Security threats Assignment PDF
VerifiedAdded on 2021/10/08
|17
|5254
|133
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Security threats
facing modern
network
infrastructures
facing modern
network
infrastructures
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Introduction......................................................................................................................................2
Security threats facing modern network infrastructures..................................................................2
Importance of secure network management in relation to ISO standards.......................................6
Conclusion.....................................................................................................................................10
References......................................................................................................................................11
1
Introduction......................................................................................................................................2
Security threats facing modern network infrastructures..................................................................2
Importance of secure network management in relation to ISO standards.......................................6
Conclusion.....................................................................................................................................10
References......................................................................................................................................11
1
Introduction
In this paper, the security threats in modern network infrastructures will be investigated.
The different kinds of security threats which affect the modern network infrastructures will be
explained in detail. Some of the security threats of Ransomware, botnets, phishing, DDoS and
Cryptojacking will be described in detail. The prevention methods and security strategies will
also be explained briefly. The results will be provided for the attacks and their prevention
methods. Finally, the importance of securing network management will be described in detail.
Security threats facing modern network infrastructures
Nowadays the modern network infrastructure is facing a lot of security threats. These
security threats are not new. Because of the increase in mobile usage and advanced technologies,
these security threats have become more dangerous than ever before. Some of the security threats
which are faced by the modern network infrastructure are listed below (James, 2004), (Acharya,
2017), (Macrae, 2013). They are,
Ransomware,
Botnets,
Distributed-denial of services,
Crypto-jacking,
Unprepared network security staff and
Phishing.
Security Threats
2
In this paper, the security threats in modern network infrastructures will be investigated.
The different kinds of security threats which affect the modern network infrastructures will be
explained in detail. Some of the security threats of Ransomware, botnets, phishing, DDoS and
Cryptojacking will be described in detail. The prevention methods and security strategies will
also be explained briefly. The results will be provided for the attacks and their prevention
methods. Finally, the importance of securing network management will be described in detail.
Security threats facing modern network infrastructures
Nowadays the modern network infrastructure is facing a lot of security threats. These
security threats are not new. Because of the increase in mobile usage and advanced technologies,
these security threats have become more dangerous than ever before. Some of the security threats
which are faced by the modern network infrastructure are listed below (James, 2004), (Acharya,
2017), (Macrae, 2013). They are,
Ransomware,
Botnets,
Distributed-denial of services,
Crypto-jacking,
Unprepared network security staff and
Phishing.
Security Threats
2
The Ransomware is a kind of malware. This locks the victim’s computer data by
encryption. If the victims want to decrypt their own data, they should pay a bitcoin for the
ransom attack. The attackers demand payment in Bitcoins (virtual currency). The ransomware
malware can spread via infected software or external storage devices, compromised websites and
malicious email attachments. In a lock screen ransomware attack, the login credentials are
changed by the malware and in a data kidnapping attack, the files on the victim’s computer are
encrypted. Some of the famous ransomware attacks are crypto-locker and WannaCry (Alpcan
and Başar, 2011), (Choudhary, 2018), (Al-Hammadi and Aickelin, 2006).
A botnet is a collection of infected devices in which more than one infected devices such
as PCs, mobile devices, IoT devices, and servers are interconnected with each other .These
infected devices are controlled by the malware. The botnets are generally used to generate attack
traffic for DDoS and send spam emails. The device which is infected by the malware is a part of
the network. These infected devices in the network are controlled by an attack group or a single
attacker. This botnet creates a passage to all security threats. Using this passage or created
vulnerability, any threat can be easily injected into the network or devices (Mtibaa, Harras and
Alnuweiri, 2015), (Campbell, 2009), (McKewan, 2006), (Acharya and Pradhan, 2017).
The Distributed denial-of-service attack happens because of the compromised devices in
the network. These compromised devices are called botnets. These compromised devices are
used to attack a target server or network resource or server. The DDoS attacking tools are usually
send more messages, malicious packets and connection requests to the target. This method is
used to slow down the target. The attackers start to exploit a vulnerability in the network to do
the DDoS attack. The attackers use that vulnerable system or device and make it as a Master
device for doing DDoS attack. This Master device also tries to find other vulnerable systems in
the network and controls them by infecting malware in them or bypassing their authentication
controls. These newly infected devices are called ‘Slave devices’. These master and slave
devices which are controlled by an intruder are called ‘bots’ or ‘zombies’. There are many types
3
encryption. If the victims want to decrypt their own data, they should pay a bitcoin for the
ransom attack. The attackers demand payment in Bitcoins (virtual currency). The ransomware
malware can spread via infected software or external storage devices, compromised websites and
malicious email attachments. In a lock screen ransomware attack, the login credentials are
changed by the malware and in a data kidnapping attack, the files on the victim’s computer are
encrypted. Some of the famous ransomware attacks are crypto-locker and WannaCry (Alpcan
and Başar, 2011), (Choudhary, 2018), (Al-Hammadi and Aickelin, 2006).
A botnet is a collection of infected devices in which more than one infected devices such
as PCs, mobile devices, IoT devices, and servers are interconnected with each other .These
infected devices are controlled by the malware. The botnets are generally used to generate attack
traffic for DDoS and send spam emails. The device which is infected by the malware is a part of
the network. These infected devices in the network are controlled by an attack group or a single
attacker. This botnet creates a passage to all security threats. Using this passage or created
vulnerability, any threat can be easily injected into the network or devices (Mtibaa, Harras and
Alnuweiri, 2015), (Campbell, 2009), (McKewan, 2006), (Acharya and Pradhan, 2017).
