Wednesday, 4 March 2020

Glossary

Glossary terms


I have done this post due to my lack of academic terms regarding my Major Project, namely Cyber Security and not only.


  • Kernel: is the core component of the computer system. It is built on the memory. It is useful to link applications with data processing at a high level.

  • Encryption- The process of encoding data or information in that way just an authorized person can access it.

  • VMI- Virtual Machine Introspection
  • VM- virtual machine
DDoS attack:       
 1) Master Mind/Planner: The Original Attacker, who creates reasons and answers for, why, when, how and by whom the attack will be performed.

2) Controller/Handler: Co-ordinator of the original attacker, who may be one or more than one machine, is used to exploit other machines to process DDoS attack

3) Agents/Zombies/Botnets: Agents, also known as slaves or attack daemons, subordinates are programs that actually conduct the attack on the victim. These programs are usually deployed on host computers. These daemons influence both the machines: target and the host computers. It facilitates the attacker to gain access and infiltrate the host computers.

4) Victim/Target: A victim is a target host that has been selected to receive the impact of the attack.


Reference list:

KnowHostBlog, 2019. DDoS Attack. [image] Available at: <https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.knownhost.com%2Fblog%2Fddos-protection-critical%2F&psig=AOvVaw2_4fpFrSXfFVQRAlbp7y4E&ust=1583832896322000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCPjZj8WLjegCFQAAAAAdAAAAABAD> [Accessed 9 February 2020]

Linkov, V et al. (2019). Human Factors in the Cybersecurity of Autonomous Vehicles: Trends in Current Research. Frontiers in Psychology, 10.




    

Monday, 2 March 2020

Apple vs Samsung-final post for study case

Apple vs Samsung-final post for study case



There are many similarities between them linked to features, design, and shape. However after I have studied their security and privacy, I have discovered that although Apple has worldwide popularity related to its performance, there is nothing to dispute because I am not a user of the iOS system, but what I was interested in security has failed the test. The result of the CVE made me doubt about its security performance, the vulnerabilities were not in a small number but enormous for the fame they carry. In addition, Apple's privacy prevents users from accessing some websites due to privacy.



Although until I did this case study I thought Apple has no security competition, but Samsung surprised me, their KNOX security system only recorded three vulnerabilities and those at a low level, under 5 out of 10. In addition, Samsung uses the android system that is more permissible in accessing different websites, even allows the installation of software from unknown sources. Knox is also used by governmental organizations which makes me believe that it presents a reliable product.
 
In conclusion, after the ones listed above, as a user of the Android system, iOS didn't convince me to change my perceptions. In my opinion regarding security, Samsung is the winner.

Presentation

My presentation slides are shown:

 My presentation slides are shown below: 















































Car hacking-BMW

Car hacking, BMW - class task


Many BMW models have vulnerabilities regarding security, Zors (2018) states, researchers hack BMW cars and discovered 14 vulnerabilities. The security flaws have been discovered during a year-long experiment carried out by the Chinese security firm between January 2017 and February 2018. Most of them are connected with TCU* or TCB* and UDS*. However, six of them can be developing remotely, via the wireless interface of the vehicle, e.g. Bluetooth and cellular network.


 The attack via Bluetooth required a minimum distance between car and telephone and always in pairing mode. An attack via cellular mode can take place from afar. Almost all BMW models are affected by these vulnerabilities, BMW i Series,  BMW X Series,  BMW 3 Series, BMW 5 Series, BMW 7 Series. The most affected cars are models from 2012 onwards.
Both Keen LAB and BMW manufacturers recognize the hacks are complex and out of reach for many attacks.
The LAb report has shown how the attack takes place, namely the contactless attack,
The contactless attack is based on the wireless interfaces of the vehicle. And in such kinds of attack
chains, attackers may impact the vehicle remotely. In this part, the attack chains via Bluetooth and
the cellular network will be illustrated.

  • January 2017: Keen Lab kicked off the BMW security research project internally.
  • February 2018: Keen Lab proved all the vulnerability findings and attack chains in an

experimental environment.

