Computer Security and Forensics Tools

Questions: 1. Get the definitions/meanings of the security terms given below. You are required to get at least TWO (2) definitions for each term from published books and/or journals. Cite the sources for each answer. a. Computer Security b. Internet Security c. Information Security d. Threat e. Vulnerability f. Exploit g. Man-in-the-middle attack h. Distributed denial-of-service i. Phishing j. CIA Triad 2. Do a research on two latest security breach incidents that have caused huge damage(s) or losses to the victims. Fulfil the requirements below: a. Describe the incident(s) i. When did it happen? ii. What is the damage/loss like? iii. Why did the breach happen? iv. How did the breach happen? v. Who are involved in these incidents? b. Propose prevention for each incident. Answers: (1). Computer Security Computer Security is defined to hold the purpose for protecting against a particular danger where the outside intruders break into the system for stealing the secrets or the money. The security is able to protect the computer which has been associated to it with the building of the terminals as well as protecting the information stored in the same. This is called the information security. Russell, D., Gangemi, G. T. (1991).Computer security basics. " O'Reilly Media, Inc.". Computer Security has been defiend to ensure that the data storage in the computer is not easy to be read or compromised without a proper authorisation. Most of the measures involve the technique related to the envryption of data and the passwords. The data encryption is mainly to set the data translation into the form which is not completely deciphering. Pfleeger, C. P., Pfleeger, S. L. (2002).Security in computing. Prentice Hall Professional Technical Reference. Internet Security It has been defined as the branch which is related to the internet and involve the security of the browser which applies to handle the applications or the operating systems. The major objective has been to establish the rules and the measures for handling the attacks over the internet. Denning, D. E. R. (1999).Information warfare and security(Vol. 4). Reading: Addison-Wesley. The firewalls and the Internet security is mainly to describe the limited support which is experimental for the Windows users on a particular home network. Here, every user has been directed to the TCP port which is able to run on the smbd process which has been specific to the particular user. Cheswick, W. R., Bellovin, S. M., Rubin, A. D. (1994).Firewalls and internet security: repelling the wily hacker. Reading, MA: Addison-Wesley. Information Security The information security program is mainly responsible to involve the risk management. The ISA has been able to handle the designation because the internal controls are not completely liable. Another important focus has been to find the documents of a particular organisational responsibility. This is able to direct the assets from the different intentional and the unintentional disclosures, modifications, destructions etc. Peltier, T. R. (2005).Information security risk analysis. CRC press. The information security has been defined to handle the information from any unauthorised access, usage or the disclosure of the information. This also protects the information from the modification, inspection or the destruction. The information is set and based on handling the usage of the different forms of the data which may be able to take the forms of the electronic and the physical setup. Tipton, H. F., Krause, M. (2003).Information security management handbook. CRC Press. Threat There have been threats related to the copyright protection for the particular computer language. These are set to take hold of the different incentives or the technological threat standards. Threats are mainly to discover the information which is intentional or accidental depending upon the malfunctioning and natural disaster. Feenberg, A. (1999). Distance learning: Promise or threat.Crosstalk,7(1), 12-14. The threats are related to the virus, spam and phishing which is able to work on the different entities. There have been billions of the spam emails which are sent, thereby, making it a huge problem for the business to work further. The threats are the spyware which are able to catch all the terms for the different software which easily and secretly monitor about the online activities for aiding the advertisement and the marketing search. The details are compiled to hold the acceptable usage policy of the system with the security breach. Breyer, S. (1970). The uneasy case for copyright: A study of copyright in books, photocopies, and computer programs.Harvard Law Review, 281-351. Vulnerability The vulnerability is considered to be the security risks which is tied to the loss of potential with the focus on the working and the implementation of the attacks. This completely exploits the risks where the windows of vulnerability are set for the time where the security hole has been introduced or manifested in the deployed software. Gollmann, D. (2010). Computer security.Wiley Interdisciplinary Reviews: Computational Statistics,2(5), 544-554. Vulnerability has been the cyber security which refers to all the flaws in the system for the other system to attack. This has been referred to the weakness of the system with the set procedures that are directly exposed to the threats. There have been patches where one can protect the computer system from the vulnerability by handling the security of the software patch completely up to date. Hsiao, D. K., Kerr, D. S., Madnick, S. E. (2014).Computer security. Academic Press. Exploit In the computation, the exploit is said to be the attack on the system which is able to take the advantage of the system vulnerability that has been offered to the intruders. These are labelled as the acts of the attack where the users of the system or the applications