The Distributed denial-of-service attack happens because of the compromised devices in
the network. These compromised devices are called botnets. These compromised devices are
used to attack a target server or network resource or server. The DDoS attacking tools are usually
send more messages, malicious packets and connection requests to the target. This method is
used to slow down the target. The attackers start to exploit a vulnerability in the network to do
the DDoS attack. The attackers use that vulnerable system or device and make it as a Master
device for doing DDoS attack. This Master device also tries to find other vulnerable systems in
the network and controls them by infecting malware in them or bypassing their authentication
controls. These newly infected devices are called ‘Slave devices’. These master and slave
devices which are controlled by an intruder are called ‘bots’ or ‘zombies’. There are many types
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
of DDoS attacks available (Widagdo and Lim, 2017). They are volume based attacks, protocol
attacks, and application layer attack. The volume-based attacks include ICMP flood, UDP flood
and other spoofed-packet floods (Balasooriya and Fernando, 2013), (Lee and Hong, 2013), (New
botnets on the prowl, 2009), (ZHANG et al., 2012), (Baker et al., 2011), (Bertino and Islam,
2017).
The unauthorized access or use of another’s computer is called ‘Cryptojacking’. This is
used to mine cryptocurrency. The attackers do this Cryptojacking either by using malicious
emails or by injected online advertisement with JavaScript code. If a computer user accidentally
clicks the malicious email or infected online advertisement, the crypto mining code is started to
load on the user’s computer (Abad, 2005), (Bradbury, 2012), (Fachkha, Bou-Harb and Debbabi,
2014), (Suganya, 2016).
Phishing is one of the cyber-attacks. It uses malicious emails as its weapon. The attacker
tricks an email recipient to believe that the malicious mail sent by the attacker is important to the
email recipient and makes them click a link in the malicious email or download the attachment in
that mail. To launch phishing campaigns, the phishing kits are very useful to the attackers. The
phishing tools and website resources are bundled in the phishing kit. This is installed on a server.
After it is installed on the server, the attacker sends malicious emails to the victims. There are
many types of phishing. They are spear phishing, whale phishing, clone phishing, vishing,
malware based phishing, deceptive phishing, key loggers and screen loggers, web Trojans,
session hijacking, DNS based phishing, data theft, content-injection phishing, search engine
phishing, man-in-the-middle phishing, system reconfiguration attacks, and snowshoeing. In a
spear phishing attack, mainly individuals and companies are targeted and the personal
information about the victims are collected. In whale phishing, the high-profile individuals,
company CEO and board members are most commonly targeted (An Efficient Way to Prevent
Dos/DDoS Attack in the Cloud Environment, 2016), (FIDA and JOVITH, 2016), (Yearwood,
Mammadov and Webb, 2011), (The Degree of Occurrence of Phishing in Indonesia, 2016).
4
attacks, and application layer attack. The volume-based attacks include ICMP flood, UDP flood
and other spoofed-packet floods (Balasooriya and Fernando, 2013), (Lee and Hong, 2013), (New
botnets on the prowl, 2009), (ZHANG et al., 2012), (Baker et al., 2011), (Bertino and Islam,
2017).
The unauthorized access or use of another’s computer is called ‘Cryptojacking’. This is
used to mine cryptocurrency. The attackers do this Cryptojacking either by using malicious
emails or by injected online advertisement with JavaScript code. If a computer user accidentally
clicks the malicious email or infected online advertisement, the crypto mining code is started to
load on the user’s computer (Abad, 2005), (Bradbury, 2012), (Fachkha, Bou-Harb and Debbabi,
2014), (Suganya, 2016).
Phishing is one of the cyber-attacks. It uses malicious emails as its weapon. The attacker
tricks an email recipient to believe that the malicious mail sent by the attacker is important to the
email recipient and makes them click a link in the malicious email or download the attachment in
that mail. To launch phishing campaigns, the phishing kits are very useful to the attackers. The
phishing tools and website resources are bundled in the phishing kit. This is installed on a server.
After it is installed on the server, the attacker sends malicious emails to the victims. There are
many types of phishing. They are spear phishing, whale phishing, clone phishing, vishing,
malware based phishing, deceptive phishing, key loggers and screen loggers, web Trojans,
session hijacking, DNS based phishing, data theft, content-injection phishing, search engine
phishing, man-in-the-middle phishing, system reconfiguration attacks, and snowshoeing. In a
spear phishing attack, mainly individuals and companies are targeted and the personal
information about the victims are collected. In whale phishing, the high-profile individuals,
company CEO and board members are most commonly targeted (An Efficient Way to Prevent
Dos/DDoS Attack in the Cloud Environment, 2016), (FIDA and JOVITH, 2016), (Yearwood,
Mammadov and Webb, 2011), (The Degree of Occurrence of Phishing in Indonesia, 2016).
4
These are the security threats which affect the modern network infrastructure mostly.
These threats can be avoided by implementing some of the prevention methods and the computer
user can avoid losses occurred due to these security threats. The prevention methods for the
above-mentioned security threats are explained below in detail (FENG et al., 2013), (Murugan
and Vivekanandan, 2015) (Primary Factor Investigation for Decreasing the Computational
Complexity of LAMSTAR DDoS, 2017), (Chaudhary et al., 2015).
Prevention Methods
The ransomware attack is prevented by implementing the followings (Green, 2017). By
educating the users about ransomware attack and give training to them to identify which is
malicious email and which is not. The files and information in the device must be backed up in a
secure way during the particular period of time. It is very helpful to the user to recover data when
the user’s device is infected with ransomware. The macros need to be secured. Update all the
application in the device frequently whenever the update is available. To prevent the device from
the ransomware attack, remove administrator rights (Hernandez-Castro, Cartwright and
Stepanova, 2017), (Ranjan et al., 2009), (Ransomware and IoT among leading threats, 2017),
(Owens, 2016), (Mansfield-Devine, 2016).
The botnets can be prevented to affect the user’s device by doing the followings. The
network should be configured to block intruders. All the applications in the device must be
updated automatically. By giving training and educating the users not to click suspicious pop-
ups, malicious emails and not to download attachments from the malicious or spam emails
(Kotenko, Konovalov and Shorov, 2011), (Ransomware menace grows as new threats emerge,
2016), (Mansfield-Devine, 2010), (Jaikumar and Kak, 2012), (Gold, 2011).
