Identify the appropriate components to prevent and detect attacks in network environment.
Recently there has been an increase in cyber attacks. As one of the top network security consultants in Malaysia, you have been approached by Open University Malaysia (OUM). OUM is a Malaysian private university headquartered in Kuala Lumpur. They are planning to open up three other learning centres but due to the recent cyber attacks, they are quite cautious. Prepare a report on the network security proposal for OUM learning centres.
Background of Open University of Malaysia
The following report attempts to show how important network security is for any academic institute or university. This report talks in detail about both the external internal security threats that can apply for the network of Open University of Malaysia (OUM). The report begins by presenting the background of the university OUM before mentioning the security requirements of the university network. Then the report explains how external threats can affect the network of OUM. After that the report discusses the three different types of external threats that can affect OUM and along with a real world example for each of the identified threats (Diaz & Sanchez, 2016). Next the report talks about what internal attacks to OUM can be and how they can affect the university. Thereafter, the three major internal network attacks that can affect OUM gets discussed with real life examples for each (Al Haddad, Hanoune & Mamouni, 2016). With the threats to the network covered the report is to suggest preventive, detective and corrective controls for OUM to tackle the threats. After that the report presents with the key aspects necessary for OUM for good cyber security and ends with concluding notes.
Open University of Malaysia or OUM is among the leading private universities and the first open university of Malaysia. The university is owned by Multimedia Technology Operations (METEOR). It excels in e-learning methodology and tools as it provides non-restrictive entry requirements for their degree programs (Brun, Yin, & Gelenbe, 2018). These programmes are made applicable to adults possessing learning experiences that can be evaluated based on learning outcomes of the academic courses. Hence they require sufficient network infrastructure for making these services available (Soliman, Mageed & El-Hennawy, 2017). On top of this they also need to keep their network secured from both internal and external cyber security risks.
OUM is to open three different learning centres which needs to be made individually secured from cyber threats as well as to ensure they get interconnected securely.
The overall network formed are to be open to public internet users and remain secure at the same time.
Access to the university network by all types of users is to be authenticated and monitored thoroughly by the network administrators.
The access of users to the learning resources and other digital assets of the university must be secured through the university network.
It should be ensured that none of the students can share their session login credentials with anyone else.
Security Requirements of University Network
Any infections resulting from emails and uploads of authorized students of the university should be accounted for and required set of penalties should be defined for these students.
Attacks concerning OUM
The network of Open University of Malaysia is constantly under attack by hackers, intruders, bots and schemers trying to spoof data of the institute. These attacks can involve hacking of routers, interception of messages between OUM and the students, stealing of university data, shutting down of university services through Distributed Denial of Service (DDoS) attacks (Brun, Yin, & Gelenbe, 2018). After hacking the OUM router, the attacker can divert the network traffic away as per choosing by the attacker. Brute Force attacks are common methods by which these routers can be hacked. Attackers can spoof the exchange of messages between OUM and the students through protocol analysers and absence of HTTPS and SSL protections make it easier for these attackers to obtain user credentials entered by authorized users to log into the network. These credentials can help the attackers in gaining the required privileges to break into the servers of the university and steal sensitive information. The attackers once gained access to the network can also inject malicious codes that can hog all the compute power of the processors as well as consume all of the network bandwidth of OUM servers and network making them unavailable for processing legitimate tasks of authorized users thereby creating a DDOS attack. Network intrusions refer to the network scanning, attacks to the network as also misusing of resources of the network (Brogi & Tong, 2016). These network intrusions have specific patterns to their bytes in network traffic for exchanges between the attacker and target computers or servers. These bytes are hence treated as signatures or fingerprints of the network intrusion attempt.
The different types of external network attacks can be the following:
Advanced Persistent Threat (APT): They are the stealthy means by which, attackers targeting a computer network can gain unauthorized access to that network and stay undetected for longer durations of time (Marchetti et al., 2016). These APTs are generally caused by rival nation states and also state-sponsored groups.
Among currently observed APT attacks are the ones affecting United States Government's Office of Personnel Management and is considered to have resulted from the ongoing cyber warfare among nations China and U.S.A in 2015. Out of them the most recent rounds of attacks commonly go by the attribution ‘Deep Panda’ among other codenames.
External Threats to the Network of OUM
Brute Force Attacks: Routers are often victim of brute force attacks conducted by hackers when they try to guess the password of these routers (Llewellyn-Jones & Rymer, 2016). For this attackers typically use software applications containing a dictionary of password combinations (Yao, Luo & Zincir-Heywood, 2017). According to the strengths of the password set the combination of letters, numbers, characters and words are applied for identifying a match. When these passwords are weak, they are very easy and less time consuming to crack.
In 2016, over a million of accounts in the ecommerce site Alibaba got affected by massive brute force attack.
