Cyber Security Controls for Effective Cyber Defense - Analysis Report

Verified

Added on 2021/04/21

AI Summary

This report provides a comprehensive analysis of cyber security controls and cyber defense strategies. It begins with an introduction to cyber security, defining its role in protecting data from cybercrimes and attacks. The report then delves into key concepts such as Confidentiality, Integrity, and Availability (CIA) and Authentication, Authorization, and Accounting (AAA). It explores various cyber security attacks, including malware, system failures, and social engineering, and discusses preventive measures like anti-malware software, authentication, data backup, and encryption. The report also covers different types of hackers, malware forms, operating system hardening, virtualization, application security, and network security, including VLANs and cloud security. Furthermore, it addresses server defense, Denial of Service (DoS) attacks, network threats, firewalls, intrusion detection, and unified threat management (UTM). The report also examines authentication models, risk and vulnerability management, cryptography, encryption, and Public Key Infrastructure (PKI). It concludes by identifying issues and concerns in the evolving cyber threat landscape and suggests areas for improvement, such as the integration of Artificial Intelligence and improved patching and testing. The report emphasizes the importance of proactive measures and user awareness for enhanced security and protection.

Controls for Effective Cyber Defense
Cyber Security
3/9/2018

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security
Table of Contents
Introduction...........................................................................................................................................2
Analysis & Reflection...........................................................................................................................2
Learning Outcomes...........................................................................................................................2
Issues & Concerns.............................................................................................................................5
Areas of Improvement.......................................................................................................................5
Conclusion.............................................................................................................................................6
References.............................................................................................................................................7
1

Cyber Security
Introduction
Cyber Security is a term that refers to the utilization of protocols, tools, and techniques to
protect the data from cybercrimes and attacks. The course covers various aspects of cyber
security and cyber defense and the same have been analysed to reflect upon and to assess the
learnings, issues and areas of improvement.
Analysis & Reflection
Learning Outcomes
Confidential, Integrity, and Availability (CIA) are the three primary information properties
that are the most significant and are attacked by the malevolent entities. Authentication,
Authorization, and Accounting (AAA) are the three primary measures for access control to
the data sets (Nweke, 2017). Some of the most frequently occurring cyber security attacks
include malware attacks, system failure, unauthorized access, and social engineering issues
that may be prevented and detected by anti-malware software, authentication measures, data
backup, encryption, and data removal. The course provided an insight in the various types of
hacker, such as White hats, Black hats, Grey hats, Elite hats, and Blue hats out of which
Black hats are the most common.
The various forms of malware, such as viruses, worms, logic bombs, ransomware, Trojan
horses, etc. enter the systems and data through software, messaging, interception, and other
channels (Chen et al., 2012). There are measures, such as anti-malware software, intrusion
detection systems, and firewalls shall be used to detect and prevent the malware attacks.
Authentication and data encryption are the two most popular measures for the protection of
hardware and mobile devices.
Operating System hardening is the process of bringing down the attack surface by eliminating
the unwanted services and functions. There shall also be frequent updates that must be
installed as critical, windows, and driver updates. There are patches that are developed to fix
specific software functionality. The rules and protocols shall be monitored through group
policies and templates and the networking changes shall be managed through configuration
baselines. New Technology File System (NTFS) is a file system that offers benefits over the
age old FAT32 system in terms of security, backups, encryption, logging, and partitioning.
The convert command is used to convert the file system from FAT32 to NTFS (Rusbarsky,
2

Cyber Security
2012). These days multiple operating systems are virtually hosted by a single machine and
the process is termed as virtualization.
Application security shall be ensured with the analysis and updates of the local computer
policy of the web browser. Security protocols, such as Secure HTTP (HTTPS) must be used
along with proxy servers. ActiveX controls, cookies, and security zones must be altered to
secure settings through browser setting of Internet Explorer. Use of strong passwords, digital
certificates and encryption, and read only permissions shall be set up for other applications.
There are numerous testing processes that shall be carried out to ensure application security,
such as black box testing, white box testing, validation of inputs, and likewise.
The use of Virtual Local Area Networks (VLANs) shall be promoted for enhanced network
security as it offers advanced security features as VLAN hopping for avoiding spoofing and
tagging attacks. The cloud security shall be ensured through string authentication, access
control, and encryption measures (Yu, Rexford, Sun, Rao & Feamster, 2011). Server scans,
monitoring, encryption, multi-fold authentication, access control, password security, and
hardware-based firewalls are some of the measures for server defense.
Denial of Service (DoS) is the most frequently occurring network security attack that breaks
down the service by launching unwanted traffic and may be launched in the form as SYN
flood, Smurf attack, Ping flood, Ping of death and others (Kumar, 2016). Impersonation and
masquerading attacks, such as phishing and spoofing, hijacking attacks, such as session
hijacking, session theft, and man in the middle attack are some of the most popular network
threats.
Firewalls and Proxy Servers filter the network access requests and allow only the ones that
are secure to pass through. Honeypots and Honeynets also perform access control by filtering
the network access. Content inspection is carried out through network/endpoint/storage based
Data Loss Prevention (DLP). Network-based Intrusion Detection (NIDS) detects the network
attacks and Network-based Intrusion Prevention System (NIDS) inspects the network
elements for prevention. All of these measures are combined to form Unified Threat
Management (UTM).
There are network-related vulnerabilities exist that are utilized by the malevolent entities to
give shape to the networking attacks. These may exist in network devices, cable media,
access points and wireless transmission media.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security
The use of multiple authentication measures combined as one, and Single Sign on (SSO)
shall be used as authentication models. Lightweight Directory Access Protocol (LDAP),
mutual authentication, remote desktop access shall also be used for enhanced authentication.
Web-based authentication makes use of captive portals. Virtual Private Network (VPN) is a
connection between two or more system that may be one different private networks and it is
one of the widely used remote authentication technology (Kim & Yang, 2010).
The users and groups must be provided with controlled permissions and access shall be
controlled through Access Control Lists (ACLs), strong user credentials and use of measures
as role-based access control, attribute-based access control, and likewise.
Risk and vulnerability management involves steps as identification, analysis, evaluation,
treatment, monitoring, and closure. Active, passive or fingerprinting are the security analysis
techniques that may be used to apply security controls, as management, operational,
preventive, detective, corrective, or technical (Nirupama, 2012). Simulation of multiple
attacks is carried out to execute penetration testing. Malicious entities carry out password
analysis through guessing, dictionary attacks, Brute Force attacks, and cryptanalysis attacks.
Networking monitoring and evaluation must be carried out for preventing and controlling
network attacks. Protocol analysers as Wireshark and Network Monitor and analytical tools
shall be used for advanced network analysis.
Cryptography and encryption are the measures that must be used for data protection and
disaster recovery. There may be symmetric key algorithms, as Data Encryption Standard
(DES), 3-DES, Advanced Encryption Standard (AES), and Rivest Cipher (RC) that may be
applied or asymmetric algorithms as RSA, Diffie-Hellman, and Elliptic Curve Cryptography
(ECC) that may be applied. Hash functions covert the variable sized data in smaller blocks
and are used for enhanced security. These may be applied as Secure Hashing Algorithms
(SHA), Message-Digest Algorithms (MDA), and many others (Singh & Supriya, 2013).
Public Key Infrastructure (PKI) is set of processes, policies, and methods to distribution,
storage, use, management, and revoking of digital certificates and public key encryption
(Albarqi, Alzaid, Ghamdi, Asiri & Kar, 2015). There are Certificate Authorities that have
been set-up for the management and handling of certification. These include Registration
Authorities (RA), Certificate Revocation List (CRL), Online Certificate Status Protocol
(OCSP, etc. Internet Protocol Security (IPsec) is used for secure communications, and
4

Cyber Security
authentication and encryption of IP packets (Cisco, 2018). There are three protocols under it
as Secure Association (SA), Authentication Header (AH), and Encapsulating Security
Payload (ESP).
Issues & Concerns
The primary issues and concerns are in the area of cyber defense measures and controls that
must be applied in the changing threat landscape. With the advancement in technology and
the increase in the number of users, the attacks surface, and attack method is also changing. It
therefore becomes difficult to identify the controls that may be applicable in such dynamic
environment.
Another issue is the absence of an integrated security control and framework that may be
applied for the security of devices, networks, resources, and all other entities that may be
involved.
In spite of the security defence and prevention measures, there are repeating occurrences of
security attacks that are witnessed. For instance, WannaCry ransomware attacks took place in
May, 2017 that impacted the systems in over 150 countries (Hern & Gibbs, 2017). The need
to think one step ahead of the malevolent entities is also one of the major concerns.
Areas of Improvement
There are certain technologies that have been developed that may be applied in the area of
Cyber Security and Cyber Defense as well for enhanced security and protection.
One such technology is Artificial Intelligence that is being extensively researched for
understanding its application and scope in the field of information and cyber security (Dilek,
Cakır & Aydın, 2015). The information regarding the same integrated with Internet of Things
(IoT) for improved and integrated security tools shall be identified.
Patching and application testing are not carried out as mandatory activities which must be
ensured. The information on the automated tools for such purposes must be researched and
analysed. There are various categories of information that demand different protection and
security measures. The selection of the defensive and preventive measures must be based
upon the same. There must be increase in the utilization of pro-active measures.
5