5
These threats can be avoided by implementing some of the prevention methods and the computer
user can avoid losses occurred due to these security threats. The prevention methods for the
above-mentioned security threats are explained below in detail (FENG et al., 2013), (Murugan
and Vivekanandan, 2015) (Primary Factor Investigation for Decreasing the Computational
Complexity of LAMSTAR DDoS, 2017), (Chaudhary et al., 2015).
Prevention Methods
The ransomware attack is prevented by implementing the followings (Green, 2017). By
educating the users about ransomware attack and give training to them to identify which is
malicious email and which is not. The files and information in the device must be backed up in a
secure way during the particular period of time. It is very helpful to the user to recover data when
the user’s device is infected with ransomware. The macros need to be secured. Update all the
application in the device frequently whenever the update is available. To prevent the device from
the ransomware attack, remove administrator rights (Hernandez-Castro, Cartwright and
Stepanova, 2017), (Ranjan et al., 2009), (Ransomware and IoT among leading threats, 2017),
(Owens, 2016), (Mansfield-Devine, 2016).
The botnets can be prevented to affect the user’s device by doing the followings. The
network should be configured to block intruders. All the applications in the device must be
updated automatically. By giving training and educating the users not to click suspicious pop-
ups, malicious emails and not to download attachments from the malicious or spam emails
(Kotenko, Konovalov and Shorov, 2011), (Ransomware menace grows as new threats emerge,
2016), (Mansfield-Devine, 2010), (Jaikumar and Kak, 2012), (Gold, 2011).
5
The standard method to prevent the system from DDoS attack is followed More
bandwidth must be purchased and used in the network. With load balancing, the servers must be
distributed across multiple data centers (K.Lavanya and Vinothkumar, 2012), (MASUM, 2018).
The Cryptojacking attack is prevented by installing minerBlocker, uMatrix, NoScript and
NoCoin browser extensions. Then educating and giving training to the computer users about
cyber security and safety will help to prevent the Cryptojacking. By using web security tools, the
phishing attack can be prevented. This will improve online security (Jamsa and Klander, 2002),
(Gandhi and Kumar, 2012), (Jansson and von Solms, 2013), (Hong, 2014).
Importance of secure network management in relation to ISO standards
Network management
Generally, network management is described as the process of managing the network
regarding fault and performance. The main goal of this network management is to make the
network error-free. It could be done with various tools. The security is needed for network
management (Jost and Cobb, 2002), (Kalkha, Satori and Satori, 2017).
Usually, network management contains five types of management. They are fault
management, configuration management, performance management, security management, and
accounting management. In that, Security management is needed one for network management.
The security management helps to access the service by the authorized persons. Nowadays,
cyber threats are increasing more. Hence the secure network management is needed (Reddy and
Jeba, 2014), (Joshi, 2008).
Reasons for the cyber security threats
6
bandwidth must be purchased and used in the network. With load balancing, the servers must be
distributed across multiple data centers (K.Lavanya and Vinothkumar, 2012), (MASUM, 2018).
The Cryptojacking attack is prevented by installing minerBlocker, uMatrix, NoScript and
NoCoin browser extensions. Then educating and giving training to the computer users about
cyber security and safety will help to prevent the Cryptojacking. By using web security tools, the
phishing attack can be prevented. This will improve online security (Jamsa and Klander, 2002),
(Gandhi and Kumar, 2012), (Jansson and von Solms, 2013), (Hong, 2014).
Importance of secure network management in relation to ISO standards
Network management
Generally, network management is described as the process of managing the network
regarding fault and performance. The main goal of this network management is to make the
network error-free. It could be done with various tools. The security is needed for network
management (Jost and Cobb, 2002), (Kalkha, Satori and Satori, 2017).
Usually, network management contains five types of management. They are fault
management, configuration management, performance management, security management, and
accounting management. In that, Security management is needed one for network management.
The security management helps to access the service by the authorized persons. Nowadays,
cyber threats are increasing more. Hence the secure network management is needed (Reddy and
Jeba, 2014), (Joshi, 2008).
Reasons for the cyber security threats
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Based on the analysis, here are some reasons for the cyber security threats. First one is,
no update in the working industries regarding system features. Generally, cyber breaches should
be identified immediately. According to that, lack of network monitoring is also considered as
the reason for cyber security threats. Next one is, failing to update the security patches. This will
lead the security threat. Then, the legacy usage is one of the drawbacks regarding the cyber
security. The password control needs to be monitored. Because poor passwords will lead to data
breaches. Then, mistakes of IT staff are considered as the reason for the cyber security. Also,
failure to back up the data is a major problem regarding a cyber-threat. These are the reasons for
the cyber threats. So, security is needed for network management (Farina et al., 2014), (ZHANG
and QIN, 2010), (David, 2004), (Turiel, 2011), (ZHUGE, 2008), (Erridge, 2017).
Importance of network management
Nowadays, most of the organizations are regarding their networks. Mostly, a business
relies on their networks. So, the network management tools need to be improved (Vacca, 2014).
There is a tool for managing the network which is called a network management automation tool.
Also, the information exchange must need the network to share the information with other
networks. In the world, the information systems are connected through the network. The network
also acts as a local area network, IOT and mobile communication networks (Oppliger, 2000),
(Small botnets are threat, 2006), (MacQueen and Flockhart, 2006), (IBM finds new and old
threats, 2011).
ISO standards regarding the secure network management
The network management has some functional modules regarding the standard such as
International organization for standardization. It meets the functional modules regarding secure
network management. Also, many ISO standards are created for the security of network services.
These standards are used to analyze security issues and network management requirements (Lai
7
no update in the working industries regarding system features. Generally, cyber breaches should
be identified immediately. According to that, lack of network monitoring is also considered as
the reason for cyber security threats. Next one is, failing to update the security patches. This will
lead the security threat. Then, the legacy usage is one of the drawbacks regarding the cyber
security. The password control needs to be monitored. Because poor passwords will lead to data
breaches. Then, mistakes of IT staff are considered as the reason for the cyber security. Also,
failure to back up the data is a major problem regarding a cyber-threat. These are the reasons for
the cyber threats. So, security is needed for network management (Farina et al., 2014), (ZHANG
and QIN, 2010), (David, 2004), (Turiel, 2011), (ZHUGE, 2008), (Erridge, 2017).
