country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

Question:

Identify a recently announced security vulnerability and write a profile of the threat. The profile should contain the name of the threat, the systems it attacks, how it performs its attack, mitigation strategies and concluding reflection.
 
 

Answer:

Introduction

Information security is a major concern for most of the organizations today. This helps in protecting the integrity, confidentiality and the availability of data of computer system from the malicious systems. Information security is all about dealing with risk management. Some effective cryptographic tools are able to maintain the security of the different systems and mitigate the issues. The organizations take various precautionary measures in keeping their data secured and safe from the attackers. Still, there are chances that the machines will be attacked by bugs and malicious devices. The report takes into consideration the effects of the bug, DROWN and the mitigating options.

Different types of threats

There are various types of vulnerabilities that have come up in the recent years. Some of them have been mentioned in the table below.

Year

Name

Vulnerability

Mitigation

2016

DROWN

Sites supporting SSLv2 and EXPORT cipher suites

Disabling SSLv2 and/or updating OpenSSL.

2015

Logjam

Servers that use Duffie-hellman key exchange are very much vulnerable to having the sessions downgraded to extremely week 512-bit k

Mitigation can be done by disabling the DHE_EXPORT ciphers and clients must upgrade their browsers.

2015

FREAK

Clients are forced to downgrade from strong RSA to export RSA since both the browser and the server are vulnerable.

Mitigation is possible by disabling the export ciphers in the configuration of servers. Patching of the OpenSSL is also an option of mitigation.

2015

Bar Mitzvah Attack

Exploits the encryption of RC4.

The mitigation option is the disability of RC4.

2014

POODLE

The server has the chance to fall back to SSLv3.

Disability of the SSLv3 and the implementation of TLS_FALLBACK_SCSV.

DROWN

One of the most recent attack is the DROWN attack which is a cross-protocol security bug (Aviram et al., 2016). It is a serious threat that has the capability to affect HTTPS and several other services that depend on TLS and SSL, two significant cryptographic protocols for maintaining the security of internet. DROWN breaks the encryption and read as well as  steal the sensitive information, communication, credit card numbers, passwords, trade secrets and financial data. As per the research, around 33% of all the HTTPS servers are able to be attacked by the bug (Tian et al., 2014).

 

Figure 1.: Working of DROWN

(Source: Chowdhury, Karmakar & Kamruzzaman, 2017)

It can affect all types of servers offering services encrypted with TLS but supporting the SSLv2. DROWN helps in exploitation of risks for a combination of protocols that are used as well as configuration of servers (Bozic et al., 2017). This exploitation takes into account a chosen-ciphertext attack with the help of SSLv2 server as Bleichenbacher oracle.

Conclusion

The report has inferred various mitigation techniques of DROWN. Other techniques have been included like the network administrators have to ensure that apart from the application of the patches, the private keys are not reused on any types of Web servers, IMAP and POP servers, SMTP servers and any other unmanaged software that can provide support to the SSL or TLS. As per the analysis, this will help in establishing the connection of SSLv2. The IPS devices must be set in such a way that it can filter out SSLv2 traffic. The embedded devices should use different RSA private keys to keep the systems protected. The report gives an in-depth insight into how the effects of DROWN can be mitigated to keep the systems safe in home and offices.   

 

References

Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., ... & Käsper, E. (2016). DROWN: Breaking TLS Using SSLv2. In USENIX Security Symposium (pp. 689-706).

Bozic, J., Kleine, K., Simos, D. E., & Wotawa, F. (2017). Planning-Based Security Testing of the SSL/TLS Protocol. In Software Testing, Verification and Validation Workshops (ICSTW), 2017 IEEE International Conference on (pp. 347-355). IEEE.

Chowdhury, A., Karmakar, G., & Kamruzzaman, J. (2017). Survey of Recent Cyber Security Attacks on Robotic Systems and Their Mitigation Approaches. In Detecting and Mitigating Robotic Cyber Security Risks (pp. 284-299). IGI Global.

Tian, Y., Liu, Y. C., Bhosale, A., Huang, L. S., Tague, P., & Jackson, C. (2014). All your screens are belong to us: Attacks exploiting the HTML5 screen sharing API. In Security and Privacy (SP), 2014 IEEE Symposium on (pp. 34-48). IEEE.

OR

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2019). Different Types Of Threat In IT. Retrieved from https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it.

"Different Types Of Threat In IT." My Assignment Help, 2019, https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it.

