Computer Security Threats and Mitigation

Verified

Added on 2020/05/28

AI Summary

This assignment delves into the critical topic of computer security by examining prevalent threats such as brute force attacks and malware. It presents two case studies illustrating these attacks in real-world scenarios, shedding light on their impact on organizations and individuals. The report further outlines effective mitigation strategies to counter these threats, emphasizing the significance of strong passwords and robust security measures in today's digital landscape.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: PRINCIPLES OF COMPUTER SECURITY
Principles of Computer Security
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
PRINCIPLES OF COMPUTER SECURITY
Executive Summary
This report talks about the importance of the computer security in any organization. Different
case studies related to the computer security have been provided in the report. Brute force attack,
shoulder surfing and key logger have been properly explained in the report. Mitigation strategies
from these attacks have been suggested in this report. In the second case study, malware attack
and botnet attack have been described. Mitigating strategies of these attacks have been discussed
in the report.

2
PRINCIPLES OF COMPUTER SECURITY
Table of Contents
Introduction......................................................................................................................................3
Case Study 1: Breached Passwords.................................................................................................3
Brute Forces.................................................................................................................................3
Shoulder surfing...........................................................................................................................5
Key logger...................................................................................................................................6
Case study 2.....................................................................................................................................6
Malware.......................................................................................................................................6
Botnet...........................................................................................................................................7
Conclusion.......................................................................................................................................7
References........................................................................................................................................8

3
PRINCIPLES OF COMPUTER SECURITY
Introduction
Computer security is gaining importance in recent years. The problem of data loss has
become publicized in media that have gathered the attention of individuals to the computer
security. The use of various strategies has been maintained for providing security to data and
files over the internet and local desktop. The use of strong passwords might help in minimizing
the threat of brute force attack in the system.
This report discusses about two case studies related to the computer security. A critical
analysis of these case studies has been provided in the report. Various issues and challenges have
been identified in this report related to security of data and files in the computer.
This report outlines various strategies for mitigating issues and risks in the security of
data and information in the computer. Ethical issues in these situations have been identified in
this report. Strategies required for students to deal with these situations have been provided in the
report.
Case Study 1: Breached Passwords
Passwords are provided for protecting data and information in the system or server.
Therefore, hacker and intruders are looking for breaking these passwords for breaching into the
system. Breaching passwords have been a major problem in the information technology field
(Carroll, 2014). Various universities and business organizations are suffering from same issues in
their systems. Different procedures are available for these type of cyber-attacks.
Brute Forces
Brute force attack is a cryptographic attack that includes trial and error method to decode
the cryptographic procedure of encrypting data (Ali, Novoa & Wagner, 2017). These attacks

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
PRINCIPLES OF COMPUTER SECURITY
decode the data encryption keys and passwords. Generally, this attack is applied on schools and
universities for cracking the encrypted data related to the payroll account of the universities and
schools. Many cases have been reported against these brute forces attacks (Hsiao, Kerr &
Madnick, 2014). Different universities and school have reported about money laundering due to
brute force attacks. The transfers have been below $10,000 for avoiding anti-money laundering
reporting requirements. The hackers had 20 members hired by work from home job frauds.
However, over $100,000 has been successfully removed from an account. Meanwhile, after two
days, a school employee noticed these extra payments (Easttom II, 2016). After acknowledging,
immediate actions were taken for retrieving back amount. Several legal steps were taken for
mitigating this issue.
As commented by Hu, Kuhn & Ferraiolo, (2015), brute force attack encompasses a
software that is used to generate a large number of guesses for cracking passwords and
encryption. The hacker used to check all possibility of passwords for cracking it. The attacker
tries to guess the exact password for cracking passwords. Therefore, many combinations of
passwords that are included in the software used by the hackers (Dworkin, 2016). The encrypted
passwords provide protection to the systems and server if the institution. However, many
combinations can be decoded with the help of brute force attacks.
Password consists of Possible combinations Max, needed time for cracking
5 characters
(3 lower case letters,
2 numbers)
365= 60,466,176 60,466,176 /
2,000,000,000 =
0.03 seconds
7 characters (1
uppercase letter,
6 lower case letters)
527= 1,028,071,702,528 1,028,071,702,528 /
2,000,000,000 =
514 seconds =

5
PRINCIPLES OF COMPUTER SECURITY
approx, 9 minutes
8 characters
(4 lower case letters,
2 special characters,
2 numbers)
688= 457,163,239,653,376 457,163,239,653,376 /
2,000,000,000 =
228,581 seconds =
approx, 2.6 days
Table 1: Variation in length of passwords affecting strength of passwords
(Source: AceBIT GmbH, 2018)
The above table reflects the combination of passwords and time to crack the passwords. It
can be observed that by increasing the length of passwords, security increases. The use of long
and complex passwords might help in improving the security of data and information. Strong
passwords help in maintaining the security of the data and forces over the internet and system.
Shoulder surfing
According to the case study, a former student who was physically observed password of
an employee in the high school. He has used this information after graduation, obtained personal
details, and district information system. This information has been used for identity theft
purposes that include breaching into a bank account of another individual. However, there are
several prevention techniques for shoulder surfing attack (Jacobson & Idziorek, 2016). Shoulder
surfing is a kind of looking for a password of a system and breach all data and files stored on the
computer. Picture based password can be used instead of text passwords. Various series of
passwords are provided as passwords that complex the shoulder surfing method. Picture
passwords help in maintaining strong passwords for keeping data and files safe and secure. At a
cost of $62,000, the organization gave all affected employees prevention and resolution services.

