Thursday, December 12, 2019
Information Security
Question: Discuss about theInformation Security. Answer: Introduction: As discussed by Andress, (2014), Information Security refers to the protection of sensitive and confidential data of an organization or its clients from malicious intrusions and mishandling. In the case of federal information handling and financial organizations, the digitization of the client database extends beyond just the information of the credit and debit cards and other user data and hence requires safeguarded actions, due to intrusive operations and critical embezzlements (Silver-Greenberg, Goldstein, Perlroth, 2016). The report critically evaluates two cases of data security breach that resulted in the compromise of about one billion client's information. The fundamental aim of the report is to provide insight into the cases of the Home Depot data security breach and the hacked case of JPMorgan Chase Bank. The report contains the results, the immediate reasons for the attack to happen and the probable solutions to prevent further cases of data leakage and security breach (Silver-Greenberg, Goldstein, Perlroth, 2016). Case of the Home Depot Data Security Breach Problem of the Attack: The home Depot data breach resulted in the compromise of the information regarding the details of nearly fifty-six million credit cards and even debit card data. The cost of the compromised data accounted to about One Ninety-four million dollars for every compromised information. The data breach caused the home depot heavy costs for both the investigation of the case and also the prevention of further such attack. The investigation cost had caused them nearly 43 million expense and that too pre-tax (Banjo, 2016). The average money spent on the investigation of every record in the compromised database is approximately Sixty million. The notification costs had to be undertaken for carrying out the information transfer to the customers about the data breach. The home depot had to inform about 60 million clients about the incident and had to undergo an expense of about 27.44 million for the single instance information to the clients (Sans.org, 2016). Process of the Attack: Stealing of the credit card data and making revenue from the stolen items: The hackers stole the information regarding the credit cards of the customers and sold it on the Darknet. The cyber criminals then made money from this, by selling the information to the cyber crime intermediaries (Nordstrom Carlson, 2014).Then came the carders who traded the stolen card information from phishing websites and other retail breach stores. The attackers then used the details to carry out online trading at sites like Amazon and Best Buy (Sans.org, 2016). Phishing websites: Once the cyber criminals bought the items for resale, they became untraced. The key malware that was used by the criminals was Memory Scrapping Malware. They used this malware to read the information of the RAM and the Point of Service terminal that provides the attackers with plain text versions of the credit card information (Kim et al., 2013). 0-Day vulnerability: The intruders utilized the 0-Day vulnerability of the Windows, to shift from the vendor surroundings to the corporate network (Armin et al., 2014). On reaching the Home Depot corporate network, the intruders deployed the memory-scraping malware. All these processes helped them to gather the information about the credit and debit cards (Sans.org, 2016). The Prime Reasons for the Attack: Firstly, the most essential of all the Information Security components is ensuring the security of the workstation hardware and the software. Though the Home Depot system had the Symantec End Point Protection, they did not include the Network Threat Security. The Network Threat Security provides an environment for the Host-based Intrusion Prevention System. The organization also lacked Point-to-Point encryption. The module ensured the encryption ends such as swiping (Sans.org, 2016). The home depot also did not have a secure software on the Point of Service at the Operating System. The Windows X embedded SP3 was highly vulnerable to the attacks. The home depot should have advanced to the newer versions of the Windows platform (Virvilis et al., 2013). Solutions for Such Type of Attack: Point-to-Point Encryption: The module could have overcome the attack, even after the infiltration to the Point of Service network and the deployment of the memory-scraping malware. The P2P technique encrypts the card at the point of swiping of the credit or the debit card, by safeguarding the four-digit PIN code, and ensures that the process is completed before the code reaches the memory. This involves a unique key for the encryption, but the technique differs in the cases of the credit card and the debit card (Elovici Altshuler 2013). The basic algorithm to be utilized is the P2P encryption technique (Sans.org, 2016). Figure 1: Point-to-Point Encryption and Decryption (Source: As created by the author) As it is evident from the diagram, this type attacks for stealing, credit cards can be stopped (Sans.org, 2016). Network segregation and role-based control of access: The network segregation may have turned useful in