Cybersecurity Report: CMP71001, Southern Cross University, S3 2019

Verified

Added on 2022/08/17

AI Summary

This report, prepared for Southern Cross University, addresses critical cybersecurity concerns. It begins by evaluating the current password-based authentication system and the risks introduced by the Bring Your Own Device (BYOD) policy, including malware, untrusted operating systems, and network vulnerabilities. The report then explores the advantages of certificate-based authentication as a more secure alternative. It analyzes the threats posed by spamming attacks and provides recommendations for implementing anti-spam guidelines. The report also assesses the risks associated with BYOD, such as malicious software installation, the use of untrusted operating systems and applications, and the exploitation of untrusted networks. The report emphasizes the importance of digital certificates in verifying user identities and securing data transmissions. It highlights the benefits of certificate-based authentication, including its user-friendliness, excellent access control, and mutual authentication capabilities. Finally, the report emphasizes how the implementation of certificate-based authentication will help the university protect its data and restrict unauthorized access to sensitive information.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
Name of the Student
Name of the university
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
Table of Contents
Introduction................................................................................................................................2
Background................................................................................................................................2
BYOD risk assessment...............................................................................................................3
Certificate-based authentication.................................................................................................5
Spamming attack........................................................................................................................7
Anti-spam guideline...................................................................................................................9
Conclusion..................................................................................................................................9
References................................................................................................................................11

2IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
Introduction
Information is a significant aspect and is associated with power, armed conflict as
well as diplomacy. With the proliferation of information and communication technology the
importance of information has increased. The security of the informations needs to be strong
so that data breaches can be avoided. The discourse of cyber security is dynamic as there has
been a constant evolution of information infrastructure. In every organization there is a
growing need to secure the sensitive informations. Organizations are adopting many new
ways to enhance their security and the growing number of data breaches demand for more
strong security. The importance of frequent updates to the existing security systems will be
evaluated in the paper. Data confidentiality is one of the main problems in the world of
internet and thus proper security measures should be there in place to prevent data breaches.
In this paper, various aspects of cyber security will be analyzed by referring to the security
measures at Southern Cross University. The current security system being used by the
university and recent implementation of some policies will be analyzed. The new
improvements done to the existing system will be compared with the previous ones so that a
clear idea can be made about the security.
Background
Southern Cross University wants to bring in some improvements in the security
focusing mainly on controlling the access of users to the information system of the university.
At present, the university makes use of password based authentication system. Recently it has
come up with the policy of Bring Your Own Device (BYOD). The various risks from the
BYOD policy need to be assessed. The current password-based authentication system can be
replaced by modern technologies such as Certificate-Based Authentication. The university is
facing the maximum threat from Spamming. There are many benefits of BYOD that include

3IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
increase in efficiency to control costs related to provisioning a student body. At the students’
end it will be beneficial and they will get the facility of using the services on their own
personal gadgets such as smart phones and other devices. The main concern in this case will
be the security to the information system of the university. The confidentiality of data and
saving it from misuse is an important factor as at present times information is considered as
weapons that can destroy systems. The security measures that can certainly be adopted by the
university are certificate-based authentication. This type of authentication system refers to the
use of Digital Certificates that help in identifying any user, device or even a machine. These
are given access to a certain resource, application or a network only if their authenticity is
proved. This method is in general deployed with old methods like username and password.
The integration of the certificate based authentication with traditional methods makes them
more effective. The university receives the maximum threat from spam messages thus this
can be analyzed by making use of Spam Act 2003. In order to understand the spamming
attack it is necessary to understand the definition of spam and its characteristics. Cyber
security consultant is required to analyze the present situations at the university. Being the
cyber security consultant it is required that both the perspective of that of an attacker as well
as defender should be there. This dual thought process will help in understanding the
situation at the university. The risks related to BYOD will be assessed and the advantages
that certificate based authentication can provide needs to be analyzed. The anti-spam
guideline will help the university to tackle that issue in a proper way. The university can
follow the guideline to mitigate the issues they are facing for the same.
BYOD risk assessment
BYOD refers to those technologies, policies or associated concepts in which the
students of the university are permitted to access the internal IT resources that include
databases, applications from their personal devices such as smartphones, laptops and other

