Course Code -SBM4304 Network Security and Risk Management
Information system is collection of related components that collect, process, maintain, as well as distribute information for supporting in decision making process as well as controlling organization. Each organization has their own information system that belong to the following categories such as transaction processing system, office automation system, knowledge work systems, management information systems, decision system, and executive supportive system. Information system security is the application security techniques and methods for keeping the information secure, confidential and integrity (Choobineh, 2007). The organization MBC is TV broadcasting organization. The organization has information system to provide information for the employees of MBC and customers. The employees are allowed to use their personal devices such as laptop, tablet, and smart phone for accessing the information system of an organization. The work will review the security threats of information system
Threats against Mobile devices
Various threats affect the security of mobile devices. The threats are classified into the following categories such as
- Application based
- Web based
- Network based
The threats will happen while downloading application into mobile phone. The applications are vulnerable for the devices for stealing the personal information from the mobile devices without the knowledge of mobile user (Yu, 2020). The application is mainly designed to perform fraud activities at end devices. Some of the genuine software can be used to commit fraud activities. Application based threats are fall into the following categories such as
Malwares are software that is developed to perform malicious activities when installed on end devices. Without the knowledge of user, the malware is used to perform unwanted action from the mobile thereby increasing the phone charges, sending messages to the persons those are in contact list. The attacker will have control over the device.
The programs are developed to steal the sensitive data from mobile device while installing the spyware on mobile device without the knowledge of user. The attacker mainly targets the data such as call history details, location of user, text message, browsing history, email, personal photos, and contact details. The data can be used for financial fraud or identity theft.
Threats related with Privacy
The applications are mainly designed and focused to steal sensitive data from end devices that may not malicious such as personal information, personal photos, location, and contact details and so on.
The application includes malicious code to provide vulnerabilities for the devices when installed the applications. The vulnerabilities are stealing sensitive data from the mobile devices, unavailability of mobile resources for legitimate users, perform unwanted actions, interrupting the services, downloading the applications or file without user knowledge (Shouran, 2019).
The devices are connected with the web to get resources from the web. The threats related with web pose issues for the mobile devices such as
The attacker use Facebook, twitter, email, text message to attach vulnerable website links for stealing user credentials such as user name and password. While the user clicking the un-legitimate web links it will prompt the user to enter user name and password.
Drive through downloads
The application will be downloaded into mobile while visiting to some web site or web pages. Some applications can be installed automatically or some can be installed through certain user actions such as open. The application may have Trojan horse or some viruses.
The malware utilizes the vulnerabilities of mobile devices such as vulnerabilities of browser or software program to get into the mobile device while browsing. The malware perform the malicious activities at mobile device
Security protection techniques for mobile devices
- Application security
- Cryptographic techniques
- Access control
- I-Intrusion D-detection S-system (IDS)
- I-Intrusion P-prevention S-system (IPS)
- Hardware based techniques
Application based security techniques
Software to be updated
The potential gateway for attacker to do malicious activities on mobile devices is the mobile operating system. The vulnerabilities of OS is the key for the attacker to exploit threats. The Operating system should be up to dated.
Firewalls or security software
The mobile devices should be protected with powerful firewall or security software to filter the internet traffic in and out of the mobiles devices. The security devices prevent the mobile devices to download malicious software, web site and so on. It prevents the devices from web based threats. Security software is used to perform authorization.
Access control can be set at firewall for controlling the user access over the resources. While accessing the internet, access control will be useful to authenticate the packets to allow into the network.
End to end encryption/decryption
Cryptographic encryption and decryption can be used to prevent the sensitive data. Cryptographic algorithms can be applied on the sensitive data to convert the data into non-readable format. The data cannot read by the hacker even though, the hacker steals the data. Using the decryption technique only the data can be decrypted. Integrity and confidentiality of data can be maintained with the cryptographic techniques (Lim, 2019).
Availability of the web service
The system design shall be done with ability to scale the application and create a resilience in the system. Prepare the risk mitigation plan and have a monitoring tool in place and responding to the issues immediately.Alert in the system shall be available and able to scale up and down the application based on the load on the system. There shall be performance tuning system build. System redundancy and mirror server are used to ensure that the load across the servers were balanced using the load balancer (Patil, 2020).
The company ABC is hosting their web site on Apache Linux server. The web server is too protected from DDoS attack to offer the uninterrupted service to their customers and employees.
The DDoS attack is trying to make the system or computer unavailability for services by sending too much of traffic to the system. It is important threat for internet. The attack targets web sites or online services. The attack sends more traffic to the web server than the server can accommodate. The aim of the attack is to make the web site inoperable.
