Network Security: Issues, Attacks, and Countermeasures
VerifiedAdded on 2023/04/19
|12
|2295
|329
AI Summary
This report analyzes network security issues related to IoT devices and IT infrastructure, discusses attack scenarios, vulnerabilities, and proposes countermeasures.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Network Security
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Introduction......................................................................................................................................2
Security issues.................................................................................................................................3
Security issues related to IoT devices..........................................................................................3
Security issues related to IT infrastructure..................................................................................4
Attack scenarios...............................................................................................................................5
IoT form of attack........................................................................................................................5
IT Infrastructure form of attack...................................................................................................5
Vulnerabilities that exists in middle-sized organization..................................................................6
Vulnerabilities..............................................................................................................................6
Exposures.....................................................................................................................................6
Proposed countermeasures...............................................................................................................7
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
Appendinces..................................................................................................................................10
Introduction......................................................................................................................................2
Security issues.................................................................................................................................3
Security issues related to IoT devices..........................................................................................3
Security issues related to IT infrastructure..................................................................................4
Attack scenarios...............................................................................................................................5
IoT form of attack........................................................................................................................5
IT Infrastructure form of attack...................................................................................................5
Vulnerabilities that exists in middle-sized organization..................................................................6
Vulnerabilities..............................................................................................................................6
Exposures.....................................................................................................................................6
Proposed countermeasures...............................................................................................................7
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
Appendinces..................................................................................................................................10
Introduction
Internet of Things (IoT) is a growing topic of conversation both in workplaces and
outside. It is a concept which impacts both how people work and how we live. Basically IoT is
an extension of the wide area network commonly known as the internet into everyday objects
and physical devices. This means that, IoT is embedded with internet connectivity, electronics,
and other forms of hardware like sensors which can interact and communicate with other devices
over the wide area network and can also be controlled and monitored over the internet.
According to Forbes (2018) IoT is a system of interrelated computing devices, digital machines,
people, and mechanical devices which are provided with unique identifiers commonly known as
UIDs and the ability to transfer information or data over the wide area network without the
requirements of human-to-computer or human-to-human interaction. This means that IoT
devices can be used to share and sense data from its surrounding environment (Gilchrist, 2018).
Figure one in the appendices illustrates the various IoT devices which have been
integrated in medium-sized organization IT network. Even though the network has been already
secured by the various defense mechanism, which includes the combination of firewalls,
software and hardware, the network still faces several issues which can lead to the medium-
organization being comprised by cyber criminals
As a cyber-security consultant, in this paper I will analyze two security issues related to
the IoT devices and two security issues which are related to the IT infrastructure. Second, the
paper will describe the actual attacks for IT and IoT. Lastly, the paper will describe two
vulnerabilities which includes the CVE which exists in the medium-sized organization and
propose solutions to address the listed issues
Internet of Things (IoT) is a growing topic of conversation both in workplaces and
outside. It is a concept which impacts both how people work and how we live. Basically IoT is
an extension of the wide area network commonly known as the internet into everyday objects
and physical devices. This means that, IoT is embedded with internet connectivity, electronics,
and other forms of hardware like sensors which can interact and communicate with other devices
over the wide area network and can also be controlled and monitored over the internet.
According to Forbes (2018) IoT is a system of interrelated computing devices, digital machines,
people, and mechanical devices which are provided with unique identifiers commonly known as
UIDs and the ability to transfer information or data over the wide area network without the
requirements of human-to-computer or human-to-human interaction. This means that IoT
devices can be used to share and sense data from its surrounding environment (Gilchrist, 2018).
Figure one in the appendices illustrates the various IoT devices which have been
integrated in medium-sized organization IT network. Even though the network has been already
secured by the various defense mechanism, which includes the combination of firewalls,
software and hardware, the network still faces several issues which can lead to the medium-
organization being comprised by cyber criminals
As a cyber-security consultant, in this paper I will analyze two security issues related to
the IoT devices and two security issues which are related to the IT infrastructure. Second, the
paper will describe the actual attacks for IT and IoT. Lastly, the paper will describe two
vulnerabilities which includes the CVE which exists in the medium-sized organization and
propose solutions to address the listed issues
Security issues
Security issues related to IoT devices
To start with there are over 23 billion IoT connected devices across the world. It is said
that this number will rise by 2020 to 30 billion and by 2025 there will be over 60 billion IoT
devices. The medium-sized company has utilized diverse IoT devices from various companies.