fragmenting the internal network into some segments so that the intruders do not get an extensive zone to affect through the breach of a single layer (Sans.org, 2016). It fundamentally aims at protecting the critical data contents and not making them visible to unwanted intruders. The segregation implies the deployment of the Virtual Local Area Network (VLAN), which contains the critical and sensitive servers. This provides control of access at the TCP level, apart from securing the sensitive corporate data and firewalling at the network boundaries. The role based access control or RBAC removes the previous role on the enrollment of a new role, on a one role at a time basis (Burke et al., 2013). Figure 2: Network Segregation (Source: Sans.org, 2016) Managing the third party Vendor Credentials: The technique is implemented to maintain the identities of the internal and external employees, and the process restricts the shift of the attackers from the vendor-specific surroundings to the corporate network environment (Beck Swensen, 2015). The JPMorgan Chase Bank Hack Case Problem of the JPMorgan Chase Hack Case: The cyber attack caused the compromise of a collection of database applications and a certain list of programs that are designed to run on the computers of JPMorgan, rather a sorting map to the addresses. The next step of the intruders involved the validation of the roadmaps with the susceptible points of the programs and network applications that they had already discovered. The prime intension of the intruders was to find out a point of entry into the banks database systems. The intrusion resulted in the compromise of Personal Identifiable Information of nearly seventy-six million households and about seven million ancillary commercial firms (Silver-Greenberg, Goldstein, Perlroth, 2016). The PII that was hacked included the identities, contact details such as the residential address, the contact numbers and e-mails and the organization specific data regarding the PII of the users. Nevertheless, the evidence did not include the compromise of other details like the Login IDs., Socia l Security Numbers or the user passwords. Since there was no record of any fraudulent activity, mapped to the compromised addresses, the company declared a non-liability clause on the victimized accounts end (Ahmed et al., 2014). Thus, the fundamental problem of the attack was the unauthorized access to the user accounts of the clients. The Victims of the Attack: The direct victims of the JPMorgan Chase hack case were the clients, who had to compromise their user credentials like the Social Security Number, passwords and other sensitive PII like the names, contact addresses, and details. The attack had affected about seventy-six million household accounts and compromised the corporate data of nearly seven million small business firms. The evidence does not have any embezzlement currently. However, the JPMorgan Information Security officials suspect the utilization of the compromised information for a major attack may be in the shortcomings. The bank had to pay millions to settle the case on the non-liability clause on the clients end (Sans.org, 2016). The Process of the Attack: The intruders infected an employees personal workstation with malware and stole the login credential of the employee. The hacker attained the access to the internal organizational network when the employee connected remotely to JPMorgan chase's corporate network through the organizations virtual private network. The hacking rationale took off through overcoming the hurdles of the multi-layered security by infecting each layer with malicious codes, which were already developed with the aim of perforating the chases network (Sans.org, 2016). Thus, the hackers gained the privileges of the administrative controls of the topmost level and got hold of ninety server commands by utilizing more than one 0-Day vulnerability programs. The intruders carried out the acquiring of the information over an outstretched span, to avoid early detection. The usurped administration credential would be futile if the overlooked server could manage the update of the two-step verification method for security (Brenner Lindsay, 2015). Figure 3: Steps of the attack to reach the topmost level of the servers (Source: As created by the author) The hackers deleted most of the footprints of the attack by omitting some of the login files and programs. The intrusion was detected when it was deployed in charity channel of JPMorgan Chase. Hold Security that detected about one billion hacked user credentials, highlighted the attack. The Measures that Could Stop the Attack: The steps that should have been taking to stop the attack are- Host-based IPS and whistling: The host-based Intrusion Prevention System could stop the attack at the VPN layer. It makes use of system calls to detect human-computer interactions through the correlation of application activities. A detected suspicion stops or halts activities. It is preferred over Network-based IPS that it performs monitoring over the individual computer layer (Sans.org, 2016).Whistling approves applications on the list and denies those with denial of approval. One effective implementation of whistling