The attacks uses HTTP Get and POST request for performing such attack. It leads to server down, damage for resources etc.
The server needs to be protected from DDoS attack to make the website available for the user.
The following steps are followed to prevent from DDoS attack
- Installing Apache module mod_evasive
The module gives protection for web server from DDoS and DoS as well as brute force attack. It tracks IP as well as pages requested. When the IP traffic reaches the page threshold, it will be blocked through the module. The following parameters are set in the configuration file to avoid DDoS attack
- Installing Mod_security module
It is open source WAF W-Web A-Application F-Firewall. it is easy to install and works with Apache. It follows various rules for monitoring HTTP traffic and blocking unwanted SQL injection and traffic. The configuration file of Mod_security such as “/usr/local/apache/conf/mod_security.conf.” can be customized.
- Installing DDoS deflate
The tool is the mitigation tools for DDoS attack. It block the IPs those are open too many connections with the server. The application checks the number of connection with the following command
The configuration file cab be updated to ensure more security.
- Firewall software
While setting some of the parameters in the firewall, it will prevent the server from DDoS attack (Yeh, 2019).
In the software file the parameters SYNFLOOD as well as PORTFLOOD are set for limiting the connection with web server. The parameters CT_LIMIT, CT_BLOCK_TIME and CT_INTERVAL are also used to limit number of connection. The following diagram depicts, the setting of maximum number of connection with the command
- Installation of fail2ban
It uses regular expression for checking server logs. It blocks the IP, when the connection exceeds the threshold.
- Tweak Apache configuration
It uses the parameter such as requestreadtimeout, keepalivetimeout, timeout for monitoring connections.
- Sysctl related protection
Parameters SYN_RECV SYN_SENT, FIN_WAIT, TIME_WAIT are used to monitor connections
Impact of employee on information security
Devices used in an organization are the targets for attackers to attack the organization information system. In ABC, the employees are using both devices offered by the organization as well as their personal portabledevices such as smart phone, Tablet, laptop and so on. The devices are more vulnerable for attacks. The vulnerable devices are utilized to attack the information system. Information security is mainly based on three concepts such as confidentiality, Availability and Integrity (Lin, 2006).
Confidentiality can be achieved by allowing only the authorized persons are allowed to access the information system.
The information of information system is not altered by anyone. Integrity ensures that, the transmitted information will be sent to receiver without any changes.
The required resources can be accessed by the legitimate users. The resources should be available for the users. For example, wanna cry attack makes the file unavailable for users, the files are encrypted. The users cannot access the file. It is an example for unavailability for resources.
Recommended risk management
The following tools are utilized to ensure the security of information system such as
The user should represent their identify for the system. The traditional way of identity such as username and password are easily hacked. The advanced form of identification is required. One suchtechnique is biometrics. Finger prints, eye scan can be utilized as alternate technique. The two way authentication is required to improve security. RSA secure ID is technology used for two way authentication (Williams, 2020).
- Access control
Once the user authenticated, the next step is to ensure whether the user are accessing their required resources. Access control sets the accessibility for users. It ensures that which user has right to read, write or delete resources. Various models are exists such as ACL and R-role B-based A-access C-control (RBAC).
The communication in between the sender and receiver should be secure. Encryption is the technique for communicating in secure manner. The information is transmitted in unreadable format using the encryption techniques. The information can be decrypted only through decryption techniques. Various cryptographic techniques are used such as symmetric key and public key. Among the two, public key is more powerful.
Periodic backup is another technique for securing the information system. It is used to recover the information system from disaster, crashes and so on.
- Virtual private Network
Linux server auditing tools
The IT security analyst is expected to perform the Security Risk assessment with various monitoring tools for servers, DB server, Web email, network intruders. With these it is expected to have fully automated Security auditing tools in place (Paul, 2019).
In the TC services board casting is key and messages and data shall be encrypted and shall have decoder at receiver end. The Audit shall be done in Technical Audit, Network Audit, and DRM audit. All the equipment’s shall adhere to the government norms and ensure that firewalls and strong 3 tiers architecture security polies shall be applied (Barnes, 2019).
Various Linux server monitoring tools exists. Some of the tools are as follows:
It is cloud based monitoring tools for Linux server. It monitors the traffic of server and informs the issues with the dashboard. It alerts the user. When an issue arises. It summarizes and conveys the data in a user friendly.
It is open source software. It verifies the availability of server resources. It analyses the server issue and notify to the user.