Distributed Denial of Service (DDoS): Through these attacks, the attacker sends a large number of packets to the organization router simultaneously from thousands of other infected computers known as zombie hosts (Tokusashi et al., 2016). In trying to process the requests of these large number of requests the router becomes unable provide sufficient bandwidth for processing network activity of the authorised users. Similarly the attackers can use processes of these zombie hosts to run on the server processor thereby disabling compute services for legitimate processes.
The DDoS attack known as PopVote got executed in 2014 which would target the grassroots movement of Hong Kong called Occupy Central. This involved the site PopVote which as not owned by Occupy Central but regardless served their political messages.
Attacks concerning OUM
The internal network attacks to OUM are mostly found to result from human errors of the students and the university personnel while accessing the online services and resources of OUM over the network. Here the attackers specifically try to lure the user into clicking on links to malicious sites and downloading of infected files from untrusted sources.
The different types of internal network attacks can include the following:
Malicious Cyber-attacks: The researches on internal security threats to organizations as conducted by CERT reveal that these cyber-attacks are mostly committed by the IT staff and system administrators who possess elevated access to the systems of the organization (Rid, & Buchanan, 2015). These employees are typically very technically proficient and can even make use of their system access to open back doors into other important systems installed within the organization. They can also place programs using which data can be stolen from the network of the organization (Abomhara, 2015). Therefore, this can also apply to the IT staff and system administrators employed by OUM.
Internal Attacks and Threats to OUM
Adobe got devastated by a cyber-attack in 2013 by a major hacking of its overall IT infrastructure (Taha et al., 2016). Here, credentials of up to 150 million network users got stolen among which 38 million were active accounts.
Data Breach: Data can get stolen from computers of an organization in a wide range of ways and the stolen data can get leaked outside the organization for disastrous consequences (Cadwalladr & Graham-Harrison, 2018). This can be performed through use of devices like CD/DVD-ROM, digital cameras, MP3 player and USB device/pen drive. This is mainly because the different devices mentioned all are capable of storing large amounts of data and they can easily be used to copy critical information of the company and leak it to the public and thereby company rivals (Solove & Citron, 2017). The portable nature of the devices used can make the task very easy for the involved employees. The low cost of acquiring the devices and high availability means they also be carried by the members of OUM. Thus attacks like data breach can also affect organizations like OUM.
The Exactis data breach ranks among the largest data breaches. This data breach involved exposing of Exactis database that contained records of 340 million individual records (Manworren, Letwat, & Daily, 2016). The data included Personal Identifiable Information (PII) of the consumers whose records were stored.
Illegal Acts: The responsibility of the activities performed by the employees always rest on shoulder of the employer. This includes illegal activities if any conducted through the network of the organization (Steiner, 2017). Here the employer is only exempted if he or she can show that sufficient steps have been ensured to prevent such activities in future. The illegal activities can include download of pornographic content through the company network, selling of drugs with the use of organization email as also distribution of offensive racial and sexual content over the intranets. OUM is a university responsible for providing education programs to students and is therefore among the organizations where illegal activity by members can be a common concern.
A famous example can be the suing of US based Citibank for $2m or 1m GBP because of their employees resorted to downloading of porn from the company network.
Importance of Implementing Controls
Due to the overwhelming implications of the threats discussed above it is of paramount importance for OUM to have controls in place to prevent each of the external and internal attacks (Rolla & Kaur, 2016). This can be ensured by applying three different types of controls within the university. These are the preventive controls, detective controls and corrective controls.
Preventive, Detective and Corrective Controls for OUM
Preventive Controls: These controls are designed such that they can be implemented before the event of a network threat can take shape. This is to ensure that these network threats can be prevented from affecting OUM or at the very least their chances of affecting the OUM network be reduced. Preventive controls can come in the form of list of policies, set of standards, specific processes, procedures, cryptographic techniques as well as firewall systems.
OUM needs to formulate a list of security policies which must include procedures for preventing and detecting misuse, providing guidelines to securely use network and digital assets of OUM and should also detail the consequences for failing to comply to them.
Detective Controls: These are set of controls that are designed for detecting events of threats as they occur while also providing the network analysts and investigators with assistance for audit after the event. These detective controls can include monitoring of security event logs, intrusion detection of threats in hosts and network as also use of antivirus with ability to identify malicious codes.
OUM should deploy the COBIT 5 framework as this deals with network attacks and breaches in systematic ways. The framework ensures the identification is carried in a timely manner and provides the following audit objectives:
- Confirming of monitoring and recognition of specific technical attack solutions
- Assessing of interfaces as per incident management and crisis management processes
- Evaluation of how timed and adequate the attack response is
Corrective Controls: These are controls designed for mitigating or reducing the impact of a threat as much as possible after the network is already affected by the threat so regular operations can be initiated at the earliest. Common examples can be security applications and antivirus software to automatically remove the malicious files and having ready proper BCP and plans for recovery.
OUM needs to use comprehensive security solutions, like firewalls and antivirus applications from trusted vendors in the industry of IT security which can adequately take action on recent threats (Melo, Machado & Carmo, 2018). A proper BCP also needs to be formed so that the university can recover the affected data.
