country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

SIT735: Network Communications Security System

tag 0 Download9 Pages 2,111 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT
  • Course Code: SIT735
  • University: Deakin Unversity
  • Country: Australia

Question:

Learning Outcomes
 
This assessment assesses the following Unit Learning Outcomes (ULO) and related Graduate Learning Outcomes (GLO):

ULO1 – Describe approaches to computer security including access control, identity verification and authentication in order to minimise cyber attacks on a system.

ULO2 – Compare and contrast different types of cryptography including current cryptographic algorithms and their applications.

ULO3 – Apply principles of public key cryptography to achieve secure communication networks by using digital certificates and digital signatures in compliance with industry standards.

Part A: Technical report
 
Choose one of the three organisations outlined above. You will need to research the Comodo certificate fraud hack in detail and analyse the security risks that it presents to the organisations you represent. You will then need to present a cost effective, feasible and welljustified solution to ensure the security of your computer network.
 
Part B – Oral presentation
 
In addition to the development of a written report, you will need to deliver an oral presentation discussing your report. Your presentation should introduce your scenario, describe the IT security issues that you have identified and you recommendations to resolve them.
 
Your oral presentation must last between seven and eleven minutes in duration. You will present to your peers using a slide pack created by you to guide and engage your audience. The slide pack will contain a minimum of five and a maximum of ten slides.
 
 

Answer:

Introduction

The purpose of this report is to demonstrate and analyze the Comodo certificate fraud hack to identify the security risks associated with an organization that maintains a network of a series of small business clients. The report will analyze the security issues that led to the Comodo certificate fraud leading to the fraudulent issue of 9 SSL certificates in 7 domains [10]. Although the attacks could be detected within hours, and the certificates issued were revoked immediately, the attack unveiled the different security issues that needed urgent attention [1]. The report aims in discussing the major IT security problems that exposes an organization in different vulnerable situations.

1. The Comodo certificate Fraud Hack

On March 2011, the Comodo certificate fraud hack broke in issuing 9 SSL certificates fraudulently. The hack although could be identified within a few hours, it established the need for urgent security attention in the organization. Soon after the certificate hack the Comodo root keys and the intermediate hardware were compromised. This attack was promptly reported as well. After the initial attack on 15 March, an intrusion was detected in a reseller account of Comodo. The security measures that were enforced after the attack were not enough to eliminate the subsequent attacks. In the Comodo certificate fraud hack, an attacker could gain an access to the username and password of a trusted partner of Comodo in Southern Europe [11]. Therefore it can be commented that there must be a serious security IT security issue in Comodo that led to the failure of the project. It was found out that the hacker was still using the Comodo partner account and it can be assumed that the attacker intended to target the other domains as well.

However, as soon as the hack and the data breach were discovered, the remediation efforts began and the certificates that were fraudulently issued were revoked back [5]. In this way the web browsers were prevented to use the fraudulently issued certificates. Apart from that an additional audit and control were enforced to eliminate the effects of the data breach.

 

As a control mechanism, the IP address of the initial attack was recorded to reveal the source of the attack. It was revealed that two IP addresses were assigned to the Iranian ISPs [9]. These incidents indicate that the attacks might have originated in Iran. However, the attack could be detected on time and thus the effect could be reduced. The incident report of Comodo certificate fraud hack suggests that the attacker was well prepared about the attack and planned its targets quite intelligently.

The analysis of Comodo certificate fraud hack therefore reveals that it is essential for the organizations to consider the different aspects of security risks that an organization or its employees might face [14]. In this context, the security issues associated with the organization operating with a network of clients will be analyzed. The Comodo certificate fraud hack was significant since with this attack, the attacker fraudulently issued SSL certificates. SSL certificates are needed for validating the legitimacy of a website to the browsers that assures the users that they are dealing with a legitimate site. The SSL certificates in a website further establishes the fact that the traffic between the browsers and the website a user is browsing is encrypted [13].  The attack was said to be politically motivated and it was speculated that the Iranian government was probably behind the attack. It is speculated that the Iranian government could have used the certificates in duping the anti-government activists in believing that they were legitimate sites, for example Yahoo mail.

