Information Technology Security Report

Question: Describe about the Information Technology Security? Answer: Abstract Information security is an issue that is becoming more important as we are becoming more and more dependent on information technology and Internet. In this paper, it will find details about IT security that is a sub domain of information security. Different security attacks, counter measures, real life statistics about information security will be discussed in the report. It will find out the importance of IT security in our lives. Introduction Information security or InfoSec is an issue that is always an issue with information technology and its applications. With the emergence of information technology, the issues with information security have not reduced, rather those are also growing in number day by day. The attackers are also using the new technologies to update the patterns of their attack. The emergence of social media, internet of things, cloud computing etc. have make Internet more popular among people, more data are now getting transmitted over the internet, there are lots or devices other than laptops and computers that are connected with the Internet. Huge amount of personal and sensitive information about individuals, banking details, credit card information and other kind of business information are shared across such devices over the internet. So, attackers are more interested in stealing these information. Use of cloud computing has added the concept of virtualization. There are various information securit y issues with cloud computing that are hard to overcome as these issues are very inherent to cloud computing platform. There are regulatory, laws, legislation that enforces information security and implements security standard for securing our digital information. However, that does not provide much help. There are several dimensions of information security attacks, countermeasures of those attack. But the truth is, there is no way to stop these attacks all together. So prevention is the solution. There are best practices and other kind of information security implementations that can help in this context. (Whitman Mattord, 2011) In this report there will be extensive literature review on information security in the context of information technology or IT security, different methods followed in IY security, results and finding of IT security etc. Literature Review Information security is the process of securing physical ad digital format of data from some individual. It secures data from unauthorized access, deletion, modification etc. IT security is a sub domain of information security domain. IT security is more centered to computer and internet security. Thus, it needs to understand computer and network security for better understanding or IT security. It is hard to separate computer security and network security. Even discussion on IT security without considering information security, is not possible. Every fields are closely connected and dependent on each other. Computer is an electronic device capable of input/output of data, processing, storage and decision making on those data. Now the range of computers or computing devices has been expanded. Now laptops, smart phone etc., all comes under the category of computing devices. On the other hand a network is a system of connected computers and devices capable of sharing and transmission of information across the network. There are different types of private and public networks. For example, there is public network such as Internet. (Bishop, 2004) Thus, the whole infrastructure is a combination of the mechanisms and processes that connects a wide range of digital equipment and networks. It should facilitate data transmission. Securing the whole infrastructure refers to the notion of all tools, techniques etc. for giving protection to the hardware, software and data in the infrastructure. There should be no unauthorized or unintended access to data or systems, no accidental or intentional change or deletion of data etc. The reliance on computerized systems and internet are growing day by day, so the need for IT security is also growing. Sometimes the term IT security is used synonymously with the term cyber security. In general physical security of these assets and infrastructure is not considered to be an integral part of IT security, but an argument says that physical security should be considered as it gives full unauthorized access control to data that is stolen, or it can damage data. Thus it is considered to be a worse example of IT security breaches. There are some principles of information security and IT security is supposed to conform to those principles also. It says any cyber or IT security infrastructure should provide features like confidentiality, integrity and availability of the data and infrastructure. If the implementation or the infrastructure conforms to these features, then it will be considered as a secure system. Confidentiality is the process of making the data secure from any kind of unauthorized access. There are processes like authorization, authentication etc. that helps in implementing confidentiality in some system. Integrity refers to the process of ensuring that data is not damaged or modified by some unauthorized user. Thus legitimate user will get the pure form of data. This can be ensured by cryptographic solution like encryption, decryption. Digital signature etc. Availability ensures data will always be available to the legitimate users whenever required. There are processes like access control that ensures this. (Andress, 