country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

Question:

Identify a recently announced security vulnerability and write a profile of the threat. The profile should contain the name of the threat, the systems it attacks, how it performs its attack, mitigation strategies and concluding reflection.
 
 

Answer:

Introduction

Information security is a major concern for most of the organizations today. This helps in protecting the integrity, confidentiality and the availability of data of computer system from the malicious systems. Information security is all about dealing with risk management. Some effective cryptographic tools are able to maintain the security of the different systems and mitigate the issues. The organizations take various precautionary measures in keeping their data secured and safe from the attackers. Still, there are chances that the machines will be attacked by bugs and malicious devices. The report takes into consideration the effects of the bug, DROWN and the mitigating options.

Different types of threats

There are various types of vulnerabilities that have come up in the recent years. Some of them have been mentioned in the table below.

Year

Name

Vulnerability

Mitigation

2016

DROWN

Sites supporting SSLv2 and EXPORT cipher suites

Disabling SSLv2 and/or updating OpenSSL.

2015

Logjam

Servers that use Duffie-hellman key exchange are very much vulnerable to having the sessions downgraded to extremely week 512-bit k

Mitigation can be done by disabling the DHE_EXPORT ciphers and clients must upgrade their browsers.

2015

FREAK

Clients are forced to downgrade from strong RSA to export RSA since both the browser and the server are vulnerable.

Mitigation is possible by disabling the export ciphers in the configuration of servers. Patching of the OpenSSL is also an option of mitigation.

2015

Bar Mitzvah Attack

Exploits the encryption of RC4.

The mitigation option is the disability of RC4.

2014

POODLE

The server has the chance to fall back to SSLv3.

Disability of the SSLv3 and the implementation of TLS_FALLBACK_SCSV.

DROWN

One of the most recent attack is the DROWN attack which is a cross-protocol security bug (Aviram et al., 2016). It is a serious threat that has the capability to affect HTTPS and several other services that depend on TLS and SSL, two significant cryptographic protocols for maintaining the security of internet. DROWN breaks the encryption and read as well as  steal the sensitive information, communication, credit card numbers, passwords, trade secrets and financial data. As per the research, around 33% of all the HTTPS servers are able to be attacked by the bug (Tian et al., 2014).

 

Figure 1.: Working of DROWN

(Source: Chowdhury, Karmakar & Kamruzzaman, 2017)

It can affect all types of servers offering services encrypted with TLS but supporting the SSLv2. DROWN helps in exploitation of risks for a combination of protocols that are used as well as configuration of servers (Bozic et al., 2017). This exploitation takes into account a chosen-ciphertext attack with the help of SSLv2 server as Bleichenbacher oracle.

Conclusion

The report has inferred various mitigation techniques of DROWN. Other techniques have been included like the network administrators have to ensure that apart from the application of the patches, the private keys are not reused on any types of Web servers, IMAP and POP servers, SMTP servers and any other unmanaged software that can provide support to the SSL or TLS. As per the analysis, this will help in establishing the connection of SSLv2. The IPS devices must be set in such a way that it can filter out SSLv2 traffic. The embedded devices should use different RSA private keys to keep the systems protected. The report gives an in-depth insight into how the effects of DROWN can be mitigated to keep the systems safe in home and offices.   

 

References

Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., ... & Käsper, E. (2016). DROWN: Breaking TLS Using SSLv2. In USENIX Security Symposium (pp. 689-706).

Bozic, J., Kleine, K., Simos, D. E., & Wotawa, F. (2017). Planning-Based Security Testing of the SSL/TLS Protocol. In Software Testing, Verification and Validation Workshops (ICSTW), 2017 IEEE International Conference on (pp. 347-355). IEEE.

Chowdhury, A., Karmakar, G., & Kamruzzaman, J. (2017). Survey of Recent Cyber Security Attacks on Robotic Systems and Their Mitigation Approaches. In Detecting and Mitigating Robotic Cyber Security Risks (pp. 284-299). IGI Global.

Tian, Y., Liu, Y. C., Bhosale, A., Huang, L. S., Tague, P., & Jackson, C. (2014). All your screens are belong to us: Attacks exploiting the HTML5 screen sharing API. In Security and Privacy (SP), 2014 IEEE Symposium on (pp. 34-48). IEEE.

OR

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2019). Different Types Of Threat In IT. Retrieved from https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it.

"Different Types Of Threat In IT." My Assignment Help, 2019, https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it.

My Assignment Help (2019) Different Types Of Threat In IT [Online]. Available from: https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it
[Accessed 28 May 2020].

My Assignment Help. 'Different Types Of Threat In IT' (My Assignment Help, 2019) <https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it> accessed 28 May 2020.