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
devices as well (Bratthall Tideman and Lindström 2018). BYOD has been adopted by
universities and organizations widely and this supports the smart work environment. But
BYOD comes laced with certain risks as well as hidden costs. These security risks and the
hidden costs need to be considered before any organization or university adopts the same.
The risks associated with BYOD include loss of data, leakage or even theft of sensitive data.
BYOD creates various challenges for ICT professionals who are responsible for the safety of
organizations’ information (Dhingra 2016). The security along with the privacy risks that the
university can face for implementing BYOD are as follows:
1. Malicious software can be installed on BYOD- As per the research done by (), college
and university students use social media very often and they can be said to be addicted to the
same. They are used to check notifications on the social networking sites such as YouTube,
Twitter and Facebook. This can inject malwares and other viruses that include Wildfire into
the system of the student. These malware and viruses if downloaded accidentally will not
only affect the device of the student but has high chances to get spread into the entire network
of the organization in just a fraction of seconds. Examples of some common mobile malwares
are Dream Droid and DroidKungfu (Giotopoulos, K.C., Halkiopoulos, Papadopoulos and
Antonopoulou 2019). These lure the users and make them click on certain malicious links
thus installing malicious payloads into their system. BYOD can be an easy target for the
hackers and they can easily fool the students by making use of emails and web accounts using
the information gained from the same to spoof the mails of the university and get details of
bank accounts. Hence there are high chances that students become the victim of phishing
scams that in turn will download malware or ransomeware into the university’s system.
2. Using untrusted operating system and applications- Hacker culture has risen in the
youth and as per this culture they have also become tech-savvy. The students can disable the
security feature if the operating system by making use of techniques such as jailbreaking and

5IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
rooting. This will help them to install as well as upgrade their operating system free of cost
which is otherwise restricted and illegal. Unauthorized programs can be installed on the
mobile devices through jailbreaking and rooting that in turn can inject malware to the device.
The campus network has high chances to get affected from this malware when the student
connects his device to this network (Ratchford 2018). There have been many instances in
universities and organizations where students intended to bypass the proxy servers of the
university to access all those sites that are blocked by admin. They do this through mobile
VPN and some among them install new applications that include games, P2P video streaming
applications that are restricted within the campus.
3. Making use of untrusted networks- Forwarding emails to the public Web mail services
over cellular networks via BYOD, synchronizing academic documents by making use of
public cloud-based storage services such as Dropbox, Google Docs and many more result in
leakage of sensitive data. The university can be victim of Wi-Fi hijacking and Bluejacking.
Wi-Fi hijacking can take place when a cyber criminal intercepts communications in between
smartphones and Wi-Fi hotspots that are not secured properly. In this case the hacker gets
access to an individual’s username, his passwords which are really sensitive information.
Certificate-based authentication
Certificate-based authentication makes use of public key cryptography along with
digitalized certificates to prove the authenticity of a user. It is an electronic form containing
identification data, digital signature along with public key of an authority that is derived from
private key of the certification authority (Farooq, Hussain, Kiran, and Ustun 2018). A user
who wants to access the system needs to provide his digital certificate containing the public
key along with signature of certification authority. After the user provides digital certificate,
the server needs to confirm its validity as well as check whether it has been issued by a

6IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
genuine authority (O'Neill et al. 2017). Then the user is recognized by the server through
public key cryptography so that it can be confirmed that user is in possession of private key
linked to the certificate. Certificate based authentication can be made use of for different
endpoints that include users and Internet of Things as well.
The certificate based authentication is a practice of digital certificate that helps to
identify a user. This authentication is collaborated with the traditional authentication process.
The certificate based authentication utilizes public key cryptography along with digital
certificate with the purpose to identify the authenticate user (Patil et al. 2018). Followed by
this process the server will check validity of the user and then it will identify and allow the
certified user for further process.
While analyzing the mechanism of certificate based authentication process it is
identified that initially the user signs the data and send it to the receiver. Followed by this
both of them will certificate the data. Making allowance to this concern it is identified that
user based of the signed data. Considering this aspect it is identified that initially the user will
enter the private key password then it will send digital signature (Prasad and Manoharan
2017). Followed by this the client will the send the certified data to the network server then
the server will use the certificate and identify the user. And lastly the server authenticates the
access of the user transition.
Considering the above identification it is observed that this authentication is mostly
used to protect the organizational data as well as data transition. Based on this identification a
huge significance of the Certificate based authentication is identified into the university
infrastructure. As the university server consist several significant information about the
students as well as the operations of the university. Making allowance to this concern it is
also identified that in the organizational network the gathered data consist a numerous

