Abstract
This report focuses on identifying the key components of cybersecurity by comparing and contrasting networks security configurations and policies in securing the valuable resources. It starts with a detailed discussion of the NIST Cybersecurity Framework and it is important to note that this framework plays a critical role of defending sensitive information. The report then illustrates its topic by discussing reconnaissance tools, Nmap and Wireshark which are used in cyber-attacks. It also looks into specific malware like WannaCry and TeleRAT, as well as common types of phishing like whaling and pharming, for strategies that can efficiently address them. Further, it offers a concept of network security to provide high availability and proposes an architecture that enhances the availability of security through the formation of a dual network that does not have a single point of failure and a dependable crossover. It provides the options of software and hardware technologies regarding current network security concerns. The last section of the report features appropriate and constructive recommendations while the section of future work suggestions aids the users in embracing a more academic and professional angle on the subject matter. You can take Economics Assignment Help.
Introduction
With the advancement of the digital world, cybersecurity has become one of the most critical issues for businesses and people nowadays [1]. With the rising use of technology, digital platforms have become the main storage and transfer tool of these sensitive assets, making them open to multiple cyber risks. The protection of digital resources and information is thus essential for preserving the accuracy, privacy, and accessibility of information technology. Based on this perspective, the following report will seek to offer an insight into what goes into cybersecurity by analyzing different security standings and measures used to safeguard networking systems.
The focus of this study is twofold: first, to grasp the theory of cybersecurity and the instruments that are used to practice this theory, and secondly, to discover the possibilities to prevent such threats as threats of hacker attacks. The NIST Cybersecurity Framework is examined to discover the objective it serves in setting strong security control mechanisms. Also, utilitarian tools such as Nmap and Wireshark are assessed for their relevance in detecting vulnerabilities on the networks being targeted. WannaCry, TeleRAT, whaling, pharming are other aspects of the report that explains how these malware function and how to counter them. Lastly, a network design is presented that is marked by principles which are geared towards achieving availability and robustness of the system. In an effort to support this discussion, the following sections present a comprehensive report on steps that can be taken to improve cybersecurity.
Main Body
Part 1: NIST Cybersecurity Framework
The NIST Cybersecurity Framework, which is developed by National Institute of Standards and Technology, provides valuable information for businesses that are aspiring to enhance the cybersecurity status of their companies [2]. Originally formulated as a reaction to Executive Order 13636, the framework consists of various tools for handling cybersecurity threats. It is composed of three main components: The three central structures of the Framework are the Framework Core, Implementation Tiers, and Framework Profiles.
The Framework Core consists of five continuous functions, they have elements named Identify, Protect, Detect, Respond, and Recover. These functions encompass a lifecycle of an organization's management of cybersecurity risk. The Identify function plays a critical role in assisting in the creation of an organizational perspective on how to handle the risks associated with cyberspace on systems, assets, data, and capabilities. The Protect function describes steps that should be taken to guard the provision of essential infrastructure services. The Detect function outlines the right activities to look for in as a way of establishing the presence of a cybersecurity event. The Respond function comprises activities that are done in relation to what action is to be taken against the identified cybersecurity event. Lastly, the Recover function points out activities to prevent further deterioration of capabilities diminished by cyber threats.
Implementation Tiers offer information on what an organization acknowledges as cyber security risk and what processes have been put in place to address the risk. These tiers start from Partial (T1) and go up to Adaptive (T4) in order to show how developed an organization's cybersecurity risk management is.
Framework Profiles prescribed are customized to provide focus that targets organization's cybersecurity efforts and resources toward meeting the needs of the business environment of the organization while compensating for inherent risk. Frameworks assist organizations in enhancing the cybersecurity stance by providing comparison between the âCurrentâ and âTargetâ.
The NIST Cybersecurity Framework is beneficial in attaining the primary goal of protecting organizational information technology assets and individuals' data. It helps an organization understand and contain its risks of a cyberattack. With the help of such approach, it is possible to create an efficient cybersecurity plan for an organization that will be easily adjustable and expandable to meet the constantly changing threats on the Internet. you can check Statistics assignment help.
Part 2: Reconnaissance Tools - Nmap and Wireshark
In the cybersecurity approach, reconnaissance is the most important stage where attackers collect information concerning the target to compromise their weaknesses [3]. Nmap and Wireshark tools are well-known tools used in this phase and are used in both offense and defense mechanisms.
Nmap
Nmap or Network Mapper is a security auditing tool and-it is free of cost for use. It is used to determine the nodes on a network as well as the services that are hosted on the opened ports and system and applications that use the services [4]. It builds up a picture of a network through sending packets and studying responses in order to understand the latter.
The Nmap tool is used by attackers to identify the connectivity of normal ports and services that can be used as a foothold into attacking. For instance, using nmap and finding that port 22 (SSH) is listening in a server means that the server is a potential target for an SSH guessing attack. On the other hand, the network administrators use Nmap in security assessments, to discover rogue devices in the network, and to ensure that only required services are running or are open to the public.
