Question

Using your reading and the Internet, provide a one-page response detailing the relevance of physical security in the cybersecurity arena. Write a few short paragraphs and feel free to use bullets.

Part 1: Compile Cyber Investigation Guidelines (3 points)

Using your reading and the Internet, provide a response detailing the chain of custody considerations to enable you to collect evidence that will useful for a legal prosecution. Write short paragraphs guiding IT employees regarding the need to protect evidence and how you need to establish an acceptable chain of custody. Length, 1.5 to 2.5 pages as a Word document, not including the title page and the reference page.

Part 2: Compile a Review of a Specific Buffer Overflow Attack (10 points)

Research a specific buffer overflow attack technique of your choice. This should be a technique that has been actively exploited in the past five years or is still a current threat. Prepare a presentation on the attack. The intended audience is a bachelor’s level cybersecurity course where you are to deliver a guest lecture.

Your presentation should include at least the following information:

• Explain the conditions that make systems vulnerable to this particular attack.
• Indicate how the attack works and how it is executed.
• Provide a graphical depiction (e.g., flowchart, diagram, video) of the attack in action and how it works.
• Identify examples of how the attack has been exploited in the past (e.g., news stories, software security vulnerability alerts).
• Recommend techniques for shielding against the attack or mitigating its effects.

Incorporate appropriate animations, transitions, and graphics as well as speaker notes for each slide. The speaker notes may be comprised of brief paragraphs or bulleted lists. Use keywords on the slides, not long bullets, and no sentences. The Notes under the slides should have 100 to 150 words, including citations. Provide 10 to 14 slides not counting the title page and references page.

Support your presentation with at least 3 scholarly resources. Industry literature should also be used as appropriate.

Additional submission requirement (choose one):

• Record narrations within your PowerPoint presentation and submit the file that includes the narrations.
• Deliver the presentation via screen capture, upload the video to a sharing site (e.g., Jing or Microsoft Mix, etc.), and submit the PowerPoint presentation and a link to where your delivery video can be viewed.
• Deliver the presentation in person and record a video of yourself (e.g., camera with tripod), upload the video to a sharing site (e.g., Jing, Microsoft Mix, etc.), and submit the PowerPoint presentation and a link to where your delivery video can be viewed.

Your response should demonstrate thoughtful consideration of the ideas and concepts presented in the course by providing new thoughts and insights relating directly to this topic.

Answer 1

As the years are passing by, security is growing as one of the most effective fields in the history of computers. There is a need of getting each one of the things secured with the help of internet security with ethical actions. There are many things happening on the web and promising safety without taking any tough measures is one of the impossible tasks nowadays. Hence, companies and individuals have moved to security tools and technologies to keep their information safe while connected to the internet.

Risk Assessment & Threat Vulnerability:

Nowadays, companies have moved on to the Agile or Rapid Application Development SDLC(Software Development Life Cycle) which has been resulting in reducing the development timeframe. Now, starting with the risk assessment, here we go,

1. Collecting Information:
   • The collection of information is one of the major parts that plays in the security of the organization. The URL of the target must be accessible to gain information.
   • Information caught in wrong hands can turn out to be chaos for any organization. Hence, information must always be safeguarded with levels of security.
2. Risk Profiling:
   • Checking the website for each and every type of risks/threats is a very important task and must be carried on with each and every module of the organization's availability in the internet space.
   • There must be things carried out like:
     • Automated threat scanning
     • Penetration Testing
     • Black Box testing of the source codes
     • Assigning Risk Ratings to the Security Flaws
     • Reporting to higher Authorities
3. Updating Technology:
   • In the current world scenario, it has become very important to update the technologies that are been actively used and must be balanced accordingly.
   • The use of older versions will come with a bunch of vulnerabilities and threats along with the destruction of certain aspects of the organization.
4. Application Fingerprinting:
   • In an organization, there are certain things that must be checked for the known vulnerabilities and exposures. If there, one must always keep it the priority to overcome certain threats in order to run the organization smoothly.
   • The application fingerprinting consists of different levels of assessment. Here are some of the different scopes:
     • Defining Objectives
     • Devising Strategy to overcome threats
     • Role Based Access Control Matrix
     • Choosing Appropriate Security Tools

Everyone must keep in mind that being safe on the internet is an integral part of the virtual life and must carry on managing the security each time there is any interference of threats or vulnerability. One must also stay updated if using any third party application as there are many zero-day fixes coming in the applications which help us to stay immune to malware and viruses that have affected the software in the past time.