  • February 25th, 2018: Keen Lab reported all the research findings to BMW.
  • March 9th, 2018: BMW fully confirmed all the vulnerabilities reported by Keen Lab.
  • March 22nd, 2018: BMW provided the planned technical mitigation measures for the

vulnerabilities reported by Keen Lab.

  • April 5th, 2018: CVE numbers related to the vulnerabilities have been reserved. (CVE-2018-9322,

CVE-2018-9320, CVE-2018-9312, CVE-2018-9313, CVE-2018-9314, CVE-2018-9311, CVE2018-9318)

  • May 22nd, 2018: This summary report is released to the public.
  • Year 2019: Keen Lab will release the full technical paper.

In 2018 BMW has implemented the solution offered by Keen LAB and all vulnerabilities have been fixed.
In conclusion, Keen Lab follows the "Responsible Disclosure" practice, which is a well-recognized practice by global manufactures in software and internet industries, to work with BMW on fixing the vulnerabilities and attack chains. The Chinese organization has discovered !4 vulnerabilities in BMW car security, regarding contactless attacks, Bluetooth Chanel and cellular networks. And all of these vulnerabilities have been fixed.

Zorz, Z., 2020. Researchers Hack BMW Cars, Discover 14 Vulnerabilities - Help Net Security. [online] Help Net Security. Available at: <https://www.helpnetsecurity.com/2018/05/23/hack-bmw-cars/> [Accessed 3 February 2020].

External cyber intelligence

External cyber intelligence

Cyber Threat Intelligence (CTI) communication aims to be a modern way to increase understanding of the situation among stakeholders. Organizations can be expected to provide a threat analysis system that is part of aggressive data defense and to disclose their details.


Fig. 1



According to Trifonov et.al. (2018), Cyber Threats Intelligence (CTI) contains the following:

  • Create structures and technological means to hold an up-to-date image of potential threats of varying size, origins and character, developments in the geopolitical background and related regional cyber image analysis and;
  • Developing skills to better define the causes of diversion and to take effective measures of security and counteraction.
CTI is a continuous system which must be improved forever. Preparing intelligence in a cyber operating setting is a comprehensive and ongoing method of evaluating possible threats to identify a suspect range of actions that could threaten devices, networks, documents, personnel or consumers by supplying means to interpret and analyze a variety of different intrusion sensor inputs to present a particular hazard (Trifonov et.al., 2018).
Cyber threat intelligence helps organizations to gain insight into the mechanisms and implications of threats, to build defense strategies and frameworks, and to reduce their attack surface with the ultimate goal of harm prevention and network protection.

Benefits of CTI

  • Cost efficiency with CTI the potential attack could be intercepted before being harmful to networks. Through staff readily informed and appropriate security measures in motion, a violation can be detected and remedied even more easily (Trifonov et.al., 2018). A recent survey shows that threat intelligence programs have saved organizations \$8.8 million in the past 12 months (CIS, 2020).
Conclusion
Many make the incorrect difference between vulnerability data and vulnerability information, without analysis, data can not provide organizations the suitable awareness they need to identify risks until they reach the network. CTI is something that will help secure the network, control the costs of managing network protection, and provide users with the information and awareness they need to concentrate on what really important.

References list:

R. Trifonov, O. Nakov, and V. Mladenov, "Artificial Intelligence in Cyber Threats Intelligence," 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC), Plaine Magnien, 2018, pp. 1-4.

Wagner, T., Mahbub, K., Palomar, E. and Abdallah, A., 2019. Cyber threat intelligence sharing: Survey and research directions. Computers & Security, 87, p.101589.

Cyber security assessment

Cybersecurity assessment


Cyber Protection Evaluation is a process that includes risk-based strategies to analyze and improve cyber-attack response mechanisms. The approach aims to detect risks that may impact the quality and stability of the network. Finally, a company may achieve a greater understanding of the strengths of protection against malware threats. The main aim of cybersecurity assessment is to determine the vulnerability inside an organization. Both network equipment and utilities could be a source of vulnerabilities.

