Host and Network Security
Added on 2022-11-25
19 Pages4301 Words362 Views
Running head: HOST AND NETWORK SECURITY
HOST AND NETWORK SECURITY
Name of the Student:
Name of the University:
Author Note:
HOST AND NETWORK SECURITY
Name of the Student:
Name of the University:
Author Note:
HOST AND NETWORK SECURITY1
Table of Contents
Introduction:....................................................................................................................................2
Hyper jacking...................................................................................................................................2
The underlying flaw.........................................................................................................................3
Method of launching the attack.......................................................................................................5
Detection of the attack.....................................................................................................................6
Countermeasures of the attack.........................................................................................................7
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
Table of Contents
Introduction:....................................................................................................................................2
Hyper jacking...................................................................................................................................2
The underlying flaw.........................................................................................................................3
Method of launching the attack.......................................................................................................5
Detection of the attack.....................................................................................................................6
Countermeasures of the attack.........................................................................................................7
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
HOST AND NETWORK SECURITY2
Introduction:
Security of information is becoming one of the greatest priority for every organization.
The network of an organization or users should be strongly protected such that it become
difficult for the attacker to breach the data. The increasing trend of security threats is due to the
internet and its structure. The security is important for a user system because it protects the assets
of the users or company, it helps in achieving competitive advantage, it also helps in complying
the regulatory needs as well as fiduciary responsibilities and so on. The exploit chosen for this
report is “Hyper jacking”. The report directly focuses on the virtualization vulnerabilities. The
report also tries to increase the importance of the virtualization in the society. The report briefly
describes the underlying flaw of hyper jacking, method of launching the hyper jacking attack,
methods by which the attack can be detected and lastly it describes the countermeasures to
prevent the risk.
Hyper jacking
It is a kind of attack where a hacker achieves a malicious control on the hypervisor which
generates the virtual environment in the virtual machine host. The attack is carried out to target
OS which is lying beneath the Virtual Machine such that the hacker can execute the applications.
It deals with installing malicious and fake hypervisor which can handle overall server system of
a user or of an organization. A successful known hyper jacking attack is the VENOM
vulnerability which occurred in May 2015.
Introduction:
Security of information is becoming one of the greatest priority for every organization.
The network of an organization or users should be strongly protected such that it become
difficult for the attacker to breach the data. The increasing trend of security threats is due to the
internet and its structure. The security is important for a user system because it protects the assets
of the users or company, it helps in achieving competitive advantage, it also helps in complying
the regulatory needs as well as fiduciary responsibilities and so on. The exploit chosen for this
report is “Hyper jacking”. The report directly focuses on the virtualization vulnerabilities. The
report also tries to increase the importance of the virtualization in the society. The report briefly
describes the underlying flaw of hyper jacking, method of launching the hyper jacking attack,
methods by which the attack can be detected and lastly it describes the countermeasures to
prevent the risk.
Hyper jacking
It is a kind of attack where a hacker achieves a malicious control on the hypervisor which
generates the virtual environment in the virtual machine host. The attack is carried out to target
OS which is lying beneath the Virtual Machine such that the hacker can execute the applications.
It deals with installing malicious and fake hypervisor which can handle overall server system of
a user or of an organization. A successful known hyper jacking attack is the VENOM
vulnerability which occurred in May 2015.
HOST AND NETWORK SECURITY3
The underlying flaw
Common Weakness Enumeration (CWE) must do with proper vulnerabilities which are
not the instance within systems and products. On the other hand, Common Vulnerabilities as
well as exposures has to do with specific instance within a product and a system. The process of
CVE is an initiative taken by the National cyber security FFRDC that is managed by different
business organization (Umezawa et al. 2018). This application is mostly done by taking funding
from the homeland security department. This is a database of vulnerability which is identified
against different publically released software packages such as drupal, Jhoomla etc. According to
Jimenez, Le Traon and Papadakis (2018), proper vulnerability strategies are needed to be
developed by the company owners and the developers as well to ensure that the data are secured
from the external attackers. According to Glanz et al. (2015), jaw dropping vulnerabilities in
Drupal can lead to attack. This tool can also perform remote code execution. Nafees et al.
(2017) stated that, the attackers are required to use proper security measures to keep the data
secured from external attackers. The different security mechanisms that a company should use to
avoid hyper jacking include use of application firewall and encryption as well. According to
(Fang, Li and Li 2016), there are different software packages such as Drupal, NodeJS, Oracle
database etc which are facing major security flaws while being used in any organization or
business applications. Mishina et al. (2018) opined that, CVE database does not have any
appropriate risk, exploit information, fixed information etc. The database contains nature of the
flaw, short description and also some additional information based analysis as well. Nafees et al.
(2017) stated that, security focus is referred to as one of the major concern for the business
application, revenue structure and competitive advantages as well. However, CVE list is not a
completely comprehensive flaw list against the available public software package. In addition to
The underlying flaw
Common Weakness Enumeration (CWE) must do with proper vulnerabilities which are
not the instance within systems and products. On the other hand, Common Vulnerabilities as
well as exposures has to do with specific instance within a product and a system. The process of
CVE is an initiative taken by the National cyber security FFRDC that is managed by different
business organization (Umezawa et al. 2018). This application is mostly done by taking funding
from the homeland security department. This is a database of vulnerability which is identified
against different publically released software packages such as drupal, Jhoomla etc. According to
Jimenez, Le Traon and Papadakis (2018), proper vulnerability strategies are needed to be
developed by the company owners and the developers as well to ensure that the data are secured
from the external attackers. According to Glanz et al. (2015), jaw dropping vulnerabilities in
Drupal can lead to attack. This tool can also perform remote code execution. Nafees et al.
(2017) stated that, the attackers are required to use proper security measures to keep the data
secured from external attackers. The different security mechanisms that a company should use to
avoid hyper jacking include use of application firewall and encryption as well. According to
(Fang, Li and Li 2016), there are different software packages such as Drupal, NodeJS, Oracle
database etc which are facing major security flaws while being used in any organization or
business applications. Mishina et al. (2018) opined that, CVE database does not have any
appropriate risk, exploit information, fixed information etc. The database contains nature of the
flaw, short description and also some additional information based analysis as well. Nafees et al.
(2017) stated that, security focus is referred to as one of the major concern for the business
application, revenue structure and competitive advantages as well. However, CVE list is not a
completely comprehensive flaw list against the available public software package. In addition to
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Use of Microsoft Hyper-Vlg...
|5
|929
|171
Investigating Network Securitylg...
|20
|5617
|397
Memcrashed Vulnerabilitylg...
|18
|4178
|130
Information and Systems Securitylg...
|7
|1270
|80
System Management : Discussionslg...
|4
|604
|25
Components for Building IT Infrastructurelg...
|1
|646
|51