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
important data which needs to be handled with highest priority (Verma, Kumar and Sinha
2016). While analyzing this concern it is observed that certificate based authentication is of
the easy process to deploy, user friendly, excellent access control as well as mutual
authentication process that effectively protects the organizational transactions.
From this it can be said that in university infrastructure the application of certificate
based authentication will definitely help the university to protect their data. As it is discussed
earlier certificate based authentication process can be used with the traditional authentication
process. It can be stated that the in the university infrastructure the certificate based
authentication process will be applied in such way that the transactions will be performed
based on mutual authentication. Along with this it is identified that the nominated
authentication process has a vast application are by which it can restrict the access of email,
data as well as other services (O'Neill et al. 2017). Making allowance to this concern it can be
stated that the university can use this authentication process with the purpose to restrict their
data and whenever there is any request of data access the administrator will verify the identity
of the data and then it will allow data access to the authenticate users. After completion of
this study it can be stated that the university will be able to restrict their operations as well as
the data with proper deployment of the Certificate Based Authentication process.
Spamming attack
Spam is unwanted and unsolicited digital communication often in form of a email that
is sent in bulk. It is wastage of time as well as resources. The internet service providers are
responsible to carry and store data. In this case when the hackers are unable to steal the data
bandwidth from ISPs they do it from individual hackers. They hack computers and at the
same time enslave them in the form of zombie botnet. Software providers have to invest a lot
of resources to create email applications that can effectively filter out the spam messages.

8IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
Consumers waste time sifting through whatever makes it past the spam filters. Spammers
blog the inbox of the users and this is considered as the one of the most threatening to the
consumers (Faris et al. 2019). There are several types of spam and among all famous is the
marketing spam. The cybercriminals can break into the online accounts and steal data as well
as spread malware. The Spam Act 2003 was passed by Australian Parliament in the year 2003
to regulate the commercial emails along with other type of e- messages. This Act restricts
spam, specifically e-mail spam and some of the types of phone spam. There are many
exemptions to this as well. This Act came into force on 12 December 2003 and on this act
they act received Royal Assent. The portions of the Act that were left came into force on 10th
of April, 2004 (Li, Qin, Ren and Liu 2017). The primary points of the act are as follows:
1. Unsolicited commercial e-messages should not be sent. The message can be sent only if it
is designated commercial electronic message that has been defined in Schedule 1 of the Spam
Act.
2. Commercial electronic messages need to include the information related to individual or
the organization who has given the authority to send the message (Kumar, Gao, Welch and
Mansoori 2016).
Spam e-mail both directly as well as indirectly has many privacy concerns for the users. The
students of the university can be bluffed to click on the spam messages and these spam
messages can inculcate malware to the network.
Risks Probability Impact
Injection of malware High Worst
Stealing of university data High Worst
Illegal OS usage Medium Bad
Unauthorized access to
university systems
High Worse
Risks from BYOD High Bad
Spam attacks High Worst

9IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
Risk Assessment Table
Anti-spam guideline
Following are the some of the guidelines that can be used as the anti-SPAM
guidelines
The university should Implement rate Limits on Outbound Email Traffic coming to the
internet: It is suggested to the university to maintain a upper limit or cap on the number of
outgoing mails that are being sent from an IP address inside its network at any given point of
time (Shaykevich 2018). The users may ask the administrators in order to raise imposed limit
by providing legitimate reasons for the same.
Limit the number of mails Received: The University should try to protect the mail accounts
from being used storage for spam replies. This can be achieved by enforcing a limit on the
receiving emails by the university user accounts (Gregory 2015).
Content Analysis of the mails: Depending on the current legislation in the country the
university should try using the content analysis for the inbound as well as outbound e-mails.
Depending upon the apprehensive characteristics of the mail legitimate and spam mails can
be segregated and dropped through the use of the spam filters. For this there are multiple
techniques are available that can be used such as Lexical analysis, keyword analysis,
Heuristics analysis, Header/Subject analysis as well as URL analysis (Basto-Fernandes et al.
2016)
Conclusion
From the above discussion it is clear that the university has to follow the guidelines of
BYOD policy so that the risks can be handled properly. The Anti-Spam guideline needs to be
followed. The university is facing spamming risks maximum of the time and thus it is
considered as the most threatening risk. The students should be given strict instructions that

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
they should not click on any other messages other than that which have been sent from the
authority of the university. The main problem in this scenario is that the implementation of
BYOD has made the university vulnerable to many risks and this can result in the crash of the
network at the same time introducing many malwares and viruses to the system.

11IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
References
Basto-Fernandes, V., Yevseyeva, I., Méndez, J.R., Zhao, J., Fdez-Riverola, F. and Emmerich,
M.T., 2016. A spam filtering multi-objective optimization study covering parsimony
maximization and three-way classification. Applied Soft Computing, 48, pp.111-123.
Bratthall Tideman, J. and Lindström, J., 2018. Key components when utilising BYOD within
organisations-A framework for developing the BYOD policy.
Dhingra, M., 2016. Legal issues in secure implementation of bring your own device (BYOD).
Procedia Computer Science, 78(C), pp.179-184.
Faris, H., Ala’M, A.Z., Heidari, A.A., Aljarah, I., Mafarja, M., Hassonah, M.A. and Fujita,
H., 2019. An intelligent system for spam detection and identification of the most relevant
features based on evolutionary random weight networks. Information Fusion, 48, pp.67-83.
Farooq, S.M., Hussain, S.M., Kiran, S. and Ustun, T.S., 2018. Certificate based
authentication mechanism for PMU communication networks based on IEC 61850-90-5.
Electronics, 7(12), p.370.
Giotopoulos, K.C., Halkiopoulos, C., Papadopoulos, D. and Antonopoulou, H., 2019.
Towards bring your own device marketing policy. International Journal of Technology
Marketing, 13(2), pp.156-164.
Gregory, P., 2015. CISSP guide to security essentials. Cengage Learning.
Kigerl, A.C., 2018. Email spam origins: does the CAN SPAM act shift spam beyond United
States jurisdiction?. Trends in Organized Crime, 21(1), pp.62-78.

12IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
Kumar, S., Gao, X., Welch, I. and Mansoori, M., 2016, March. A machine learning based
web spam filtering approach. In 2016 IEEE 30th International Conference on Advanced
Information Networking and Applications (AINA) (pp. 973-980). IEEE.
Li, L., Qin, B., Ren, W. and Liu, T., 2017. Document representation and feature combination
for deceptive spam review detection. Neurocomputing, 254, pp.33-41.
O'Neill, M., Heidbrink, S., Ruoti, S., Whitehead, J., Bunker, D., Dickinson, L., Hendershot,
T., Reynolds, J., Seamons, K. and Zappala, D., 2017. Trustbase: an architecture to repair and
strengthen certificate-based authentication. In 26th {USENIX} Security Symposium
({USENIX} Security 17) (pp. 609-624).
O'Neill, M., Heidbrink, S., Ruoti, S., Whitehead, J., Bunker, D., Dickinson, L., Hendershot,
T., Reynolds, J., Seamons, K. and Zappala, D., 2017. Trustbase: an architecture to repair and
strengthen certificate-based authentication. In 26th {USENIX} Security Symposium
({USENIX} Security 17) (pp. 609-624).
Patil, M.S., Megharaj, P.R., Sindhu, V., Sushma, H.S. and Sowmya, M., 2018. Secured
Certificate Based Authentication. In 3rd National Conference on Image Processing,
Computing, Communication, Networking and Data Analytics (p. 148).
Prasad, M. and Manoharan, R., 2017, January. A secure certificate based authentication to
reduce overhead for heterogeneous wireless network. In 2017 4th International Conference
on Advanced Computing and Communication Systems (ICACCS) (pp. 1-5). IEEE.
Ratchford, M.M., 2018. BYOD: A Security Policy Evaluation Model. In Information
Technology-New Generations (pp. 215-220). Springer, Cham.
Shaykevich, A., 2018. The King of the CASL: Canada's Anti-Spam Law Invades the United
States. Brook. L. Rev., 84, p.1321.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13IMPORTANCE OF CYBERSECURITY IN UNIVERSITIES
Verma, U.K., Kumar, S. and Sinha, D., 2016, March. A secure and efficient certificate based
authentication protocol for MANET. In 2016 International Conference on Circuit, Power
and Computing Technologies (ICCPCT) (pp. 1-7). IEEE.
Wang, X., Kang, Q., An, J. and Zhou, M., 2019. Drifted Twitter Spam Classification Using
Multiscale Detection Test on KL Divergence. IEEE Access, 7, pp.108384-108394.