Security assessment required a methodology that implements next:
  • Requirement Study and Situation Analysis
  • Security policy creation and update
  • Document Review
  • Risk Analysis
  • Vulnerability Scan
  • Data Analysis
  • Report & Briefing
The network protection risk evaluation determines sensitive properties that may be impacted by cyber threats (such as equipment, networks, computers, consumer data, and intellectual property) and also defines the hazards that may impact those properties (Cyber Security Risk Assessment | IT Governance UK, 2020).

Why is needing a security risk assessment?
There are a large number of reasons for those companies required security risk assessment.

Reduce long-term costs, identifying potential threats and working to mitigate them has the potential to prevent security incidents, which saves organization money in the long run.

Can improve communication, a cyber risk assessment requires input from a number of different departments and stakeholders, this can help increase visibility and enhance communication.


Conclusion

CyberRisk assessment is extremely important for every company, regardless of its influence and reputation in the industry. Any business wants it so that they can avoid cyber-crime attacks and utilize prevention strategies.

Reference List
Itgovernance.co.uk. 2020. Cyber Security Risk Assessment | IT Governance UK. [online] Available at: <https://www.itgovernance.co.uk/cyber-security-risk-assessments> [Accessed 5 March 2020].

Staff training

Staff training

Current workplace security awareness systems use a very one-size-fits-all approach. A more reliable and cost-effective approach to applying the workplace safety awareness model is to use a standardized multi-phase process that meets the specific needs of the company. Human error remains the leading cause of data breaches, and these breaches cause organizations a great deal of financial and reputational damage.
 Researchers have shown that 95% of cybersecurity breaches are due to human error. On top of that, only 38% of global organizations state that they’re prepared to handle a sophisticated cyber-attack.
And worse, as much as 54% of companies say they have experienced one or more attacks in the last 12 months, this number rises every month. Social engineering is the current favorite technique among cyber-criminals to psychologically exploit victims in order to persuade them to knowingly or unintentionally hand over private data that is then subverted for nefarious purposes. Another important tactic is phishing, where emails or connexions are sent to workers who then have their login certificates mined, in reality, 95% of cyber attacks are the product of phishing scams, causing phishing awareness training necessary (FraudWatch International, 2018).
To train employees involves the adoption of a methodology that has three phases. Valentine (2006) states in his research that methodology implements following some steps.
  • Assessment Phase
  • Identification Phase
  • Education Phase

  • Assessment Phase

    The primary aim of introducing an organizational-wide employee safety awareness plan is to secure client processes and information, particularly confidential and potentially sensitive records. It is also important that the organization will thoroughly evaluate what it wants to safeguard through the introduction of the security awareness program.

    Identification Phase

    After taking proper care of what it wants to secure, a company that aims to introduce a security awareness system requires defining the workers communicate periodically with the data and with any other security-related controls, such workers are basically gatekeepers for the data protection of an organization.

    Education Phase

    After an organization analyzes what the program should contain is important to educate the employees in that way to avoid do major mistakes when they could meet a security breach. For this reason, a company should test the staff in a possible scenario.





    Example of employee training.
    Li et al., (2019) have describe in them survey a model of this training.
    The findings of the analysis show that U.S. workers have been mobilizing resources for digital change in the battle against contemporary cybercriminals. Employees at different companies have experienced cyber-crime-related disruptions as they establish and implement new technology protocols, practices, techniques, and tools intended to keep up with developments in the marketplace. Respondents who engaged in this survey agree that digitalization requires them to reconsider their long-term information defense policies, techniques, and activities. The survey also showed that protection change does not only impact technological decisions but that it is also necessary to improve employee understanding in order to prevent cybercrime from happening.

    Conclusion

    Security awareness training is an important factor for every company. Each employee should be aware of the prevention and suggested remediation protocol for data security purposes. This will help organizations to avoid having to deal with a number of issues that could impact or damage the stability of the company and, therefore, cyber awareness training is required to help employees learn about the detection of fraudulent behavior and data stealing.