My Assignment Help. Different Types Of Threat In IT [Internet]. My Assignment Help. 2019 [cited 28 May 2020]. Available from: https://myassignmenthelp.com/free-samples/different-types-of-threat-in-it.


For years, MyAssignmenthelp.com has been operating as one of the cheap assignment help providers in the USA. We are one of the best college paper writing services that keep service price minimal. We do not let the affordability of our service to hamper the standard of our work. We have separate teams of experts to provide report writing help . At MyAssigenmnthelp.com, we believe in earning credibility, so students can pay for assignments only after getting satisfied solutions. Tough assignments bother you? Trust us with your project. You will not regret paying us to write assignments for you.

Latest It Write Up Samples

IN3033 Digital Forensics

Download : 0 | Pages : 15
  • Course Code: IN3033
  • University: University Of London
  • Country: United Kingdom

Answer: 1: Incidents and incident response measures Digital Forensics is a branch of computer security and recovery services that deal with the recovering and investigating data in digital devices. This generally occurs when security issues have arisen in an organization or with an individual with the mishandling of intricate or confidential data (Edwards et al. 2017). When a compromise of security, any illegal action or an unauthorized inter...

Read More arrow

COIS13013 Business Intelligence 2

Download : 0 | Pages : 7

Answer: Part A: Visual DSS 1: NPV Model Process Code: *Columns *Years 2018,2021 *Rows Initial investment(0) = 1750000.00 '.2 Initial Market (0)= 420000 Market Growth = 0.15'.2 Market Share = 0.10'.2 Expected market = Initial Market;Expected market(-1)*1.15 Sales Volume = Expected Market*Market Share Estimated selling price = 55.00 '.2 Cost of production = 25.00 '.2 Total Revenue = Sales Volume*Estimated selling Price '.2 Cost...

Read More arrow

CO4512 Information Security Management

Download : 0 | Pages : 12
  • Course Code: CO4512
  • University: University Of Central Lancashire
  • Country: United Kingdom

Answer: Introduction There are different ISO standards that are used as a baseline for the security of the information in an organization. The ISO standards is used for avoiding breaches in the network, reassuring the customers, gaining an edge and access new market opportunities. It is internationally recognized and applied for management of the safety practices and used as a systematic approach for increasing reliability and enforcement of th...

Read More arrow

COIS13013 Business Intelligence

Download : 0 | Pages : 10

Answer: Part A The company, which has been chosen in this case, is “Cloud-Pty Limited”. It is actually a cloud-based software development company that is based in Brisbane, Australia. The organisation is deciding to start newer and better responsive cloud-based software applications in the required market. Not very long ago, the dynamic and competitive advantage has formulated some very wrong decisions of investment. At present the ...

Read More arrow

ITECH1001 Communications And Technology

Download : 0 | Pages : 5
  • Course Code: ITECH1001
  • University: Federation University
  • Country: Australia

Answer: [1] Journal Title of article:  A Forecast of the Adoption of Wearable Technology Author: Page, Tom URL (if available): http://irep.ntu.ac.uk/id/eprint/32219/1/9768_Page.pdf  Date accessed:  18 Apr, 2018 Journal Title: International Journal of Technology Diffusion  Year of publication:  2015 Page Numbers: 12-29 Volume no: 6 Issue no: 2 Summary of article This article describes about the en...

Read More arrow
Next
watch

Save Time & improve Grade

Just share Requriment and get customize Solution.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,321,585

Orders

4.9/5

Overall Rating

5,075

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

2109 Order Completed

99% Response Time

Emma Zhong

Ph.D in Project Management with Specialization in Project Communications Management

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

1692 Order Completed

98% Response Time

Alfred Dodd

PhD in Computer and Information Science with specialization in Database

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

234 Order Completed

100% Response Time

Samantha Ji

PhD in Chemistry with Specialization in Organic

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

752 Order Completed

100% Response Time

Hugh Cleave

Masters in Human Resource Management (MMgt, HRM)

Wellington, New Zealand

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

i am really disapointed and i don't know how you guys became no. 1 but please guys if you eargarly want to help doing assignment then you guys have to chose the better experts. if you go through my order assignment and give 5 mins to read then you wi...

flag

User Id: 434718 - 28 May 2020

Australia

student rating student rating student rating student rating student rating

ALMOST EVERY TIME THE WORK IS BETTER N BEST, AND THE SERVICE IS REALLY GOOD N WORK IS ALWAYS DONE BEFORE TIME

flag

User Id: 419181 - 28 May 2020

Australia

student rating student rating student rating student rating student rating

Very happy with the work performed. Web development assignment well constructed. I recommend the website. You won\'t retreat it.

flag

User Id: 278516 - 28 May 2020

Australia

student rating student rating student rating student rating student rating

Excellent WORK, very informative, right to the point and comprehensive. really the assignment made by expert

flag

User Id: 377058 - 28 May 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?