logo

IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Types

12 Pages2997 Words59 Views
   

Added on  2023-06-14

About This Document

This article discusses the Equifax data breach, including the problem behind the incident, who was impacted, and how the data breach took place. It also explains the concept and mechanism of quantum key distribution (QKD) and the future trends of QKD. Additionally, it compares different types of firewalls, including packet filtering firewall, application proxy firewall, stateful packet filter firewall, and circuit level gateway firewall, and provides their functionality, speed, applications, and cost.

IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Types

   Added on 2023-06-14

ShareRelated Documents
Running head: IT SECURITY
IT SECURITY
Name of Student:
Name of University:
Author note
IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Types_1
1IT SECURITY
Question 1: 2017 Equifax data breach
What was the problem behind the incident?
Equifax is known to be one of the massive cyber security incidents till date. The massive
attack took place in the mid of 2017. The breach came to light on 29th of July in the year 2017
(Mikhed & Vogan, 2015). The personal credentials of number of people were at stake. Names,
social security numbers, date of birth, personal addresses and driving license number were
unethically hacked by some unauthorized source (Mikhed & Vogan, 2015). The website
application of the company was exploited by the cyber criminals to access the confidential
resources of the US Company. Equifax is well-known among the credit reporting companies in
the US. The company provided their clients with information regarding their financial records.
Who were impacted?
As per the reports, nearly 209,000 consumers confidential were at stake and around
182,000 US customers personal information were exposed to the criminals (Gressin, 2017).
Reports also suggested that the clients from Canada as well as the UK were also equally affected
from the data breach. The number of affected people reached to a 148 million by the end of the
attack (Gressin, 2017). The hacked information of the consumers can be utilized by the criminals
for illegal purposes. The 148 million populations of US were suffering from theft of identity
because of this data breach and the incident to haunt the commoners for the coming years as
well.
How the data breach took place?
The data security breach of the Equifax was due to the vulnerability in their software
which was used to run their website application known as the Apache Struts. Although the
IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Types_2
2IT SECURITY
vulnerability is resolved by Apache in the March, 2017 but there still remained minor faults in
the software (Mikhed & Vogan, 2015). In a shorter span of time the attackers took this software
vulnerability to their advantage and hacked their web servers. Equifax was reported number of
times regarding this vulnerability and by US CERT, Apache and the Homeland Security
department (Berghel, 2017). They were even provided with suggestion to fix these bugs but even
after repeated efforts Equifax could not fix the issue with the software. During this period, the
attackers hacked the company’s website and stole all the relevant information regarding their
clients as well as accessed the databases of the company. Equifax’s response towards the data
breach was also not appropriate. The clients were informed about the incident post six weeks
after the data stealing took place.
Steps that should be taken to prevent the data breach
Equifax was reported beforehand about its software vulnerabilities. The company serves
millions of people thus instant response to such risks was essential. Considering the
safeguarding of the personal information of these millions of people spontaneous
response of the company regarding this matter was desirable. In context of this data
breach it can be said that Equifax was slow and negligent in resolving these issues before
hand.
Automated monitoring of the website application as well as the website environment can
be made more innovative and improved. For example, incorporation of artificial
intelligence (AI) based tools might have been instrumental in detecting the suspicious
behavior of the online application (Anandarajan, D'Ovidio & Jenkins, 2013). In case the
theft is detected in the initial months of the year 2017, the company could have resisted
this massive cyber attack.
IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Types_3
3IT SECURITY
Stringent application testing could have reduced the risks of such massive attacks.
Integration of much secured practices for the purpose of developing the Apache software
could have significantly reduced the risks of such cyber attacks. Improvised application
testing would have sufficiently helped in reviewing the encryption text (Mikhed &
Vogan, 2018). In the process the Apache vulnerability could have been identified at the
time of developing the software and the bug could have been fixed by the programmer at
that instant of time.
The Equifax could have well prepared itself to resolve the matter post attack. The layered
approach of security handling could have been helpful considering the impact of the
attack.
Question 2: Quantum key distribution
Concept of Quantum key distribution (QKD)
QKD can be defined as the utilization of the beams of laser in order to transmit
cryptographic keys in a much secured manner. QKD well implements the concept of quantum
properties that the photons under laser beams can showcase. QKD can be immensely beneficial
in encrypting messages which are to be transmitted through an insecure communication channel
(Liu et al., 2013). The security feature of QKD mainly depends on the basic laws of the
environment and nature, which are very less prone to attacks or thefts. This improves the
computational power, enhances the algorithm for the new attack. QKD can efficiently solve the
challenges posed by the classical approaches of key distribution. QKD can ensure stringent
security for the purpose of transferring the keys of as it enables constant generation as well as
sharing of one-time keys (Tang et al., 2014).
IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Types_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cybersecurity Threats Assignment
|5
|1057
|121

Data Breach Equifax
|12
|2129
|319

Equifax Data Breach of 2017: Overview, Impacts, and Recommendations
|10
|1970
|368

Equifax Data Breach: Incident Report and Analysis
|13
|4146
|67

Summary of Attack | Computer and Network Security
|7
|1353
|29

Equifax Data Breach of 2017: Overview, Causes, and Impact | Desklib
|13
|596
|118