2014) IT security covers protection of data, hardware computing infrastructure and users. Data protection is available when data is in rest or in transit. There are various types of IT security attacks and countermeasures. Methods of IT Security Attacks Other than common virus attacks, attacks from hackers, theft of information, there are different kind of attacks like exploitation of system vulnerability, denial of services, backdoors, spoofing, tampering, exploitation, direct access attacks and many more. Exploitation of vulnerabilities There may be some weaknesses in a system that dampens the assurance of information security in the system. Sometimes these are hard to detect in advance. In some specific circumstances the vulnerability can be prominent or it may be hidden until some attacker exploits the vulnerability. There are three constraints to be met before exploitation of some vulnerability. Those are, There should be susceptibility or flaw in the system. An attacker should have access to the flaw. The attacker should be able to exploit the flaw. There are tools and techniques that are used by attackers for exploiting some vulnerability in a system. The vulnerability is sometimes termed as attack surface. Sometimes a security risk associated to an IT system is also called as vulnerability. However this is confusing. Risks have some significant losses. But vulnerability may not have some loss even if those are exploited. Thus a risk will be a vulnerability but every vulnerability may not be a risk. Denial-of-service attack Denial of service attack is a special kind of attack that does not try to get unauthorized access to some information system, rather it makes the system unavailable to the legitimate users. Victims are denied from getting the services from some system and the process is deliberately done by the attackers. Some examples of such attacks are, flooding a network with traffic overload and making down it, repeatedly entering wrong password on behalf of some user and making some system unreachable to them etc. Prevention of such attacks are very difficult. As it needs analysis of the total IT infrastructure and network for analysis of the patterns and behavior of the network. There are variation of this attack, for example DDoS or Distributed Denial of Service attack. In this case, a large number of zombie systems or compromised systems are used to make a botnet. Then there are some worms or virus, spread through victim network. The botnet sends overwhelming traffic thought the worms and makes the victim network unusable to the legitimate users. The victim network is flooded with simple network requests. The technique is to make the networking resources exhausted so that the network goes down. Other than that, there is another method to do DoS attack. That is using attack amplifier. There may be weakness in the network protocol design for a network. For example, poorly designed protocol like DNS, NTP etc. The attacker exploits some operating system vulnerability and instructs the poorly designed protocols to generate excessive flood that is unmanageable to the network. As a result the system or network get crashed and becomes unavailable. (Pfleeger Pfleeger, 2012) Backdoors Backdoor is a process that let enter into some information system of cryptosystem without going through the authentication process or any other means of secure access. The attempts of bypassing are kept undetected by the system and its security infrastructure. There is some special type of asymmetric encryption based attacks that resists the security system and helps reverse engineering even after detection and analysis. There may be specific computer application that is installed on the victim system or it may modify some already installed application on the victim system as a backdoor application. Even some hardware part of the system can be modified as backdoor application. Rootkit is a special form of backdoor application. It replaces the system binaries. Then it may hook into the process of function calling by the OS and makes it hidden to legitimate applications, services and users. Even it may supply wrong information to the application about resources and makes the system malfunctioning. Eavesdropping Eavesdropping happens to the data while transmitted through a transmission channel. It listen to the transmitting data. When there is a data transmission between two hosts in a network, then eavesdropping sneaks into the streaming conversation. Some specific application that helps in this process are installed on the ISPs. For example, application like NarusInsight, Carnivore etc. However, there are chances that a closed system may be a victim of eavesdropping. In this case the electromagnetic signal that carries data among different hardware parts of the system can be monitored secretly. For example, a specification called TEMPEST. (Bishop, 2004) Spoofing Spoofing is the process of masquerading a legitimate user by falsifying the credentials of the legitimate user. There are various protocols in the TCP/IP protocol suite that helps in authentication mechanisms. These mechanisms are implemented in the source or destination of some message. These protocols are vulnerable to spoofing. Thus these needs extra cautions while implementation. Before sending or receiving messages using these protocols the applications are needed to be sure of the identity of the sender or receiver. There are attacks like ARP spoofing attack, IP spoofing attack etc. These are a kind of man in the middle attacks in some computer network. Malware attacks Malicious software or malware