Strategy and Controls For Dealing With Malicious Attacks and Vulnerability
Every organization must focus and invest on countermeasures to deal with computer attacks and vulnerabilities. According to Beard and Wen (2009) an organization ought to balance its resources against the value of its information assets and any possible threats against them. These would work in detecting vulnerabilities, preventing attacks, and countering effects of any attacks that succeeds.
Identifying the vulnerabilities and finding a way of minimizing them would work well to avoid possible attacks, and this is the best strategy. An attack is an act committed by an intruder with a wrong motive of interfering with system security. An attack on the information assets exploits the system’s vulnerability, and could damage the asset. An attack could comprise any of the following categories or a combination of any of them:
- Fabrications, which means adoption of some deceptions to play a trick on the unaware users of a system;
- Interruptions, which creates a break in the transmission channel and therefore acting as a block;
- Interceptions, which eavesdrops on transmissions redirecting to unauthorized user; and
- Modifications, which interferes or altercates with the data being transmitted.
Vulnerability on the other hand is a weakness in a system that makes it possible for a harm to be caused by an attack. Threats cannot be eliminated, but it is possible to protect a system against vulnerabilities.
This would minimize the chances of a threat exploiting the vulnerability. Therefore, eliminating as much vulnerability as possible is the key to protection against the risk of attack (Ludwig, 1996).
Strategies of Dealing with Risks of Attacks and Threats
The security plan in an organization’s information system should include both proactive and reactive strategic measures.
The proactive strategy involves predefined steps for preventing attacks before they occur, and involves determining the damage of a possible attack, determining the vulnerabilities the attack would exploit, and finally minimizing the weaknesses or the determined weak points for that specific threat. This has been discussed considering several threats as mentioned:
Virus, Logic Bombs, Worm
A virus attaches itself to software and spreads within the system and through e-mails to other systems. A worm on the other hand spreads through exploiting vulnerability in an application or operating system in a network. A logic bomb is a virus or worm that activates under set conditions, and mainly affects the application layer.
A virus can cause multiple damages to a system, and can lead to a huge loss of all necessary information. The drive or software can also crash due to virus attack. All the documents stored in the hard drive can be lost. Virus would also interrupt the surfing process of the net, exposing personal information to public. This may also affect other systems in the network.
Some types of virus are able to generate Internet Protocol (IP) address randomly and send automatically. If the generated address is copy of SQL server, the virus can be fired off by the system haphazardly to other IP addresses, affecting a whole system very fast.
In addition, a virus attack can also cause buffer overflow where the virus may take advantage of overflow susceptibility. The affected system will not be able to handle excessive information, therefore may shut down.
Zero-day attacks are tricky since they are perpetuated before the software developer would even think of implementing a counter to a threat.
Vulnerability management would assist to minimize the risks of virus attacks. This is a security and quality assurance process by software developers that comprises an analysis phase of a possible attack, the test phase, reporting to developers, and mitigation or protective measures necessary.
- Zero-day protection- These are protection mechanisms found in contemporary operating systems to minimize zero day attacks. Desktop and server protection software are also recommended to counter buffer overflow vulnerabilities. White listing, which only allows known good applications access the system can effectively control against zero-day attacks.
- Multiple layers protection would be appropriate in case where one-layer exploit is discovered. For instance, implementing server access control, local server firewalling, and network hardware firewall. These are three layers which would complement each other in case one is compromised.
- Antivirus and spyware can also be used to detect any virus, worm or logic bomb attacks through scanning process, and removal by destroying the parasite files and directories.
Back door Attacks
This is access to a computer that bypasses any set security mechanisms. This can be done for troubleshooting by a programmer, but attackers may use it as an exploit. This would pose a security risk, since crackers would always look for a vulnerable spot to exploit.
A backdoor allows an intruder to interfere with files and even delete them or change system settings. It can also degrade internet facilities affecting speed and performance.
Control of Backdoors
A backdoor can be found and removed by use of antivirus products. Advanced spyware removers can detect and remove backdoors by scanning. These have extensive signature databases for system parasites.
Instructions on manual malware removal are also available in internet resources in case of an antivirus or spyware remover fails. The user can then be able to delete all files and other objects that are parasitic.
A weakness in the design or operation of a system that can be exploited to compromise its security can be referred to as vulnerability. Some of the vulnerabilities encountered are highlighted below with strategies and control of dealing with them.
Systems lack security policy leading to an ungoverned information network, and therefore vulnerable to attacks. The main cause of this situation is the attitude of most PCs administrators with distaste for security administration (Vilcinskas and Niman, 2000)
This can be controlled by ensuring that procedures contributing to security are predicated to elements of the policy to be firm and quite effective. This would comprise security plans and enforcement including auditing controls.
In addition, security training to the staff is very crucial and should not be omitted in an organization. A consistent process of formal configuration management and officially documented procedures should be fully implemented. A security policy regulating the time for users logging time to the system could also be set.
Single points-of-failure exist where many PCs have centralized data storage and control. Physical damage to assets may result due to permissible operation of control equipment. In addition, the leveraging of PCs and networks for emergency signals renders the system vulnerable. Other systems like security and fire are also being integrated in PCs. This increases the possibilities of disruption and intrusion (DePoy, 2003. P. 6)
This would require an effective control hierarchy to preclude any possible physical damage.
Vulnerabilities in networks include limitations caused by use of simple passwords and ill-protected links for old systems which are so vulnerable to attack. However, contemporary technologies in modern systems have also led to more risk due to massive accumulation of attacks the world over.
In addition, there is uninformed trust in PCs links to faithfully transmit data with shared links that are not adequately shielded from other entities using it. Also interfaces to external systems assume the same trust on outside network.
Control of these vulnerabilities due to network include protecting PCs connections over vulnerable links with encryption, substantial authentication for remote access and data protection between clients and access points.
The system administrator would also demand periodic change of passwords, use of screen savers that can time out and activate the workstation lock, and setting a NetBios password if supported by hardware manufacturer (Warigon, 1997).
Strategies of a security plan in an organization involve predefined steps for preventing attacks. Virus, logic bombs and backdoor attacks have been analyzed in this discussion and the possible administrative and other control measures. Some vulnerabilities have also been highlighted with strategies of dealing with them and control measures. These include security administration, architecture, and network-related vulnerabilities.
Beard, D. & Wen, H. (2009). Reducing The Threat Levels for Accounting Information Systems. NewYork: New York State Society.
DePoy, J. (2003). Common Vulnerabilities In Critical Infrastructure Control Systems. Sandia, U. S. : Sandia Corporation.
Ludwig, M. (1996). The Little Blackbook of Computer Viruses. Tucson, Arizona: American Eagle Publications, Inc.
Vilcinskas, M. & Niman, P. (2000). Security Strategies. New York: Inobits Consulting Pty Ltd.
Warigon, S. (1997). Data Warehouse Control and Security. London: The ledger.