Followed by the incident, an Iranian hacker has claimed the responsibility of the certificate hack against Comodo that provided an insight about the process by which a highly profile hack might be pulled off. The forged certificates that were issued created a means for the hacker to pose for a man in the middle attack or certain phishing attacks [12]. Comodo was quick enough to revoke the fraudulently issued certificates yet it gives rise to a criticism against the firm in putting too much trust in the resellers [2]. The process of issuing the certificated directly from the root could have eliminated the risk.

Although it was speculated that the Iranian government was associated with the attack, the hacker claimed that he acted alone in the attack and was not associated with the Iranian Cyber army or hacking cadre [8]. The attack therefore unveils that there are a number of security risks associated with an organization that operates and involves an online transaction system [4].  The different IT security risks associated with the organization that maintains a network or series of small business clients receiving payment from government are discussed in the following section.

 

2. IT security Risks 

A contractor is responsible for maintaining a network of small business clients receiving payment from government for the services they offer. It is the responsibility of the contractor to provide secure services to the clients as the clients are responsible for maintaining the confidentiality of the information that they are receiving from the government.

The Comodo certificate hack unveiled a number of security risks and issues associated with TSL and SSL certificates and beyond [7]. The security risks associated with any online operation is increasing mainly because the hackers in a digitally pervasive and connected environment are increasing as well. The Comodo certificate hack gives rise to a significant question about the security of digital certificates [3]. Since the clients of the contractor receives confidential information from the government, the use of digital certificates in such transactions is mandatory, any risk in the digital security certificates might give rise to a man in the middle attack.

Hack of SSL certificates and issue of such fraudulent certificates are a significant risk since the user visiting a secure website feels free to share the confidential details with the site assuming that the information shared will be encrypted [6]. However, if in any case, the SSL certificates are hacked or a digital certificate is hacked, it might give rise to a man-in-the middle attack.

The security certificates are considered to be a trust worthy factors because it asks for a strict validation of payment and identity proof which prevents an attack by the hacker. Now in this case, if the certificate gets hacked, it will give rise to a huge data security risk. The users will continue to visit the website assuming it to be safe while in real sense it is not and it will expose the data entered by the users in the forged website. Since the clients of the organization deals with the exchange of confidential data with the government, the hack of the security certificates might result in the loss of the confidentiality of the data which cannot be afforded.

Apart from the risk of hacking into the digital certificates, the use of internet while exchanging the confidential data possesses a number of security risks.  One of the causes of security risk associated with the online data exchange is improper patch management. It is one loophole that the hackers make use of in order to get an access to a particular information system.

One of the significant security risks that is associated with the organization is that the contractor maintains the networks of a series of small business clients who often use their own devices. The employees of the small business might use their own device while in exchanging data with the government. The presence of malware or viruses in those devices might result in a data security risk. The personal devices of the employees might not have a same level of security that is maintained within the network thus posing an IT security risk.

Since the contractor is maintaining a network of small business clients, any security risk in one network might risk the other networks as well. Therefore it is needed for the organization to enforce improved security in the organizations and the network. The solutions for eliminating the data security risks and the risks of certificate hack from the organization are discussed in the following section.

 

3. The Solution 

In order to eliminate the data security risks from the organization, it is needed to enforce up to date security in the network to eliminate the risks such as certificate hack or man in the middle attacks. In order to ensure the same, an up to date security for the organization is to be adopted so that the contractor can guarantee a secure service to the clients who receive confidential information from the government sources. The SSL certificate hack poses a huge security threat to any organization that makes use of internet in their daily operation. In order to ensure secure online transaction it is recommended for the organization to involve a better software system to eliminate the security risks. Furthermore, the contractor should ensure that the data that is being shared is encrypted in order to reduce the data security risk.

Another significant data security issue associated with the organization is the use of personal device of the employees. This must be checked in order to reduce the chances of information loss from those devices by hacking into the device.