Importance of network management
Nowadays, most of the organizations are regarding their networks. Mostly, a business
relies on their networks. So, the network management tools need to be improved (Vacca, 2014).
There is a tool for managing the network which is called a network management automation tool.
Also, the information exchange must need the network to share the information with other
networks. In the world, the information systems are connected through the network. The network
also acts as a local area network, IOT and mobile communication networks (Oppliger, 2000),
(Small botnets are threat, 2006), (MacQueen and Flockhart, 2006), (IBM finds new and old
threats, 2011).
ISO standards regarding the secure network management
The network management has some functional modules regarding the standard such as
International organization for standardization. It meets the functional modules regarding secure
network management. Also, many ISO standards are created for the security of network services.
These standards are used to analyze security issues and network management requirements (Lai
7
and Dai, 2009), (Delimatsis, 2018). Based on the standards, five managements are listed below.
They are,
Fault management
Configuration management
Performance management
Accounting management
Security management
Fault management
According to the fault management, the faults needs to be analyzed before it affects the
end user. Here, the network management tool is used to analyze, detect and alert the
corresponding system administrator regarding the problems which affect the system operations.
The administration needs to manage the network in a correct way to avoid the faults. So, the
secure network management needs to be established (Osborne and Summitt, 2006) (Liu et al.,
2012), (Forte, 2006), (Lin and Lu, n.d.).
Configuration management
The main aim of the configuration management is to monitor and analyze the network
and system configuration details. This configuration management can manage the network
operation and hardware and software components. Also, some standards are there to make the
configuration management. The network devices will be configured by using the network
commands. This configuration management contains inventory and the software management
(Joshi, 2016), (Daraghma, 2017).
Performance management
8
They are,
Fault management
Configuration management
Performance management
Accounting management
Security management
Fault management
According to the fault management, the faults needs to be analyzed before it affects the
end user. Here, the network management tool is used to analyze, detect and alert the
corresponding system administrator regarding the problems which affect the system operations.
The administration needs to manage the network in a correct way to avoid the faults. So, the
secure network management needs to be established (Osborne and Summitt, 2006) (Liu et al.,
2012), (Forte, 2006), (Lin and Lu, n.d.).
Configuration management
The main aim of the configuration management is to monitor and analyze the network
and system configuration details. This configuration management can manage the network
operation and hardware and software components. Also, some standards are there to make the
configuration management. The network devices will be configured by using the network
commands. This configuration management contains inventory and the software management
(Joshi, 2016), (Daraghma, 2017).
Performance management
8
This management is used to analyze network performance. By this performance
management, it is able to know about the review of existing bandwidth and used network
resources. Also, it is used to make the network operate in an efficient manner. It is considered as
the essential part in the network management. Nowadays, the organization needs the
performance management. Also, this performance management has some tools regarding the ISO
standards. The service level agreements are analyzed in the performance management (Sotelo
Asef, 2018).
Accounting management
Accounting management is also considered as the functional area of the secure network
management. According to that, this management is used to control and examine the data or
resources usage. This kind of network management is used by customers to know about resource
usage. It is a process which is used to measure the network usage parameters. By using this
accounting management, the network can be regulated regarding the individual or group. It is
used for accounting purposes. It is similar to performance management. Because this accounting
management is also used to measure the network resources (Kshetri and Voas, 2017).
Security management
This security management is used for the controlling access and notifies the authorities
regarding the available resources (Castilla et al., 2014). Usually, the network devices are sharing
the messages by using the network access. This security management system can enable the
intrusion detection system and Symantec intruder alert. Usually, many products regarding
network management are used for the purpose of information sharing. So, it needs to be secured.
For that, this management has some protocols like simple network management protocol and
CMIP protocol (Ifrastructure locks us into toasty future, 2011).
9
management, it is able to know about the review of existing bandwidth and used network
resources. Also, it is used to make the network operate in an efficient manner. It is considered as
the essential part in the network management. Nowadays, the organization needs the
performance management. Also, this performance management has some tools regarding the ISO
standards. The service level agreements are analyzed in the performance management (Sotelo
Asef, 2018).
Accounting management
Accounting management is also considered as the functional area of the secure network
management. According to that, this management is used to control and examine the data or
resources usage. This kind of network management is used by customers to know about resource
usage. It is a process which is used to measure the network usage parameters. By using this
accounting management, the network can be regulated regarding the individual or group. It is
used for accounting purposes. It is similar to performance management. Because this accounting
management is also used to measure the network resources (Kshetri and Voas, 2017).
Security management
This security management is used for the controlling access and notifies the authorities
regarding the available resources (Castilla et al., 2014). Usually, the network devices are sharing
the messages by using the network access. This security management system can enable the
intrusion detection system and Symantec intruder alert. Usually, many products regarding
network management are used for the purpose of information sharing. So, it needs to be secured.
For that, this management has some protocols like simple network management protocol and
CMIP protocol (Ifrastructure locks us into toasty future, 2011).
9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ISO standards
Generally, ISO standards have a deal with the secure network management system (Joint
ISO/CIE Standard ISO 17166:1999/CIE S007/E-1998 erythema reference action spectrum and
standard erythema dose, 2000). There are many standards to provide the network service and
control access. Mostly the ISO standards are used to describe the network security concepts. It
also delivers the guidelines for the network security implementation. The networks and the
control threats are described. It also explores the knowledge regarding the secure communication
between the networks using security gateways (CABAJ, 2015).
Conclusion
The detailed discussion is made regarding network security threats. The various types of
security threats are explained. And the importance of secure network management is described.
The most common security threats in the modern network infrastructure are Ransomware, DDoS,
botnets, phishing, and Cryptojacking. These security threats are explained along with its
prevention methods. The security strategies used in preventing the network from the security
threats are also explained briefly. The importance of secured network management and some
network management concepts are also briefly explained. The second section includes the
importance of network management and the reasons for the cyber security threats. The
importance of the cyber security is explained regarding the International Organization of
Standardization. Also, the functional areas of network management are described regarding the
ISO standards. In total, five functional modules are described. They are fault management,
security management, configuring management, performance management, and account
management. Finally, the ISO standards and their specifications are explained regarding
network management.
