Discuss about the Pros and Cons of Intrsuion Detection Systems.
The case study is a research report/study conducted by the European agency for Network and Information security commonly known as ENISA. This is an organization that provides networking and information system security expertise in European Union member states, private firms and it citizen at large. This report provides a thorough analysis of security threats related to Big Data. The study looks into various big data assets which include abstract assets, virtual assets (for example, data), physical assets human resources and money. These assets are related to information and communication technology. ENISA provides various threats to these big data assets which include; loss of information, eavesdropping, interception and hijacking, nefarious activity, legal-related threats and organization-related threats (Panchenko, 2016). The report also provides more detailed information on some of the threat agents that brings about various big data threats. These agents are; corporations, cyber criminals, cyber terrorists, online social workers, script kiddies, employees and nation states (Hesley, 2014). All these agents posts various security issues to existing information systems as explained in the case study. Finally, the report by ENISA gives some of the recommendations or best practices in which can be undertaken in order to minimize these security threats to information systems. Some of which are; Access control, cryptography, information system security measures design among others. This report is based on various sources which include; desk research, conference papers, articles, technical blogs and open source information related to big data (Claudio Agostino, 2016). The report highlights various security techniques that are related to these information infrastructures. ENISA’s Big Data security infrastructure diagram representing this can be shown below.
The diagram above represents relationship between various categories of Big Data Assets, security techniques used and different infrastructures through which security measures are implemented to the data contained in these infrastructures.
The following are some of the top threats that I would consider more significant and which has a greater impact when it comes to the security of Big Data assets and infrastructure (Zadelhoff, 2016).
According to this report, nefarious activities involve manipulation of existing information infrastructures by attackers using specific software or tools. These actions might lead to interference with the security of the Big Data infrastructures such as Storage models, software, hardware and computing models (Leech, 2016). Some of the security threats related to nefarious activities include; use of malicious code commonly known as virus to paralyze the operations of Big Data infrastructures. Identity theft which involve use of information system credentials by unauthorized persons, denial of information services, use of rogue certificates and audit tools misuse. The reason as to why nefarious threats are rated high is because in most cases where a malicious code is used, it always target large data sources especially in big company or government organizations (Henry, 2010). For instance, the use of wannacry virus that attack major organization information systems in 2017 (WOOLLASTON, 2017).
Eavesdropping, interception and hijacking
This is where attackers intercept information being transmitted via the information systems infrastructures such as network. The attackers tap on the transmission media by accessing the victim’s network and thereafter gaining unauthorized access to the data contained in the information system. This interferes with integrity and confidentiality aspect of the information contained in the information systems (Gill, 2015). This threat is one of the top since most it is done via the internet and once the attacker has established a connection with the victim’s system, a lot of damages can be caused; such as information theft, modification or even rendering services unavailable (Zetter, 2013).
This is information is lost by mistake and it fall into the hands of unintended people. This leakage of information would be as a result of unintended information sharing such as via emails, web applications or inadequate information on the information system in use (Darmian, 2015). This kind of information system threat can damage the victim largely. For instance, if the data contained in the information system belongs to patients in a hospital, then the information is leaked to the public by mistake, the victim in this case the patient will be so much damaged and traumatized as his/her medical information will no longer be confidential as it should be the case.
Big Data Security Threat Agents
These are people who conduct unauthorized activities using the internet or networking channels by targeting an information system. These criminals conduct these activities for their own personal gain. The motive of cyber criminals would be information theft or modification of information such as Point of sales, banking systems among others for the purpose of financial gains. The victims of cyber criminals can be local, national or international organizations such as banks, insurance companies, and many more (Mbele, 2014). According to a report be Peter, countries such as South Africa, China and Russia were highly affected by cybercrime between 2011 and 2013 (Mbele, 2014).
Cyber criminals can be controlled in various ways. One of the ways in Control of Access. This feature of security entails a way of authorization level classification process where each system user has his/her own access credentials to a defined part of the information system. This will prevent unauthorized users from accessing unauthorized information thus reducing cybercrime rate. Another mechanism is the use of anti-virus by organization handling big data. This will ensure that malicious software or codes used by cyber criminals do not penetrate into the information system. Another control of cybercrime is monitoring of the information system infrastructure and scanning all the information contained in the system. This will ensure that every unauthorized behavior is detected and taken care of before any damages are made (c, 2017).