are software that are used for disrupting the normal operation of some system or computers, gaining access to some data in an unauthorized way, gathering sensitive and critical information by stealing those etc. Intentionally malware are used for stealing information from some system. These are used by hackers and attackers as some tools. Some examples of prominent malware are, Regin, CryptoLocker, Stuxnet etc. (Davis, Bodmer, LeMasters, 2009) There are different types of application that comes under the malware category. Those applications include worms, computer viruses, spyware, Trojans, adware, ransomware, scareware and many more. A malware can take different application format. For example, active content, executable, scripts, code blocks etc. Other than attackers, malware are intentionally supplied by companies for different market research. For example, Sony used Sony Rootkit with the CDs sold by them. However, the process is illegal. (Blunden, 2013) Computer viruses and Trojans are some special kind of malware that are spread through replication. Once a system is infected by some of these viruses, it then replicates itself through the data files, programs, storage, boot sectors etc. on the infected hosts the viruses do some nuisances sometimes. Or sometimes they just be dormant. Common problems with viruses are spamming, corruption of data, unauthorized access or stealth of information, stealing computing resources like memory, CPU cycles etc., display of error messages, key stroke logging etc. Computer viruses are just piece of codes and those are used for exploitation of security vulnerabilities in IT systems, computers and applications. Social Engineering With reference to information security, social engineering is a psychological manipulation of the peoples information and finding out the sensitive ones. The goal of social engineering is to play a confidence trick that helps in gathering information from people and use of those information in system access, fraud etc. There are different types of social engineering techniques. Most of these are based on decision making process by humans or cognitive biases. These are also termed as bugs in human hardware. Similar to the software vulnerabilities in information systems, these cognitive biases are also exploited by the attackers. (Hadnagy, 2010) Attackers use different combinations of social engineering attacks and steals information from victims. Some of the common techniques are, Pretexting Pretexting or blagging is the process of creation or usage of some scenario (invented ones) to involve the victim into the scenario. Personal information like social security number, credit card information etc. are stolen using this techniques. Phishing Phishing is the process of obtaining private information of some individual in an illegal way. For example, there are phishing email sent by attackers to target victims. When the victim opens, replies to the email, it asks for some sensitive information like bank details, credit card details etc. if the user steps into the trap and share the same. Then these information are stolen and the user becomes the victim. Insider Attack Insider attack is very common in organization. It refers to the cases when some person like employee or staffs of an organization steals information from the systems of the organization. Other than that there are software based insider attacks. For example, damaging information, eavesdrop, stealth of information etc. Even there may be DoS attacks from inside of the organization. (Pfleeger Pfleeger, 2012) Security Countermeasures There are also different security countermeasures that helps to deal with the security breaches and implementation of security in some IT infrastructure. Generally the term countermeasure with reference to computer security means, the action or measurement taken to reduce some attack, vulnerability or threat by prevention or elimination, or minimization of impact. Some of the common countermeasures to deal with different kinds of IT security attacks are discussed below, Vulnerability Management There is a cyclic process of managing vulnerabilities in a system. It deals with identification, classification, remediation and mitigation of vulnerabilities in some system. It must be noted that these vulnerabilities are software related. Thus vulnerability management is an integral part of IT security. There are special kind of vulnerability scanner for analyzing an information system for vulnerabilities like insecurities and open loopholes in configuration of the installed software, open ports, malware susceptibilities etc. Still there are risks of zero day vulnerability attacks that are harder to overcome. However, there are scanning methods like fuzz testing that may indicate zero day vulnerability attacks. There are other vulnerabilities like buffer overflow etc. these can be identified using test cases and automated testing process. There are anti-virus software that can carry out heuristic analysis and find out different malwares. (FitzGerald Dennis, 2009)There are system p atches and updates that helps in overcoming the vulnerabilities in a system. Other measurement like firewall etc. also helps to some extent. Information System Design and Security While designing an information system at the first place, the security of the system should be taken care of. There should be proper design and development of the system, there should be enough testing and implementation for the security infrastructure of the system. An ideal secure system is unreal to have. However, different sets of security measures can be