10
Generally, ISO standards have a deal with the secure network management system (Joint
ISO/CIE Standard ISO 17166:1999/CIE S007/E-1998 erythema reference action spectrum and
standard erythema dose, 2000). There are many standards to provide the network service and
control access. Mostly the ISO standards are used to describe the network security concepts. It
also delivers the guidelines for the network security implementation. The networks and the
control threats are described. It also explores the knowledge regarding the secure communication
between the networks using security gateways (CABAJ, 2015).
Conclusion
The detailed discussion is made regarding network security threats. The various types of
security threats are explained. And the importance of secure network management is described.
The most common security threats in the modern network infrastructure are Ransomware, DDoS,
botnets, phishing, and Cryptojacking. These security threats are explained along with its
prevention methods. The security strategies used in preventing the network from the security
threats are also explained briefly. The importance of secured network management and some
network management concepts are also briefly explained. The second section includes the
importance of network management and the reasons for the cyber security threats. The
importance of the cyber security is explained regarding the International Organization of
Standardization. Also, the functional areas of network management are described regarding the
ISO standards. In total, five functional modules are described. They are fault management,
security management, configuring management, performance management, and account
management. Finally, the ISO standards and their specifications are explained regarding
network management.
10
References
Abad, C. (2005). The economy of phishing: A survey of the operations of the phishing
market. First Monday, 10(9).
Acharya, A. (2017). Internet of Things, Ransomware and Terrorism. Journal of Defense
Management, 07(01).
Acharya, S. and Pradhan, N. (2017). DDoS Simulation and Hybrid DDoS Defense
Mechanism. International Journal of Computer Applications, 163(9), pp.20-24.
Al-Hammadi, Y. and Aickelin, U. (2006). Detecting Botnets Through Log Correlation. SSRN
Electronic Journal.
Alpcan, T. and Başar, T. (2011). Network security. Cambridge: Cambridge University Press.
An Efficient Way to Prevent Dos/DDos Attack in the Cloud Environment. (2016). International
Journal of Science and Research (IJSR), 5(3), pp.829-832.
Baker, P., McQuoid, S., Thompson, J. and Jacobs, R. (2011). An audit of laryngoscopes and
application of a new ISO standard. Pediatric Anesthesia, 21(4), pp.428-434.
Balasooriya, A. and Fernando, S. (2013). Next Generation Security Framework to Detect Botnets
on Computer Networks. International Journal of Engineering and Technology, pp.257-261.
Bertino, E. and Islam, N. (2017). Botnets and Internet of Things Security. Computer, 50(2),
pp.76-79.
Bradbury, D. (2012). Fighting botnets with sinkholes. Network Security, 2012(8), pp.12-15.
11
Abad, C. (2005). The economy of phishing: A survey of the operations of the phishing
market. First Monday, 10(9).
Acharya, A. (2017). Internet of Things, Ransomware and Terrorism. Journal of Defense
Management, 07(01).
Acharya, S. and Pradhan, N. (2017). DDoS Simulation and Hybrid DDoS Defense
Mechanism. International Journal of Computer Applications, 163(9), pp.20-24.
Al-Hammadi, Y. and Aickelin, U. (2006). Detecting Botnets Through Log Correlation. SSRN
Electronic Journal.
Alpcan, T. and Başar, T. (2011). Network security. Cambridge: Cambridge University Press.
An Efficient Way to Prevent Dos/DDos Attack in the Cloud Environment. (2016). International
Journal of Science and Research (IJSR), 5(3), pp.829-832.
Baker, P., McQuoid, S., Thompson, J. and Jacobs, R. (2011). An audit of laryngoscopes and
application of a new ISO standard. Pediatric Anesthesia, 21(4), pp.428-434.
Balasooriya, A. and Fernando, S. (2013). Next Generation Security Framework to Detect Botnets
on Computer Networks. International Journal of Engineering and Technology, pp.257-261.
Bertino, E. and Islam, N. (2017). Botnets and Internet of Things Security. Computer, 50(2),
pp.76-79.
Bradbury, D. (2012). Fighting botnets with sinkholes. Network Security, 2012(8), pp.12-15.
11
CABAJ, K. (2015). Network activity analysis of CryptoWall ransomware. PRZEGLĄD
ELEKTROTECHNICZNY, 1(11), pp.203-206.
Campbell, M. (2009). Mobile botnets show their disruptive potential. New Scientist, 204(2734),
p.26.
Castilla, J., Martínez-Baz, I., Navascués, A., Fernandez-Alonso, M., Reina, G., Guevara, M.,
Chamorro, J., Ortega, M., Albéniz, E., Pozo, F., Ezpeleta, C., Primary Health Care Sentinel
Networ, C. and Network for Influenza Surveillance, C. (2014). Vaccine effectiveness in
preventing laboratory-confirmed influenza in Navarre, Spain: 2013/14 mid-season
analysis. Eurosurveillance, 19(6).
Chaudhary, S., Berki, E., Li, L. and Valtanen, J. (2015). Time Up for Phishing with Effective
Anti-Phishing Research Strategies. International Journal of Human Capital and Information
Technology Professionals, 6(2), pp.49-64.
Choudhary, M. (2018). Ransomware on Android devices. Forensic Science & Addiction
Research, 2(2).
Daraghma, R. (2017). Maximizing the Lifetime of Multi-hop Routing Protocol Using Gateway
for Wireless Sensor Networ. International Journal of Computing and Network Technology, 5(1),
pp.27-32.
David, J. (2004). New threats bring new treatments. Network Security, 2004(9), pp.12-15.
Delimatsis, P. (2018). Global Standard-Setting 2.0: How the WTO Spotlights ISO and Impacts
The Transnational Standard-Setting Process. SSRN Electronic Journal.
Erridge, T. (2017). A framework for threats. Network Security, 2017(12), p.20.
