Securing the Computer Networks Trojan Attacks

Question: 1. Describe approaches to computer security including access control, identity verification and authentication in order to minimize the cyber attacks on a system. 2. Apply the appropriate use of tools to facilitate network security to prevent various types of computer and network attacks, and malicious software that exists. Answer: Introduction Today millions of people are using the internet as a way to do transactions, companies using it as a medium to conduct and manage business. Therefore it can be said that, huge amount of money are transferred via internet. With this increasing day to day transactions the risk of cyber attacks are also increasing. These huge amount of money gets transferred either as the part of bank transactions or as a result of the consumer product purchases. There are different ways in which this financial information can be stolen by the hackers using the malwares, viruss warms and many other cybercrime tools (Mulliner et al. 2013). Therefore it is important for the users as well as the network administrator to protect the work stations inside the network from the different intruders. The information security can be defined as the controlling the unauthorized accedes or the alteration of the information. According to the Bhunia et al. (2014), in the present day the threats are used to gain the control over a system and to block the access of the actual user. Moreover, the attackers also use this control on the system to have some financial gain or intellectual property. The following report focuses on the attack of a Trojan horse on an organization, the approaches that are taken to minimize the effect and scope of penetration to the same network (Kalige, Burkey and Director 2012). Moreover, the report also focuses on the different counter measures to protect the network from the future attacks. Overview of the Scenario The most common attacks are mainly unstructured threats. The following case study is about a Trojan attacks on a network. These attacks are intended to steal information like the passwords, email correspondence and other user credentials (Fedler, Kulicke and Schtte. 2013). The same happened with a real estate agency in Newcastle. The Trojan attack deleted, modified and copied the confidential data without the consent of actual user. Moreover this malwares are responsible for the disruption in the performance of the work stations that resides inside a network of that agency (Acharya, Dutta and Bhoi 2013). As an example it can be said that, may be user or a employee downloaded a file that seems to be a movie or a mp3 file, but when the users clicks on the program or file it unleashes a program or executable that erases the whole data on the disk, sends the credentials to the hacker. Basic Network Diagram In the home network there is a firewall that filters the different viruses and worms that try to intrude inside the network. More over there is a laptop, PC, data storage, printer and a wireless device (the smart phone). Figure 1: Basic home network (Source: Created using Visio) Identification and level work station and the network components of the diagram In the above depicted diagram some of the devices that are connected with the home network station are discussed below: Firewall: It mainly helps in doing both the monitoring and controlling of both incoming as well as outgoing network traffics that are mainly based on prearranged security protocols. Router: Router is mainly one of the network devices that transfer data packets among the computer networks. In addition, router also undertakes the duties of traffic directing functions over the internet. Fedler, Kulicke and Schtte (2013) discussed that data packet which typically forwarded through networks consists the types of internetwork until in delivered to the destination node. Level workstation: In level workstation, it mainly consists of database, PDA and virtual PC that are connected. Other devices: Some of the other devices include tablet devices; PCs, Laptops, printer etc are mainly connected with the whole network diagram. In the above network diagram the devices like the laptops and the Smartphone devices are mainly affected by the Trojan attack. Explanation of Current Access Control The existing access controls mechanisms are role based access control methods, mandatory access control and discretionary access control. Role based access control: In case of the role based access control, the access of an individual to some information and resource are allowed or restricted by the different banks according to their role in the organization (Mulliner et al. 2013). Mandatory access control: In this access control method, every user in the banks network, resources are classified and assigned with a security label by the operating system (Bhunia et al. 2014). Moreover in this model the users are not the decision makers about the accessibility of their created files at the banks. The users do not decide who can access their files. The rules are created and modified by the security officer or the network administrator. Discretionary access control: As the name suggests, the accessibility of the different files or resources of the different banks are decided according to the users discretion (Golchha,Deshmukh and Lunia 2014). The owner of the resource can allow or restrict the access of the other users to their files or resources. Different verification authentication measures: The existing authentication and verification methods are discussed below, Network access authentication: In this type of authentication method, the user has to authenticate them every time the user tries to access any of the network services. Logon authentication: In this authentication system, the user must be authenticated in order to enter in the network (Fedler et al. 2013). This can be done by entering a pin, by using a smart card or by using their fingerprint. In addition to the above techniques, the group policy and the passwords policies are also enforced in the organization to protect the work stations and the network devices from the malwares specifically