Another security measure that can be enforced involves the use of an up to date antivirus to protect the clients from some major security and IT threats including the security of the network [15]. The Comodo certificate hack could be imposed as the hacker could gain an access to the username and password of one of the officials associated with the organization. This is one of the majorly used cybercrime tactics. In order to eliminate the problem, it is essential to impose an accurate security. Phishing is one of the main causes of data security risk in the devices and the network of a particular organization. The phishing attacks are generally conducted via emails asking the users to click on malicious links. It is essential to enforce proper firewall control that will filter the spam mails.

Apart from these, the contractor is needed to ensure an up to date security in the services provided. On addition to that, the contractor should ensure regular and accurate patch management [16]. The contractor should limit the access to the network only to some trusted individuals thus eliminating the chances of internal privilege misuse.

 

Conclusion 

The report discusses the Comodo certificate Authority Fraud hack and the security risks that are exposed by the data security attack. Since the contractor is responsible for maintaining a network of series of small business clients. It is essential to ensure security of the transactions performed by the clients. The report discusses the various data security and IT risk that the organization might face and recommends solutions to eliminate the data security risks. A secure online transaction can be enforced by making use of an up to date security application such as antivirus and firewall.

 

References 

[1]. Roosa, Steven B., and Stephen Schultze. "Trust darknet: Control and compromise in the internet's certificate authority model." IEEE Internet Computing 17, no. 3 (2013): 18-25.

[2]. Zetter, Kim. "DigiNotar files for bankruptcy in wake of devastating hack." Wired magazine, September (2011).

[3]. Prins, J. Ronald, and Business Unit Cybercrime. "Diginotar certificate authority breach’operation black tulip’." Fox-IT, November (2011).

[4]. LOO, Wai Sing. "Digital certificates: success or failure?." (2017).

[5]. Zheng, Z.J., 2013. Certificate Authorities.

[6]. Gregory, Mark A., and David Glance. "Hacking." In Security and the Networked Society, pp. 3-49. Springer, Cham, 2013.

[7]. Kasten, James, Eric Wustrow, and J. Alex Halderman. "Cage: Taming certificate authorities by inferring restricted scopes." In International Conference on Financial Cryptography and Data Security, pp. 329-337. Springer, Berlin, Heidelberg, 2013.

[8]. Stallings, William. Cryptography and network security: principles and practice. Upper Saddle River, NJ: Pearson, 2017.

[9]. Huang, Zhengan, Shengli Liu, Xianping Mao, Kefei Chen, and Jin Li. "Insight of the protection for data security under selective opening attacks." Information Sciences 412 (2017): 223-241.

[10]. which revoked Diginotar’s, Thunderbird. "Iranian hacker brings down Dutch Certification Authority." Computer Fraud & Security (2011).

[11]. Ryan, Mark Dermot. "Enhanced Certificate Transparency and End-to-End Encrypted Mail." In NDSS. 2014.

[12]. Stallings, William. Cryptography and network security: principles and practice. Upper Saddle River, NJ: Pearson, 2017.

[13]. Singla, Sanjoli, and Jasmeet Singh. "Cloud data security using authentication and encryption technique." Global Journal of Computer Science and Technology (2013).

[14]. Ryan, Mark Dermot. "Enhanced Certificate Transparency and End-to-End Encrypted Mail." In NDSS. 2014.

[15]. Gregory, Mark A., David Glance, and Margaret Gardner. Security and the networked society. Springer, 2013.

[16]. Zhu, Quanyan, Miles McQueen, Craig Rieger, and Tamer Basar. "Management of control system information security: Control system patch management." In Proc. Workshop Foundations Dependable Secure Cyber-Physical Systems, CPSWeek, pp. 51-54. 2011.

OR

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2020). Network Communications Security System. Retrieved from https://myassignmenthelp.com/free-samples/sit735-network-communications-security-system.

"Network Communications Security System." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/sit735-network-communications-security-system.

My Assignment Help (2020) Network Communications Security System [Online]. Available from: https://myassignmenthelp.com/free-samples/sit735-network-communications-security-system
[Accessed 03 April 2020].

My Assignment Help. 'Network Communications Security System' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/sit735-network-communications-security-system> accessed 03 April 2020.