Fachkha, C., Bou-Harb, E. and Debbabi, M. (2014). On the inference and prediction of DDoS
campaigns. Wireless Communications and Mobile Computing, 15(6), pp.1066-1078.
Farina, P., Cambiaso, E., Papaleo, G. and Aiello, M. (2014). Mobile Botnets Development:
Issues and Solutions. International Journal of Future Computer and Communication, 3(6),
pp.385-390.
12
ELEKTROTECHNICZNY, 1(11), pp.203-206.
Campbell, M. (2009). Mobile botnets show their disruptive potential. New Scientist, 204(2734),
p.26.
Castilla, J., Martínez-Baz, I., Navascués, A., Fernandez-Alonso, M., Reina, G., Guevara, M.,
Chamorro, J., Ortega, M., Albéniz, E., Pozo, F., Ezpeleta, C., Primary Health Care Sentinel
Networ, C. and Network for Influenza Surveillance, C. (2014). Vaccine effectiveness in
preventing laboratory-confirmed influenza in Navarre, Spain: 2013/14 mid-season
analysis. Eurosurveillance, 19(6).
Chaudhary, S., Berki, E., Li, L. and Valtanen, J. (2015). Time Up for Phishing with Effective
Anti-Phishing Research Strategies. International Journal of Human Capital and Information
Technology Professionals, 6(2), pp.49-64.
Choudhary, M. (2018). Ransomware on Android devices. Forensic Science & Addiction
Research, 2(2).
Daraghma, R. (2017). Maximizing the Lifetime of Multi-hop Routing Protocol Using Gateway
for Wireless Sensor Networ. International Journal of Computing and Network Technology, 5(1),
pp.27-32.
David, J. (2004). New threats bring new treatments. Network Security, 2004(9), pp.12-15.
Delimatsis, P. (2018). Global Standard-Setting 2.0: How the WTO Spotlights ISO and Impacts
The Transnational Standard-Setting Process. SSRN Electronic Journal.
Erridge, T. (2017). A framework for threats. Network Security, 2017(12), p.20.
Fachkha, C., Bou-Harb, E. and Debbabi, M. (2014). On the inference and prediction of DDoS
campaigns. Wireless Communications and Mobile Computing, 15(6), pp.1066-1078.
Farina, P., Cambiaso, E., Papaleo, G. and Aiello, M. (2014). Mobile Botnets Development:
Issues and Solutions. International Journal of Future Computer and Communication, 3(6),
pp.385-390.
12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
FENG, L., HAN, Q., WANG, H. and KANG, S. (2013). Effective immune measures on P2P
botnets. Journal of Computer Applications, 32(9), pp.2617-2619.
FIDA, M. and JOVITH, A. (2016). Anti-Phishing Strategy Model for Detection of Phishing
Website in E-Banking. International Journal of Information Security and Cybercrime, 5(1),
pp.75-80.
Forte, D. (2006). Keeping up to standard – incident management in ISO 17799. Network
Security, 2006(4), pp.16-17.
Gandhi, V. and Kumar, P. (2012). A Study on Phishing: Preventions and Anti-Phishing
Solutions. International Journal of Scientific Research, 1(2), pp.68-69.
Gold, S. (2011). Taking down botnets. Network Security, 2011(5), pp.13-15.
Green, A. (2017). Ransomware and the GDPR. Network Security, 2017(3), pp.18-19.
Hernandez-Castro, J., Cartwright, E. and Stepanova, A. (2017). Economic Analysis of
Ransomware. SSRN Electronic Journal.
Hong, S. (2014). Analysis of DDoS Attack and Countermeasure: Survey. The Journal of Digital
Policy and Management, 12(1), pp.423-429.
IBM finds new and old threats. (2011). Computer Fraud & Security, 2011(10), p.20.
Ifrastructure locks us into toasty future. (2011). New Scientist, 212(2839), p.7.
Jaikumar, P. and Kak, A. (2012). A graph-theoretic framework for isolating botnets in a
network. Security and Communication Networks, 8(16), pp.2605-2623.
James, G. (2004). Malicious threats to Smartphones. Network Security, 2004(8), pp.5-7.
Jamsa, K. and Klander, L. (2002). Hacker proof. Las Vegas, NV: Thomson.
Jansson, K. and von Solms, R. (2013). Phishing for phishing awareness. Behaviour &
Information Technology, 32(6), pp.584-593.
Joint ISO/CIE Standard ISO 17166:1999/CIE S007/E-1998 erythema reference action spectrum
and standard erythema dose. (2000). Color Research & Application, 25(5), pp.385-385.
13
botnets. Journal of Computer Applications, 32(9), pp.2617-2619.
FIDA, M. and JOVITH, A. (2016). Anti-Phishing Strategy Model for Detection of Phishing
Website in E-Banking. International Journal of Information Security and Cybercrime, 5(1),
pp.75-80.
Forte, D. (2006). Keeping up to standard – incident management in ISO 17799. Network
Security, 2006(4), pp.16-17.
Gandhi, V. and Kumar, P. (2012). A Study on Phishing: Preventions and Anti-Phishing
Solutions. International Journal of Scientific Research, 1(2), pp.68-69.
Gold, S. (2011). Taking down botnets. Network Security, 2011(5), pp.13-15.
Green, A. (2017). Ransomware and the GDPR. Network Security, 2017(3), pp.18-19.
Hernandez-Castro, J., Cartwright, E. and Stepanova, A. (2017). Economic Analysis of
Ransomware. SSRN Electronic Journal.
Hong, S. (2014). Analysis of DDoS Attack and Countermeasure: Survey. The Journal of Digital
Policy and Management, 12(1), pp.423-429.
IBM finds new and old threats. (2011). Computer Fraud & Security, 2011(10), p.20.
Ifrastructure locks us into toasty future. (2011). New Scientist, 212(2839), p.7.
Jaikumar, P. and Kak, A. (2012). A graph-theoretic framework for isolating botnets in a
network. Security and Communication Networks, 8(16), pp.2605-2623.