My Assignment Help (2019) Different Types Of Threat In IT [Online]. Available from: https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it
[Accessed 18 January 2020].

My Assignment Help. 'Different Types Of Threat In IT' (My Assignment Help, 2019) <https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it> accessed 18 January 2020.

My Assignment Help. Different Types Of Threat In IT [Internet]. My Assignment Help. 2019 [cited 18 January 2020]. Available from: https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it.


For years, MyAssignmenthelp.com has been operating as one of the cheap assignment help providers in the USA. We are one of the best college paper writing services that keep service price minimal. We do not let the affordability of our service to hamper the standard of our work. We have separate teams of experts to provide report writing help . At MyAssigenmnthelp.com, we believe in earning credibility, so students can pay for assignments only after getting satisfied solutions. Tough assignments bother you? Trust us with your project. You will not regret paying us to write assignments for you.

Latest It Write Up Samples

CIS2005 Principles Of Information Security 3

Download : 0 | Pages : 11

Answers: 1: CIA of information security is commonly described as the triad of information security. Confidentiality, Integrity and Availability are denoted by the term CIA. It is a model of information security that helps in evaluating organisation’s information security. Confidentiality is defined as ensuring authorized person is accessing data. Unauthorised access should be blocked to ensure information security. Disclosure of importa...

Read More arrow

MN502-Impact Of Ransom Eare In The Society

Download : 0 | Pages : 8

Answer: Introduction Ransom ware is a subset of the malicious software also known as malware invented from the cryptovirology which is designed to threaten the general public on account of stealing of data saved on either, computer or tablets. This software blocks the data of the person and the same is handed over to the person back once the money is received in the form of ransom [1]. The consequences of not giving the ransom can be so bad t...

Read More arrow

BLDG2015 Building Information Management

Download : 0 | Pages : 3

Answer: The Quality Assurance (QA) process would primarily consist of four kinds of distinct stages. These stages are mainly responsible for the controlling of errors and information redundancy within the Business Information Modelling (BIM) Process. Scope Verification Meeting– After the assigning of the project, the Project Manager should request the scope of the project and a particular copy of the scoped documents. These documents ...

Read More arrow

HI5019-Strategic Analysis Of WesFarmers Limited

Download : 0 | Pages : 13

Answer: Introduction This report aims to provide a detailed strategic analysis of the company, WesFarmers Limited. The essential analysis is completed with the help of PESTLE analysis, Porter’s Five Forces analysis and the threats and opportunities of the company is discussed.  A detailed report of a discussion about the resources of the firm is discussed. The capabilities of the organisation is discussed and the capabilities are e...

Read More arrow

MN504-Bitcoin And Ethereum Security And Privacy

Download : 0 | Pages : 8

Answer: Introduction: The Blockchain technology is a new emerging technology in the field of security solutions. The blockchain technology is based on the cryptography securities [1]. The blockchain technology was announced for supporting the crypto-currency for the security related issues but now the blockchain technology used by many sectors including some business sector also. This type of blockchain is named as private blockchain. Other t...

Read More arrow
Next
watch

Save Time & improve Grades

Just share your requirements and get customized solutions on time.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,180,194

Orders

4.9/5

Overall Rating

5,056

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

184 Order Completed

96% Response Time

Arapera Billing

Masters in Management, MMgt

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

416 Order Completed

95% Response Time

Tyler Moore

MBA in Accounting

Washington, United States

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 4/5

248 Order Completed

100% Response Time

Lloyd Bernabe

MSc in Accounting

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

134 Order Completed

95% Response Time

Thomas Nelson

MS in Information Systems Technology with Specialization in Database Administration

New Jersey, United States

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

Amazing work done, work was very detailed. I got an A in that class. I highly recommend myassignmenthelp.com for such projects Thank you

flag

User Id: 343085 - 18 Jan 2020

Australia

student rating student rating student rating student rating student rating

Question answered exactly to the standard it needed to be. Everything written in the assessment is what was expected. Can not wait to receive marks back

flag

User Id: 343147 - 18 Jan 2020

Australia

student rating student rating student rating student rating student rating

Thank you for putting together this project. I helped me to understand more in detail how elders would find healing.

flag

User Id: 309497 - 17 Jan 2020

Australia

student rating student rating student rating student rating student rating

Answers were provided last minute. I could not able to transfer the answers. But good work though from expert.

flag

User Id: 246827 - 17 Jan 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?