Vulnerabilities of Remote Working
Outline a security architecture for the distributed environment shown below, where users wish to access enterprise services from various remote locations such as home, airport and other branch offices.
Analyze the security threats that can arise in such an environment. State any assumptions that you are making.
Using distributed environment such as cloud computing is not an assurance that denial of service attacks cannot occur. When you work from a different location apart from the office, there are other external factors that ca lead to denial of service, they include pets, children who can destroy, hide or interfere with your work station at home. There doesn’t exist a solution to this type of DOS unless if the organization issues devices like iPhone that supports feature such as “find my iPhone”. (Stewart, Chapple & Gibson, 2012).
Cloud computing cannot totally prevent critical information from being transferred to devices that are not appropriately secured. To stop this, some extra controls need to be put in place.
Use of emails by employees working remotely has enhanced loss of critical and confidential data over time. In this particular generation, nobody really wants to utilize the secured browser because of its unfriendly interface. Sometimes the system admin forgets that employees working offline still have access to the data in their inboxes even after data center lock down in case of an attack.
Sometimes the devices that the employees are using when working offline have the capability to be wiped remotely. When this happens some of the crucial personal data that the employee had stored there will be deleted permanently. (Wang, 2010).
Specify the types of security services that would be needed to counteract this security threats and what type of security mechanisms could support these services.
Security of the devices the remote employee is using is very critical. These devices are very vulnerable as they can easily get lost or stolen and sensitive data could land in to the wrong person if not well handled. (Zia, Zomaya, Varadharajan & Mao, 2013).
The following are some of the ways to enable employees to work securely remotely.
It is important to always use enhanced security software in the end devices used by the remote employees as malicious software that steals data always get in to the devices via emails and when browsing.
It is recommended to use applications and interfaces provided by the cloud vendor. This ensure that security of data is of high level since the vendor has implemented features to encrypt data while being transmitted from the remote servers to the organization’s intranet. (Morana & UcedaVelez, 2011).
Solutions for Secure Remote Access
Implementing virtual private network can help keep the connections and internet secured. VPN provided by a third party vendor would have implemented all the security patches that are require to continuously check the network for any malicious activity.
The company should always make sure that strict procedures on data access, usability and modification have been clearly stated to the employees opting to work remotely. The organization should clearly outline who have access to the data center and clearly defines the protocols to be used during this access. (Shostack, 2014).
Detection of packet sniffers to identify if hackers have had root access to the computer system. Packet sniffers are normally used by hackers to gather information transmitted by an organization through the internet.
It is important to train employees on the characteristics of a denial of service attacks. If this is not done, hackers are very cunning and can trick these employees into revealing their login credentials.
If an employee account gets compromised it is important to immediately block that account from further access, that is, suspend the account until further notice. This will stop data loss or modification. (In Chang, In Ramachandran, In Walters & In Wills, 2017).
Identify the types of security components that can be used to provide this security services and mechanisms and where they would be placed.
Firewall server and a router are the key security components. A firewall enhances the security of the network while the router is used to forward traffic to another network segment. A remote access server may integrate pool manager of modems so as to allow several remote users to access the server. (In Druml, 2017).
Virtual private network provides an illusion that one is actually using the local private network and thus can be used to create connections that are secure. This gives a way of setting up devices to connect to remote servers as if they were actually on the local network. (Carter, 2016).
What is threat modelling and describe the steps involved in a threat modelling process?
Threat modeling is the process of enhancing the security of a network by determining the goals, weaknesses and identifying mitigation strategies to respond to impacts to the system. The following are some of the steps followed when modelling a threat.
Determine Security Assets and Goals.
Security goals plays a very important role in ensuring that system security principles such as integrity, availability, confidentiality, authorization, accountability and authentication are met. These goals aid engineers to concentrate on every objective and assess the entry locations security tolerance against threats. (Martin, 2017).
Threat Modeling
Define Trust Boundaries and Attack Surface.
An attack surface is that point that an intruder can use to attack the system while trust boundaries are the points at which trust changes. Declaration of trust boundaries and attack surfaces should be done in order to enhance model objectives and scope. In this stage the analyst seeks to determine the threats that might affect the security goals. This procedure entails asset analysis and their threats, evaluation of entry and exit points, application layer and associated communication media. (In Roychoudhury & In Liu, 2017).
Threats should be defined and prioritized depending on the system impact. Prioritizing a threat is usually based on damage cost. Both indirect and direct risks are considered in this situation. after the threats have been prioritized, the next step is to implement appropriate controls to mitigate them. Re-validation of controls should be made were appropriate.
After all the process have been executed and agreed upon, a threat model report is developed. This report will be used by analyst as a reference in the later stages. (Chen, Yung & Zhu, 2012).