6
PRINCIPLES OF COMPUTER SECURITY
Hacker fined difficulties in identifying the sequence of pictures as a password. The loci metrics-
based system helps in determining specific points on a picture and set as passwords.
Keylogger
A keylogger is a software that records all the keystrokes by a keyboard. However, the
user is not aware of the installation of the software in the system. Therefore, all the passwords
typed by the user is noted as the text file and send to the hacker. The keylogger software can
record messages, email and capture any type of data and information typed using a keyboard.
The log file is then transferred to the receiver. However, there is anti-keylogger software that
helps in detecting any keylogger software in the system or server (Chen et al., 2014). Some
antivirus software is not designed to detect keylogger software. This might help in maintaining a
secure system for protecting data and files of the user.
Case study 2
Malware
Malware is programs that affect the system and server of any institution. Malware is
designed to damage and destroy files and data stored in a computer or server (Kashiwagi et al.,
2017). In this case, a school computer that contains no private information and is connected to a
network that contains private information of over 15,000 students. The computer was attacked by
malware and all personal information of students were breached out including name, addresses,
date of births, phone numbers. Different Social Security Numbers (SSN) of individuals were
being exposed and potentially affected by malware attack (Slagell, 2016). This has created a
high-risk level for the institution in the market. Malware is injected into the computer and server
that damages the computer system and other application programs running on the computer and
server.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
PRINCIPLES OF COMPUTER SECURITY
Botnet
A botnet is a network connected to several internet devices in which each device is
running with one or more bots. The botnet can be used for performing distributed denial-of-
service attack (DSoS) (Xu, Huang & Tsai 2014). The attacker gets access to the devices
connected to a network. Therefore, all data and information can be accessed. The attacker can
control botnet with the help of using command and control software. In this case, a school
network administrator was reported about spam email and other attacks in a system. After
checking, it was found that several systems were affected with a botnet (Cobb et al., 2016). The
attacker has been controlling the botnet, breaching out the data and information and performing
illegal activities. The botnet attacks are implemented on the connected devices that help in
providing several
Conclusion
It can be concluded that the computer security has been an important aspect of an
organization. Various case studies have been discussed in the report. Breached passwords and
Brute force attack have been breaching data and information from computers and servers. Both
attacks break passwords and breach into the private information of users. Mitigating strategies
have been provided in the report. The use of strong passwords might help in minimizing the
threat of brute force attack in the system. Shoulder surfing is a kind of looking for a password of
a system and breach all data and files stored on the computer. The second case study deals with
malware attacks in the computer system. Malware has been creating the problem in the computer
system and breaching personal information from computers. A botnet has been controlled by the
hacker and injected into the computer system for accessing private information of various

8
PRINCIPLES OF COMPUTER SECURITY
students. Therefore, computer security has become a critical topic for a various organization in
the market.

9
PRINCIPLES OF COMPUTER SECURITY
References
Ali, V., Novoa, M., & Wagner, M. J. (2017). U.S. Patent No. 9,589,117. Washington, DC: U.S.
Patent and Trademark Office.
Carroll, J. M. (2014). Computer security. Butterworth-Heinemann.
Chen, T. R., Shore, D. B., Zaccaro, S. J., Dalal, R. S., Tetrick, L. E., & Gorab, A. K. (2014). An
organizational psychology perspective to examining computer security incident response
teams. IEEE Security & Privacy, 12(5), 61-67.
Cobb, C., Sudar, S., Reiter, N., Anderson, R., Roesner, F., & Kohno, T. (2016, June). Computer
security for data collection technologies. In Proceedings of the Eighth International
Conference on Information and Communication Technologies and Development (p. 2).
ACM.
Dworkin, M. J. (2016). Recommendation for block cipher modes of operation: The CMAC mode
for authentication. Special Publication (NIST SP)-800-38B.
Easttom II, W. C. (2016). Computer security fundamentals. Pearson IT Certification.
Hsiao, D. K., Kerr, D. S., & Madnick, S. E. (2014). Computer security. Academic Press.
Hu, V. C., Kuhn, D. R., & Ferraiolo, D. F. (2015). Attribute-based access
control. Computer, 48(2), 85-88.
Jacobson, D., & Idziorek, J. (2016). Computer security literacy: staying safe in a digital world.
CRC Press.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
PRINCIPLES OF COMPUTER SECURITY
AceBIT GmbH, D. (2018). Brute-Force Attacks. Password-depot.com. Available from
https://www.password-depot.com/know-how/brute-force-attacks.htm
Kashiwagi, T., Du, F., Winey, K., Groth, K. M., Shields, J. R., Harris Jr, R. H., & Douglas, J. F.
(2017). Flammability properties of PMMA-single walled carbon nanotube
nanocomposites. To Be Determined.
Slagell, A. (2016). Thinking critically about computer security trade-offs. Skeptical Inquirer.
Xu, L., Huang, D., & Tsai, W. T. (2014). Cloud-based virtual laboratory for network security
education. IEEE Transactions on Education, 57(3), 145-150.