Actions For Effective Risk Management Capabilities:

The actions that one must take in order to make the risk management effectiveness and up to the mark in management capabilities are as follows:

• Preparing:
  • One must always prepare for the risks and also keep the systems checked for the vulnerabilities.
  • The best approach is to plan and make changes to the system as soon as the updates are launched to a particular system.
  • The planning must work accordingly so that the risks are being minified at the user's end.
• Verifying & Eliciting:
  • Verifying each & every potential risk in the system and if found critical then eliciting the risk will ensure that the risks are eliminated properly.
  • The elimination of the risks is also being done on a certain level so that there are no further risks remaining in the system to check.
• Analyzing gaps & Evaluating:
  • Analyzing for risks is the major activities that must be taken on the developing end because if a risk is analyzed in the earlier stage it is less destructive for the system.
  • Evaluating the level of the risks also become important for the users so as to make the risks less effective on the systems.

Hence, these are actions that could lead to the development of effective risk management capabilities.

Guidelines For Security Policies:

For the security policies, there are certain things to be always taken into consideration, we will discuss all of them as we dive in deep. So here we go,

1. Knowing The Risks:
   • It is the most important part while creating security policies to know what risks are there in the system.
   • How the information is been manipulated at the client as well as the server end. Hence, making the process more secure as data is the part for which security is always compromised.
2. Knowing The Wrongs Done By Others:
   • Knowing that the organizations who have been gone through the certain risks which reside in your system. Learning from the mistakes made by others is always the most effective way of setting guidelines.
   • The guidelines to the security policy consist of the most probable wrong things that each and every organization with similar risks are been doing.
3. Keeping Legal requirements in mind:
   • Many times organizations completely forget about the legal requirements that are been required by the officials.
   • Hence, keeping the legal jurisdictions, data holdings and the location in which you reside is also most important.
   • Recently, this has been the case with Facebook's most controversial data theft.
4. Setting the level of security:
   • The level of the security that is been planned must always be kept in mind with the level of risks that are been residing in the system.
   • Excessive security in the system can also cause hindrance to the smooth business operations and hence, overprotecting oneself can also be a cause to the problem.
5. Training Employees Accordingly:
   • The training of the employees in a certain part of the security is also a major part of the security policy as the employees are the one who makes mistake.
   • So, if one trains their employee in such an order that they minimize the mistakes that are been made it will become great for the system.

Hence, these are the guidelines for creating an effective and functional security policy.

Port Security:

Maintaining the ports according to the needs is one of the most important things which one should consider while listing down the systems to be secure. As it is going to be one of the most important and major parts of port security.

There are certain steps which one should follow for port security which I believe works for every organization:

• Limiting the number of devices on most of the switch ports is to be done in each organization.
• Also using MAC ADDRESSES in the organization must be limited to a certain level of work procedure.

Now, coming to the techniques in securing ports are as follows:

• Making Use of Dynamic MAC Addresses:
  • It becomes important to dynamically configure and also secure the MAC addresses of the devices which are been connected to the certain ports.
  • The addresses must always be stored in the address table so as to keep the data secure and also in working mode.
  • In this technique, we also stay away from forwarding traffic from unspecified devices or devices which are not known to the network.
• Using Static MAC Addresses:
  • It is one of the most useful methods as it secures the MAC addresses by statically configuring each of them with the switch port.
  • The MAC Addresses are also stored in the address table.
  • The static configuration of the network is been stored by default while using port security.
  • The table which stores addresses can be made permanent by actually saving them to the startup configuration.
• Using Sticky MAC Addresses;
  • In this, a technique the MAC addresses are used as hybrid addresses which are being dynamically learned from most of the devices which are being connected with the switch port.
  • The addresses are also being put in the address table and are also been entered into most of the running configuration that is static secure MAC addresses.
  • The MAC addresses are also lost if they are not saved in the startup configurations.

Hence, these are technologies that can be used to reduce port vulnerability.

Cyber Crimes:

When talking about cyber crimes, there are many cyber crimes which are been compromising data across the world of many users. It has been estimated that 37% of total websites are being vulnerable to most basic security vulnerabilities and are been compromised on a daily basis. So, now we are going to talk about cyber crimes. They are as follows:

• Buffer Overflow:
  • The buffer overflow vulnerability is one of the most basic and dangerous vulnerabilities which occurs in the systems due to the insufficient memory management and wrong codes.
  • The main drawback of having this vulnerability is that it will freeze the system and let the attacker do the things he wants to do which can lead to remote code execution and then, later on, can do anything the attacker wishes to.
• SQL Injection:
  • It is wrong references given in the databases and manipulating a certain level of database information which gives access to the attacker in which they can hack the system authentication process.
  • The SQL Injection is one of the most dangerous vulnerability and none of the websites must have this threat in their system because it can cause the downfall of the whole website.

