Ensuring the stable operation of the information infrastructure of a company and securing its data and assets from the growing number of external and internal threats is a challenging venture. Because new vulnerabilities are discovered every day, sometimes by malicious computer professionals, enterprises must be ready to react instantaneously to new threats while making the best effort to prevent security incidents from taking place.
Therefore, all organisations today are developing and implementing security strategies, listing potential risks, and proposing a prevention method or an immediate response plan. This report encompasses the common vulnerabilities and threats and presents the readers with possible approaches for their resolution. It views security from the computer, network, and information viewpoints and discusses the role of security in each domain. This report can be used to develop and implement a more thorough information security strategy for the organisation.
This section describes the common vulnerabilities and threats that pose a risk to the security of computer systems within the company. It should be noted that computer security not only deals with the protection from viruses and information theft but also encompasses notions of hardware security, software security, and the prevention of system disruptions and misdirection. Because increasing the number of protection layers leads to a degradation in user experience, and hence, employee productivity, computer security strategy should be developed in such a way that it balances the trade-offs.
Common Vulnerabilities and Threats
A vulnerability can be a result of a weak system or software design or discrepancies in operation and internal control. When a vulnerability is unknown to any party, it may not be classified as a threat. However, when the vulnerability is found and an exploit is developed to use that vulnerability for malicious purposes, it is a severe security threat that should be eliminated as soon as possible.
It refers to any program or method within a program that secretly bypasses all security mechanisms and grants unauthorized access to a malicious individual who planted that backdoor (Pfleeger, Pfleeger, and Margulies, 2015). They may also exist because of pitfalls in design or misconfiguration. In most cases, however, backdoors are small ghost applications that are installed by a malicious user directly or by an authorized employee who plants it while installing other software, such as a freemium program (Pfleeger, Pfleeger, and Margulies, 2015). One of the security mechanisms to prevent employees from unintentionally imposing harm is to limit their capability to install software on their computers.
When a malicious user attempts to gain access to private employee data such as usernames and passwords, they often use the technique of phishing. They design a fake website that looks and feels almost exactly like the legitimate version and can only be identified as counterfeit by carefully examining the web address (Pfleeger, Pfleeger, and Margulies, 2015). Because the majority of users do not pay attention, they tend to enter their login details without any suspicion. The fake service, in turn, collects such information and stores it elsewhere on a remote server the malicious person has access to (Pfleeger, Pfleeger, and Margulies, 2015). Phishing is not an explicit system vulnerability because it results from user mistakes and a lack of appropriate training.
This situation results when an authorized user with limited access to the system gains full privileges to tamper with the secured data and services. Outdated security patches and bugs in the operating system are common reasons why privilege escalation vulnerabilities emerge (Pfleeger, Pfleeger, and Margulies, 2015). Encrypting the firmware components and requiring the operating system kernel-mode code to be digitally signed is among the prevention strategies (Pfleeger, Pfleeger, and Margulies, 2015).
In some cases, a bug in a user application, such as a web browser, can lead to a privilege escalation. For instance, if a mistake makes the software access the memory of another program, it leads to a buffer overrun. In this context, software developers are responsible for the prevention of privilege escalation. Using secure coding techniques and employing compilers that detect buffer overflows are some of the possible methods (Pfleeger, Pfleeger, and Margulies, 2015).
When the computer system is secure and not feasible to penetrate by exploitation, malicious individuals may target system users and manipulate them into performing actions that jeopardize the security of the system or provide the person with confidential data (Pfleeger, Pfleeger, and Margulies, 2015). This type of attack is called social engineering, and the company should be capable of protecting its infrastructure and assets from these external threats. Social engineering is comprised of techniques, such as phishing, which was discussed earlier, vishing, smishing, and impersonation (Pfleeger, Pfleeger, and Margulies, 2015).
Vishing is using telephone calls for manipulation, and smishing uses SMS messages for these purposes. Impersonation is pretending to be a different person to gain physical access to a system or building. Besides employee training, there should be adequate internal control processes to prevent social engineering incidents from happening. For instance, if an employee loses his phone, all access should be immediately voided, and new credentials should be provided.
When a malicious user attempts to masquerade his or her computer or email address as a different entity, it is called spoofing. This attack is primarily used when there is a need to circumvent IP filters, MAC filters, or email filters. Because of the variety of end goals, spoofing is categorized into four types – email spoofing, IP address spoofing, MAC address spoofing, and biometric spoofing (Bishop, 2019). Packet filtering can be used to identify conflicting information regarding the source IP addresses and thus is capable of preventing IP address spoofing attacks. There are also specialized software suites that can detect spoofing.
In the security context, tampering may relate to modification of data with the goal of misleading or tricking the system and to a situation in which a malicious user modifies the firmware code of a specific device (Pfleeger, Pfleeger, and Margulies, 2015). In the latter case, critical devices may receive updates from a fake server and install software to augment their functionality. For instance, routers can be tampered with in order to plant a surveillance capability into them and obtain a way to remotely access the device. Evil Maid attacks are also common when some unattended server, router, or switch may be modified to grant access to the malicious attacker (Pfleeger, Pfleeger, and Margulies, 2015).