is the code-signing of the applications. Besides maintaining the integrity of the software through publisher signs, whistling requires updating and the fine-tuning of the application. HIPS and whistling could have detected malware at the applications layer in the JPMorgan Chase hack case (Glass Callahan, 2014). Network segregation and role-based control of access: The network segregation may have turned useful in fragmenting the internal network into some segments so that the intruders do not get an extensive zone to affect through the breach of a single layer (Sans.org, 2016). It fundamentally aims at protecting the critical data contents and not making them visible to unwanted intruders. The segregation implies the deployment of the Virtual Local Area Network (VLAN), which contains the critical and sensitive servers. This provides control of access at the TCP level, apart from securing the sensitive corporate data and firewalling at the network boundaries. The role based access control or RBAC removes the previous role on the enrollment of a new role, on a one role at a time basis (Burke et al., 2013). Proxy usage with outbound traffic and defense to 0-Day vulnerability: The intruders utilized the command-and-control encryption algorithm to overcome all the security hurdles and get hold of the VPN server connection. The outbound traffic proxy is capable of decrypting or the verifying the cryptographic keys and detecting the unauthorized keys, on the company register of keys (Kamiya et al., 2015).The best set of defenses against the 0-Day vulnerability includes the analysis based on statistics, digital signatures, interactions and even the organization size (Kaur Singh, 2014). Conclusion: The report has succeeded in providing a detailed study of the data security breaches of the Home Depot and the JPMorgan Chase hack case. The primary reason for both the cases is the compromise of effective measures of protection of the sensitive data both at the vendor specific environment and the network layer. However, the report has provided feasible solutions to prevent further data leakage and security attacks. References Ahmed, M., Litchfield, A. T., Ahmed, S. (2014). A Generalized Threat Taxonomy for Cloud Computing. ACIS. Andress, J. (2014).The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress. Armin, J., Foti, P., Cremonini, M. (2015, August). 0-Day Vulnerabilities and Cybercrime. InAvailability, Reliability and Security (ARES), 2015 10th International Conference on(pp. 711-718). IEEE. Banjo, S. (2016). Home Depot Hackers Exposed 53 Million Email Addresses. WSJ. Retrieved 4 June 2016, from https://www.wsj.com/articles/home-depot-hackers-used-password-stolen-from-vendor-1415309282 Beck, J. M., Swensen, C. L. (2015).U.S. Patent No. 8,973,122. Washington, DC: U.S. Patent and Trademark Office. Brenner, J., Lindsay, J. R. (2015). Correspondence: Debating the Chinese Cyber Threat.International Security,40(1), 191-195. Burke, J., Gasti, P., Nathan, N., Tsudik, G. (2013, April). Securing instrumented environments over content-centric networking: the case of lighting control and NDN. InComputer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on(pp. 394-398). IEEE. Elovici, Y., Altshuler, Y. (2013).Introduction to Security and Privacy in Social Networks(pp. 1-6). Springer New York. Glass, R., Callahan, S. (2014).The big data-driven business: how to use big data to win customers, beat competitors, and boost profits. John Wiley Sons. Kamiya, K., Aoki, K., Nakata, K., Sato, T., Kurakami, H., Tanikawa, M. (2015, August). The method of detecting malware-infected hosts analyzing firewall and proxy logs. InInformation and Telecommunication Technologies (APSITT), 2015 10th Asia-Pacific Symposium on(pp. 1-3). IEEE. Kaur, R., Singh, M. (2014). Automatic evaluation and signature generation technique for thwarting zero-day attacks. InRecent Trends in Computer Networks and Distributed Systems Security(pp. 298-309). Springer Berlin Heidelberg. Kim, D., Achan, C., Baek, J., Fisher, P. S. (2013, June). Implementation of framework to identify potential phishing websites. InIntelligence and Security Informatics (ISI), 2013 IEEE International Conference on(pp. 268-268). IEEE. Nordstrom, C., Carlson, L. (2014).Cyber Shadows: Power, Crime, and Hacking Everyone. ACTA Publications. Sans.org, S. (2016). Home Depot Data Breach. Sans.org. Retrieved 4 June 2016, from https://www.sans.org/reading-room/whitepapers/dlp/data-breach-preparation-35812 Sans.org, S. (2016). Sans.org. Retrieved 4 June 2016, from https://www.sans.org/reading-room/whitepapers/casestudies/minimizing-damage-jp-morgan-039-s-data-breach-35822 Silver-Greenberg, J., Goldstein, M., Perlroth, N. (2016). JPMorgan Chase Hacking Affects 76 Million Households. DealBook. Retrieved 4 June 2016, from https://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_r=0 Virvilis, N., Gritzalis, D., Apostolopoulos, T. (2013, December). Trusted Computing vs. Advanced Persistent Threats: Can a defender win this game?. InUbiquitous Intelligence and Computing, 2013 IEEE 10th International Conference on and 10th International Conference on Autonomic and Trusted Computing (UIC/ATC)(pp. 396-403). IEEE.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.