    References list:

    FraudWatch International. 2020. What Is Cybersecurity Awareness Training & Why Is It So Important?. [online] Available at: <https://fraudwatchinternational.com/security-awareness/what-is-cyber-security-awareness-training/> [Accessed 1 March 2020].

    Li, L., He, W., Xu, L., Ash, I., Anwar, M. and Yuan, X., 2019. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45, pp.13-24.

    Valentine, J., 2006. Enhancing the employee security awareness model. Computer Fraud & Security, 2006(6), pp.17-19.

    Physical security

    Physical security


    Physical security should be a key part of our data security and defense architecture. Application controls, the essential to physical security, have become a weak defense. It is used to protect the company’s premises, sites, facilities, buildings, people, information, and other assets. Security controls are designed to protect all elements of information systems. Properly designed and managed access controls are at the core of protecting and managing the properties of organizations (Moses and C. Rowe, 2016).

    Types of physical security


    Physical security is a critical part of an active safety plan. In addition to defending against malicious attacks such as theft vandalism and terrorism, security preparation should also provide defense from natural disasters such as flooding or explosions. ISC(2) suggest that security controls can be
    categorized into 6 control types:





  • Preventative – controls meant to prevent unauthorized actions. Examples of preventive controls would include, locks, biometrics, mantraps, etc
  • Detective – controls meant to send alerts during or after an attack. Examples of detective controls would include job rotation, mandatory vacations, recording and reviewing security cameras. Corrective – controls meant to restore systems to normal after unwanted or unauthorized activity. These normally only have limited capability to respond without user interaction. Examples include antivirus solutions, intrusion detection systems, and business continuity planning.
  • Recovery – controls meant for after a security incident has occurred. Recovery controls are meant to restore the functionality of the system and organization. Examples include reinstallation of Operation Systems and data restored from backups.
  • Deterrent – controls meant to discourage actions. Examples include “Beware of Dog” or “SecuritySystem” signs.
  • Compensating – These provide a supplementary or alternative solution to a control that is too expensive or difficult to implement.


  • Examples of threats
    Threats can come in a large number of forms and shapes. Hackers are ingeniously and they always are looking for a breach in security, to make any of the actions listed below

    • taking control of the door lock system to open doors and gates during a robbery
    • turning off video recording and monitors to allow a thief to come unnoticed into a building
    • removing records from the security management system, thus removing the evidence of a crime
    • taking control of CCTV systems to guide an intruder through the building
    • monitoring CCTV cameras to know when the most money is in the bank, thereby finding the optimal time for a robbery
    • monitoring CCTV cameras to get details when people enter PIN codes
    • monitoring CCTV cameras to know when security personnel are not present in key areas
    • turning off complete physical security systems, leaving security personnel without tools for monitoring and response
    • instigating false alarms in order to occupy security personnel, leaving key areas unprotected


    Impact on organization due to lack of physical security

    • Increase of Theft and Vandalism, without physical security, companies are under risk. There could take place thefts and vandalism.
    • No Procedure to Handle Incidents, just as more robberies will take place without protection, there will also be more accidents that put the business at risk, particularly without any kind of protocol to deal with the issue. Find a more serious offense on the house. The problem will quickly escalate without personnel security officers or surveillance systems to avoid the incident, or even to provide proof afterward.
    • Business reputation: continued fraud or lack of security for public safety, better consumers will be searching for another place to visit. People feel safer when the buildings seem to have the latest technology. People will be running companies that they trust, and this is a key way to do this.
    • Legal Liability: it is essential to have proper security in place to protect the personal information of customers, clients, and vendors. Necessary security not only protects customers but also protects businesses from legal damage that can be costly or potentially shut down. Take steps to protect the data and the personal security of all these individuals and companies in order to improve security and minimize liability.