are completely responsible for obtaining the patch to be downloaded from the Web. Huddleston, D. E. (2010).U.S. Patent No. 7,788,723. Washington, DC: U.S. Patent and Trademark Office. The exploit has been the software or the data where the commands have been related to the malicious intent to carry the tasks like the denial of the service attack, Trojan horse, worms and the virus. The remote exploitation is holding the vulnerability without any access to the system. Malecki, F. (2013). Defending your business from exploit kits.Computer Fraud Security,2013(6), 19-20. Man-in-the-Middle attack It has been defined as the attack where the cyber-attack has been malicious actor who inserts in the conversation for impersonation of both the gain of the parties and the information access. This has been the eavesdrop attack which occurs when the actor is able to insert himself in the relay or any proxy communication between the system and the people. This has been set as the exploit attack for the real time processing of the conversations and the data transfer. Dougan, T., Curran, K. (2012). Man in the browser attacks.International Journal of Ambient Computing and Intelligence (IJACI),4(1), 29-39. The attacks have a complete ability to hold the information for capturing and manipulation. This involves the distribution of the malware process which provides the different attackers to access the Web browser data to send and receive the transactions and conversations. In this, the attacker, Is easily able to intercept the traffic coming from the computer with the data collection. This is thereafter forwarded to the destination for handling the visit. Lin, T. H., Lin, C. Y., Hwang, T. (2013). Man-in-the-Middle Attack on Quantum dialogue with authentication based on Bell states.International Journal of Theoretical Physics,52(9), 3199-3203. Distributed Denial-of-service It is defined as the attempt for making a machine or the network completely unavailable from the different users with the suspension of services where the hosts are directed connected to the internet system. This is where the source of the attack seems to be more than one with a unique IP address. The focus has been on including the unusual slow networking performance with the inability to completely access the web sites. Beitollahi, H., Deconinck, G. (2012). Analyzing well-known countermeasures against distributed denial of service attacks.Computer Communications,35(11), 1312-1332. This attack has been constituted as the attack with the flood of holding the incoming messages for targeting system to be forced to shut down. In DDoS attacks, the vulnerability is identified with the malware which is eventually set under the network centric attack or the attack related to the application layer. a computer system is held under control of the intruder with not only the spam, virus or the worms, which are considered to be the biggest threats. Kumar, P. A. R., Selvakumar, S. (2011). Distributed denial of service attack detection using an ensemble of neural classifier.Computer Communications,34(11), 1328-1341. Phishing Phishing of the emails directs the users to visit a particular website which has been set for the updates of a particular information. This is related to the hold of the passwords, social security and other information which the user can easily steal and enter into the page. The scams are counted on the people with the suspension of the information with the brand spoofing or carding. Avtar, R., Verma, B., Jangra, A. (2011). Data Shield Algorithm (DSA) for Security against Phishing Attacks. Phishing has been considered to be the fraudulent activity which has been made through the leakage of the personal information. This usually comes when there is a loss of the information through a well organisation information pattern. The pattern is based on handling the links which directs to a particular website where there is a need of a particular information. The possibility of the phishing email are the generic greeting, forged links or the requests of the access of some personal information with the sense of urgency. Lakshmi, V. S., Vijaya, M. S. (2012). Efficient prediction of phishing websites using supervised learning algorithms.Procedia Engineering,30, 798-805. CIA Triad CIA triad for the information security system is mainly to provide a proper baseline for evaluating and implementing the confidentiality which ensure that the data is accessed by a proper authorised person. The integrity assures that the information is completely trusted with the data encryption and hashing of the algorithms. The availability is also depending upon handling the maintenance of the hardware with the software upgradation as well as the optimisation of the network pattern. Baars, T., Spruit, M. (2012). Designing a secure cloud architecture: The SeCA model.International Journal of Information Security and Privacy (IJISP),6(1), 14-32. The confidentiality, integrity and the availability is based on holding the information of the security issues where the different measures are able to protect the valuable information like the business information, personal information. This has been to develop the security measures through an explored term of the information protection which allows the authorisation of the people in order to access the information Deepika, S., Pandiaraja, P. (2013, February). Ensuring CIA triad for user data using collaborative filtering mechanism. InInformation Communication and Embedded Systems (ICICES), 2013 International Conference on(pp. 925-928). IEEE. (2). Incident 1: Describe the incident(s) The incident has been related to the snapchat employee data leakage out of the following phishing attack. Snapchat has been seen to be completely famous for all its messages to disappear but nothing seems to remain constant. It was seen that the Snapchat payroll department was attacked by some isolated emails