James, G. (2004). Malicious threats to Smartphones. Network Security, 2004(8), pp.5-7.
Jamsa, K. and Klander, L. (2002). Hacker proof. Las Vegas, NV: Thomson.
Jansson, K. and von Solms, R. (2013). Phishing for phishing awareness. Behaviour &
Information Technology, 32(6), pp.584-593.
Joint ISO/CIE Standard ISO 17166:1999/CIE S007/E-1998 erythema reference action spectrum
and standard erythema dose. (2000). Color Research & Application, 25(5), pp.385-385.
13
Joshi, A. (2016). Secure Reliable Reactive Routing Enhancement In Wireless Sensor
Networ. International Journal Of Engineering And Computer Science.
Joshi, J. (2008). Network security. Burlington, MA, USA: Morgan Kaufmann.
Jost, M. and Cobb, M. (2002). IIS security. New York: McGraw-Hill/Osborne.
K.Lavanya, S. and Vinothkumar, B. (2012). DDoS Traffic Verification Algorithm for Legitimate
Clients Identification in Distributed Denial of Service (DDoS) Attacks. International Journal of
Computer Applications, 50(4), pp.34-37.
Kotenko, I., Konovalov, A. and Shorov, A. (2011). Agent-based simulation of cooperative
defence against botnets. Concurrency and Computation: Practice and Experience, 24(6), pp.573-
588.
Kshetri, N. and Voas, J. (2017). Do Crypto-Currencies Fuel Ransomware?. IT Professional,
19(5), pp.11-15.
Lai, Y. and Dai, R. (2009). The implementation guidance for practicing network isolation by
referring to ISO-17799 standard. Computer Standards & Interfaces, 31(4), pp.748-756.
Lee, J. and Hong, C. (2013). Nonparametric Detection Methods against DDoS Attack. Korean
Journal of Applied Statistics, 26(2), pp.291-305.
Lin, X. and Lu, R. (n.d.). Vehicular ad hoc network security and privacy.
Liu, H., Zhang, H., Xu, W. and Yang, Y. (2012). A New Secure Strategy for Small-Scale IEEE
802.11 Wireless Local Area Networ. International Journal of Wireless and Microwave
Technologies, 2(4), pp.21-27.
MacQueen, N. and Flockhart, T. (2006). European security after Iraq. Leiden: Brill.
Macrae, A. (2013). Identifying threats in real time. Network Security, 2013(11), pp.5-8.
Mansfield-Devine, S. (2010). Battle of the botnets. Network Security, 2010(5), pp.4-6.
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security,
2016(10), pp.8-17.
14
Networ. International Journal Of Engineering And Computer Science.
Joshi, J. (2008). Network security. Burlington, MA, USA: Morgan Kaufmann.
Jost, M. and Cobb, M. (2002). IIS security. New York: McGraw-Hill/Osborne.
K.Lavanya, S. and Vinothkumar, B. (2012). DDoS Traffic Verification Algorithm for Legitimate
Clients Identification in Distributed Denial of Service (DDoS) Attacks. International Journal of
Computer Applications, 50(4), pp.34-37.
Kotenko, I., Konovalov, A. and Shorov, A. (2011). Agent-based simulation of cooperative
defence against botnets. Concurrency and Computation: Practice and Experience, 24(6), pp.573-
588.
Kshetri, N. and Voas, J. (2017). Do Crypto-Currencies Fuel Ransomware?. IT Professional,
19(5), pp.11-15.
Lai, Y. and Dai, R. (2009). The implementation guidance for practicing network isolation by
referring to ISO-17799 standard. Computer Standards & Interfaces, 31(4), pp.748-756.
Lee, J. and Hong, C. (2013). Nonparametric Detection Methods against DDoS Attack. Korean
Journal of Applied Statistics, 26(2), pp.291-305.
Lin, X. and Lu, R. (n.d.). Vehicular ad hoc network security and privacy.
Liu, H., Zhang, H., Xu, W. and Yang, Y. (2012). A New Secure Strategy for Small-Scale IEEE
802.11 Wireless Local Area Networ. International Journal of Wireless and Microwave
Technologies, 2(4), pp.21-27.
MacQueen, N. and Flockhart, T. (2006). European security after Iraq. Leiden: Brill.
Macrae, A. (2013). Identifying threats in real time. Network Security, 2013(11), pp.5-8.
Mansfield-Devine, S. (2010). Battle of the botnets. Network Security, 2010(5), pp.4-6.
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security,
2016(10), pp.8-17.
14
MASUM, E. (2018). Mobil BOTNET İle DDOS Saldırısı. Bilişim Teknolojileri Dergisi.
McKewan, A. (2006). Botnets – zombies get smarter. Network Security, 2006(6), pp.18-20.
Mtibaa, A., Harras, K. and Alnuweiri, H. (2015). From botnets to MobiBots: a novel malicious
communication paradigm for mobile botnets. IEEE Communications Magazine, 53(8), pp.61-67.
Murugan, A. and Vivekanandan, K. (2015). XSD DDoS Trace Handler in Web Service
Environment. Journal of Software, 10(9), pp.1086-1095.
New botnets on the prowl. (2009). Network Security, 2009(1), p.2.
Oppliger, R. (2000). Security technologies for the World Wide Web. Boston, MA: Artech House.
Osborne, M. and Summitt, P. (2006). How to cheat at managing information security. Rockland,
MA: Syngress.
Owens, B. (2016). 'Ransomware' cyberattack highlights vulnerability of universities. Nature.
Primary Factor Investigation for Decreasing the Computational Complexity of LAMSTAR
DDoS. (2017). International Journal of Science and Research (IJSR), 6(12), pp.1757-1761.
Ranjan, S., Swaminathan, R., Uysal, M., Nucci, A. and Knightly, E. (2009). DDoS-Shield:
DDoS-Resilient Scheduling to Counter Application Layer Attacks. IEEE/ACM Transactions on
Networking, 17(1), pp.26-39.
Ransomware and IoT among leading threats. (2017). Network Security, 2017(9), p.2.
