Research Project for Computer Security This project requires that you describe a

Question

Research Project for Computer Security

This project requires that you describe an information security environment and discuss 2 threats that exist in that environment. You will discuss the two vulnerabilities that exist and how you are going to mitigate them. Finally you will discuss the policies, equipment, etc that will be put in place and how it fixed the problem. This should be a real environment and threats, one that exists in real life but you do not have to be currently part of it.

PART 1

This must be at least a ONE PAGE introduction to the environment and the threats. This would describe details of the environment like where it is located, how things are arranged, the current information security setup, the current computer network topology, people, data, hardware, software, what they do if they are a company or organization, the IT department, what are the threats, how they can it be exploited, who can exploit them, are they internal threats, external threats, etc.

PART 2

This must be at least a TWO PAGE detailed description of the environment as well as the threats themselves. All of the details and specifications of the threats and or vulnerabilities should be described. A table is to be created in WORD and the specifications should be placed into the table. The table does not need to take up a full page but has to be at least part of a page. Please be as detailed as you can. All of your research is to be done using the Internet. All supporting documentation is to be printed out, labeled, and attached to the back of your report. This documentation would be any research information that you found on the Internet. It could be information about the threat, policies, vulnerability, the mitigation, etc.

PART 3

Must be at least a ONE PAGE summary containing the conclusion of the paper. You should explain how you will mitigate the threats and what policies, equipment, controls, etc will be put in place and how they will work to fix the problem. Also include a Work Cited list of any URL’s that you used on the Internet as sources.

Explanation / Answer

INTRODUCTION TO INFORMATION SECURITY ENVIRONMENT AND THREATS:

This paper dicusses the topic of information security and the various threats to information which must be safe and be available only to people with proper authentication.

Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take.

IT security:

Sometimes referred to as computer security, Information Technology security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory. Such devices can range from non-networked standalone devices as simple as calculators, to networked mobile computing devices such as smartphones and tablet computers. IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems.

Threats

Computer system threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. Most people have experienced software attacks of some sort. Viruses, worms, phishing attacks, and trojan horses are a few common examples of software attacks. The theft of intellectual property has also been an extensive issue for many businesses in the IT field. Intellectual property is the ownership of property usually consisting of some form of protection. Theft of software is probably the most common in IT businesses today. Identity theft is the attempt to act as someone else usually to obtain that person's personal information or to take advantage of their access to vital information. Theft of equipment or information is becoming more prevalent today due to the fact that most devices today are mobile. Cell phones are prone to theft and have also become far more desirable as the amount of data capacity increases. Sabotage usually consists of the destruction of an organizations website in an attempt to cause loss of confidence to its customers

DETAILED DESCRIPTION OF INFORMATION SECURITY AND THREATS:

The most important and the key concepts related to computer security incluce:

1)Confidentiality

In information security, confidentiality "is the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes

2)Integrity

In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of consistency as understood in the classic ACID model of transaction processing. Information security systems typically provide message integrity in addition to data confidentiality.

3)Non-repudiation

In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.

It is important to note that while technology such as cryptographic systems can assist in non-repudiation efforts, the concept is at its core a legal concept transcending the realm of technology. It is not, for instance, sufficient to show that the message matches a digital signature signed with the sender's private key, and thus only the sender could have sent the message and nobody else could have altered it in transit.

4)Availability

For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly.

The most common threats and their mitigation techniques to information security include:

1)DoS

The DOS- denial of service attack overwhelms the network host with the stream of bogus data which keep it to process the designed data. The DoS attacks will be launched against the computers and against the network devices. The DoS attack is the security threat which implies that the larger attacks are in progress. Then the DoS attack is a part of the attack that the hijacks communication from the user who already authenticated to the resource. When the users computers are blocked by a DoS attack, then the attacker access the resource and receive the needed information and returns the control to a user who does not know what occurred in it.

2)DDoS

The distributed denial of service is the attack occurs when the multiple system is used to flood the resources or bandwidth of a group of servers or one server. The main purpose of this attack is to saturate a resource so that it is not available longer for the legitimate use. It is used as the decoy to hide more malicious attack which attempts to steal sensitive information or other data. The specialized software called DDS can able to block the traffic that has a legitimate content but the bad intent.