These attacks are the most severe and may lead to critical financial losses and data thefts. The attack occurs when a malicious user starts sending packets at an unprecedented speed that the server is unable to handle and eventually fails. Contemporary systems, however, have the capacity to respond to millions of packets per second, and one single user is not able to do any harm to the system.
Therefore, attackers developed a more robust approach – they take over computers of regular users worldwide by planting bots that are usually distributed with pirated software. These bots, under the command of the attacker, may simultaneously launch a targeted attack, which eventually results in service outages and disruption (Pfleeger, Pfleeger, and Margulies, 2015). There is no single method of preventing denial-of-service attacks because there are different methods of crafting such attacks.
All software that is written by the in-house developers should conform to the secure coding practices in order to avoid the introduction of security bugs. One of the common security vulnerabilities is buffer overflow – developers should carefully test the software before sending it to production (Pfleeger, Pfleeger, and Margulies, 2015). Another vulnerability is the code injection flaw, where the carefully crafted user input may be interpreted as an instruction rather than just input (Bishop, 2019). This bug may allow malicious users to execute their code on the server. One example of a code injection flaw is Shellshock, which affected the Unix Bash Shell (Pfleeger, Pfleeger, and Margulies, 2015). It was identified that a bug in the program could allow the users to gain access to other services on the system.
Continuous Testing and Continuous Integration
One of the trending topics in the computer industry today is DevOps (Bishop, 2019). It is a culture in which it is essential to continuously test all changes in the software and continuously integrate these small alterations with the production version of the software. As a result, it is easier to track changes and detect bugs. If a certain version introduces vulnerabilities, the latest stable version is put to production instead.
Because each iteration in the software development cycle is short, it is much easier to maintain the product because only a small amount of alterations is made. Previously, when the development cycles were long, it was challenging to integrate the new version of the software with the infrastructure (Pfleeger, Pfleeger, and Margulies, 2015). It was also hard to detect bugs because of the vast amount of changes.
There is no use in designing and developing a secure system if users do not have the capacity to operate them according to security principles. Even the most robust password may not bring any benefits if the user reveals it to the malicious attacker. Therefore, it is vital for the company to train its personnel, inform them about common pitfalls and common attack techniques malicious individuals use (Pfleeger, Pfleeger, and Margulies, 2015).
Employees should be equipped with the necessary knowledge so they do not become victims of phishing attacks or other social engineering tactics. The greatest security vulnerability of any information system is the people that use that system. This notion led to the emergence of usable security, where systems are designed in such a way that they provide a pleasant user experience while conforming to the security standards.
Network security is a set of policies and procedures that are used to manage and monitor computer networks in order to prevent their misuse. Ensuring the stable operation of all nodes, using network-level authorization to grant access to specific resources, and controlling the throughput are some of the tasks of network security. It may not be feasible to design a system that is 100% secure from all attacks; therefore, it is more convenient to put the node behind a firewall and use access policies to authorize users.
One of the most common standard-based frameworks is Authentication Authorization and Accounting (AAA) (Pfleeger, Pfleeger, and Margulies, 2015). Before accessing the network, the user is authenticated, and the network security system sees what resources can be accessed by this user. For instance, a payroll database should only be accessed by the application server and must be restricted to other nodes.
Server Roles to Secure
There are certain nodes that should not be accessible by end-users unless it is a system administrator or server that requires access to the resources. It is possible to implement the security system for such a scenario by installing firewalls and configuring access control lists. For instance, Cisco firewalls, by default, block all traffic when access control lists are turned on. The administrator should whitelist the nodes instead of blacklisting them. This method is considered to be a convenient security measure. Monitoring can be done both on an IP address basis and on a destination port basis.
Databases are among the most critical nodes in the network because they usually contain sensitive data and resources that are vital for the operation of other services, such as payroll. Therefore, it is important to secure these nodes to prevent unauthorized access. The goal can be achieved by protecting both the database management system with a username and password and also by securing the server itself (Pfleeger, Pfleeger, and Margulies, 2015). It should be noted that all communications with the server must be encrypted to prevent a malicious user from obtaining a password through packet sniffing. On a network level, access control lists can be used to block any user from reaching the server.
DNS Server Security
DNS servers are critical for the operation of almost all applications because of the heavy reliance on domain names instead of static IPs. Generally, an enterprise has at least two internal DNS servers – one primary and one for backup (Bishop, 2019). Vulnerabilities emerge when there are internal resources that should be accessible by the nodes in an external network. For instance, the company’s website may be running on a server located internally. Only the information on that particular node should be revealed by the DNS server to external users (Pfleeger, Pfleeger, and Margulies, 2015). If a malicious user obtains information about the topology of the company’s internal network, they may use this information to launch denial-of-service attacks.
Customer-facing web servers are the primary source of vulnerabilities if the network is not designed appropriately. It is a bad practice when a single server is used for both internal and external applications. Web-server that is accessible to customers should be installed on a separate node and hosted on a containerized network environment or DMZ (Pfleeger, Pfleeger, and Margulies, 2015). The reason is that a malicious individual may use a software utility like traceroute to identify other hosts in the internal network, beginning with the edge router. Port security is also critical in this context. Because the web server’s only responsibility is to serve web pages to customers, all ports besides 80 and 443 must be closed (Pfleeger, Pfleeger, and Margulies, 2015).
