...commonplace for organizations to build enterprise security operations centers that bank on in part on monitoring the tremendously large volumes of network traffic at the perimeter of their. There has been a recent style toward increased investment in and reliance on network monitoring in order to streamline sensor deployments, decrease cost, and more easily centralize operations. At the same time, the idea of a well-defined defensible perimeter is being challenged by cloud computing, the insider threat, the so-called advanced persistent threat problem, and the popularity of socially-engineered application-level attacks over network-based attacks. Commonly, network and security practitioners hear that the start of any network-centric project is to baseline the network. What exactly is this supposed to mean? Simplistic approaches concentrate on bandwidth utilization over time, typically focusing on spikes and troughs. Some try to describe traffic in terms of protocols and port numbers. More advanced approaches try to classify traffic according to flows or even content. Regardless, there is no single accepted taxonomy for creating a network traffic model. If the network normal challenge is related to traffic passing a single monitoring point, this involves multiple locations. By placing tools in enough locations, it should be possible to visualize the network based on observed traffic patterns. Doing this in an automated way would prove very useful to network administrators and defenders...
Words: 621 - Pages: 3
...Advanced Persistent Threats Against RSA Tokens John Valachovic Dr. Nelson Stewart CIS 502 April 25, 2013 Abstract In this paper I will look at RSA tokens and describe a successful APT attack. I will disclose the attack methods used and explain why they were successful. I will also explain the best methods available to control and prevent these attacks. With new emerging technologies organizations may reduce the APT threat. Advanced Persistent Threats Against RSA Tokens Advance persistent threat has become one of the most dangerous and damaging threat to hit the security arena. APTs are highly adaptable and are usually customized for each attack targeting vulnerabilities, system flaws and even humans with social engineering, spoofing, whaling and spear phishing. APTs are usually an attack against governments, military, political targets, private sector organizations and corporations [ (Curry, et al., 2011) ]. Being able to defend your network and detecting intrusions has become vital. Vulnerabilities APT attacks often use subversive methods to prevent detection. APT attacks are carried out over a long period of time and are planned in advance. Attackers spend a long time planning the attack be it social engineering or searching for access through the supply chain [ (Curry, et al., 2011) ]. Once an attacker gains access to his target network they can go undetected while they snoop around searching for the intended target. Hackers could be after an organization’s...
Words: 1430 - Pages: 6
...RUNNING HEAD: Advanced Persistent Threats Against RSA Tokens 1 Advanced Persistent Threats Against RSA Tokens McQuinda Johnson Dr. Al Oluyomi CIS 502 January 27, 2014 Advanced Persistent Threats Against RSA Tokens 2 An evolution in the goals and sophistication of computer network intrusions has rendered these approaches insufficient for the threats facing many modern networked organizations. A new class of adversaries, appropriately dubbed the “Advanced Persistent Threat” (APT), represents well-resourced and trained adversaries that conduct multi-year intrusion campaigns targeting highly sensitive and valuable data in an attempt to gain a competitive edge, particularly in international business and law, or nation-state political and military affairs. These adversaries accomplish their goals using advanced tools and techniques designed to circumvent most conventional computer network defense mechanisms and remain undetected in their intrusion efforts or presence on networks over long periods of time. Network defense techniques which leverage knowledge about these adversaries can enable defenders to establish a state of information superiority which decreases the adversary’s likelihood of success with each subsequent intrusion attempt. Threat intelligence can be a force multiplier as organizations look to update their security programs and defenses to deal with increasingly sophisticated advanced persistent threats. Security managers need accurate, timely...
