Cyber Security and Info Assurance Report: Lockheed Martin Case Study
VerifiedAdded on 2020/05/01
|5
|823
|86
Report
AI Summary
This report analyzes a cybersecurity incident, likely involving Lockheed Martin, focusing on violated cybersecurity tenets, the occurrence of the attack, and data defense mechanisms. The analysis identifies weaknesses in two-factor authentication, intrusion detection systems, and key generation proc...
Running head: CYBER SECURITY AND INFO ASSURANCE
Cyber security and Info Assurance
Name of the Student
Name of the University
Author Note
Cyber security and Info Assurance
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
CYBER SECURITY AND INFO ASSURANCE
Table of Contents
1. Identification of Violated Cyber security Tenets.............................................................2
2. Analysis of cyber security occurrence and data defense.................................................2
3. Recommendation of best practices to prevent further recurrence...................................3
References............................................................................................................................4
CYBER SECURITY AND INFO ASSURANCE
Table of Contents
1. Identification of Violated Cyber security Tenets.............................................................2
2. Analysis of cyber security occurrence and data defense.................................................2
3. Recommendation of best practices to prevent further recurrence...................................3
References............................................................................................................................4
2
CYBER SECURITY AND INFO ASSURANCE
1. Identification of Violated Cyber security Tenets
Although the two-factor authentication appeared to be secured enough, the key or the
special password generation was not efficient enough. The attackers made use of the trial and
error method in guessing the key. This was possible only because the key generation process was
not associated with complex algorithmic process and therefore the key became easily guessable.
Another cyber security tenet that was violated in this case was the presence of a strong
intrusion detection system. If the intrusion detection system was fully on action, it should have
prevented or detected the zero day vulnerability in the RSA. This helped the attacker in gaining
access to the username; password and a sample secure ID OTP with the help of a key logger. The
presence of an intrusion detection system and firewall could have prevented or detected the
attack in an early stage (Hutchins, Cloppert & Amin, 2011). The generation of the key fob that is
used in two-factor authentication should have included a complex algorithmic process so that the
attacker did not easily guess it. Therefore, it can be said that the attack in Lockheed Martin could
have been prevented with the presence of an intrusion detection system and involvement of a
more complex algorithm.
2. Analysis of cyber security occurrence and data defense
Analysis of the cyber security analysis is a process that evaluates the internal and external
vulnerabilities of the system. The attackers set up a backdoor to access the system of Lockheed
Martin and to steal the RSA seed value. Although RSA use complex algorithm to generate the
seed value, the attacker managed to guess the recent seed values. This indicates that the
organization failed in using recent technology and systems in securing their information system.
This could have been avoided by using three-factor authentication system instead of two-factor
CYBER SECURITY AND INFO ASSURANCE
1. Identification of Violated Cyber security Tenets
Although the two-factor authentication appeared to be secured enough, the key or the
special password generation was not efficient enough. The attackers made use of the trial and
error method in guessing the key. This was possible only because the key generation process was
not associated with complex algorithmic process and therefore the key became easily guessable.
Another cyber security tenet that was violated in this case was the presence of a strong
intrusion detection system. If the intrusion detection system was fully on action, it should have
prevented or detected the zero day vulnerability in the RSA. This helped the attacker in gaining
access to the username; password and a sample secure ID OTP with the help of a key logger. The
presence of an intrusion detection system and firewall could have prevented or detected the
attack in an early stage (Hutchins, Cloppert & Amin, 2011). The generation of the key fob that is
used in two-factor authentication should have included a complex algorithmic process so that the
attacker did not easily guess it. Therefore, it can be said that the attack in Lockheed Martin could
have been prevented with the presence of an intrusion detection system and involvement of a
more complex algorithm.
2. Analysis of cyber security occurrence and data defense
Analysis of the cyber security analysis is a process that evaluates the internal and external
vulnerabilities of the system. The attackers set up a backdoor to access the system of Lockheed
Martin and to steal the RSA seed value. Although RSA use complex algorithm to generate the
seed value, the attacker managed to guess the recent seed values. This indicates that the
organization failed in using recent technology and systems in securing their information system.
This could have been avoided by using three-factor authentication system instead of two-factor
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
CYBER SECURITY AND INFO ASSURANCE
authentication (Craigen, Diakun-Thibault & Purse, 2014). The third factor could have been the
biometric of the user that would have been more complex to hack. Apart from this, a proper and
up to date security system could have prevented the attack.
3. Recommendation of best practices to prevent further recurrence
The recommendation for Lockheed-Martin to prevent such attack in future are elaborated
below-
1. The devices in the organization should not be exposed to the external networks in any
way. Cyber threats are persistent if the system connects with an external network.
2. Implementation of network segmentation along with the application of firewalls is a
must. It is essential to prevent the cyber attackers from exploiting the vulnerability present in the
organization’s system, which was the case of Lockheed Martin. Presence of a proper firewall
could have prevented the entry of backdoor into the system.
3. Secure remote access methods should be used if remote access is required. Use of VPN
is very useful in this case. A VPN uses an encrypted data channel for secure transaction of data
and therefore, attacker cannot access the channel quite easily (Morris, Pan & Adhikari, 2012).
4. Passwords used in the system should be strong and should be changed frequently.
5. Awareness about the vulnerability should be maintained in the organization and the
systems should be regularly patched in order to prevent any attack.
CYBER SECURITY AND INFO ASSURANCE
authentication (Craigen, Diakun-Thibault & Purse, 2014). The third factor could have been the
biometric of the user that would have been more complex to hack. Apart from this, a proper and
up to date security system could have prevented the attack.
3. Recommendation of best practices to prevent further recurrence
The recommendation for Lockheed-Martin to prevent such attack in future are elaborated
below-
1. The devices in the organization should not be exposed to the external networks in any
way. Cyber threats are persistent if the system connects with an external network.
2. Implementation of network segmentation along with the application of firewalls is a
must. It is essential to prevent the cyber attackers from exploiting the vulnerability present in the
organization’s system, which was the case of Lockheed Martin. Presence of a proper firewall
could have prevented the entry of backdoor into the system.
3. Secure remote access methods should be used if remote access is required. Use of VPN
is very useful in this case. A VPN uses an encrypted data channel for secure transaction of data
and therefore, attacker cannot access the channel quite easily (Morris, Pan & Adhikari, 2012).
4. Passwords used in the system should be strong and should be changed frequently.
5. Awareness about the vulnerability should be maintained in the organization and the
systems should be regularly patched in order to prevent any attack.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CYBER SECURITY AND INFO ASSURANCE
References
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology
Innovation Management Review, 4(10).
Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network
defense informed by analysis of adversary campaigns and intrusion kill chains. Leading
Issues in Information Warfare & Security Research, 1(1), 80.
Morris, T. H., Pan, S., & Adhikari, U. (2012, July). Cyber security recommendations for wide
area monitoring, protection, and control systems. In Power and Energy Society General
Meeting, 2012 IEEE (pp. 1-6). IEEE.
Rid, T., & Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1-2),
4-37.
CYBER SECURITY AND INFO ASSURANCE
References
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology
Innovation Management Review, 4(10).
Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network
defense informed by analysis of adversary campaigns and intrusion kill chains. Leading
Issues in Information Warfare & Security Research, 1(1), 80.
Morris, T. H., Pan, S., & Adhikari, U. (2012, July). Cyber security recommendations for wide
area monitoring, protection, and control systems. In Power and Energy Society General
Meeting, 2012 IEEE (pp. 1-6). IEEE.
Rid, T., & Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1-2),
4-37.
1 out of 5
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.