IT Security Management

Verified

Added on  2023/04/04

|8
|1563
|201
AI Summary
This document provides information on IT Security Management, including research on network attacks, the GitHub DDoS attack, and cyber security breaches. It discusses the impact of these attacks and provides mitigation options and incident response planning.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: IT SECURITY MANAGEMENT
IT Security Management
Name of the student:
Name of the university:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1IT SECURITY MANAGEMENT
Table of Contents
Part 1 Research of Network Attacks......................................................................................................2
Part 2 GitHub DDoS attack.....................................................................................................................3
Part 3 MEMO.........................................................................................................................................5
References.............................................................................................................................................6
Document Page
2IT SECURITY MANAGEMENT
Part 1 Research of Network Attacks
Name of the attack: WannaCry Cyber Attack
Type of the attack: Ransomware Attack
Dates of Attack: 12th May 2017, Friday
Organization or computers affected: The effects initially occurred in Asia, infecting at about
230,000 computers in all over 150 countries. The
countries that were mostly affected are Ukraine, Russia,
Taiwan as well as India. The largest agency affected by
this attack is the National Health Service hospitals in the
countries of Scotland and England.
How it works and what it did:
The infection was initially caused due to the exposed vulnerable port of SMB, but at the
initial time, it was assumed that the cause was email phishing. It targeted the computers of the
various organizations that did not updated their Microsoft OS security from April 2017. The
computers were at high risk that were running on the unsupported versions of the operating
system that is Microsoft Windows [1]. The computers that were running on the OS like Windows
XP or Windows Server 2003 are depicted to be at high risk, as these systems did not updated their
security patches since April 2014.
Mitigation Options:
There are certain options regarding the mitigation of the ransomware attack. These are
stated as follows:
Encryption of Data: The data is to be encrypted for the attackers so that they cannot be
breached regarding this type of attack.
The emergence of the BITCOIN is a significant factor regarding this type of attacks. Hence
the governing body must anonymously look into the security of the BITCOINS.
Proper backup of the data is to be maintained in the server for the restriction of data loss
[2].
The system level protection of the server is to be maintained for blocking the ransomware
in the system level that will reduce the vulnerabilities of the information security.
References
[1] S. Mohurle and M. Patil. A brief study of wannacry threat: Ransomware attack 2017.
International Journal of Advanced Research in Computer Science, 8(5) , 2017
[2] S.K. Sahi,. A Study of WannaCry Ransomware Attack. International Journal of Engineering
Document Page
3IT SECURITY MANAGEMENT
Research in Computer Science and Engineering, 4(9), pp.5-7, 2017
Part 2 GitHub DDoS attack
Q1: How it works and what techniques are used?
The attackers perform the DDoS attack by the use of a zombie network. This network is said
to be a group of infected computers in which the attacker has subsequently installed a DOS attacking
tool for performing the attack. The different type of tools used by the attackers may be depicted as
LOIC, XOIC, HULK, DDOSIM, R-U-Dead-Yet, Tor’s Hammer, PyLoris and many more. The DDoS attack
are basically of three types. These are stated as follows: Application layer DDoS Attack, Protocol DOS
Attack, Volume-Based DDoS attack.
In case of GitHub, the attackers mainly focused on hijacking the part such as memcaching,
which is said to be the distributed a system of memory that is responsible for the high performance
as well as demand [1].
Q2: How this attack is propagated?
The attack propagated to the server of GitHub with the generation of more than thousand
various autonomous systems all over the unique endpoints. This attack mainly amplified by the
usage of the memcached based approach, which leaked approximately of 1.35 Tbps data packets per
second.
Q3: Discuss the impact of this attack on the operation of an organization? What are some
key steps organizations can take to help protect their networks and resources?
The identified impact of this type of attack on the organization GitHub is the initial data loss.
This data loss leaked approximately 1.35 Tbps data via 126.9 million packets per second. Moreover
in the second phase 400 Gbps data was also leaked in due time. This led the organization to be in an
offline mode for 5 to 10 minutes [6].
Buying of more quantity of bandwidth: The server must be provided with ample amount of
bandwidth that can handle the traffic of the spikes that may arise by any malicious activity [2].