Words: 1313 - Pages: 6
...being unmatched technologically in the battlefields, the low-cost, simple, complex and expensive asymmetric threats have proved to be significantly dangerous to the security of any country. While cyber-attacks are increasingly driven by automated processes, human beings still operate at human speeds. Today, cybercrime has developed and adversaries have gained sponsorship from governments, international organizations or individuals for their selfish interests. The most recent development in cyber-attacks are the advanced persistent threats. According to Vert, Gonen and Brown (2014), these kinds of attacks are known of being sophisticated and slow moving over a long period of time. Advanced persistent threats are computer network attacks in which unauthorized individuals gain access to network systems or its resources and continues to use the resources without detection for a long period of time. By definition, advanced persistent threats are highly sophisticated networked entity, typical of organized groups of attackers, which conduct hostile cyber-attacks against a computer system. As described in the scenario, the western interconnection power grid faces such a challenge. Adversaries intend to use malwares to gain access to the network system at the power grid. A. Analysis of the problem and Safeguards against the problem The lifecycle of an advanced persistent threat follows a six step process as shown in the diagram that follows. The first phase, the information collect,...
Words: 1247 - Pages: 5
...GIAC Enterprises Security Controls Implementation Plan Group Discussion and Written Project John Hally, Erik Couture 08/07/2011 GIAC Enterprises – Security Controls Implementation Plan Table of Contents Executive Summary Introduction Security Controls Implementation Plan Incident Response Weekend Plan Conclusions References 3 3 4 6 9 9 2 GIAC Enterprises – Security Controls Implementation Plan Executive Summary The cyber-threat landscape has evolved significantly in recent years. From primarily a threat of denial of service and website vandalism in years past, to the currently advanced and well resourced adversaries employing complex technologies to achieve financial and political benefit. At GIAC Enterprises, we have observed huge increases in suspicious network activity directed at our corporate networks, sometimes even targeting key individuals. Due to the huge global increase in demand for fortune cookie messages, it is reasonable to expect that this undesired attention will only increase in the coming months and years as cyber-criminals and possibly corporate spies attempt to closely monitor our business activities and steal vital business information. This paper presents the recommendations of the tiger team, which was recently formed, with the goals of: 1. Developing a strategy for the implementation of the SANS Top 20 Security Controls, and in particular the creation of an incident response capability; and 2. Identifying and eradicating any possible...
Words: 3167 - Pages: 13
...Mobile Device Security and Other Threats Melissa M Dr. Constance Blanson Theories of Security Management November 30, 2014 Analyze the emerging security threats presented within the “Security Threat Report 2014” Security threats have not only grown and matured quickly, but the people behind these threats have become more creative in camouflaging their work. These criminals have become more adept at eluding their identification and are now relying on cryptography. Malware authors, as with users, are now focusing on mobile devices and web services. Numerous threats were listed in the Security Threat Report 2014 such as botnets, android malware, attacks on Linux platforms and Mac OS X, web-based malware, targeted threats to your financial accounts, unpatched windows systems and re-invented spam. These items are detrimental to companies and users. The more complex these threats get, the harder it is to protect against them. I will analyze botnets and android malware in this section. A botnet is a network of private computers infected with malicious software and controlled as a group without the owner’s knowledge. Criminals distribute malicious software that can turn your computer into a “bot”. When this occurs, your computer can perform automated tasked over the Internet without your knowledge. This type of malware is typically used to infect large numbers of computers. They are used to send out spam email messages, spread viruses, attack computers and servers...
Words: 1366 - Pages: 6
...Introduction This white paper discusses which technological advance will most influence future conflicts, specifically Unmanned Aerial Vehicles (UAVs), commonly known as Drones. I will provide a brief overview of drone existence; illustrate the driving forces for the development of advanced drone technologies, and how drones will shape future conflicts. Overview During the early years of drone development 1. What they are and what they were built for 2. First drones introduced as we know them today 3. Current uses by U.S. military and adversaries (use of COTS) Transition: Drones must evolve to stay ahead of adversaries. Driving force 1. Ever changing threats 2. Outdated sensors 3. The need for more capabilities and platforms Transition:...