ENISA report mentions cyber terrorist as one of the information system security threats. Cyber terrorist are those people who use internet to establish attacks by using viruses, malwares to computer networks belonging to various people or organizations. Some of the targets of these terrorist include; individuals, governments and organizations. This act of terrorism is always propagated by political or religious ideologies. The main aim of cyber terrorist is to cause damage and bring about destructions through the use of internet and information systems of their victims (Curran, 2016).
To mitigate cyber terrorism various security measures can be used. These security techniques include; Design of information system security mechanisms from the start. This is a preventive measure that will ensure that the information system is secure from any attacks. Consideration of this approach of integrating security measures into the information system during design will enhance security by ensuring that intended attacks are prevented and therefore damages intended by cyber terrorist are avoided. Another security measure is physical isolation of the information systems. This will ensure that physical attacks such as theft of information system assets or devices are prevented. This approach also will reduce electromagnetic pulses attack that could be done by the terrorist on the electronic devices of the information system. Another way of preventing cyber terrorism is the use of cryptography security mechanism (Goodman, 2008). This is where the information system infrastructure such as the computer network and the data contained in the information system are encrypted. When these assets are encrypted it will be difficult for the cyber terrorists to penetrate through the information systems and launch their attacks.
Online social hackers
According to the ENISA report, these are attackers who are influenced by political and social issues. These types of attackers uses existing computer systems to address their issues or cause harm to others using social sites such as websites, institutions such as military, corporations or intelligence agents (Claudio Agostino, 2016). This form of hacking is aimed at manipulating information which in turn influences the social perspective or behavior of the victim. Online social hackers always get access to their victim’s information without the victim’s consent. This is achieved by the attacker impersonating his/her victim after acquiring the victims credentials either directly or indirectly. Once the attacker has been able to gain access to his/ her victim’s information, he uses the victim’s weakness to influence the social perspective or image of the victim. For instance in the case where an attacker accesses a victim credentials for a social site such as Facebook, the attacker might choose to post images or posts that might affect the social behavior of the legit Facebook owner. The attackers mainly use tools related to their targets hence bypassing privacy of their targets. The attackers uses various sources to access the social sites such as; loggers and social sites accounts among others. Also they use high tech techniques to penetrate the social platform of their target organizations.
In order to mitigate such attacks, measures such as use of strong credentials to prevent hackers from accessing unauthorized information should be put into considerations. Such credentials should be hard to guess even through brute force attempts. Also the information shared or transmitted over an information system should be encrypted in such a way that it would be difficult for the attacker to manipulate it. Also access control mechanisms should be considered. This will ensure that attackers do not get access of the information they are not meant to see. This will reduce most of the social attacks that might be propagated via the information systems.
Looking at the data provided on the involvement of threats agents in facilitating different security threats explained in the ENISA report, it is evident that all the highlighted threats can be caused by any of the threats agents which include; Corporations, cyber criminals, cyber terrorists, script kiddies, online social hackers, employees and nation states. This shows that there are no specific threats that are associated by specific agents of threat. Any agent can give rise to any threat and therefore the information systems should be protected against all security threats agents in order to make it more safe and secure from attacks.
Improvement of ETL process
Due to large amount of information in whole ETL process, an improvement of its performance is necessary in order to make the whole process smooth. Thus, the process could be improved by considering the followings:
- Use of rows which are only changed: this will reduce the large amount of data extracted in this process and in turn the processing speed of the ETL processes will be improved. The rows should be extracted by having tables containing information from previous ETL run date.
- Batching: This will be used to improve the performance of the whole process by either extracting the various rows by separating them logically or by recurring used data already extracted. This will ensure that data is being extracted at different intervals thus making the process more efficient. This would also in reduce the amount of data used for each implementation of ETL load. Thus diminishing the amount of load on the system network and various conflicts of resources at the main database.
- Implementation of SQL Server Destination: This will improve the performance of the ETL process since in the case where information is to pushed to a local server, the SQL server destination will reduce the process limitations. This will also provide the enable and disable options during the process of loading data thus reducing problems affecting the performance of ETL.
ENISA satisfaction on it Current state of IT security
As per this research, it is right to say that ENISA should be satisfied with its current state of IT security since they have identified information security threats and group them into categories and then provide mechanism on how to mitigate the identified threats. ENISA security measures help in both reducing the number of effects associated with these threats and also provide ways of securing the information through various infrastructures without interferences. Also the fact that the ETL process has improved the extractions of rows inserted or changed, this has led to improvement of ETL operations and functions at large. ENISA has also solved some of the threats contained in the embedded systems and other hardware devices by taking them out. Also all threats that could bring about information leakages or unauthorized access have been controlled by use of control access and use of safe and secure credentials.