    The good news is that the topic of physical security can be easily integrated into a larger security awareness training program. To help employees understand their role in maintaining a safe and secure work environment, educate them on key components of physical security and train them to follow best practices that will help them keep your people, areas, and assets secure. In addition to interactive education, use reinforcement tools like posters, articles, videos, and other security awareness materials to keep physical security top-of-mind for companies end-users

    Conclusion
    Administrative, technological and physical checks properly carried out allow the company to manage and protect its capital. Such controls should have an in-depth security approach that works together to provide multiple layers of protection if regulation is bypassed. Security measures help dissuade, reject, track, and then prevent threats from accessing information.
    External safeguards provide security protection, motion detectors, and intrusion alarms. Electronic safeguards include smart cards used for access control, physical security devices for intrusion detection, guards and CCTV systems. Physical security is not always the first thing when it comes to safety. Most organizations tend to focus on more technical aspects of threat counteraction. Both network intrusion detection systems and firewalls are completely useless if someone can get to the router and hack the data or the computer. Every company should think, how important is physical security. 


    References List:
    Jentes, A. 2018. Physical Security Risks: Are Your End Users an Asset or a Liability?. [online].
    Available at: <https://www.proofpoint.com/us/security-awareness/post/physical-security-risks-are-your-end-users-asset-or-liability> [Accessed on 3rd March 2020]

    Moses, S. and C. Rowe, D., 2016. Physical Security and Cybersecurity: Reducing Risk by Enhancing Physical Security Posture through Multi-Factor Authentication and other Techniques. International Journal for Information Security Research, 6(2).

    Zenitel.com. 2020. Are You Aware Of The Threats To Your Physical Security System?. [online] Available at: <https://www.zenitel.com/news/are-you-aware-threats-your-physical-security-system> [Accessed 2 March 2020].

    Antivirus software

    Antivirus software


    Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. In particular, modern antivirus software can protect users from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraud tools, adware, and spyware. Furthermore, computer virus authors and antivirus vendors have constantly fought to prevent tracking game by creating new virus signatures. These days malware becomes more and more sophisticated, using high-level code to resist antivirus detection. Wanjala and Jacob (2017) state polymorphic and metamorphic computer viruses are probably the most challenging viruses to identify. All forms of viruses are capable of mutating into an infinite number of functionally equivalent versions of themselves.




    Why roll play an antivirus?

    Talking about a program whose function is to search and remove computer viruses and other malicious software, often known as malware. Antivirus software is a key component of user overall cyber and network security strategy to defend against data and malware vulnerabilities along with other risks. A computer virus is similar to the cold virus. It is spread itself from a computer or device to any other with whom it comes in contact, which can damage and infiltrate in operating systems.
    Antivirus software provides protection against this type of attack. According to Norton (2020), antivirus software confers the following tasks:

    • Pinpointing specific files for the detection of malicious software
    • Scheduling automatic scans 
    • Scanning either one file or your entire computer at your discretion
    • Deleting malicious codes and software
    • Confirming the safety of your computer and other devices
    With many antiviruses on the market today, several methods have been used to identify and control viruses, e.g. like static analysis, a virus is identified by checking the archives or reports of virus template events without actually running the application.
    In my research about antivirus, I have found some company which provides a good defense against malware. For example McAfee, Norton, Kasperski and Eset Nod 32. There are many others that provide antivirus for free, however, I am not sure how safe is to use this free software. From my experience with McAfee, I can say McAfee is one of the best company which offer security for an acceptable price.


    Conclusion
    With the Internet as a primary communication tool for billions of people and also a platform for exchange, social interaction, viruses are rapidly under attack as new unknown signatures are increasing to identify antiviruses during scanning. Anti-virus software utilizes a malware signature to find a virus in a computer file system to identify, block, and uninstall a virus.

    Reference list:

    Johansen, A., 2020. What Is Antivirus Software? Antivirus Definition | Norton. [online] Us.norton.com. Available at: <https://us.norton.com/internetsecurity-malware-what-is-antivirus.html> [Accessed 26 February 2020].



    Yusuf, Muchelule & Neyole, Wanjala & Jacob, Misiko & Muchelule, Yusuf & Neyole, Jacob. (2017). Review of Viruses and Antivirus Patterns Software & Data Engineering Global Journal of Computer Science and Technology: C Review of Viruses and Antivirus Patterns. Journal of Computer Science and Technology. 17(3)