This sample will guide you through:
- What are some key computer security issues by making use of the threat intelligence concept?
- Discuss and explicate the code of conduct which is needed for IT professionals.
Introduction
Protection of information as well as computer system from any kind of theft, unauthorised usage and harm is referred to as computer security. This is process which can be utilised for prevention along with detection of unauthenticated use of system (Conklin and et. al, 2015). Basically, it implies controls which are placed for rendering integrity, availability and confidentiality for computer system. It comprises of controlling physical access to hardware, securing against harm which is done by code injection, data and network access. This report is based on utility company's website which is attacked via a botnet. It is being utilised for carrying out DDoS attacks, send spam as well as allow intruder for having access to devices along with connection. This report comprises of elements of computer security, key issues, and frameworks and investigate active directory for users. Furthermore, the code of conduct needed for IT professionals will be illustrated.
Task 1
Assess elements of computer security along with instances for providing countermeasures.
Anything which leads to any kind of corruption or loss of physical damage or data to infrastructure or hardware is referred to as computer system threat. The risk that is liable for harming the organisation along with systems is defined as as security threat (Fisch, White and Pooch, 2017). This can be carried by physical or non-physical attacks through which intruder get access to any kind of unauthorised access. Incident which leads to physical or loss alteration to computer system is referred to as physical threat. For an example stealing data contained within the system. Non-physical threats comprises of corrupting data, security breaches, illegal tracking of actions that are being carried on computer system, and various others. You can get Assignment Help.
In context of utility company's website, the botnet attack is being carried out which is being utilised for performing DDoS attack and various other activities which are harmful of organisation. At present scenario, it has it is one of biggest threat towards security systems as this comprises of systems which are interconnected in a coordinated manner for carrying out malicious activities. The threats have been provided below along with countermeasures which can be taken by the organisation:
- Distributed denial-of-service attack: It denotes a malicious attempt which creates an impact on normal traffic of a network or service, targetted server by overwhelming target by flooding internet traffic. DDoS attacks are effectively attained through utilisation of various compromised systems as a source for traffic attack. DDoS attack is liable for testing the limits on network, application resources and web server by sending spikes of counterfeit traffic (What is a DDoS Attack, 2019). Some attacks which may be built includes short bursts associated with malicious pursuit on endpoints like search functions. They are making use of army of zombie devices such as botnet. The goals is to slow it down an disable it for legitimate users. Firms can opt for making use of website application firewall which will aid them within keeping website away from malicious traffic. Along with this, Sucuri firewall can be used, which will block the countries from interacting with their website where maximum attacks are being carried out. Furthermore, traffic must be monitored to analyse its peaks.The goal of DDoS is to syn flood through which site becomes unresponsiveness, DNS amplification which will enable them to have access within the websites with IP spoofing and black hole routing.
- Malware: It is a file, malicious software or program which is harmful for users of computer which is formulated with an intention of stealing, damaging as well as creating mess. This is being circulated via different delivery methods. There are distinct types of malware, they are: Emotet, ZeuS, GhOst, CoinMiner, Kovter and many others. Intruders make use of Malware through variety virtual and physical means for spreading it by infecting network and devices (Peltier, 2016). An example can be taken to understand this like malicious programs are being delivered by USB drive or spread on internet via drive-by download that are downloaded automatically without permission from user's. The countermeasures that can be taken by utility firms include making use of anti-malware and antivirus solutions, endpoint security measures and email spam filters. Along with this, experts need to ensure that patches as well as cyber security updates are updated and needs employee for undergoing continuous training to ensure that employees do not get engaged with any kind of suspicious emails and limit application privileges. They involves viruses, worms, spyware, trojan horse, rootkit and ransomware. Each have different role in way to access the information in an unethical manner. Along with this, there exist keyloggers through which activities of individuals can be monitored.
- Phishing & social engineering attacks: The fraudulent attempts toward elicit sensitive information which is attained from victim for performing some kinds of activities is referred to as phishing. Here, the activities include gain access for data, accounts, wire transfer or network. Phishing activities are usually carried out through the utilisation of engineering tactics (Vorobiev and et. al, 2017). It comes in diverse forms like vishing, URL, domain, Evil twin, domain spoofing, etc. An example can be taken to understand this aspect, around $100 million are being lost by Facebook and Google to cybercriminal whose phishing attacks are spoofed. They can be prevented by implementation of training, focus on phishing reporting, utilise of random simulations, make use of spam filters as well as reliable email, use encryption and signing certificates. This is mostly carried out by making use of IP spoofing in which few initials of DNS are altered and by entering details within, it will lead to sending details into id of intruder which means that they can have access to system of individuals.
- Formjacking: It is a term that is being utilised for describing usage of malicious Javascript code for stealing credit card details along with other information from payment forms on checkout web pages of electronic commerce sites (Conklin and et. al, 2015). When customer makes use of e-commerce site and clicks on submit then malicious JavaScript code which has been injected by intruder or cyber criminals are liable for collecting information which has been entered like address, name payment card details, etc. This data is attained by attacker and carry out illegal activities. An example can be taken to understand this, in 2018 this was raised and on average around 4800 websites are comprised through this. This can be prevented by utility provider website by carrying out vulnerability scanning along with penetration testing, monitoring of outbound traffic and making use of sub-resource integrity. The malicious injections are injected through the usage of malicious JavaScript within the webpage and is mostly injected when payments are carried out by individuals. This will lead intruders to have details of their cards and card frauds can be carried out.
- Man-in-the-middle-attack: They imply that attacker gets them inserted within two-party transactions. This also denoted as eavesdropping attack. Like if two persons are carrying out interaction and unwanted person taps phone line & start listening to it (The Top 9 Cyber Security Threats That Will Ruin Your Day, 2019). Such kinds of attacks are being carried out by cybercriminals who install malware on network / computers or build up fake Wi-Fi network. An example can be taken to understand this, the group of intelligence agents from Russia tried to enter within office of OPCW (Organisation for Prohibition of Chemical Weapons) at The Hague. They made use of Wi-Fi panel antenna for attaining data associated with investigation. For this, the utility firm can make use of TLS/SSL encryption protocols, the results attained will not be accurate but still they can assist within protecting systems in an appropriate manner. This leads to issues in integrity as someone else gets access to the messages which are being sent and are transformed as per their requirements.
Task 2
Acknowledge key computer security issues by making use of threat intelligence concept.
Preventative measures: There are some measures which can be taken by firms for ensuring that there systems are secured.They are illustrated below with respect to utility company:
- Firewall: This is liable for enforcing rules related with data packets which can be allowed to enter or leave network. They must be incorporated by utility company into different network devices for filtering traffic as well as reduce security risks from any kind of malicious packets.
- Antivirus: This will detect as well as eliminate viruses from computers and protect system from malicious software like rootkits, spyware, botnets, keyloggers and ransomware.
- Antispyware: It is liable for detecting as well as preventing unwanted spyware program installations.This can be utilised by utility company for identification of active spyware programs.
Detecting potential vulnerability: There are different tools that can be utilised by utility firm to check the existent security state of the network. They will be liable for checking unpatched software, open ports and many others. Software like Microsoft Baseline security analyzer or ShadowScan can be utilised for detecting vulnerabilities. You can get free Examples of Assignments.
Detection of possible threats: The process of identification of risks which exists on system, application or on network is referred to as threat detection. They can be detected by utility company to ensure that their systems are not exploited. There exist different ways through which threats can be detected, some of them are illustrated below:
- Cloud access & security brokers technology: This will lead utility company to identify unauthorised access for cloud applications. This will render them with an appropriate access patterns.
- Network firewalls: They are virtual or physical appliances that are liable for monitoring traffic associated with access or malicious activities so that necessary actions can be taken. This is an appropriate method for detection as well as blocking threats that can be utilised by utility company within their network.
- SIEMs: This is a security information management platform that is liable for correlating connected attacks as well as threats. It will give holistic view around the complete attack chain or threat. Along with this, it will tie different technologies related with detection of threat.
Detecting compromised systems: Utility firm needs to identify certain points to identify whether their systems are affected or not, they are illustrated below:
- Where traffic is going and all the outbound IP as well as URL destinations are known?
- What is network traffic and does it behave in an appropriate manner? Is there any kind of unwanted protocol that is making use of network ports?
- What is happening within the DNS? Do utility company is missing any kind of hidden security threats within low level chatty protocol?
These are few questions and many more exist which can be answered by utility company for ensuring that there systems are not compromised.
Handling incidents against cyber threats: This implies incident response which is a structured methodology that can be utilised for handling security breaches, cyber threats and incidents. A well defined plan will aid utility company to identify, reduce damage as well as minimise cost associated with cyber attacks. It can be done by:
- Formulating a plan in advance with respect to how to handle as well as preventing any kind of security incidents.
- It comprises of everything which ranges from observing probable attack factors, identification of signs related with incident and then prioritizing them.