From the analysis carried out on the ENISA report, it is evident that intrusion detection systems, firewalls and loophole scanners have a greater impact on the protection of information systems. Benefits which are brought about by the use of these mechanisms are discussed below respectively.
Intrusion detection systems
IDS are those tools that are integrated into the information systems and acts like an alarm to any potential threats towards the information system. They are mainly on the network and are aimed at monitoring network traffic (Lake, 2017). These tools have sensors which detect any outside attack into the system. These systems help in creating threat awareness of someone or anything trying to activate nefarious activities such as identity theft, use of malicious code or even denial of service as seen in the ENISA report. Therefore, with IDS in place any intrusion will be automatically detected and if attended quickly no harm will befall the information system.
The use of firewalls which is a system that is placed on the network or internet help in protecting various agents of threats as seen in the ENISA that aim at directing an attack into the information system or Big Data systems (Lacher, 2017). Some of the benefits of firewalls include; preventing unauthorized access to the system thus safe guarding the systems from external attack. Every activity within the information system network is filtered in the firewalls and if any activity is found to be from unauthorized persons then it is blocked. This prevents the information system from various attacks such as eavesdropping, interception and hijacking. It also prevents any nefarious activities such as use of malicious code to attack the system.
These are tools that are used to assess any loopholes in the information system which consist of networks, software computers and operating systems. These tools are good in detecting any security threat at an early stage and also help in preventing such threat from attacking the systems (HKSAR, 2008). The tools also can be able to detect unauthorized or rogue systems that act as a threat or might lead to security threat to information system. With these tools it is easy to conduct a thorough inspection and monitoring of all devices or infrastructures of information system as explained in the ENISA report. Therefore, the use of these tools will improve the security of the information system since solutions to the loop holes found are easily implemented thus making the system more resistant to external attacks.
It is therefore concluded that ENISA report for security standard has given the support to the information systems, networking and cyber security improvement. This support could impact the operations and functionalities of an IT organization. This report provides various strategies that are useful for mitigating insider security threats as well some of the top information system security threats from the ENISA report for analyzing the various impacts on the strategies and operational security. Also a number of detailed information on various Agents of threats which include online social hacking threats that affect organizational functions (Falkner, 2015).
Five steps to mitigate the risks of increasing cyber attacks in healthcare. MetricStream.
Claudio Agostino, F. Z. (2016). Big Data Threat Landscape and Good Practise Guide. ENISA. EU: European Union Agency for Network and Information Security.
Curran, P. (2016). Cyber Terrorism - "How real is the threat?". check marrx.
Darmian. (2015). Towards Big Data Leakage Analysis. Proceedings of the privacy and security of Big Data workshop, 2-3.
Falkner, J. H. (2015). "Identification of IT Security and legal requirements regarding Cloud services". Research.
Gill, T. (2015). 2016’s top information security threats. IT disaster recovery, cloud computing and information security news, 1-5.
Goodman, S. (2008). Cyberterrorism and Security Measures. NAP.
Henry, V. (2010). Top 10 Security Threats Every IT Pro Should Know. IT-opts, 2-4.
Hesley, R. E. (2014). Identifying Information Security Threats. Previous Screen, 10-13.
HKSAR, G. o. (2008). An Overview of Vulnerability Scanners. Government of the HKSAR.
Lacher, S. (2017). What are advantages and disadvantages of firewalls. Leaf Group Ltd.
Lake, J. (2017). The pros and cons of intrsuion detection systems. Komand Komunity.
Leech, S. (2016). Cloud Security Threats - Abuse and nefarious use of cloud services. Grounded in cloud, 1-2.
Mbele, P. (2014). Cyber-crime Treat and Mitigation. Johannesburg: iAfrikan.
Panchenko, A. (2016). Nine Main Challenges in Big Data Security. Europe: Data Center Knowledge.
WOOLLASTON, V. (2017). WannaCry ransomware: what is it and how to protect yourself. Ransomware, 1-2.
Zadelhoff, M. v. (2016). The Biggest Cybersecurity Threats Are Inside Your Company. SECURITY & PRIVACY, 1-5.
Zetter, K. (2013). SOMEONE'S BEEN SIPHONING DATA THROUGH A HUGE SECURITY HOLE IN THE INTERNET. 1-8.