Example, the organization has utilized Netgear GS116PP network switch which is from Netgear
Company, Linksys wireless router which is from Belkin international Inc. located in the US, and
cisco firewall from Cisco company. One of the main issues with all these technological
companies is that they are building these devices without considering some of security risks
related to this devices. Example all these devices highlighted in figure one do not get security
updates at all. This means that the devices that the medium-sized company thought were secure
when they bought them becomes insecure and eventually prone all types of attacks and hacks.
IoT manufacturers such these three companies are eager in delivering and producing these
devices as fast as they can without giving security a priority or too much thought (Jeyanthi,
Abraham, & Mcheick, 2018).
Second, most of these IoT devices are plug and play and most are times these devices are
shipped with default passwords and telling users such the medium-sized organization on how to
change them as soon as they receive the device. This results to the device being prone to brute
force type of security problem.
Security issues related to IT infrastructure
IT infrastructure is the equipment, services, software, and systems used in common
across an organization. Other computer scientist define IT infrastructure as all the components
Security issues related to IoT devices
To start with there are over 23 billion IoT connected devices across the world. It is said
that this number will rise by 2020 to 30 billion and by 2025 there will be over 60 billion IoT
devices. The medium-sized company has utilized diverse IoT devices from various companies.
Example, the organization has utilized Netgear GS116PP network switch which is from Netgear
Company, Linksys wireless router which is from Belkin international Inc. located in the US, and
cisco firewall from Cisco company. One of the main issues with all these technological
companies is that they are building these devices without considering some of security risks
related to this devices. Example all these devices highlighted in figure one do not get security
updates at all. This means that the devices that the medium-sized company thought were secure
when they bought them becomes insecure and eventually prone all types of attacks and hacks.
IoT manufacturers such these three companies are eager in delivering and producing these
devices as fast as they can without giving security a priority or too much thought (Jeyanthi,
Abraham, & Mcheick, 2018).
Second, most of these IoT devices are plug and play and most are times these devices are
shipped with default passwords and telling users such the medium-sized organization on how to
change them as soon as they receive the device. This results to the device being prone to brute
force type of security problem.
Security issues related to IT infrastructure
IT infrastructure is the equipment, services, software, and systems used in common
across an organization. Other computer scientist define IT infrastructure as all the components
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
which are needed to deliver IT services to customers. It also includes all the information
technology, processes, and documentation but not associated to people (Laan, 2017).
One of the security issues associated with IT infrastructure include physical attack. This
is a type of an attack which includes hardware threats, maintenance threats, environmental
threats, and electrical threats. Some of the hardware threats includes physical damage of the
hardware while maintenance threats includes poor handling of the software patches.
Another form of security issue related to IT infrastructure are network threats. These
threats are in form of external, internal, structured, and unstructured form of threats.
Unstructured threats are those caused by inexperienced people using hacking tools like password
crackers and shell scripts. External threats are caused by those people working outside the
organization. Internal type of threats are caused by those people within the organization (Till,
2018).
Attack scenarios
IoT form of attack
One of the attack scenario related to IoT devices was the Mirai malware. This is a type of
attack which has the ability of turning networked devices which are running on Linux into
remotely controlled bots which can be used as part of botnet. Mirai malware contains two
components which are command and control center (CnC) and the virus itself. On one hand the
CnC controls the vulnerable IoT devices and sends them instructions on how to launch attacks
against other IoT devices. On the other hand the virus itself contains vector type of attacks. The
Mirai system is as shown by figure two in the appendices. A sample attack was the October 12th
2016 Denial of Service type of attacks which left the east cost of US inaccessible to the internet.
The attack to advantage of insecure IoT devices, scanned for the big blocks of the wide area
technology, processes, and documentation but not associated to people (Laan, 2017).