My Assignment Help. Network Communications Security System [Internet]. My Assignment Help. 2020 [cited 03 April 2020]. Available from: https://myassignmenthelp.com/free-samples/sit735-network-communications-security-system.


MyAssignmenthelp.com strives towards providing exceptional essay help at an affordable price. Students, from various parts of Australia, prefer our servicers because we provide high-quality essay assistance at a pocket-friendly price. We receive numerous requests 'help me do my essay' or 'can someone write my essay' from students every day. We efficiently fulfill those requests and provide students needed essay writing help art an affordable price.

Latest It Write Up Samples

MNG03218 Managing Information Systems 11

Download : 0 | Pages : 17

Answer: Introduction: ERP or the Enterprise Resource Planning generally refers to the system which acts as a silver bullet for each and every problem that are faced by various organizations. the implementation of the ERP system is generally associated with providing the organizations with offers related to the chances of re-engineering the business process along with helping in coordination of the systems that are located in different geographi...

Read More arrow

SIT763 Cyber Security Management

Downloads : 3 | Pages : 5

Answer: Security Risk Assessment Security Risks, Threats and Vulnerabilities The assessment of security risks would be based on the identification, assessment and implementation of the key controls of security within the various applications used by the industry. With the carrying out of the risk assessment within the organisation, it would be beneficial for performing a risk assessment [1]. This form of risk assessment would be able to supp...

Read More arrow

HI5019 Strategic Information System And Business Report

Download : 0 | Pages : 18

Answer: Introduction: Australian Plastic Fabricators is one of the dynamic plastic fabrication company which is located in Sydney’s city fringe and is one of the Greater West supplying acrylic shop fittings to Sydney retail and shop fitting businesses. The organization is also considered to be the one stop shop for meeting all the needs related to Acrylic. Without any kind of doubt this organization can be considered to be the market le...

Read More arrow

SIT182 Real World Practices For Cybersecurity Assignment

Download : 1 | Pages : 7

Answer: Introduction The main aim of this project to develop the crack some passwords on different levels of a website. The implementing the project we can used for the ten levels that are includes are cryptography, directory traversal, sql injection, malicious redirects, Burp suites, Nmap, session management, information gathering, reporting.Postings are refreshed day by day and are utilized to spread and encourage further web hacking. Pract...

Read More arrow

ISY3001 E-Business Fundamentals And Systems Management

Download : 0 | Pages : 14
  • Course Code: ISY3001
  • University: Australian Institute Of Higher Education
  • Country: Australia

Answer: Task A: The Concept of Business-To-Business (B2B) Model In this assignment, the Business-to-Business (B2B) model of e-commerce have been chosen. The B2B model of e-commerce business can be defined as the collaboration of more than two different business organisations based on performing several forms of business transactions. This scenario also depicts the involvement of businesses based within wholesalers, retailers or different manu...

Read More arrow
Next
watch

Save Time & improve Grades

Just share your requirements and get customized solutions on time.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,241,609

Orders

4.9/5

Overall Rating

5,067

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

2830 Order Completed

97% Response Time

Leroy Bicknell

MBA in Marketing

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

203 Order Completed

97% Response Time

Richard Alpert

PhD in Psychology

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

154 Order Completed

97% Response Time

Harold Alderete

PhD in Economics

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

134 Order Completed

95% Response Time

Thomas Nelson

MS in Information Systems Technology with Specialization in Database Administration

New Jersey, United States

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

Thank you so much for your efforts the solution was perfect and submitted on time.

flag

User Id: 371975 - 03 Apr 2020

Australia

student rating student rating student rating student rating student rating

every thing good and Very classy treatment. thank you very much i hope do my thesis with this web

flag

User Id: 396340 - 03 Apr 2020

Australia

student rating student rating student rating student rating student rating

The work was well present, details and met all expectations. This is a prove that I will always use this platform and recommend this site to friends at schools and family. Keep using great people to keep having users. Just after receiving this assign...

flag

User Id: 203000 - 03 Apr 2020

Australia

student rating student rating student rating student rating student rating

good transcript that it make feel good because i don\'t need to worry about no ideas to write this transcript

flag

User Id: 329158 - 03 Apr 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?