implemented or followed as a part of the process. Some of these techniques are, Proper implementation of access control across the system is very necessary. There will be different types of users associated with the system, all will not require same data or are not supposed to have same degree of visibility of data. Thus user access control along with various cryptographic measurements can help. Use of antivirus, IDS, firewall etc. makes the system secure from different types of virus attack, insider attack, malware attacks etc. Firewall is a very primitive and basic security implementation used in information systems. However, proper configuration of firewall is very important otherwise, there will be no use of firewalls. The system will be vulnerable. There may be hardware based or software based firewall. IDS or Intrusion Detection Systems are used for detection of different kind of attacks in networks. IDS systems can help in different forensic analysis in post analysis scenarios, log servers, audit trails etc. It is important to have proper response system that can assess the security requirement of some information systems. There are various difficulties in implementation of proper responses to some attack. Identification of some security attack in information systems is difficult. Use of Cryptography Computer codes are some form of mathematical and logical statements. So, theoretically is can proved to be correct or not. However, the feasibility of such proofs are not possible or beyond computational limits sometime. (Pieprzyk, Hardjono, Seberry, 2003) There are several proofs and processes in cryptography that helps in computer security. Some of those are, Protection of information while data is in transit or there is data communication between two hosts. Encryption and decryption is a method from this class. These are like different kind of handshaking using hidden and shared keys, digital signatures etc. Other than the intended party, some encrypted message will look like meaningless word cloud to anyone. There are cryptanalysis systems that in turns checks the vulnerabilities in the cryptographic systems. Thus the process is double checked. Making Hardware Secure Hardware are also sources of system vulnerability and attackers can break into some information system through breaches of hardware. There are common hardware sources like USB, BIOS etc. are common vulnerability sources. For example, the microchip vulnerability is the chip of a computer system was introduced during the manufacturing of the chips. This is an example of hardware based attack. (Pfleeger Pfleeger, 2012) It is considered to be best practice to restrict the use of USB dongles, disabling USB ports etc. Stronger cryptography based security standards and algorithms like AES etc. can help in this context. Awareness In most of the cases, especially in social engineering based cases, it has been seen that individuals and organizations are not enough aware of security issues, vulnerability of their systems etc. Studies have shown that most of the small businesses are not using information security implementation in their business because those are costly and they dont find any direct benefit from those implementations. But these small businesses carry on online transaction about customer information, credit card details etc. and these are very lucrative target option to attackers. They can easily breach into the systems of such businesses and steal data. In such cases, the organization will not have survival threat only, there will be legal threats. (Bishop, 2004) Such kind of lack of awareness about information security makes the systems, individuals and businesses more vulnerable. Implementation of some security measures without understanding the contexts will not help to mitigate cyber-crimes and security issues. If people become more aware then only these problems can be handled efficiently. Information systems are prone to vulnerabilities. Those cannot be ignored but the security can be optimized. Laws and Legislation Information security has become a serious issue to all country and governments. With the rising number of cyber-crimes these have become more critical. So, there are cyber-crime laws and legislation in all countries around the world. Each country and legislation has data privacy and protection acts. Data privacy acts ensures that when data is shared over the network among the hosts, individuals or organization, the data will not be accessed by some unauthorized entity. Every information system, user and organization need to agree on some data privacy policy before sharing data. Data protection acts ensures data will be protected when stored, processed and transmitted. This is the responsibility of some organization that has requested and obtained data from individual. Other than that there are various ethical issues related to information security. However, the laws and legislation about the information security, virus attacks etc. changes from country to country in a very tricly way. Current trends in IT security There are various information security labs, research institutes etc. that are observing the trends and statistics of information security for years. According to the studies of such labs following trends are supposed to prevail information security domain in current year. There are a number of vulnerabilities in the systems used in different organizations of the world, as the number of information system, technologies are rising, so are the number of vulnerabilities. With the emergence of cloud computing etc. these are becoming more