One of the security issues associated with IT infrastructure include physical attack. This
is a type of an attack which includes hardware threats, maintenance threats, environmental
threats, and electrical threats. Some of the hardware threats includes physical damage of the
hardware while maintenance threats includes poor handling of the software patches.
Another form of security issue related to IT infrastructure are network threats. These
threats are in form of external, internal, structured, and unstructured form of threats.
Unstructured threats are those caused by inexperienced people using hacking tools like password
crackers and shell scripts. External threats are caused by those people working outside the
organization. Internal type of threats are caused by those people within the organization (Till,
2018).
Attack scenarios
IoT form of attack
One of the attack scenario related to IoT devices was the Mirai malware. This is a type of
attack which has the ability of turning networked devices which are running on Linux into
remotely controlled bots which can be used as part of botnet. Mirai malware contains two
components which are command and control center (CnC) and the virus itself. On one hand the
CnC controls the vulnerable IoT devices and sends them instructions on how to launch attacks
against other IoT devices. On the other hand the virus itself contains vector type of attacks. The
Mirai system is as shown by figure two in the appendices. A sample attack was the October 12th
2016 Denial of Service type of attacks which left the east cost of US inaccessible to the internet.
The attack to advantage of insecure IoT devices, scanned for the big blocks of the wide area
network for open telnet ports and then attempted to log in to the IoT devices using default
passwords (Fruhlinger, 2018).
IT Infrastructure form of attack
One of the common attack was the Marriott International attack which occurred in
November last year. In here attackers were able to steal data for about five hundred million
customers. This attack occurred as a result of weaknesses in IT infrastructure in Marriott
International. The attack was a structured one since the attackers were working on behalf of
ministry of state security (Forouzan & Mosharraf, 2012).
Vulnerabilities that exists in middle-sized organization
Common Vulnerabilities and Exposures commonly known as CVE is a catalog of a much
known security threats. The department of Homeland Security in the US is the one which
sponsors the catalog. In here threats are divided into two categories which are exposures and
vulnerabilities. According to homeland Security in the US a vulnerability is a mistake in coding
of the software which provides an attacker or a hacker a direct access to the organization network
or system. Vulnerability is also a security weakness in the make of the IoT device. Most are the
times tech companies such as Cisco manufacture their devices without a security update
consideration. An exposure are threats which there in the wide area network that the medium-
sized organization is prone to.
Vulnerabilities
To start with, the medium-sized company have some old hardware and software in use.
This means that the organization is running old operating system. One of the issue with these old
hardware is that the vendor no longer maintains support of the device which in turn results to
passwords (Fruhlinger, 2018).
IT Infrastructure form of attack
One of the common attack was the Marriott International attack which occurred in
November last year. In here attackers were able to steal data for about five hundred million
customers. This attack occurred as a result of weaknesses in IT infrastructure in Marriott
International. The attack was a structured one since the attackers were working on behalf of
ministry of state security (Forouzan & Mosharraf, 2012).
Vulnerabilities that exists in middle-sized organization
Common Vulnerabilities and Exposures commonly known as CVE is a catalog of a much
known security threats. The department of Homeland Security in the US is the one which
sponsors the catalog. In here threats are divided into two categories which are exposures and
vulnerabilities. According to homeland Security in the US a vulnerability is a mistake in coding
of the software which provides an attacker or a hacker a direct access to the organization network
or system. Vulnerability is also a security weakness in the make of the IoT device. Most are the
times tech companies such as Cisco manufacture their devices without a security update
consideration. An exposure are threats which there in the wide area network that the medium-
sized organization is prone to.
Vulnerabilities
To start with, the medium-sized company have some old hardware and software in use.
This means that the organization is running old operating system. One of the issue with these old
hardware is that the vendor no longer maintains support of the device which in turn results to
hardware backdoors vulnerabilities. This also results to hardware side channel attacks such as
fault induction, timing, and power analysis. Some of the software vulnerabilities which the
medium sized organization might be prone to are SQL injection, missing authorization, buffer
overflow, missing data encryption, and the use of broken algorithms.
Exposures
The medium-sized organization is exposed to various threats. One of the threat which the
organization is prone to are computer viruses. These types of threats can results to corruption of
the organization files and deletion of valuable data thereby impacting the daily operations of the
organization. In addition, the medium-sized organization is prone to hackers who can cause
devastating damage from anywhere. Once the hacker breaks into the organization network they
can steal files (Gollmann, 2014).