from the Trojans. Description of the IT Security Information Steps in a Trojan attack: The following section provides a detailed description about the steps in the Trojan based malware attacks, Step1: In this step the users of the apps of the different banks unknowingly clicks on a malicious link or opens a Phising mail and the Trojan gets downloaded on their devices (Bhunia et al. 2014). In the next phase the program or the Trojan waits for the user to login into their respective user accounts. Step 2: Here, when the users log in to their user account through the banks app, the Trojan intercepts the session of the user and inserts a JavaScript into the users login page of the app. The next time, users log into its system or device the injected file produces some kind of security upgrade alerts and instructs the users to follow some certain steps to install the upgrade (Acharya et al. 2013). In the next steps user is asked to enter the personal as well as financial data to get the upgrade. Step3: The Trojan delivers the whole personal and financial data from the users device to the attacker at the remote site (Bhunia et al. 2014). This information is further used in the future attacks. Step 4: In this step after getting the users personal and individual information of the banks customers, the virus itself or the attacker sends mail or SMS to the user asking them to complete the upgrade process. Moreover, in some cases the users asked to click on an attached link with in the mail or the SMS (Mulliner et al. 2013). Also in some cases the hacked devices are controlled by the remote hacker. After clicking on the given link in the SMS, the mobile devices or the workstations gets infected by the Trojan. After clicking on the provided link the users workstations gets infected and the remote hacker can get the information of the further activities of the users gets transferred to the hacker. Description of Steps to Minimize the Avenues of Trojan Based Attack To minimize the avenues of the Trojan attacks some preventive measures can be taken. 1) First of all it is to be ensured that all patches for the operating system, antivirus programs and applications are installed (Fedler et al. 2013). Many security problems or the attacks that occurs for viruses and worms, mainly exploits the known vulnerabilities of the softwares, for which patches exist. Therefore installing the latest patches for the applications can help in minimizing the probability of the attack. 2) In the second step that can be used is to limit the services that are running on the system (Bhunia et al. 2014). This in turn reduces the number of patches that needs to be installed. 3) Another way to minimize the chances of the attack is to restrict the availability of the information about the resources and processes outside the organization. Since the hackers or the attackers are mainly after the information and try to get the organizational information. Approaches for workstation and network level security In order to secure the workstations from the Trojan attacks, the antimalware programs are used so that they can detect and defend the systems from the Trojans. Moreover full back up of the data of workstations is to be done on a regular basis (Bhunia et al. 2014). The best way to clean an infected file is to replace it with an original non-infected file. The web browsers are not allowed to execute programs automatically or to download files from internet. For the network level security the gateway virus scanning system is implemented in the network (Acharya et al. 2013). Since all the source codes of the major Trojans are publically available, and if a new kind of virus tries to attack the network it can be only prevented by using an executable scanner. List of major security problems of the network List 3 security problems and Their Infiltration DNS Tunneling: The use of the botnets in the brute force attack technique is also used in Trojan attacks. DNS is used as a covert communication in terms of bypass the firewall security in the server. Through it, attackers is able to tunnel the other protocols such as TCP, SSH, etc. Through DNS tunneling attackers can tunnel the data infiltration in the network. Following diagram show the same Figure 2: DNS Tunneling (Created By Author) Cache Poisoning: Hackers or attackers consistently updates and releases new threats and exploits the flaws of the different application and system softwares (Kalige, Burkey and Director 2012). These pitfalls can cause harm to the network if the latest released patches are not in place. If the latest patches are not used in the laptop, computer or to the smart phone devices then they became easy targets of the attackers. Herzberg and Shulman (2013) argued that it is the corruption of DNS cache data. Through cache poisoning, attackers can theft the credential information like log in details, credit card numbers, etc. Following diagram is showing the process of Cache Poisoning Attack Figure 3: Cache Poisoning (Created By Author) TCP SYN Floods: This technology allows the attackers to stop the server and helps in making new connection requests where they can legitimate the information of users. This technology uses 3-way handshake that begins with TCP connection (Kolahi et al. 2014). Hackers send to user the spoofed SYN packets including IP address of a bogus destination. Figure 4: TCP SYN Floods (Created By Author) Analysis and Presentation of Solution Counter measures to protect the network for 3 identified problems In order to protect the network from the Trojan attacks the network administrator needs to create the complex passwords so that they cannot be guessed or tracked easily (Acharya et al. 2013). Also it is advised that the users should take care of the different programs that run at the start up computer. Because the Trojans like the Rootkits are mainly used to corrupt the boot sector of the storage device (Mulliner et al. 2013). On the other hand the different applications must be patched as soon as the companies release the patches for its products. Prevention= Prevention+ (Detection+ Response) Firewalls Audit log Backups Encryption Intrusion detection