How can encryption be used to ensure integrity and maintain data privacy?

• Encryption is one of the best techniques which can be used by a user so that the data gets encrypted and decrypting is not the thing which is easy and also with certain attacks it could take a lot of time to even decrypt single encryption.
• It will help in managing the integrity of the data by keeping the data consistent with the help of the encryption that takes place in the systems. It takes a lot of time and brain to break the code which most of the attackers don't like doing unless and until it is juicy enough to get them millions of bucks.

The basic encryption algorithm and how it works.

• The most basic encryption algorithm that is been used is AES(Advanced Encryption Standard). It is one of the most standard algorithms which is been trusted a lot and follows the standards that are been set by the American Standards.
• The main advantage of the algorithm is that it uses very less RAM and works very efficiently. It can be used for many variants which include 128,192,256 bits.
• In AES, there are basically 10 rounds which are been used for 128-bit keys. The same key is used for encryption as well as decryption of the data. According to the data, until now there are no attacks which are been discovered to be effective in AES.
• Hence, it remains the safest algorithm for encryption and is been used on certain devices and transmission technologies. It is mostly used for wireless connections authentication.
• While going on with the encryption one must always be sure about what is being used and what is to be encrypted. The user base is going to handle the data.
• The more important the data, more security for the data. This means that the algorithm like Triple DES etc. must be used if data is too confidential and can harm a lot of people if leaked.
• There are also certain factors to which the system relies on. Hence, the algorithm must be full proof of attacks and the security must be to the ultimate level.

Security Implementation:

• The system must implement a firewall with honeypots for advanced security. In the firewall, there must be both the hardware and software version installed as both the version have some disadvantages over each other.
• Hence, it will nullify each of the disadvantages and can be used for different calibers in the system. As the software firewall can be used for adding rules and all the administrator stuff.
• And, the hardware firewall can be used to gain security for the packets that are entering the network and exiting the network. The honeypots will come in action before the firewall.
• What honeypots actually do in such conditions, the honeypots acts as a real system faking the attacker as, if, his attack has been a success. Honeypots can be considered as a mirage to our actual system.
• Hence, the attacks information can be later on used for upgrading the actual system and securing it from the discovered vulnerabilities or loopholes.

Hence, this is what one must do for ensuring the illegal activities in the system.

Example Threat:

I have an example for the real-life technological security flaw which has been appeared in one of the most used applications,i.e. Adobe Flash Player. So here is the information related to it in detail:

• The vulnerability which we are going to talk today is one of the most critical ones and for one of the largest companies "Adobe". This vulnerability left lakhs of the user under danger of getting breached.
• The name of the vulnerability is "Flash Player Vulnerability" with an identification code "CVE-2018-5002". This vulnerability has been affecting densely in the Middle East region and was brought into vision in June 2018.
• What actually was the security flaw here? The security flaw was one of the stack-based buffer overflow bugs that have been able to execute arbitrary code.
• The following vulnerability was allowing the attackers to maliciously craft the Flash object which would help them in executing codes in the victim machine and then execute the range of payloads & actions.

How would have this been prevented?

• The applications are been vulnerable to buffer overflow bugs when there are certain programming errors or memory leaks left in the programming.
• Hence, this can be prevented using right programming methods and also putting best programming techniques to use so that none of the vulnerabilities are left in open to ruin the applications.
• There must be thorough testing of the application done before releasing the application publicly and must also make the application good enough for working against the vulnerabilities.

Hence, these are the methods in which the vulnerability could have been prevented.

How did this vulnerability actually works?

• The vulnerability was allowing the attacker to provide a word file to download and once executed in the victim PC the adobe flash exploits would start running.
• This file once executed starts executing the shellcode which will then enable the attacker to command and control the servers from which the attacker would gain complete access to the victim machine.

Patch For Vulnerability:

• The company has declared the patch for the vulnerability and can be patched automatically by installing the updated Flash Player as this was a critical zero-day attack.
• The patch is available only for the users from East Asia as the vulnerability was highly active in that region.

Hence, this was all on technology security and how to maintain the security levels in order to stay updated and up to the mark.

Resources:  The Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich