CS6035 Introduction to Information Security

Identification Of High-Risk Vulnerabilities

Vulnerability is a weak spot that can be oppressed via a cyber assault to gain illegal entrance to or function unauthorized movements on a system of a computer in cybersecurity. Vulnerabilities can permit attackers to track and run code and give access to a memory of a system, installation of malware, and destroy, steal, or adjust sensitive data (Lezzaik,  Milewski & Mullen, 2018). Moreover, vulnerability is a fault in internal controls, information systems, and procedures of system security, or implementation that might be activated by a dangerous source. There are two types of vulnerability such as low-risk vulnerability and high-risk vulnerability. The low-risk vulnerabilities are open access, no lockout policy, simple password, default identification, weak encryption, insecure protocols, etc. High-risk vulnerability is made by the combination of low-risk vulnerabilities (Fusar-Poli et al., 2017). High risk vulnerabilities are process vulnerability, human vulnerability, operating system vulnerability, network vulnerability, security vulnerability, etc. Here is some description of high risk vulnerabilities.

a) Process Culnerability

Process vulnerability is formed by particular process control. It is formed by using a weak password.

b) Human Vulnerability

Human vulnerability is formed by the human as the error created by a user can effortlessly expose susceptible data and for the weak linkage in cybersecurity design.

c) Operating System Vulnerability

These vulnerabilities arise in an operating system (Decan, Mens & Constantinou, 2018). Hackers make the most of access to the operating system and damage the data of the system.

d) Network Vulnerability

Network vulnerability is arisen by the third party. The software and hardware of the network are exposed by the third party like weakly configured firewall and apprehensive Wi-Fi admittance point.

Identify undetected vulnerabilities using a software application

In the world, there are many vulnerabilities. Some of that can be detected and some of that can be undetected. The detectable vulnerabilities are detected by the vulnerability defender software applications. But the indictable vulnerabilities are not detected by the vulnerability defender software applications such as buffer overflow, logging issues, web service issues, sensitive data protection failure, libraries issues, cross-site scripting, missing authentication, missing authorization, SQL injection, etc (Andrade et al., 2017). Here are some descriptions of some undetected vulnerabilities.

a) Buffer Oerflow

Buffer overflows are regularly occurring types of software program vulnerabilities. When someone attempts to put something that is too massive into reminiscence that is too little, unpredictable stuff happens.

b) Logging Issues

If log files are manipulated by someone through logging then logging issues occur. It can assist the user to become aware of an attack and viable harm after the piece of information. But sometimes users do not control to get entry to the log documents. In that case, vulnerabilities can assist the hacker in doing it.

c) Sensitive Data Protection Failure

Connectivity loss threatens clients temporarily. But sensitive records loss threatens clients for the relaxation of their regular lives. And it can have severe penalties for the user's business but protecting statistics in the transfer is hard.

d) Missing Authentication

Authentication is to ensure that users and they can continue with the access path. Continuous access needs session management. Attackers can access the sectional's paths without any session management because of the missing authentication.

Operational Impacts of Successful Attacks

Vulnerabilities are very dangerous and most of the attacks have happened in private companies, industries, and organizations (West, 2018). The entire business of any industry is hampered by cyber attacks. The business faces many challenges and losses due to web attacks.

1. In current years, Ransomware is the most leading threat, especially for private enterprises. In 2020, the occurrence of Ransomware assaults is rising exponentially with the aid of a global survey of five thousand IT managers in Cognizant Company. Ransomware is dispersed through mass e-mails with the aid of authoritative botnets. Ransomware encrypted the whole data files that took the group offline for ten days and that was very serious as the employees could not do their job.
2. Transportation company comfortable security gearshifts to help workers to be creative during the COVID-19 pandemic situation and attackers shift their strategy in malware attack and take benefit of the disorder caused by inaccessible work (Robinson et al., 2020).
3. The Google attack happened in 2017 as the UDP augmentation attack sourced away of numerous Chinese ISPs (ASNs 9394, 58453, 4837, 4134) which remainder the major bandwidth attack.
4. The Mirai Krebs attack happened in 2016. Mirai botnet is the source of the Mirai Krebs attack that consists of six lakhs internet of things such as video players, home router, and IP cameras.
5. The Six Banks DDoS attack happened in 2012 such as a bank of America, PNC Bank, Wells Fargo, Citigroup, U.S. Bank, and JPMorgan Chase. These attacks were approved by hundreds of servers that are hijacked from Brobot, a botnet.