Proposed countermeasures
One of the measures to the said security issues to these Iot devices is that, the IoT
companies’ need to test all their IoT devices before launching them into companies and public
for use. In addition, the IoT companies need to provide an update mechanism on how one can
update these IoT devices. Second, just as the some government have warned on selling IoT
devices which comes with default and readable credentials means that other nations need to
follow.
Some of the countermeasures which should be done by the organization are
administrative countermeasures. Some of these administrative counter measures include; general
procedures, and outlining the organization security policies. This helps in laying down
procedures on how to go about on computer-related attacks. Second is physical countermeasure,
this helps in securing the organization server room, the network infrastructure, and the IoT
fault induction, timing, and power analysis. Some of the software vulnerabilities which the
medium sized organization might be prone to are SQL injection, missing authorization, buffer
overflow, missing data encryption, and the use of broken algorithms.
Exposures
The medium-sized organization is exposed to various threats. One of the threat which the
organization is prone to are computer viruses. These types of threats can results to corruption of
the organization files and deletion of valuable data thereby impacting the daily operations of the
organization. In addition, the medium-sized organization is prone to hackers who can cause
devastating damage from anywhere. Once the hacker breaks into the organization network they
can steal files (Gollmann, 2014).
Proposed countermeasures
One of the measures to the said security issues to these Iot devices is that, the IoT
companies’ need to test all their IoT devices before launching them into companies and public
for use. In addition, the IoT companies need to provide an update mechanism on how one can
update these IoT devices. Second, just as the some government have warned on selling IoT
devices which comes with default and readable credentials means that other nations need to
follow.
Some of the countermeasures which should be done by the organization are
administrative countermeasures. Some of these administrative counter measures include; general
procedures, and outlining the organization security policies. This helps in laying down
procedures on how to go about on computer-related attacks. Second is physical countermeasure,
this helps in securing the organization server room, the network infrastructure, and the IoT
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
devices. Last, is logical countermeasure; this involves proper configuration of firewalls,
operating system, and the application software. It also involves installation of intrusion detection
systems and Intrusion prevention system.
Other counter-measures which the medium-sized organization should implement is
bolster access control. This is a type of counter measures which ensures that an organization uses
very strong passwords on their networked systems. In here the medium-sized organization is
required to mix lowercase, uppercase, special characters, and numbers. In addition, this counter
measure requires the organization to create a very strong access control policy for all the
organization’s applications. Another counter-measure is to ensure that all the organization’s
applications and software are updates; the medium-sized organization should use automatic
software updates for all the applications. The organization should also ensure that the
organization employees cannot install any software into the onto the organization’s system
without approval. Also, the medium-sized organization should ensure all its computer operating
system use the same operating system, media player, plugins, and browser to reduce software
security vulnerability. Security vulnerability can also be reduced by knowing the software which
is on your network. In addition, the organization need to use network segmentation, conducting
proper maintenance, proper access controls, and use of both software and hardware firewalls.
This helps keeping the organization network and its traffic secured. Lastly, the organization
should note that sometimes external threats are successful because of insider threat. This can be
countered by ensuring that the organization employees understand what network security thus
the organization should regularly conduct network security training throughput the year
(Gilchrist, 2018).
operating system, and the application software. It also involves installation of intrusion detection
systems and Intrusion prevention system.
Other counter-measures which the medium-sized organization should implement is
bolster access control. This is a type of counter measures which ensures that an organization uses
very strong passwords on their networked systems. In here the medium-sized organization is
required to mix lowercase, uppercase, special characters, and numbers. In addition, this counter
measure requires the organization to create a very strong access control policy for all the
organization’s applications. Another counter-measure is to ensure that all the organization’s
applications and software are updates; the medium-sized organization should use automatic
software updates for all the applications. The organization should also ensure that the
organization employees cannot install any software into the onto the organization’s system
without approval. Also, the medium-sized organization should ensure all its computer operating
system use the same operating system, media player, plugins, and browser to reduce software
security vulnerability. Security vulnerability can also be reduced by knowing the software which
is on your network. In addition, the organization need to use network segmentation, conducting
proper maintenance, proper access controls, and use of both software and hardware firewalls.
This helps keeping the organization network and its traffic secured. Lastly, the organization
should note that sometimes external threats are successful because of insider threat. This can be
countered by ensuring that the organization employees understand what network security thus
the organization should regularly conduct network security training throughput the year
(Gilchrist, 2018).
Conclusion
This report has analyzed network security issues and developed appropriate mitigation
strategies. The network issues have been grouped to security issues related to IoT and those IT
infrastructure related. Some of the IoT related include are brute force security issue and lack of
automatic security update. Some of the IT infrastructure related are physical attacks and network
related threats. Some of the counter measures suggested in this report and conducting both
administrative, logical, and physical measures. The reported has also evaluated vulnerabilities
which has included the CVE which exist in medium-sized organization
This report has analyzed network security issues and developed appropriate mitigation
strategies. The network issues have been grouped to security issues related to IoT and those IT
infrastructure related. Some of the IoT related include are brute force security issue and lack of
automatic security update. Some of the IT infrastructure related are physical attacks and network
related threats. Some of the counter measures suggested in this report and conducting both
administrative, logical, and physical measures. The reported has also evaluated vulnerabilities
which has included the CVE which exist in medium-sized organization
References
Blanc, R. P., & Cotton, I. W. (2014). Computer networking by Robert P Blanc (2nd ed.).
Amsterdam: RTU Publishing House.
Forouzan, B. A., & Mosharraf, F. (2012). Computer networks : a top-down approach (1st ed.).
Chicago: John & Wiley Press.
Fruhlinger, J. (2018, March 9th ). The Mirai botnet explained: How teen scammers and CCTV
cameras almost brought down the internet. Retrieved from CSO From IDG:
https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-
scammers-and-cctv-cameras-almost-brought-down-the-internet.html
Gilchrist, A. (2018). IoT security issues by Alasdair Gilchrist . Boston: DeG Press.
Gollmann, D. (2014). Computer security by Dieter Gollmann . Chicago: Wiley,.
Jeyanthi, N., Abraham, A., & Mcheick, H. (2018). Ubiquitous Computing and Computing
Security of... by N Jeyanthi . New York: Springer International Publishing.
Laan, S. (2017). Infrastructure Architecture - Infrastructure Building Blocks and Concepts. New
York: Springer.
Till, S. v. (2018). The five technological forces disrupting security : how Cloud, Social, Mobile,
Big Data and IoT are transforming physical security in the digital age. Chicago: Oxford
Blanc, R. P., & Cotton, I. W. (2014). Computer networking by Robert P Blanc (2nd ed.).
Amsterdam: RTU Publishing House.
Forouzan, B. A., & Mosharraf, F. (2012). Computer networks : a top-down approach (1st ed.).
Chicago: John & Wiley Press.
Fruhlinger, J. (2018, March 9th ). The Mirai botnet explained: How teen scammers and CCTV
cameras almost brought down the internet. Retrieved from CSO From IDG:
https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-
scammers-and-cctv-cameras-almost-brought-down-the-internet.html
Gilchrist, A. (2018). IoT security issues by Alasdair Gilchrist . Boston: DeG Press.
Gollmann, D. (2014). Computer security by Dieter Gollmann . Chicago: Wiley,.
Jeyanthi, N., Abraham, A., & Mcheick, H. (2018). Ubiquitous Computing and Computing
Security of... by N Jeyanthi . New York: Springer International Publishing.
Laan, S. (2017). Infrastructure Architecture - Infrastructure Building Blocks and Concepts. New
York: Springer.
Till, S. v. (2018). The five technological forces disrupting security : how Cloud, Social, Mobile,
Big Data and IoT are transforming physical security in the digital age. Chicago: Oxford
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Press .
Appendices
Figure 1: IoT devices integrated in a medium-sized organization’s network
Appendices
Figure 1: IoT devices integrated in a medium-sized organization’s network
Figure 2: Mirai malware (Fruhlinger, 2018)
1 out of 12
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.