related to the phishing scam where the CEO was targeted. The focus was mainly on getting the payroll information of some current and the former employees. It had a problem of hacking in the past where the services leaked certain photos from the users where the compromise was only based on handling the data effectively. a. When did it happen? The event took place in February 2016. b. What is the damage/loss like? The damage was mainly relating to the phishing of the emails where the CEO e-mailed the payroll information of the company on that email ID. This included the revealing of the data related to the salary, security number of the company, banking details, addresses as well as the other emails and the personal ID of the people who are using the Snapchat Application. c. Why did the breach happen? This breach of data was mainly due to the corporate hacking and the theft of information. This completely occupied the scale of the hack which was unprecedented along with putting into the public forum for the exposure of the personal information and the data. d. How did the breach happen? Phishing of the emails is possible when there is an acquiring of the sensitive information like the usernames, passwords and the other details of the bank. This causes the malicious reasons for the loss of the information from the system. Phishing has been seen to be the continuous threat for the people as the hackers are able to create a particular clone of the website. Phishing has the ability to take the advantages of the trust of users who may not be able to tell about how many people visited the website or the programs which are used. The target is set under the hold of the passwords, usernames and other security codes. Phishing on AOL has been considered to send the messages instantly to the victim where there is a reveal of the passwords. This is based on handling the origination of the attacks against all the online payments of the systems which are completely feasible. e. Who are involved in these incidents? The people who are involved in this are the employees, the company CEO and the customers whose details are shared with the anonymous person and the hacker. Propose prevention For this, there is a need to learn how to identify the emails of phishing as they are able to duplicate the image of the real company. It is important to check the major source of information from where the mails are coming. It is never advisable to go to the website of the banks by clicking on the links which have been included in the emails. A major need is to enhance the computer security with the sense of the system upgradation. It is always advisable to check the accounts which pertains to the periodic information of all the irregularities in the transactions. The phishing is able to know all the languages and they are poorly written or translated which is a major indication of some problem. There is a possibility of having the slightest doubt with no risks it factors. Incident 2: a. Describe the incident(s) The android have been targeting a larger number of the cyber criminals and it seems that they have been moving to the IOS devices as well. The major threat/vulnerability that could be seen was the MASQUE ATTACK with the replacement of the trusted applications. The access of the devices have been made by fooling the users to download and install all the applications on the Iphone with certain tainted messages. This will direct to replacement of the different legitimate applications or the social networking applications. With the globalised acts it has been seen that there are different parts of the systems which direct to the damages of certain records. b. When did it happen? The event took place in August 2015. c. What is the damage/loss like? The focus of the MASQUE attack has been on all the IO with the PC security setup. There have been attacks in the series with the rapid adoption of covering and targeting the IOS malware. The weapons have been relative to the improper functioning of the different normalised versions set to handle the exfiltration of different data communication. The major impact has been on the mimic of the original application to login and access the sensitive data from the local cache. This has been performed in the background which monitors the device of the users along with gaining the root privilege of the IOS device. d. Why did the breach happen? There were vulnerabilities which allowed the attack of the CVE-2015-3722/3725 and CVE-2015-3725. These are set under the Manifest and Extension Masque which is directing to the demolishing of the different applications. The IOS is seen to be not set for a authorisation and coordination of different applications. Apple holds the applications where the system is not completely defenceless over the remote systems that are associated to the PC. e. How did the breach happen? The assessment is based on the login interface which is able to hold the information gaining the root benefits of the IOS gadgets which can easily break the restrictions from the app container. The vulnerabilities on the IOS 8.4 can easily cause the injection attack of the untrusted code with the replacement of the plugins of VPN. f. Who are involved in these incidents? The people involved in this incident have been the people who are using the Apple Iphone, Employees as well as the hackers who are successful to break into the system for stealing the information. This is only possible when the hackers are able to flash some special offers on the page and force the users to download them. Propose prevention The solution for this could be to protect the phone from the installation of the applications other from the Apple official App store. It is never recommended to install from the third party pop up while viewing a particular web page. This shows that the IOS has been under the Untrusted App Developer Alert which needs to be uninstalled immediately.