3)Man in the middle

The man in the middle attack occurs when the person keep a logical connection or equipment between 2 communicating parties. These 2 communicating parties assume they are directly communicating with each other, but the information is being sent to a man in the middle who forwards it to the proposed recipient. This attack is very harmful to the organizations. Most of the organizations will adopt measures such as strong authentication as well as latest protocols, including IPSec/L2TP with the tunnel endpoint authentications.

4)Virus

The computer virus is the program which can infect the computer and copy itself without user knowledge. These viruses started infecting the computers in 1980 itself and also continued to evolve till date. Some of the viruses are able to change after it infects the computers to try to hide from the antivirus software. As the viruses changed over the years and years, companies like McAfee and Symantec have specialized in the software, which can eradicate and detect viruses from the computer system. There are nearly more than 76,000 known viruses and users can eradicate it by updating the antivirus software up to date on all the clients and servers.

5) Worms

The worm is the something different from the viruses, it is just a program and just not an infestation. These worms will use a computer network to send worm copies to the other computers without the user's knowledge. They are proposed to cause network problem such as resource utilization and bandwidth issues. The most famous worms such as sobig and mydoom worms have affected more thousands of servers and computers in the past. You can prevent the spread by maintaining the servers and clients up to date with latest security patches.

6)Buffer overflow

The buffer overflow is the attack created anomaly by the rogue program when writing data to the buffer intentionally overwrite the buffer memories and the adjacent memory. It may result in memory errors and erratic behavior and a crash or breach of the system security. Make use of the products like ProPolice and Stackguard to prevent the buffer overflow attack from succeeding.

7)Packet sniffing

The attacker can use the protocol analyzer to launch the attack by the packet sniffing. This is the process in which an attacker gathers the data sample with a software or hardware device which allows data inspection at a packet level. The attacker may see the IP addresses, unencrypted passwords, sensitive data and MAC addresses. After a vulnerability is discovered, the attacker will begin an active attack. The perfect method to prevent this attack is to forbid anything except the trusted network administrators from placing the packet analyzer on a network. Most of the packet analyzers can identify the presence of the packet analyzer, unless an attacker uses software to make the attack invisible.

CONCLUSION:

The above paper shows the importance of information security in today's world for important business. It dicusses the various threats and the various mitigation techniques to be adopted in order to make sure data is secure and is accessed by only the authorised people. Encryption converts the data in a secret code which can be accessible by a key which maybe known to a very few people. This can be also adopted in various organizations to ensure security.

Morever change management should be performed to ensure risks and threats stay away from the data.

Change management is a formal process for directing and controlling alterations to the information processing environment. This includes alterations to desktop computers, the network, servers and software. The objectives of change management are to reduce the risks posed by changes to the information processing environment and improve the stability and reliability of the processing environment as changes are made. It is not the objective of change management to prevent or hinder necessary changes from being implemented.

Any change to the information processing environment introduces an element of risk. Even apparently simple changes can have unexpected effects. One of Management's many responsibilities is the management of risk. Change management is a tool for managing the risks introduced by changes to the information processing environment. Part of the change management process ensures that changes are not implemented at inopportune times when they may disrupt critical business processes or interfere with other changes being implemented.

Furthermore Disaster recovery planning is extremely important for data and a given project.

While a business continuity plan (BCP) takes a broad approach to dealing with organizational-wide effects of a disaster, a disaster recovery plan (DRP), which is a subset of the business continuity plan, is instead focused on taking the necessary steps to resume normal business operations as quickly as possible. A disaster recovery plan is executed immediately after the disaster occurs and details what steps are to be taken in order to recover critical information technology infrastructure.[28] Disaster recovery planning includes establishing a planning group, performing risk assessment, establishing priorities, developing recovery strategies, preparing inventories and documentation of the plan, developing verification criteria and procedure, and lastly implementing the plan.All of the above are required in a coordinated manner so that information is secure and safe and company and the organization can work freely without any risks or threats and business can be promoted.

Related Questions

Navigate

• Browse (All)
• Browse R
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.