offers a solitary adaptable and totally brought together purpose of control for recognizing and overseeing dangers. Regardless of whether offered as a paid administration or conveyed all-inclusive over the system, the capacity to stop hurtful movement before it ever gets to the supporter's front entryway through secure funnels is a win for everybody included.
Security circumstances emerge in numerous regular exercises, albeit at times it tends to be hard to recognize a security assault and a normal human or mechanical breakdown. In this our theme we have presented the thoughts of dangers and damage, vulnerabilities, assaults and aggressors, and countermeasures. Aggressors use dangers that misuse vulnerabilities against significant advantages for cause mischief, and we would like to devise countermeasures to dispose of means, opportunity, and thought process. These ideas are the premise we have to consider, comprehend, and ace PC security.
Countermeasures and controls can be connected to the information, the projects, the framework, the physical gadgets, the correspondences interfaces, the earth, and the work force. Now and then, a few controls are expected to cover a solitary helplessness, yet occasionally one control tends to numerous issues on the double.
7. Related Resources
Embedded Security. (n.d.). Retrieved from https://www.mathworks.com/products/polyspace/application-security.html
GitHub. (2016, October 28). Retrieved from
https://github.com/bastibe/MatlabCodeAnalyzer/blob/master/check.m
https://www.sandvine.com/hubfs/downloads/archive/whitepaper-cyber-security-considerations-and-techniques.pdf
http://bedford-computing.co.uk/learning/wp-content/uploads/2016/08/Principles-of-Information-Security-4th-ed.-Michael-E.-Whitman.pdf
https://www.eecs.yorku.ca/course_archive/2013 14/F/4482/CSE4482_01_Introduction_2013_posted.pdf
https://www.cengage.com/resource_uploads/downloads/1111138214_259146.pdf
http://www.informit.com/articles/article.aspx?p=2301451&seqNum=6