UDP outputs clearly outlined information concerning the UD endpoints which include remote and local ports and addresses, connection state, calling process and the number of packets received and sent. If such information is not included, then it would be difficult to identify the intention of the attack and the likely impact it would have on the system. (Bernstein & Lange, 2010).
Consider the following simple string based substitution cipher. It takes a plaintext letter as input from the English alphabet and produces a cipher text output by combining it with a key string security. The encoding rule used is a=0, b=1, …., z=25 etc. The numerical representation of this key string is (18, 4, 2, 20, 17, 8, 19, 24). The operation is a character-wise addition modulo 26, i.e., (x + y) mod 26. Find the cipher text corresponding to the following plaintext. (Treat both uppercase and lowercase characters to be the same)
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z |
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
SecurityIsPeaceOfMind
Security - S=18, E=4, C=2, U=20, R=17, I=8, T=19, Y=24 the corresponding cipher equals (18,4,2,20,17,8.19,24)
Is - I=8, s=18 the corresponding cipher equals (8,18)
Peace - P=15, e=4, a=0, c=2, e=4 the corresponding cipher equals (15,4,0,2,4)
Of - O=14, f=5 the corresponding cipher equals (14,5)
Mind - M=12, i=8, n=13, d=3 the corresponding cipher equals (12,8,13,3)
SecurityIsPeaceOfMind - the corresponding cipher equals (18,4,2,20,17,8.19,24, 8,18, 15,4,0,2,4,14,5, 12,8,13,3)
Dictionary Attack on a Block Cipher
Assume the above cipher text is transferred over a network to a receiver. If an error occurs during the transmission of this cipher text affecting one letter, how much of the decrypted plaintext will be in error.
64/21=3 plus itself therefore resulting to 4
What is a dictionary attack on a block cipher, and how can we ensure that such an attack is infeasible?
Dictionary attacks makes use the ineffective traits of users who uses simple patterns and characters when choosing their passwords. All the words in the dictionary are encrypted by the dictionary attack and compares it with the encrypted password in the password or SAM file. (Koc?, 2009).
In order to protect yourself from such attacks; enhance your password needs by increasing complexity and using special characters such as underscore, asterisk, numbers, caps and mall letters in one password for example, ‘p@$sw0&rd_l0<ked’. The password should be uncommon and hard to guess. (In Askoxylakis, In Ioannidis, In Katsikas & In Meadows, 2016).
It is recommended to set up password expiration for users. This will require them to update their password after some specific period of time. It is very important to ensure that this feature is in balance with the level of security of the system.
Also it is important to ensure that remote connection root login is disabled. Due to its commonness it is prone to brute force attack.
Disable password authentication and use SSH keys to access remote server. It is a very secure means of login into the remote server as compared to use of passwords.
The simplest way to identify and prevent dictionary attacks is to set a limited number of login attempts. This is a tool that is used to temporarily suspend an account. This will help discourage attackers from further trying to access the system. Also adding some wait time in between login attempts is also a good strategy to prevent automated tools that can make thousands of guesses automatically. (Tang, Muller & Sharif, 2010)
It is also good to allow only SSH connections for specific IP addresses or hosts. This makes sure that devices connecting to the server are known and are validated to access the resources.
Consider a general n-bit substitution block cipher. What is the size of the key (number of bits in the key) required for such a general block cipher? Explain how you arrive at the answer. Size of the key is 64
Protecting Against Dictionary Attacks
It enters a 64-bit plaintext P and a 56-bit key K
The key-schedule KS resulted from the 56-bit key K a series of 16 sub-keys, one for every round that follows. Every sub-key has a length of 48-bits. function DESK(P) // |K| = 56 and |P| = 64 (K1, . . . ,K16) ← KS(K) // |Ki| = 48 for 1 ≤ i ≤ 16 P ← IP(P)
Parse P as L0 k R0 // |L0| = |R0| = 32
for r = 1 to 16 do
Lr ← Rr−1 ; Rr ← f(Kr,Rr−1) ⊕ Lr−1
C ← IP−1(L16 k R16)
return C (Rhee, 2013).
Consider triple encryption by using E-D-E with CBC on the inside. If a single bit “x” of the cipher text block, say ”c2” is modified, then how does it affect the decrypted plaintext? Modification of cipher text block, therefore, upon decryption the resulting plain text block will be affected.
Let us consider the following stream cipher, where ‘⊕’ refers to Boolean XOR operation
R1 = Enc[K] ⊕ IV C1 = P1 ⊕ R1
R2 = Enc[K] ⊕ C1 C2 = P2 ⊕ R2
Ri = Enc[K] ⊕ Ci-1 Ci = Pi ⊕ Ri
- Show how the decryption works?
- If we use, Ri = Enc [K] ⊕ Pi-1 for encryption instead of Ri = Enc[K] ⊕ Ci-1
- then how would decryption work?