Test the ability of network defender to detect and respond

Cybersecurity is a system of protection against vulnerabilities for computers, laptops, mobile phones, etc. There are several ways to detect vulnerabilities such as log monitoring, log management, traffic monitoring, etc. Some responses against web attacks are there such that disaster recovery, forensics investigation, incident response, etc. To protect system security from cyber and web attacks security architectures, security in-depth, appropriate configuration, security policies are needed. Moreover, network defenders protect the operating system from cyber and web attacks such as Phishing, Malware, Ransomware, Internet-facing vulnerabilities, Business email account takeover, Key incident response messages, etc.

a) Phishing

Vulnerabilities can be detected from Phishing through emails that are unexpected from an unknown or recognized person. If the character or dialog appears out-of-the-blue, be affirm and vigilant the email is legal. Emails that incorporate attachments or hyperlinks those attachment and hyperlinks act as a back door to the user's network (Alsariera et al., 2020). Emails which are received by a user check the error of spelling and unusual domains in that email. And make sure that the user's email ID is not used by any other party.

b) Malware

Vulnerabilities can be detected from Malware through a blue screen of death (BSOD) and slow computer. Whitelisting a particular application or function ensures a device will allow installing only pre-approved applications in a device from being installed and downloaded (Le Sceller et al., 2017). If it detects any vulnerabilities it will separate the device from the system.

c) Internet Facing Vulnerabilities

Internet-facing vulnerabilities are detected through audit the web servers, firewalls, and routers with dispersion tests. If anyone gains entrance to the network for vulnerabilities, the association is a threat. Disconnect the devices from the network.

References

Alsariera, Y. A., Adeyemo, V. E., Balogun, A. O., & Alazzawi, A. K. (2020). Ai meta-learners and extra-trees algorithm for the detection of phishing websites. IEEE Access, 8, 142532-142542. https://ieeexplore.ieee.org/iel7/6287639/8948470/09154378.pdf

Andrade, S. B., Le Boudec, J. Y., Shereen, E., Dán, G., Pignati, M., & Paolone, M. (2017, October). A continuum of undetectable timing-attacks on PMU-based linear state-estimation. In 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm) (pp. 473-479). IEEE. https://people.kth.se/~gyuri/Pub/BarretoZPDLP_SGC2017_Continuum.pdf

Decan, A., Mens, T., & Constantinou, E. (2018, May). On the impact of security vulnerabilities in the npm package dependency network. In Proceedings of the 15th International Conference on Mining Software Repositories (pp. 181-191). http://applications.umons.ac.be/docnum/c7b423fd-d183-486c-9cec-966066b9b364/C9345D51-B92C-4551-BF50-1FA8CF0A6691/paper.pdf

Fusar-Poli, P., Tantardini, M., De Simone, S., Ramella-Cravaro, V., Oliver, D., Kingdon, J., ... & McGuire, P. (2017). Deconstructing vulnerability for psychosis: Meta-analysis of environmental risk factors for psychosis in subjects at ultra high-risk. European Psychiatry, 40, 65-75. 

Le Sceller, Q., Karbab, E. B., Debbabi, M., & Iqbal, F. (2017, August). Sonar: Automatic detection of cyber security events over the twitter stream. In Proceedings of the 12th International Conference on Availability, Reliability and Security (pp. 1-11). 

Lezzaik, K., Milewski, A., & Mullen, J. (2018). The groundwater risk index: Development and application in the Middle East and North Africa region. Science of the Total Environment, 628, 1149-1164. 

Robinson, L., Schulz, J., Khilnani, A., Ono, H., Cotten, S. R., Mcclain, N., ... & Tolentino, N. (2020). Digital inequalities in time of pandemic: COVID-19 exposure risk profiles and new forms of vulnerability. First Monday. https://journals.uic.edu/ojs/index.php/fm/article/download/10845/9563

West, J. (2018). A prediction model framework for cyber-attacks to precision agriculture technologies. Journal of Agricultural & Food Information, 19(4), 307-330. 

The best thing about getting paper help from us is that you will get proofreading services by default. You don’t have to pay extra charges for the proofreading services if you seek assignment writing services from us. The proofreaders ensure that your paper is devoid of any mistakes. From the sentence structures and punctuation to relevance and context, our team of ghostwriters take care of everything. Expect nothing but higher grades when you opt for our assignment writing service. Do not hesitate to avail yourself of our essay writing service if essay writing isn’t your cup of tea. We have the best team to assist you.