Malicious users may also target routers and attempt to obtain access. In order to increase the security of routers, administrators must only use SSH for remote connection because usernames and passwords can be sniffed easily if the connection is not encrypted. Therefore, it is a bad practice to use and even enable the Telnet protocol on routers (Pfleeger, Pfleeger, and Margulies, 2015). Revealing the IP addresses of routers creates a vulnerability because the attackers may then target individual routers in an attempt to overflood them with traffic or to brute-force login credentials. Blocking the router from responding to incoming ICMP messages prevents tracerouting and informing of the host’s availability (Pfleeger, Pfleeger, and Margulies, 2015).
Layer 2 switches, when not configured with security in mind, can be a source of a number of vulnerabilities, such as denial-of-service attacks and MAC flooding. Because switches are often used to separate physical networks into few virtual ones, misconfiguration may lead to a situation where an individual with no administrative privileges has access to a different subnet where production servers reside. Therefore, appropriate VLAN IDs must be used when trunking (Pfleeger, Pfleeger, and Margulies, 2015). To prevent denial-of-service attacks, unused protocols must be turned off on switches (Pfleeger, Pfleeger, and Margulies, 2015). Port security mechanisms must be enabled to avoid MAC flooding attacks.
Packet Filtering Firewalls
This type of firewalls examines each packet that attempts to enter the network and only allows it to go through if the pre-set rules do not prohibit it. The administrator preconfigures the firewall indicating what source and destination IP addresses and what port numbers are allowed (Bishop, 2019). The primary benefit of these firewalls is that they are inexpensive both in terms of financial costs and in terms of the time it takes for one packet to be inspected (Bishop, 2019). However, packet filtering is stateless, meaning that firewalls assume that packets contain legitimate information (Bishop, 2019). However, contemporary techniques such as IP spoofing can be used to circumvent this security measure.
Physical Security and Availability
Security should be implemented not only on the digital level but also on the physical. It does not matter how complex the system for preventing denial-of-service attacks is if any malicious user may physically access the server and switch it off. Furthermore, the operation of the enterprise heavily relies on the uninterrupted functioning of its information services. Therefore, there should be security and risk mitigation strategies that would minimize the impact of natural disasters and power outages. All critical services should be connected to backup power sources and UPS devices.
Principles of Data Encryption
The main principles behind data encryption are ensuring the privacy of the data owner, confirming that the data was sent from a person who claims to be the sender, guaranteeing that the information was not altered midway, and non-repudiation (Pfleeger, Pfleeger, and Margulies, 2015). Data encryption is implemented differently on application and network-level, but the basic principles are the same.
For instance, payloads in the network packets are usually secured using asymmetric key algorithms, such as the one in SSL protocol. With the network-level encryption, the data is encrypted only during network communication. If the information needs to be encrypted while on a hard drive, then it can be manually hashed using MD5 or SHA256 algorithms (Pfleeger, Pfleeger, and Margulies, 2015). Some operating systems provide a built-in capability to store files in encrypted mode. One example is BitLocker, which is available on Windows machines.
Information Security Strategy
|Risk or Vulnerability||Prevention or Response|
|Backdoors||Only system administrators are allowed to install software on company equipment. Devices that are brought as part of the BYOD initiative should be provisioned using a Mobile Device Management solution.|
|Social Engineering||Consistently conduct appropriate training for personnel.|
|Denial-of-service Attacks||Secure DNS servers, in-house software must be developed using secure coding practices, all software must be continuously tested.|
|Tampering||Critical devices should only be accessible by authorized personnel from the Operations department. Firmware should only be updated using SFTP (in contrast to plain-text FTP). Devices should only accept digitally signed firmware.|
|Server Security||Authorization should occur both on the application and network level. The network should be adequately subnetted, database servers residing in a private virtual LAN, and public web-server residing on a DMZ.|
|Router and Switch Security||Unused ports should be turned off, ICMP messaging should not be used. Routers should exchange routing tables only with authorized routers. Each VLAN should have its own VLAN ID, and trunking should be implemented properly. Remote access should only be available through SSH.|
|Data Security||All communications should be encrypted with SSL and with at least 256-bit encryption. Using packet sniffing software, such as Wireshark, should be prohibited unless it is authorized personnel. Therefore, hubs are prohibited (only Layer 2 switches are used), and wireless networks should not be connected to critical network areas.|
In the contemporary world, the security strategy of a company should become an essential part of the organisational strategy of the company. That is because the information infrastructure of companies plays a critical role in their processes and operations. Therefore, corresponding managers, along with security professionals, must devise a security strategy within the company. This report provided an overview of potential vulnerabilities and threats, discussed the parts of the infrastructure that should be secured, and provided information on possible mitigation techniques.
Bishop, M. (2019) Computer security: Art and science. Pearson Education.
Pfleeger, C., Pfleeger, S., and Margulies, J. (2015) Security in computing. Westford: Pearson Education.