Words: 299 - Pages: 2
...Over the past couple of decades, the increasing dependence on information technologies has led to a relatively new form of security threat – cyber-attacks. Numerous advantages of the attackers in cyber space and a lack of attribution and awareness has resulted in an increasing number of aggressive operations in the digital realm. Contrary to the beliefs of many, cyber security is not exclusively a technical issue but also a matter of politics and economics. We can observe an increasing number cyber warfare policies in the international realm, which increases the pressure to establish rules of governance in cyber space. The following essay will be concerned with the Stuxnet worm and its role in Operation Olympic Games, which targeted the Iranian nuclear power plant Natanz. The analyses will provide an overview of the attack, including technical comprehension of the attack, and also looks at the attack in term of its political consequences. The first section will discuss the origins of the attack, building on Ralph Langner’s article published in ‘IEEE Software’. Even though numerous cyber offences took place before, it will explain what made Stuxnet stand out. The second part of the essay analyses the political perspective of the attack and two competing theories explaining the presence of malware in the nuclear facilities. The following section analyses the role of cyber warfare as viable military strategy. It will be argued that cyber offences appear to be more applicable...
Words: 2431 - Pages: 10
...doing that, the U.S. will make itself the most superior military force in the world. The most devastating aspect of the battlefield is death. Recent wars have proven this but it seems as time goes by the death toll does as well. There is currently a variety of research and development underway to lower this right now. One of them is called the “Radar Scope”, which gives a soldier the ability to see through walls. DARPA expects the scope to be sent to squads conducting building searches. The device has the capability to sense movements, even breathing, through 12 inches of concrete and 50 feet further into room. This device alone will cut back on deaths with the advantage of knowing where people the door is broke down. An even more advanced version of this device is in the making. It is called the “Visi Building” and it will be able to actually see through many walls to give of location of people as well as objects. Visi Building will improve surveillance by allowing people to drive or fly by to see inside. Even though the Visi Building is years away from use, it is certainly a step in the right direction. Another way to lower the death toll is by incorporating robots into the tasks undergone in the field. The Special Weapons Observation Reconnaissance Detection System engineered a weapons a platform on a Talon robot. The weapons can be exchanged with the M16, 240, 249, or 50 calibers, or a 6mm rocket launcher. The soldiers will then operate...
Words: 968 - Pages: 4
...NIST The purpose of this publication is to provide organizations with recommendations for improving the Security configuration and monitoring of their IEEE 802.11 wireless local area networks (WLANs) and their devices connecting to those networks. The scope of this publication is limited to unclassified wireless networks and unclassified facilities within range of unclassified wireless networks. This publication supplements other NIST publications by consolidating and strengthening their key recommendations, and it points readers to the appropriate NIST publications for additional information (see Appendix C for the full list of references and Appendix A for a list of major security controls relevant for WLAN security). This publication does not eliminate the need to follow recommendations in other NIST publications, such as [SP800-48] and [SP800-97]. If there is a conflict between recommendations in this publication and another NIST wireless publication, the recommendation in this publication takes precedence. NIST Special Publication 800-53 is part of the Special Publication 800-series that reports on the Information Technology Laboratory’s (ITL) research, guidelines, and outreach efforts in information system security, and on ITL’s activity with industry, government, and academic organizations. Specifically, NIST Special Publication 800-53 covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance...
Words: 1201 - Pages: 5
...disruptions caused by war, plagues, or adverse weather. For the first few decades after World War II, technological progress and enhanced political cooperation suggested it might be possible to substantially reduce the number of people suffering from hunger. While progress was uneven, by 2000 the threat of extreme hunger subsided for many of the world's people. Until 2006, the average international price of food had been largely stable for several decades. In the closing months of 2006, however, prices began to rise rapidly. By 2008, rice had more than tripled in price in some regions, and this severely affected developing countries. Food prices fell in early 2009, but rose to another record high in 2011, and have since decreased slightly. The 2008 worldwide financial crisis further increased the number of people suffering from hunger, including dramatic increases even in advanced economies such as Great Britain, the Eurozone and the United States. The Millennium Development Goals included a commitment to a further 50% reduction in the proportion of the world's population who suffer from extreme hunger by 2015. As of 2012, this target appears difficult to achieve, due in part to persistent inflation in food prices. However, in late 2012 the UN's Food and Agriculture Organization (FAO) stated it is still possible to hit the target with sufficient effort. In 2012, the FAO estimated that 868 million people are undernourished (12% of the global...