The tools are used to monitor system and network. It analyses the trends of server resources. It is designed as plug and play solution. It is automated tool for monitoring the server.
The open source auditing software is to monitor both network and server. The tools display results, warnings and suggestions; these are used to implement security policies. It offers the following benefits such as
- Security audit of servers and network
- Scanning and detection of vulnerabilities
- Penetration test
The tools is used to check the vulnerabilities. It goes through the file system scuh as directories to monitor the vulnerabilities.
The software is written in C++. It is open source software. It used to detect the malware, Trojan and viruses. It scans emails and personal information.
- Directory creation
In Linux all data and program are stored as files and these are organised as directories (Both, 2020).In Linux, we can create the Directory using the command "mkdir"
Using the command, below Director SBM4304 created and listed as shown with “ls-l” command to list
Once the directory is created, we easily see whether it is directory or not. When we execute ls-l
We will get below structure if we observe d, then it will indicate that is directory.
Enter to the directory by using these cd directory name
The create the two folders student ID1, student ID2
We could observe that 2 directory are created under SBM4304 directory
When we run ls-l we get Directory SBM 4304 is not having full access as last before was showing blank
For removal of directory usig “rm directory” name
Using the chmod command to provide the access and now if we observe that write access is granted
b. User creation
In Linux we have command "useradd" or "adduser" for creating new users.
useradd is the commonly used command for new creating user accounts.
adduser will create a symbolic link in that user account
On Executing the command "useradd" followed by name will create new user account.
This command interally will update the /etc/passwd, /etc/group, /etc/shadow
will create a new home strucutre for the users and provide the permission and ownership
User can be created using the command “ueradd”
Create the u1,u2 and u3 with below command
We can list the user using the command cat /etc/passwd, this will list the user list as shown below
We can check with command “whoami” to check which user is logged in
We can switch to the new user by command “su –u1”
Creating user account with directory home directory
Creating user account with unique ID
Create the user with custom commands
The above commands can used in Sudo mode and in user mode also.
Information Security is becoming as important as the risks of threats and vulnerably are increasing over the data breach. In our case we have discussed how the mobile devices are having threats over the network layers from physical to application layer. Threats in these layers were discussed with CIA as key input for these items. Security protection techniques were discussed how to prevent from these threats.DDoS were discussed in details and how it will benefits the MBC TV organisation.To overcome the threats and attack company Security policies, ACL, AAA are regularly updated to ensure that we don’t have any DDoS for the company that need to be implemented. Reviewed the monitoring tools how these tools would help to implementpolicies and AAD inside the company network. The Security tools are Linux based and to get any information, log files and find the number of users in the machine. The get these details Linux commands were discussed and how to get work on the terminal mode.
Choobineh, J., Dhillon, G., Grimaila, M.R., & Ulmer, J.R. (2007). Management of Information Security: Challenges and Research Directions. CAIS, 20, 57.
Yu, M., Zhuge, J., Cao, M., Shi, Z. and Jiang, L., 2020. A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Future Internet, 12(2), p.27.
Shouran, Z., PRIYAMBODO, T. and Ashari, A., 2019. Information System Security: Human Aspects. International journal of scientific & technology research, 8(03), pp.111-115..
Yeh, Q.J. and Chang, A.J.T., 2007. Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), pp.480-491.
Lin, P. P. (2006). System security threats and controls. CPA JOURNAL, 76(7), 58.
Yeh, Q. J., & Chang, A. J. T. (2007). Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), 480-491.
Lim, H.W., Temple, W.G., Tran, B.A.N., Chen, B., Kalbarczyk, Z. and Zhou, J., 2019. Data integrity threats and countermeasures in railway spot transmission systems. ACM Transactions on Cyber-Physical Systems, 4(1), pp.1-26.
Paul, D., & Sala, P. (2019). Real-Time Server Monitoring and CNN Inference on FPGA.
Barnes, J.T., Ahmed, F., Gordon, B.J. and Terry, S.W., JPMorgan Chase Bank NA, 2019. Method and system for implementing automated repository monitoring and management. U.S. Patent Application 16/001,219.
Patil, A., Banerjee, S. and Borkar, G., 2020. A Survey on Securing Smart Gadgets Using Lightweight Cryptography. In Proceedings of International Conference on Wireless Communication (pp. 503-515). Springer, Singapore.
Williams, B.O., Akamai Technologies Inc, 2020. Secure request authentication for a threat protection service. U.S. Patent Application 16/267,587.
Both, D., 2020. Using the Linux Command Line. In Using and Administering Linux: Volume 1 (pp. 181-224). Apress, Berkeley, CA.