In order to have a good approach to tackling cyber security threats, OUM must ensure the following:
- Password policies
- Two-factor authentication
- Access controls
OUM needs to make sure that the university members know and are applying strong passwords when they try to access the university platform over the network (Song, Kim, & Kim, 2016). This can be ensured through guidelines for password creation and having rules to deny use of weak passwords.
Two-factor authentication significantly reduces the risks of accounts getting compromised from network threats (Dodson et al., 2019). This includes use of a password or OTP in combination of clicking on verification links sent to their registered emails to proceed with availing the service.
Key Aspects Necessary for Good Cyber Security at OUM
Access controls make sure that a particular user can only view the information which is available to the job role that specifically applies for the user. This prevents both malicious and unintentional data breaches as the data available to the actor can be isolated within a particular boundary.
In conclusion the above report successfully shows how important network security is for any academic institute or university. This report talks in detail about both the external internal security threats that can apply for the network of Open University of Malaysia (OUM). The report begins by presenting the background of the university OUM before mentioning the security requirements of the university network. Then the report explains how external threats can affect the network of OUM. After that the report discusses the three different types of external threats that can affect OUM and along with a real world example for each of the identified threats. Next the report talks about what internal attacks to OUM can be and how they can affect the university. Thereafter, the three major internal network attacks that can affect OUM gets discussed with real life examples for each. With the threats to the network covered the report is to suggest preventive, detective and corrective controls for OUM to tackle the threats. After that the report ends by presenting with the key aspects necessary for OUM for good cyber security.
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.
Al Haddad, Z., Hanoune, M., & Mamouni, A. (2016). A collaborative network intrusion detection system (C-NIDS) in cloud computing. International Journal of Communication Networks and Information Security, 8(3), 130-136.
Brogi, G., & Tong, V. V. T. (2016, November). Terminaptor: Highlighting advanced persistent threats through information flow tracking. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1-5). IEEE.
Brun, O., Yin, Y., & Gelenbe, E. (2018). Deep learning with dense random neural network for detecting attacks against iot-connected home environments. Procedia computer science, 134, 458-463.
Cadwalladr, C., & Graham-Harrison, E. (2018). Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. Sat, 17, 22-03.
Diaz, A., & Sanchez, P. (2016). Simulation of attacks for security in wireless sensor network. Sensors, 16(11), 1932.
Dodson, D., Polk, W., Souppaya, M., Barker, W., Lear, E., Weis, B., ... & Raguso, M. (2019). Securing Small Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD) (No. NIST Special Publication (SP) 1800-15 (Draft)). National Institute of Standards and Technology.
Llewellyn-Jones, D., & Rymer, G. (2016, December). Cracking PwdHash: A Brute-force Attack on Client-side Password Hashing. In Proceeding of 11th International Conference on Passwords (Passwords16 Bochum).
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data breach. Business Horizons, 59(3), 257-266.
Marchetti, M., Pierazzi, F., Colajanni, M., & Guido, A. (2016). Analysis of high volumes of network traffic for advanced persistent threat detection. Computer Networks, 109, 127-141.
Melo, W. S., Machado, R., & Carmo, L. F. (2018). Using Physical Context-Based Authentication against External Attacks: Models and Protocols. Security and Communication Networks, 2018.
Rid, T., & Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), 4-37.
Rolla, P., & Kaur, M. (2016). Review Of Prevention Techniques For Denial Of Service (DOS) Attacks In Wireless Sensor Network. International Journal of Scientific & Technology Research, 5(7), 52-54.
Soliman, J. N., Mageed, T. A., & El-Hennawy, H. M. (2017, December). Taxonomy of security attacks and threats in cognitive radio networks. In 2017 Japan-Africa Conference on Electronics, Communications and Computers (JAC-ECC) (pp. 127-131). IEEE.
Solove, D. J., & Citron, D. K. (2017). Risk and anxiety: A theory of data-breach harms. Tex. L. Rev., 96, 737.
Song, H. M., Kim, H. R., & Kim, H. K. (2016, January). Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In 2016 international conference on information networking (ICOIN) (pp. 63-68). IEEE.
Steiner, H. (2017). Cyber operations, legal rules and state practice: authority and control in international humanitarian law.
Taha, A. F., Qi, J., Wang, J., & Panchal, J. H. (2016). Risk mitigation for dynamic state estimation against cyber attacks and unknown inputs. IEEE Transactions on Smart Grid, 9(2), 886-899.
Tokusashi, Y., Kuga, Y., Nakamura, R., Tazaki, H., & Matsutani, H. (2016, October). mitiKV: An Inline Mitigator for DDoS Flooding Attacks. In Internet Conference 2016.
Yao, C., Luo, X., & Zincir-Heywood, A. N. (2017, November). Data analytics for modeling and visualizing attack behaviors: a case study on SSH brute force attacks. In 2017 IEEE Symposium Series on Computational Intelligence (SSCI) (pp. 1-8). IEEE.