Wireshark
Wireshark is a packet analyzer which captures and lets one to browse packets in the network in a very interactive manner [5]. It is special because it gives information about the protocols of the used networks, the data which is exchanged and possible irregularities.
While carrying out reconnaissance, an attacker is likely to use the Wireshark tool to analyze traffic and capture packets to gain understanding of the protocols in use and to sniff in on unencrypted confidential data. For example, the plaintext credentials can be intercepted during transmission and this can act as an entry point for an attacker. Network admins use it for packet sniffing, troubleshooting, and even for purposes of security in any network. Administrators are able to pinpoint odd behaviors in a network or communicate that might signify a hack has occurred.
Nmap and Wireshark are best used in the reconnaissance phase, as they provide a lot of information that is crucial for an attack. Knowledge of their roles and uses is vital to cybersecurity experts as they work to counteract cyber threats.
Part 3: Cyber-Attacks and Mitigation Strategies
WannaCry and TeleRAT Malware
WannaCry Malware:
WannaCy is a ransomware attack seen in May 2017 that affected computers using Microsoft Windows operating systems. This encrypts files and requests that users pay in Bitcoins for the decryption of the files in question. WannaCry uses the SMB protocol exploit EternalBlue, of which the National Security Administration was the author, and the Shadow Brokers leaked online [6]. It transmits quickly across networks using the SMB weakness, ensnare new computers without the necessity of the user's consent, creating havoc around the globe, impacting hospitals and businesses.
TeleRAT Malware:
TeleRAT also known as Android Ransomware Trojan is one of the RATs for Android devices which was detected in 2018. It propagates itself through downloading other harmful apps from third party stores or links. TeleRAT steals information, records audio, takes screenshots, and performs command and control, all of which are actions that require the program to have administrative control [7]. The malware sends and receives commands and stolen information with its C2 server source.
Mitigation Strategies for WannaCry
- Patch Management: Frequently update systems' security. Microsoft was able to provide a patch for the SMB vulnerability back in March 2017 prior to the WannaCry attack.
- Network Segmentation: Network segmentation practice reduces the spread of malware since it divides the network.
- Regular Backups: Make consistent, offline copies of important data which can be used in order to recover the systems without giving a ransom to the attackers.
Mitigation Strategies for TeleRAT
- App Verification: This entails that one should only install applications from authentic sources such as Google Play Store. Turn on the app verification feature to avoid promotion of unlawful application installation.
- Permissions Management: It is also important to review the permission for an app before installation and avoid granting apps administrative access.
- Security Software: Use recommended anti-virus for mobiles to scan for virus and wipe off malware in a single click and ensure it comes with a live virus scanner.
Phishing Attacks - Whaling and Pharming
Whaling:
Whaling is a technique of phishing where the attackers focus on a specific individual in the organization such as an executive or a senior manager. While most phishing scams are general in nature, whaling attacks are specific and well planned with the attacker having all the relevant knowledge of the target [8]. Such emails may seem to come from a familiar organization, or relate to some important business, legal, or executive issue that the target urgently needs to attend to, which contributes to the target responding to the email or clicking on the link.
Pharming:
Pharming is a form of phishing where the victim is taken through a link to a spoofed site without any intent or action from them [9]. This redirection is normally carried out through any vulnerabilities within DNS servers or through manipulation of the user's device to change DNS settings. The user visits the fake site designed by attackers, provide personal information like login details or financial information and these are collected by the attackers.
Mitigation Strategies for Whaling
- Awareness Training: To prevent whaling attacks, it is recommended that executives and potential targets undergo periodic training on the signs of phishing attacks.
- Email Filtering: The solutions such as machine learning and threat intelligence to filter the advanced email phishing attacks can detect and prevent the problematic emails from reaching the target's inbox.
- Multi-Factor Authentication (MFA): Additional measures, such as implementing MFA for accessing accounts and systems containing and processing sensitive data, frustrate attackers even when they have procured the user's login credentials.
Mitigation Strategies for Pharming
- DNS Security: Deploy protective forms of DNS security like the DNSSEC to fight DNS spoofing and to verify the reliability of the responses obtained from the DNS.
- Regular Scans and Updates: Frequently, the DNS servers and the client machines must be checked for potential weaknesses that will be used in pharming. Software and system should always be updated.
- User Education: Increase users' awareness of pharming and help them to avoid it by checking the URLs of the sites they intend to enter sensitive data. The users should also be careful with the pop up redirects and report any activity that seems shady. you can also check examples of assignment.
Task 2: Secure Network Design
Network Diagram and Design Principles
Figure 1 Proposed Network Diagram
The availability in the network is guaranteed through the inclusion of redundancy and failover features at every layer of the network. The core layer used two core switches namely core switch 1 and core switch 2 which are connected in a redundant manner so as to prevent any given point in the network from being singlehandedly vital. The distribution layer consists of two distribution switches, Distribution Switch 1 and Distribution Switch 2 both of which are connected to both the core switches to ensure proper distribution in more than one path. The access layer has two access switches namely Access Switch 1 and Access Switch 2 which are connected to both distribution switches so as to provide failover if one of them is down.