Computer security issues through usage of threat intelligence concept: The key issues related with cyber security are: attacks through compromised IoT devices (Botnets, DDoS and ransomware attacks), cloud security issues (misconfiguration, spectre & meltdown vulnerabilities, data loss and insecure APIs), attacks against blockchain as well as crptocurrencies and there exist many more. For ensuring that systems of utility organisation are not compromised, they can make use of threat intelligence which comprises of information that can be utilised for acknowledging threats that have, will or targeting the firm.
Task 3
Evaluate cyber security frameworks for protecting computers from threat.
The body of processes, practices and technologies that are being designed for protecting programs, devices, data and network from any kind of unauthorised access or damage is referred to as cyber security or information technology security. For ensuring that systems are not compromised, utility company can opt for different frameworks as per their requirements. A Cyber security framework denotes the approach that can be utilised for securing digital assets. Some of them are illustrated below:
NIST (US National Institute of Standards & Technology) Cyber security framework: This is intended for protection of complex infrastructures such as dams and power plants from any kind of cyber attack. But this can be applied for any organisation that needs to have better security. This framework is liable for defining activities which are needed for attaining distinct results with respect cyber security. There crucial elements have been depicted below:
- Functions: They outline the five crucial assets which include: detection, protection, responding and recovering.
- Categories: For these functions, there exist some categories in context of tasks or specified challenges which must be carried out. For an example, for protecting system from threats the basic step is to carry on software updates, install antimalware and antivirus programs as well as have access control policies.
- Subcategories: They imply challenges and tasks related with every category. An example can be taken to understand this like for carrying out execution of software updates, it is important to make sure that within windows machines have turned on updates.
- Informative sources: They denote manuals or documents which render details associated with peculiar tasks for users with respect to how things can be carried out. An instance can be taken like individual needs to have manual which contains detail related with way in which auto-updates can be carried out.
The framework is liable for for authentication, identity, self-assessing cyber security risks, managing them with respect to supply chain and disclosure of vulnerability. But its implementation will not be easy for utility company like how updates can be done along with this; the answer cannot be attained for how well firm is doing on cyber security.
ISO/IEC 27001: This is also referred to ISO 27K which is internationally documented standard for cyber security. It is based on assumption that firm which is opting for this is having Information Security Management System (ISMS). This will enable management of utility company to systematically manage information security risks as well as take into consideration vulnerabilities and threats related with this. Furthermore, firm is liable for designing as well as implementing InfoSec (Information Security) controls which are both comprehensive as well as coherent. The rationale of this is to mitigate the risks taht are identified. It is a PDCA cycle which has been illustrated below with respect to utility company:
- Plan: This implies establishment of ISMS along with formulation of objectives, procedures, policies and processes which can be taken for risk management.
- Do: It denotes execution of actual working of ISMS which comprises of implementation of InfoSec procedures, policies and many others.
- Check: This involves review as well as monitoring of ISMS for measuring performance of process with respect to objectives and policies.
- Act: It is process associated with updating as well as improvisation of Information security management system (ISMS). It denotes undertaking of preventive as well as corrective actions in context of management review and internal audit.
ISO 2007 will render utility firm with benefits to business, understanding, and state of art, protection of businesses, technical agreements, interoperability, skills enrichment & avoidance of risk and worldwide technological compatibility along with efficiency and satisfaction of customers. But apart from this, there exist some drawbacks which must be taken into consideration by utility company like this needs peculiar IT budget and which can be expensive, needs specialised expertise, be deficient in of knowledge, time is needed for applying this and it is no easy to use. Furthermore, resources are needed for rendering awareness as well as ongoing training.
Task 4
Identify distinct objects which are present within the active directory for management of user accounts.
Activity directory imply directory services that are being developed for Windows domain network by Microsoft. It involves set of services as well as processes which comprises of wide range of directory based identity related services. This is being utilised for managing computers as well as other devices that are present on network. It imply primary features of operating system, windows server and an operating system which runs both on internet based as well as local servers. Real world entities like computers and users are illustrated as objects within activity directory. Each can contain in themselves other objects. Firm must manage access to application and information which is scattered around external as well as internal application system. The access must be rendered to increasing number of entities both which exist inside and outside but security must not be compromised along with this sensitive information need not to be exposed. IMF (International management and access) is an approach that is liable for managing complete spectrum of risks as well as attains desired results. The demands are continuously evolving with respect to identity and access. Cloud computing leads to creation of distinct risks which must be handled in an appropriate manner. The drawbacks comprises of difficulties for managing access around the enterprise as well as enhanced complexity. In other words, it can be referred to as defining as well as managing roles and access privileges for individual network users. Along with this, circumstances in which users grant or deny those rights must also be taken into consideration. For an instance, the credentials of admin of utility company must be kept with them only and not be shared with others. Similarly, each individual have their own credentials and permissions for access are allocated depending upon their responsibilities.