Words: 315 - Pages: 2
...The Department of Defense (DoD) manages one of the largest and most targeted networks, up to 250,000 attacks per day. (Daniel Gouré, 2015) As a member of this organization, I see the low level applications set forth by the strategic minds of the DoD Chief Information Officer and Secretary of Defense. As the organization that laid the foundation for the internet, the DoD has evolved over the years reacting to the vulnerabilities and threats to their vast information systems. Past breaches have illustrated how vulnerable the networks are, and we can look at history to see the development of the defense networks and security. The DoD made a large impact across the computer security field with their security handbook called the “Orange Book”. The official name for the Orange Book is “DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria”, which was first written in 1983 and further updated in 1985. (Department of Defense, 1985) It is the computer system criteria book within a series of security related guides and directives called the “Rainbow Series,” which are the numerous standards and guidelines published by the Department of Defense. The document laid the foundation for the communication between the developers and the customers. The model was based on systems meeting six security requirements: security policy, marking of objects, identification of subjects, accountability, assurance, and continuous protection. After evaluation, the system is placed...
Words: 2282 - Pages: 10
...thousands of websites vulnerable to SQL Injections. Malicious code writers have exploited these vulnerabilities to distribute malware so quick that the government cannot contain such a large quantity. 3. What does it mean to have a policy of Nondisclosure in an organization? It is a contract where the parties agree not to disclose information covered by the agreement. It outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to or by third parties. 4. What Trends were tracked when it came to Malicious Code in 2009 by the Symantec Report researched during this lab? DoS attacks are always common, however targeted attacks using advanced persistent threats (SPT)...
Words: 319 - Pages: 2
...confidential or valuable information in a competing company. Industrial espionage describes hidden activities, such as the theft of trade secrets, bribery, blackmail and technological surveillance. Industrial espionage is most commonly associated with technology-heavy industries, particularly the computer and auto sectors, in which a significant amount of money is spent on research and development (R&D). One of the most notable industrial espionage is “Operation Aurora” which took place in 2009 when some parties hacked Google China operation, stealing intellectual property and, in particular, accessing the email accounts of human rights activists. II. Brief Explanation Operation Aurora was a cyber attack conducted by advanced persistent threats, such as Elderwood Group that based in Beijing China. Elderwood Group was the digital arms dealer that was used against Google, operating since 2009, when Titan was hit. The Elderwood supplier has frequently been linked to the 2009 attacks. Elderwood used against a large number of industries, including defense, technology and human rights organizations, throughout 2014 and before. Some researchers believe that attack code has been sold to...
Words: 1957 - Pages: 8
...institutions use to carry out research, communicate and innovate. Even through this evolution has brought many benefits but also it has also brought serious threats such as cyber-attacks that has been demonstrated over the past few years through acts of cyber espionage and cyber-crime through the virtual space. In this context, the University of Dar es Salaam needs to develop policies towards cyber threats even through this has often be clustered and fragmented. Using theoretical and conceptual models this paper provides an informed understanding and critical assessment of the University of Dar es Salaam cyber security policy through addressing the following research questions: What are the IT risk management policy and systems that can be developed for the University of Dar es salaam? The primary data is collected through surveys, and interviews that are open ended and close ended. The results of the paper demonstrated that colleges and universities have been a target for cyber-attacks due to the fact that of the vast amount of computing power they possess, and they provide open access to their constituents and to the public. The research also showed that University of Dar es Salaam doesn’t have a comprehensive IT security risk management policy or guidelines that will guide the business process in the event of an IT security threat. Therefore the University needs to develop policiesthat provide roadmap for effectively protecting the availability, integrity and confidentiality of University...
Words: 7435 - Pages: 30