One clustered server connects to both access switches for load sharing and for if one clustered server is down the second clustered server take over. Two internet connections from different service providers, ISP 1 and ISP 2, connect to different core switches to ensure that internet connection is available at all times from a particular provider is not available. This design factor aims at using duplicate means at every point of signal transfer and thereby guarantees crossing over while at the same time making the network functional as much as possible even at failure, hence achieving high availability and reliability.
Software and Hardware Technologies for Network Security
To increase the level of security the elements of both - high-level software and powerful hardware systems are used. These technologies synchronously operate to withstand various threats as well as facilitate high availability.
Software Technologies:
a) Firewall: It regulates both the inbound and outbound Net traffic in accordance with the security protocols with a view of being a separator between secure and insecure networks.
b) Intrusion Detection and Prevention System (IDPS): Protects the network from invasions and attacks, watches network traffic for unusual activity, and counterattacks immediately.
c) Antivirus and Anti-Malware: Identifies, isolates, and eradicates viruses; updated periodically to offer protection against virus that is newly developed.
d) Virtual Private Network (VPN): Establishes communications sessions over the internet while offering a higher level of security on various channels of transferring data for users located at different places.
Hardware Technologies:
a) Next-Generation Firewall (NGFW): Boasts additional features like application awareness, integrated IPS/IDS, as well as encrypted traffic inspection.
b) Unified Threat Management (UTM): A firewall, IDPS, VPN, antivirus into a single appliance, meaning that the organization's security management is reduced to manage just one appliance.
c) Load Balancers: Load balance network traffic to different servers Reducing server load also increases service availability.
d) Secure Routers and Switches: Feature access control list or list ACLs, boot controls or secure boot control, and encrypted control for managing protocols against control access.
The use of these technologies results in a layered protection that is put in place to prevent various forms of attacks to the network and equally provides a reliable and highly available network system.
Conclusion, Recommendations, and Future Work
In conclusion, cyber security of assets should be well developed to avoid loses due to the use of information technology. This report emphasizes on the use of NIST Cybersecurity Framework, proper reconnaissance techniques, best practices in preventing or dealing with malware and phishing attacks, and proper design of the network architecture. This can be done through the updating and patching of systems at fixed intervals to shield against well-known threats, constant security training for the workforce to reduce the likelihood of human error, and the implementation of redundant network topologies to eliminate potential single failure points and subsequently enhance availability. The research in future work should concentrate on the use of machine learning for new threat identification and technique of disaster mitigation and should study the other advanced technique like block-chain for protecting data integrity and implementing security plan for the growing IoT devices. Thus, organizations that follow these recommendations and further enhance it, increase the organizational cybersecurity level and enhance protection from new and improved threats. you can take assignment help.
References
- [1] K. M. Rajasekharaiah, C. S. Dule, and E. Sudarshan, "Cyber security challenges and its emerging trends on latest technologies," in IOP Conference Series: Materials Science and Engineering, vol. 981, no. 2, p. 022062, Dec. 2020, IOP Publishing.
- [2] S. AlDaajeh, H. Saleous, S. Alrabaee, E. Barka, F. Breitinger, and K. K. R. Choo, "The role of national cybersecurity strategies on the improvement of cybersecurity education," Computers & Security, vol. 119, p. 102754, 2022.
- [3] S. Roy, N. Sharmin, J. C. Acosta, C. Kiekintveld, and A. Laszka, "Survey and taxonomy of adversarial reconnaissance techniques," ACM Computing Surveys, vol. 55, no. 6, pp. 1-38, 2022.
- [4] P. Calderon, Nmap Network Exploration and Security Auditing Cookbook: Network discovery and security scanning at your fingertips. Packt Publishing Ltd, 2021.
- [5] G. Jain, "Application of snort and wireshark in network traffic analysis," in IOP Conference Series: Materials Science and Engineering, vol. 1119, no. 1, p. 012007, Mar. 2021, IOP Publishing.
- [6] M. A. Costandache, M. S. Mihalache, and E. Simion, "New directions in the ransomware phenomenon," Cryptology ePrint Archive, 2020.
- [7] V. Valeros and S. Garcia, "Growth and commoditization of remote access trojans," in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 454-462, Sep. 2020.
- [8] A. Gusev, "Domestic private banking solutions can be quite successful as an effective protection against whaling-style cyber attacks which are used as a basis for more complex targeted phishing," Procedia Computer Science, vol. 213, pp. 391-399, 2022.
- [9] V. ViliÄ, "Phishing and pharming as forms of identity theft and identity abuse," Balkan Social Science Review, vol. 13, no. 13, pp. 43-57, 2019.