Active directory can be installed by utility company by making use of certain steps, they have been illustrated below:
- Open server manager from task bar and now in dashboard, choose an option of add roles as well as features.
- The wizard launches and will enable to make alterations within window server instance. In the option installation type screen, go for feature based or role based and then click on next.
- The current server will be selected by default and click on next. Within screen of server roles, check box must be selected for active directory domain services.
- A notice will display option for installing different additional services, features or roles for installing domain services. They involve federation, lightweight directory, certificate services and management of rights. Click on add features for adding additional capabilities.
- Within the select feature screen, select on check boxes which are next to services features AD DS installation process as well as click on next.
- Review information present on AD DS tab and after click on option next. Furthermore, information can be reviewed for confirming installation selections screen and then click on install.
Active directory groups are utilised for collection of user and computer accounts along with other groups within manageable groups. This simplifies the network maintenance as well as administration. There exist two groups which can be utilised by utility company to ensure security of their systems. They are:
- Distribution group: They can be utilised by utility company is that they can be only used with email applications like exchange servers for sending emails to collecting users. They are not security enabled which imply that they must not be listed within DACLs (discretionary access control lists).
- Security groups: They can render effective ways for assigning access to resources within network. For this, utility company can assign user rights within the active directory. They are being assigned for determination of what members can do in scope of domain. User rights can be assigned automatically for some groups which are installed for helping administrators within specified domain. Along with this, permissions must be assigned for security groups with respect to resources so that they can be accessed whenever required.
Creation of unique passwords for administrator account is crucial step for keeping systems secured. For this, it is important for utility company to alter the default administrator account name with a unique one. Appropriate security strategies must be applied so that access to powers can be restricted then audits can be carried out for activities in account. Unique password must be utilised within each node and they need not to be a dictionary words.
For adding groups or user, the following steps can be utilised by admin of utility company to ensure that only authenticated user have access to services which are being rendered by them. They are:
- Click on add within the users or groups window. Now enter the names within dialog box and select domain groups or users.
- This can be done by either by entering group or user name which exist within the domain of the system and then click names or by clicking on find the standard box will be opened from that it can be selected.
- Click on OK , this will denote that domain groups or users are added and this must be done manually to ensure authenticity.
Task 5
Explicate the code of conduct which is needed for IT professionals.
A set of rules, responsibilities and norms for practices is referred to as code of conduct. It is formulated for employees of company for ensuring that all the aspects are ensured. Ethical codes are liable for filling in gap in between regulations as well as laws which cannot be applied or fails. They acts as a guide for assisting employees so that they deliver their services in an ethical manner. The code of conduct also illustrated the way in which individual carry out their services. With respect to social consideration, it is important for employees of utility company to ensure that private information of their clients is not being shared by them to anyone. Along with this, they are liable for both firm and individuals & if confidential or personal details are misplaced by them then it will lead to create pessimistic impact. This is both ethically and socially not appropriate. Apart from this, firm is liable for making sure that access should not be provided to everyone as this will enhance rate of breaches. For this, it is necessary for utility company to adhere to some legal laws so that rights of individuals can be protected. Privacy must be ensured when data or information is exchanged through utilisation of digital mediums. This has both legal as well as ethical implications like do the individual know activities which are being carried out by them are monitored and to what extent it is being carried out. For this, it is important to have security systems for digital networks as information is crucial asset. But this can be attained by high level of surveillance which might not be ethically and legally appropriate. All the security systems possess some inherent risks which imply a question on what risks are being acceptable as well as what freedoms can be forfeited. IT professionals need to ensure that security systems must be designed in such a way that they are both ethical as well as effective at same time.
Conclusion
From above it can be concluded that, computer security refers to process which can be utilised for prevention along with detection of unauthenticated use of system. This can be carried by physical or non-physical attacks through which intruder get access to any kind of unauthorised access. Certain preventive measures must be taken for making sure that there systems are protected and any third person do not get access to what is being done by them. For ensuring that systems of utility organisation are not compromised, they can make use of threat intelligence which comprises of information that can be utilised for acknowledging threats that have, will or targeting the firm. Activity directory can be utilised for managing computers as well as other devices that are present on network. Along with this, it is important for IT professionals to take into consideration ethical, social and legal aspects with respect to security.
Read More: Development in Oil and Gas Indusrty