system Incidents response teams Honey pots Computer forensics Explanation of the security principle The security principle to protect the networks is principle of least privilege. The principle of least privilege states that, the users have the least amount of privilege to perform and complete the business processes (Bhunia et al. 2014). Moreover, when a new feature is added to the applications then it adds some certain risks to the overall system too. Therefore for the development of the application must be done using the secure development methodology. It helps to reduce the total attack surface area. Prevent the cyber attacks and frauds, it is important to separate the different duties and responsibilities of the different users (Wei and Potkonjak 2012). Therefore, it can be said that the network administrator cannot be the user of the application. Summary of the approaches taken to protect the network Since the threat of the cyber attacks or particularly the Trojan attacks are increasing day by day. Different measures are taken to counter these attacks like, access control mechanisms, minimizing the different avenues of attack (Bhunia et al. 2014). In addition to that to protect the network at the workstation level as well as on the network level some measures are also taken this measures includes the backing up the whole data of the system, control over the web. Lessons learnt From the case study it is learnt that, even though the apps for the banks are intended to provide convenience to its customer, but the due to the unsecured use of the apps the attacker was successful in injecting the Trojans in the users device to steal financial as well as personal information and huge amount of money is robbed from the banks. Therefore the users and the bank officials should use the apps and the information of the banks in a secured environment. It will be helpful in protecting the data from the breach and attacks. Moreover, to protect the data of the bank as well as the customers should use the firewall and anti viruses in its computer networks. Conclusion Trojans are malicious software that pretends to be something desirable and necessary, but they are more dangerous than viruses and worms. This Trojan may steal the users data, damage and even erase the users disk. There are different programs that can open sockets or automatically run a program at the time of start up of the workstations. Therefore the users have to control the access of the Trojan in the network. Moreover, the detection and the prevention mechanisms need to be updated periodically so that the new threats can be detected and stopped before it infiltrate into the network. References Acharya, H.S., Dutta, S.R. and Bhoi, R., 2013. Network and Information Security Issues.International Journal of Innovative Research and Development|| ISSN 22780211,2(2), pp.400-406. Bhunia, S., Hsiao, M.S., Banga, M. and Narasimhan, S., 2014. Hardware Trojan attacks: threat analysis and countermeasures.Proceedings of the IEEE,102(8), pp.1229-1247. Fedler, R., Kulicke, M. and Schtte, J., 2013, November. Native code execution control for attack mitigation on android. InProceedings of the Third ACM workshop on Security and privacy in smartphones mobile devices(pp. 15-20). ACM. Ghai, S. and Verma, A., 2015. Network Security Using Divergent Firewall Technologies.IITM Journal of Information Technology,1, p.29. Golchha, P., Deshmukh, R. and Lunia, P., 2014. A Review on Network Security Threats and Solutions. Henson, M.J., 2014.Attack Mitigation through Memory Encryption A Thesis Submitted to the Faculty(Doctoral dissertation, Dartmouth College Hanover, New Hampshire). Herzberg, A. and Shulman, H., 2013, December. Socket overloading for fun and cache-poisoning. InProceedings of the 29th Annual Computer Security Applications Conference(pp. 189-198). ACM. Kalige, E., Burkey, D. and Director, I.P.S., 2012. A case study of eurograbber: How 36 million euros was stolen via malware.Versafe (White paper). Kolahi, S., Alghalbi, A.A., Alotaibi, A.F., Ahmed, S.S. and Lad, D., 2014. Performance Comparison of Defense Mechanisms Against TCP SYN Flood Cyber Attack. Liu, C., Cronin, P. and Yang, C., 2016, January. A mutual auditing framework to protect IoT against hardware Trojans. In2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC)(pp. 69-74). IEEE. Lucamarini, M., Choi, I., Ward, M.B., Dynes, J.F., Yuan, Z.L. and Shields, A.J., 2015. Practical security bounds against the Trojan-horse attack in quantum key distribution.Physical Review X,5(3), p.031030. Lucamarini, M., Choi, I., Ward, M.B., Dynes, J.F., Yuan, Z.L. and Shields, A.J., 2015. Practical security bounds against the Trojan-horse attack in quantum key distribution.Physical Review X,5(3), p.031030. Mulliner, C., Borgaonkar, R., Stewin, P. and Seifert, J.P., 2013, July. SMS-based one-time passwords: attacks and defense. InInternational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment(pp. 150-159). Springer Berlin Heidelberg. Tenenboim-Chekina, L., Barad, O., Shabtai, A., Mimran, D., Rokach, L., Shapira, B. and Elovici, Y., 2013, April. Detecting application update attack on mobile devices through network featur. InComputer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on(pp. 91-92). IEEE. VukoviĆ¡, O., Dn, G. and Karlsson, G., 2014. Mitigating Gray Hole Attacks in Industrial Communications using Anonymity Networks: Relationship Anonymity-Communication Overhead Trade-off. Wehbe, T., Mooney, V.J., Keezer, D.C. and Parham, N.B., 2015, October. A Novel Approach to Detect Hardware Trojan Attacks on Primary Data Inputs. InProceedings of the WESS'15: Workshop on Embedded Systems Security(p. 2). ACM. Wei, S. and Potkonjak, M., 2012, April. Wireless security techniques for coordinated manufacturing and on-line hardware trojan detection. InProceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks(pp. 161-172). ACM. Xue, M., Wang, J., Wang, Y. and Hu, A., 2015, August. Security Against Hardware Trojan Attacks Through a Novel Chaos FSM and Delay Chains Array PUF Based Design Obfuscation Scheme. InInternational Conference on Cloud Computing and Security(pp. 14-24). Springer International Publishing.