Hi, I need help to write an essay about \"Data exfiltration\". please write the

Question

Hi, I need help to write an essay about "Data exfiltration". please write the essay base on the following questions

1. Define the problem

2. how to prevent

3. how to detect

4. how to remediate

5. Are there any effective products on the market to address this problem

Requirment:

1. Five pages of texts (MLA format)

2. It is a research paper.I need a citation page

3. please don't copy and paste (Plagiarism).

4. If you can not meet the requirements of this essay please don't answer. let somone else answer

Explanation / Answer

DATA EXFILTRATION

Problem Statement

              Data Exfiltration is the data transfer done illegally from a computer system connected to a network by an unknown or unauthorized source. It could be a person or a program who has access to the system. This type of data transfer is also known as Data Extrusion.

              Advanced Persistent Threats (APTs) are network attacks in which someone who is not authorized seeks access to a network with a motive to steal data through a slow process inorder not to get detected or exposed. Their intention is to collect sensitive information as in pollical or military data. Therefore the attackers try their maximum to stay undetected as long as possible. Their target is just the data and not to cause any damage to the systems or applications in the network. There are different stages of APTs.

Reconnaissance is observing the ‘target’ for longer time inorder to identify any way to enter the system. It keeps an eye on all the possible ways to get communicated to the system. This is the initial step which resembles a survey in which it learns how to gain information from the target.

Incursion is gaining access to the system which marks the first step of the attack. It will be a slow and long process as it would not leave any clue to be suspected.

Discovery is the stage in which the attacker deploy the malicious code in the target system inorder to ensure their route is clear.

Capture is accessing the required piece of data for very long time without getting detected. It aims at unprotected systems to gain access and slowly spread to every connected systems.

Exfiltartion is the final stage in which the collected data is sent back to the attackers home station. There they do further analysis and use the collected information for their purpose of attack.

Prevention of Exfilteration

              Prevention is always better because once the attack is performed nothing can be revoked. The first step of preventing exfiltration is to identify all data sources and the path of data flows. Sensitive data needs to be classified and assigned to a data owner with proper authorization. Enable data protection techniques such as encryption techniques especially when it is being moved.

              Always keep an eye on insiders who have direct access to the data. The fact cannot be neglected that the data is vulnerable with insiders as well. Never allow any users to carry data in their USB /similar devices. Each data owners accountability should be assessed. Regular data protection review and modification of the plan is also advisable. Awareness of information sensitivity and possible threat attempts should be given to everyone in the system.

Detection of Exfilteration

The way to detect exfilteration is to watch for any unusual or abnormal activity in the system. These may include several DNS requests per second, large packet size of DNS data.

Traditional methods such as firewall and antivirus should be necessarily installed even if it alone may not serve the purpose. In addition to these, outgoing channels must be inspected for data theft. Proxy servers may help for this purpose. It can monitor web traffic as well as email attachments. Also, URL filtering and virus scanning may be enabled. Always update the automated malware detecting tools such as antivirus, antispyware, firewalls etc to be up to date.

Some of the latest methods in detecting exfilteration include leakage flow analysis, watermarking, Host based access analysis etc.

Solutions for Exfilteration

              Several possible methods to avoid exfilteration or preventing the data transfered to remain useless for the attacker is by encoding the sensitive data. Several methods used are

Steganography

Network Steganography

Masquerading Stolen data as VoiP traffic

Hiccups

Protocol Tunneling

Effective products in market to address exfilteration

Network flow watermarking techniques have been used for long years to address the issue of data exfilteration. Dropwat is an invisible watermarking system whose watermarking embedding algorithm is proved to be efficient than any of the other existing ones.

References

[1] Alfonso lacovazzi, Sanat Sarda, Daniel Frassinelli,”DropWat: An Invisible Network Flow Watermark for Data Exfiltration Traceback” IEEE Transactions on Information Forensics and Security (Volume: 13,Issue : 5, May 2018) Page(s): 1139-1154

[2]Prof Awais Rashid, Dr Rajiv Ramdhany, Mathew Edwards,”Detecting and Preventing Data Exfilteration”,Lancaster University

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.