Plain text are converted to cipher texts by stream ciphers one bit at a time. XOR is an example of implementation of stream cipher. In the implementation below, the generator keystream displays a stream of bits k1, k2, k3……ki. This keystream is then XORed with plain text stream bits p1 ,p2, p3…..pi to output cipher text stream bits. The formula ci=pi XOR ki describes this operation. The cipher texts are XORed to recover the plaintext bits using identical keystreams. The formula pi=ci XOR ki describes this operation. (Schneier, 2008).
encryption |
decryption |
IV |
Security |
Ci = EK(Pi ⊕ Ci-1) |
Pi = DK(Ci) ⊕ Ci-1 |
unique |
+ (+) |
The limitation of this scheme is that an attacker can easily identify the cipher-text and plaintext for a group of messages. He or she can easily combine and match message blocks. This is because block n belonging to plaintext ⊕’d with cipher-text block n+1 is D belonging to block n+1 of plaintext. Once has identified D of the target block he or she can ⊕ with previous block of the plaintext to display cipher-text correctly. (Anderson, 2008).
A system is designed to use the RSA public key scheme, where m is the modulus, (e, m) is the public key and (d, p, q) is the corresponding private key. The system developer discovers that the private key (d, p, q) is compromised and hence modifies the system by generating a new public and private key exponent (e1, d1) for the same modulus. Discuss the security of the modified system.
DES Encryption
The security of the modified system can cause re-issuance of tokens of secure ID hardware to many of the organization customers. It can also lead to expenses undertaken by the clients when handling the re-issuance of tokens. In addition, the organization can lose their loyal customers to their rival suppliers. (Rogers, Preece & Sharp, 2015).
Consider the situation where a four (4) digit PIN must be selected to verify that the user of an application knows the PIN and may be authorized to use the application. Also consider that knowledge of the PIN does not indicate that the user of the PIN in the authorized person; the authorized person may have disclosed the PIN to another person, intentionally or unintentionally.
If the PIN is selected at random by non-human means, it will have maximum entropy; if selected by a human, the entropy may be diminished because humans tend to select memorable patterns.
a) List and describe (in detail), the different types of memorable patterns that may be used by a human when selecting a four (4) digit PIN.
According to Jerraya & Wolf (2015), some of the memorable patterns used by people to choose a four-digit PIN include;
single digit used in several positions-this is where individuals use a PIN that has a digit that is unique in every position.
Ascending or descending pattern- this are patterns where the four-digit PIN can be gotten from following an ascending order of digits or a descending order of digits.purely random- this is where an individual picks digit at random without using any criteria
For each memorable pattern, quantify (using the correct notation), the reduction of key space and entropy.
Single digit used in every position-some of the code numbers that can be used are ,7,10,8 and 9 which can be multiplied to give a four-digit PIN, that is, 7*10*8*9= 5040.in this case it will have dealt with halve of the key space and remove several lower-entropy codes.
Ascending or descending pattern—digits can be picked from ascending order, that is 0,1,2,3…or 5,6,7,8 or descending order, i.e., 4,3,2,1 or 8,7,6,5. In such a case the attacker can hardly guess where the ascending or descending order begins and thus reducing the key space and the entropy.
purely random- this method is easy and a machine can hardly identify digits like 2485. It is hard for an attacker to guess such digits because there are no criteria used to pick them. As such the key space and entropy is minimized.
Once you have listed and described all memorable patterns, quantify (using the correct notation), the overall reduction of key space and entropy.
This three patterns, that is ascending and descending pattern, single digit used in every position and purely random digits minimizes the key space and the entropy. An attacker can only try the PIN thrice and further attempts can lead to card blockage. As such using these patterns can hardly cause security breach.
Describe the differences in protection capabilities between operating systems that use the two processor-state model and those that use the four processor-state model.
A two processor-state model is more is stronger than a four processor-state model. This is because a two state executes one instruction at a go hence it is easier to identify which instruction has been compromised. For the four state as much as it is faster in terms of performance, its capability to execute several processes at the same time makes it vulnerable to attacks. Two state processor model is more of machine interaction than human interaction. For two state instruction and execution commands cannot be altered by the user as compared to four state processor model. Therefore, in terms of protection capabilities a two state processor model is a good choice. However, in terms of performance a four state processor model is a good choice. (In Druml, 2017).
Describe the benefits and drawbacks of the following platform management architectures:
Native operating system- some of the advantages of this systems include; they perform best on environment which they have been built in and can be controlled to give results needed. However, when this system is used to perform across multiple environments and machines different programs needs to be coded and managed for different operating system. Maintaining these applications is time consuming, increased cost and more efforts is required. (Martin, 2017).