Ransomware menace grows as new threats emerge. (2016). Network Security, 2016(8), pp.1-2.
Reddy, N. and Jeba, L. (2014). Lifetime Maximization in Wireless Sensor Networ. International
Journal of Engineering Trends and Technology, 9(5), pp.218-222.
Small botnets are threat. (2006). Network Security, 2006(4), p.20.
Sotelo Asef, J. (2018). La planeación de la auditoría en un sistema de gestión de calidad tomando
como base la norma ISO 19011:2011 / ISO 19001:2011 standard planning of the audit in a
system of quality management on the basis of standard ISO 19011:2011. RIDE Revista
Iberoamericana para la Investigación y el Desarrollo Educativo, 8(16), p.97.
15
McKewan, A. (2006). Botnets – zombies get smarter. Network Security, 2006(6), pp.18-20.
Mtibaa, A., Harras, K. and Alnuweiri, H. (2015). From botnets to MobiBots: a novel malicious
communication paradigm for mobile botnets. IEEE Communications Magazine, 53(8), pp.61-67.
Murugan, A. and Vivekanandan, K. (2015). XSD DDoS Trace Handler in Web Service
Environment. Journal of Software, 10(9), pp.1086-1095.
New botnets on the prowl. (2009). Network Security, 2009(1), p.2.
Oppliger, R. (2000). Security technologies for the World Wide Web. Boston, MA: Artech House.
Osborne, M. and Summitt, P. (2006). How to cheat at managing information security. Rockland,
MA: Syngress.
Owens, B. (2016). 'Ransomware' cyberattack highlights vulnerability of universities. Nature.
Primary Factor Investigation for Decreasing the Computational Complexity of LAMSTAR
DDoS. (2017). International Journal of Science and Research (IJSR), 6(12), pp.1757-1761.
Ranjan, S., Swaminathan, R., Uysal, M., Nucci, A. and Knightly, E. (2009). DDoS-Shield:
DDoS-Resilient Scheduling to Counter Application Layer Attacks. IEEE/ACM Transactions on
Networking, 17(1), pp.26-39.
Ransomware and IoT among leading threats. (2017). Network Security, 2017(9), p.2.
Ransomware menace grows as new threats emerge. (2016). Network Security, 2016(8), pp.1-2.
Reddy, N. and Jeba, L. (2014). Lifetime Maximization in Wireless Sensor Networ. International
Journal of Engineering Trends and Technology, 9(5), pp.218-222.
Small botnets are threat. (2006). Network Security, 2006(4), p.20.
Sotelo Asef, J. (2018). La planeación de la auditoría en un sistema de gestión de calidad tomando
como base la norma ISO 19011:2011 / ISO 19001:2011 standard planning of the audit in a
system of quality management on the basis of standard ISO 19011:2011. RIDE Revista
Iberoamericana para la Investigación y el Desarrollo Educativo, 8(16), p.97.
15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Suganya, V. (2016). A Review on Phishing Attacks and Various Anti Phishing
Techniques. International Journal of Computer Applications, 139(1), pp.20-23.
The Degree of Occurrence of Phishing in Indonesia. (2016). International Journal of Technology
and Engineering Studies, 2(5).
Turiel, A. (2011). IPv6: new technology, new threats. Network Security, 2011(8), pp.13-15.
Twitter commands DIY botnets. (2010). Network Security, 2010(5), p.20.
Vacca, J. (2014). Network and system security. Amsterdam: Syngress.
Widagdo, G. and Lim, C. (2017). Analysis of Hybrid DDoS Defense to Mitigate DDoS
Impact. Advanced Science Letters, 23(4), pp.3633-3639.
Yearwood, J., Mammadov, M. and Webb, D. (2011). Profiling phishing activity based on
hyperlinks extracted from phishing emails. Social Network Analysis and Mining, 2(1), pp.5-16.
Zeidanloo, H., Hosseinpour, F. and Etemad, F. (2010). New Approach for Detection of IRC and
P2P Botnets. International Journal of Computer and Electrical Engineering, pp.1029-1038.
ZHANG, J. and QIN, Z. (2010). Modified method of detecting DDoS attacks based on
entropy. Journal of Computer Applications, 30(7), pp.1778-1781.
ZHANG, Y., XIAO, J., YUN, X. and WANG, F. (2012). DDoS Attacks Detection and Control
Mechanisms. Journal of Software, 23(8), pp.2058-2072.
ZHUGE, J. (2008). Research and Development of Botnets. Journal of Software, 19(3), pp.702-
715.
16
Techniques. International Journal of Computer Applications, 139(1), pp.20-23.
The Degree of Occurrence of Phishing in Indonesia. (2016). International Journal of Technology
and Engineering Studies, 2(5).
Turiel, A. (2011). IPv6: new technology, new threats. Network Security, 2011(8), pp.13-15.
Twitter commands DIY botnets. (2010). Network Security, 2010(5), p.20.
Vacca, J. (2014). Network and system security. Amsterdam: Syngress.
Widagdo, G. and Lim, C. (2017). Analysis of Hybrid DDoS Defense to Mitigate DDoS
Impact. Advanced Science Letters, 23(4), pp.3633-3639.
Yearwood, J., Mammadov, M. and Webb, D. (2011). Profiling phishing activity based on
hyperlinks extracted from phishing emails. Social Network Analysis and Mining, 2(1), pp.5-16.
Zeidanloo, H., Hosseinpour, F. and Etemad, F. (2010). New Approach for Detection of IRC and
P2P Botnets. International Journal of Computer and Electrical Engineering, pp.1029-1038.
ZHANG, J. and QIN, Z. (2010). Modified method of detecting DDoS attacks based on
entropy. Journal of Computer Applications, 30(7), pp.1778-1781.
ZHANG, Y., XIAO, J., YUN, X. and WANG, F. (2012). DDoS Attacks Detection and Control
Mechanisms. Journal of Software, 23(8), pp.2058-2072.
ZHUGE, J. (2008). Research and Development of Botnets. Journal of Software, 19(3), pp.702-
715.
16
1 out of 17
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.