Cyber Security
Conclusion
Cyber defense has become essential due to the increase in the number and frequency of
security attacks. These attacks make use of attacking surface as networks, devices, access
points, communication media, and many more. The course provides a detailed analysis on the
various aspects of cyber security and cyber defense, such as network security, information
properties, cloud security, virtualization, encryption and hashing, and many more. It is
necessary to utilize the information and apply the same in the real-world for avoiding the
security risks and attacks. The end-users must be aware about the security policies and
practices that they must use for enhanced security and protection. There must be sessions and
trainings that shall be launched for this purpose.
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber Security
References
Albarqi, A., Alzaid, E., Ghamdi, F., Asiri, S., & Kar, J. (2015). Public Key Infrastructure: A
Survey. Journal Of Information Security, 06(01), 31-37.
http://dx.doi.org/10.4236/jis.2015.61004
Chen, Z., Roussopoulos, M., Liang, Z., Zhang, Y., Chen, Z., & Delis, A. (2012). Malware
characteristics and threats on the internet ecosystem. Journal Of Systems And
Software, 85(7), 1650-1672. http://dx.doi.org/10.1016/j.jss.2012.02.015
Cisco. (2018). Introduction to IP Security (IPSec). Cisco.com. Retrieved 9 March 2018, from
https://www.cisco.com/c/en/us/td/docs/wireless/asr_5000/20/IPSec/b_20_IPSec/
b_20_IPSec_chapter_01.pdf
Dilek, S., CakÄ±r, H., & AydÄ±n, M. (2015). Applications of Artificial Intelligence
Techniques to Combating Cyber Crimes: A Review. International Journal Of
Artificial Intelligence & Applications, 6(1), 21-39.
http://dx.doi.org/10.5121/ijaia.2015.6102
Hern, A., & Gibbs, S. (2017). What is WannaCry ransomware and why is it attacking global
computers?. the Guardian. Retrieved 9 March 2018, from
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-
attack-what-is-wanacrypt0r-20
Kim, K., & Yang, H. (2010). VPN (Virtual Private Network) SW's examination example
analysis. Journal Of The Korea Academia-Industrial Cooperation Society, 11(8),
3012-3020. http://dx.doi.org/10.5762/kais.2010.11.8.3012
Kumar, G. (2016). Denial of service attacks â€“ an updated perspective. Systems Science &
Control Engineering, 4(1), 285-294.
http://dx.doi.org/10.1080/21642583.2016.1241193
Nirupama, N. (2012). Risk and vulnerability assessment: a comprehensive approach.
International Journal Of Disaster Resilience In The Built Environment, 3(2), 103-114.
http://dx.doi.org/10.1108/17595901211245189
Nweke, L. (2017). Using the CIA and AAA Models to Explain Cybersecurity Activities.
Pmworldlibrary.net. Retrieved 9 March 2018, from https://pmworldlibrary.net/wp-
7

Cyber Security
content/uploads/2017/05/171126-Nweke-Using-CIA-and-AAA-Models-to-explain-
Cybersecurity.pdf
Rusbarsky, K. (2012). A Forensic Comparison of NTFS and FAT32 File Systems.
Marshall.edu. Retrieved 9 March 2018, from
http://www.marshall.edu/forensics/files/RusbarskyKelsey_Research-Paper-Summer-
2012.pdf
Singh, G., & Supriya, S. (2013). A Study of Encryption Algorithms (RSA, DES, 3DES and
AES) for Information Security. International Journal Of Computer Applications,
67(19), 33-38. http://dx.doi.org/10.5120/11507-7224
Yu, M., Rexford, J., Sun, X., Rao, S., & Feamster, N. (2011). A survey of virtual LAN usage
in campus networks. IEEE Communications Magazine, 49(7), 98-103.
http://dx.doi.org/10.1109/mcom.2011.5936161
8