Advantage of adding extra mode to a processor state model complimented by a kernel of dedicated platform management include; require less resources, it is less complex to set up and maintain, and requires low cost. However, when a failure of shared kernel occurs, it affects the instances of a VPS that execute on the same server. Its other disadvantage is that it only executes on Linux, and doesn’t support BSD OS and windows and the utilization of custom kernels.
By adding a separate management processor to a platform.
Advantages of supplementing a unique management processor to an environment include; increased productivity, it makes sharing of information between systems easy, it performs well with laptops and permits flexibility. (Koc?, 2009).
References
Anderson, R. (2008). Security engineering: A guide to building dependable distributed systems. Indianapolis, IN: Wiley Pub.
Bernstein, D. J., & Lange, T. (2010). Progress in cryptology - Africacrypt 2010: Third international conference on cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010. proceedings. Berlin: Springer.
Carter, P. A. (2016). Securing SQL server: DBAs defending the database. Berkeley, CA : Apress
Chen, L., Yung, M., & Zhu, L. (2012). Trusted systems: Third International Conference, INTRUST 2011, Beijing, China, November 27-29, 2011, Revised selected papers. Berlin: Springer.
In Askoxylakis, I., In Ioannidis, S., In Katsikas, S. K., & In Meadows, C. (2016). Computer security -- ESORICS 2016: 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, proceedings. Switzerland : Springer
In Chang, V., In Ramachandran, M., In Walters, R. J., & In Wills, G. (2017). Enterprise security: Second International Workshop, ES 2015, Vancouver, BC, Canada, November 30-December 3, 2015, Revised selected papers.
In Druml, N. (2017). Solutions for cyber-physical systems ubiquity. Hershey, PA : Information Science Reference
In Roychoudhury, A., In Liu, Y., & IOS Press. (2017). A systems approach to cyber security: Proceedings of the 2nd Singapore Cyber-Security R&D Conference (SG-CRC 2017).
Jerraya, A. A., & Wolf, W. (2015). Multiprocessor systems-on-chips. Amsterdam : Elsevier Morgan Kaufmann.
Koc?, C. K. (2009). Cryptographic engineering. New York, NY, USA: Springer.
Martin, K. M. (2017). Everyday Cryptography: Fundamental Principles and Applications. Oxford University Press
Morana, M., & UcedaVelez, T. (2011). Application threat modeling. Oxford: Wiley-Blackwell.
Rhee, M. Y. (2013). Wireless mobile internet security. Hoboken : John Wiley & Sons Inc
Rogers, Y., Preece, J., & Sharp, H. (2015). Interaction design: Beyond human-computer interaction. Chichester: Wiley.
Schneier, B. (2008). Schneier on security. Indianapolis, IN: Wiley Pub.
Shostack, A. (2014). Threat modeling: Designing for security. Indianapolis, IN : Wiley
Stewart, J. M., Chapple, M., & Gibson, D. (2012). CISSP. Hoboken: John Wiley & Sons.
Tang, S.-Y., Muller, P., & Sharif, H. (2010). WiMAX Security and Quality of Service: An End-to-End Perspective. New York, NY: John Wiley & Sons.
Wang, F. L. (2010). Web information systems and mining: International conference, WISM 2010, Sanya, China, October 23-24, 2010 : proceedings. Berlin: Springer.
Zia, T., Zomaya, A. Y., Varadharajan, V., & Mao, M. (2013). Security and Privacy in Communication Networks [recurso electrónico]: 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2022). Essay: Security Architecture For Distributed Environment." (70 Characters). Retrieved from https://myassignmenthelp.com/free-samples/itec852-advanced-system-and-network-security/the-securing-multiple-devices-file-A9B6B0.html.
"Essay: Security Architecture For Distributed Environment." (70 Characters)." My Assignment Help, 2022, https://myassignmenthelp.com/free-samples/itec852-advanced-system-and-network-security/the-securing-multiple-devices-file-A9B6B0.html.
My Assignment Help (2022) Essay: Security Architecture For Distributed Environment." (70 Characters) [Online]. Available from: https://myassignmenthelp.com/free-samples/itec852-advanced-system-and-network-security/the-securing-multiple-devices-file-A9B6B0.html
[Accessed 14 November 2024].
My Assignment Help. 'Essay: Security Architecture For Distributed Environment." (70 Characters)' (My Assignment Help, 2022) <https://myassignmenthelp.com/free-samples/itec852-advanced-system-and-network-security/the-securing-multiple-devices-file-A9B6B0.html> accessed 14 November 2024.
My Assignment Help. Essay: Security Architecture For Distributed Environment." (70 Characters) [Internet]. My Assignment Help. 2022 [cited 14 November 2024]. Available from: https://myassignmenthelp.com/free-samples/itec852-advanced-system-and-network-security/the-securing-multiple-devices-file-A9B6B0.html.