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4IT SECURITY MANAGEMENT
Building of redundancy in the server environment: The server data must be spread across various
data centres, which will possess a good system of load balancing for the distribution of traffic
between the servers.
Configuration of the network hardware: The configuring of the server firewall as well as router for
dropping down the frequency of the incoming ICMP packets or the blockage of DNS might be the
possible ways for restricting a DDoS attack in the network environment [5].
Deployment of DDoS software and hardware modules: The server of the organization must be
protected by the network firewall as well as web application firewalls for the probable load
balancing as well.
Protection of DNS Servers: The DNS servers must be enhanced with the redundancy feature so that
the cloud based DNS Server can be well protected.
Q4: Give an example of a duty of the Incident response planning, Disaster recovery
planning and Business continuity planning when having an unexpected event like this
attack.
The prime duty of an incident response planning when such an attack of DDoS happens is
that it provides a set of commands that helps the employees of the IT for the detection, response as
well as recovery from the happened attack.
The prime duty of a disaster recovery planning is to document and structure the approach
of the instructions for providing responses to the non-planned attacks like the DDoS attack as stated
above.
The prime duty of a Business continuity planning is said to be a plan that helps to assure the
processes of the business can continue to work at a time of emergency as well as disaster such as
the DDoS attack.
Q5. How GitHub’s incidence recovery plan helped limiting the downtime of this attack?
When the organization of GitHub faced the attack, it responded with such great security
measurement techniques that they returned from the attack with 10 minutes. The proactive incident
response team understood quickly about the security events and started mitigating them with
remediate actions [3]. The specialized forensic as well as investigative expertise employees restricted
the possible threats and helped GitHub to overcome from this attack.
Q6. Briefly describe the lessons learned from this DDOS attack.
Document Page
5IT SECURITY MANAGEMENT
The primary lesson learned from this type of attack can be expressed in four words that is “Your
Web Host Matters”. This explains the overall security of the server side environment that should be
adhered by the organization to restrict this type of attacks.
Q7. If any Australian organization or Australian businesses is infected with cyber-attacks,
who is the main point of contact for this cyber security issues?
If any Australian business or organization faces the similar cyber-attacks the first contact person or
organization is the CERT [4]. This is a government contact point in Australia, which deals with this
type of attacks happening in Australia.
Part 3 MEMO
This memo will provide a brief description of the security breaches that happened with the
Queensland law firms. In this, the cyber criminals hacked the email accounts of the lawyers in a trick
manner.
The hackers gave the command to the email accounts of the employees at the said law firms
by the trick of revealing the account details of their email just before hijacking the client payments.
The lawyers who were targeted regarding this fraud via phone calls that are seeking the
representation legally. The phone calls always seemed legitimate and the process for the collection
of the lawyers email id passwords, the person on the call asks for the relevant documents. By this,
the Fraud as well as Fraud collected many funds from the Australian lawyers. The lawyers who used
the 2-factor authentication method for restricting the hackers are also in a state of vulnerability as
the hackers directly targeted the computers of the lawyers.
TO All staff
CC Board of Directors
DATE 28 May 2019
SUBJECT The targeted QLD by cybercriminals
Document Page
6IT SECURITY MANAGEMENT
The usage of the secure browser and the introduction of the Bank Vault’s Safe Window by
the Cyber security company of Australia can be the probable mitigation techniques from the lawyer’s
point of views.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7IT SECURITY MANAGEMENT
References
[1] S. Mansfield-Devine. The growth and evolution of DDoS. Network Security, 2015(10), pp.13-
20, 2015
[2] A. Chadd,. DDoS attacks: past, present and future. Network Security, 2018(7), pp.13-15 ,
2018
[3] Agrawall, K. Chaitanya, A.K. Agrawal and V. Choppella, , February. Mitigating browser-based
DDoS attacks using CORP. In Proceedings of the 10th Innovations in Software Engineering
Conference (pp. 137-146). ACM, 2017
[4] R. Kamikubo, and T. Saito,. Browser-Based DDoS Attacks without Javascript. INTERNATIONAL
JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 8(12), pp.276-280, 2017
[5] K.F. Xylogiannopoulos, P. Karampelas, and R. Alhajj. Detecting DDoS Attacks on Multiple
Network Hosts: Advanced Pattern Detection Method for the Identification of Intelligent
Botnet Attacks. In Developments in Information Security and Cybernetic Wars (pp. 121-139).
IGI Global, 2019
[6] G. Somani, M.S. Gaur, D. Sanghi, M. Conti and R. Buyya. DDoS attacks in cloud computing:
Issues, taxonomy, and future directions. Computer Communications, 107, pp.30-48, 2017
1 out of 8
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]