problematic. (Tsai, Lin, Chang, Chen, 2010) With the rising of the concept of internet of things there are new types of attacks for these systems. The devices in internet of things use wireless systems and standards for data transmission, networking and processing. But the manufacturers have failed to implement the primitive security implementation and standards. Studies have found several issues in the wireless routers and standards used in such devices. It has been seen in different scenarios that attackers are targeting accounting systems of organizations for breaching into the financial data of some organization. Small businesses are in higher risks than bigger enterprises. Bigger enterprises use rigorous security implementation, risk management plans and security measurements implementations. But in case of small businesses they usually do not use such information security implementations. So, these are becoming more easy targets to attackers. There are emergence of new OS like Android etc. Theoretically these OS are highly secure as those use LINUX kernel, different new types of security measures, SSL encryption etc. But Android is a free and open source OS. In many cases it has been seen that manufacturers have failed implement the security measures in these devices properly. So, mere presence of security control and implementation is not enough. There have been a lot of new information technologies in payment system. Especially with the emergence of smart phone technologies, mobile payment is a rising technology. Attackers have found several vulnerabilities in such systems and these issues have stemmed out from mistakes during implementation of protocols in those systems. However, on the positive sides, in spite of those mistakes, there are several strong security measurements implemented in these new payments systems. There are dedicated hardware, authorization system. Theft control mechanisms that have made these systems stronger and better than traditional payment systems. There is a huge gap between the education system and real life information security responses. The gap is getting wider. This is a very alarming risk for future. As technology is becoming an inseparable part of our lives thus need for right cyber security skill set is becoming a necessity. Studies have forecasted that until 2030 there will be huge gap between the demand of such professional and the availability of same. Current Circumstances and Trends There are various studies going on in the field of information security and technologies. Among those studies researches on the security technologies of cloud computing, mobile computing, wireless communication networks are very important. Researchers are working on making systems stronger, sophisticated yet secure. There are works on cryptography, secure protocol etc. Ecommerce and social media have become very popular. In coming days, those are supposed to be more wide spread. There are huge amount of data that is transmitted and processed through such systems. People from non-technical background and with very little or with no knowledge about information security are sharing data over these platforms. These people, systems and platforms are becoming targets of the hackers and attackers very easily. Conclusion In this report there is a detailed discussion on information technology security. As information technology and security or IT security is a sub domain of information security thus, there is a brief discussion on information security in current context. There is a detailed discussion on different kinds of security attacks ranging from exploitation of vulnerabilities, security breaches virus attacks, backdoors etc. Also there are different countermeasures like vulnerability management, safe and secure design of information systems etc. All these aspects along with current trends, issues etc. in IT security, current researches etc. have been discussed. Information security is a very vast topic. So is information technology security. There are different types of new attacks are evolving each day. The domain is very dynamic in nature. So, awareness, knowledge and understanding is very much important at the first place. In coming days, technologies will be more advanced and that will make the attacking tools and techniques more advanced and sophisticated thus these attacks will be more fatal. Proper understanding, proper implementation of security controls and measurements, proper use of information technology are very much needed in current contexts of IT security. References Andress, J. (2014). The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Syngress. Bishop, M. (2004). Introduction to Computer Security. Addison-Wesley Professional. Blunden, B. (2013). Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones Bartlett Publishers. Davis, M., Bodmer, S., LeMasters, A. (2009). Hacking Exposed: Malware and Rootkits. McGraw Hill Professional. FitzGerald, J., Dennis, A. (2009). Business Data Communications and Networking. John Wiley Sons. Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. John Wiley Sons. Lampson, B. W. (2004). Computer security in the real world. Computer, 37-46. Pfleeger, C. P., Pfleeger, S. L. (2012). Analyzing Computer Security. Prentice Hall Professional. Pieprzyk, J., Hardjono, T., Seberry, J. (2003). Fundamentals of Computer Security. Springer . Tsai, C.-L., Lin, U.-C., Chang, A., Chen, C.-J. (2010). Information security issue of enterprises adopting the application of cloud computing. Sixth International Conference on Networked Computing and Advanced Information Management (NCM) (pp. 645 - 649). Seoul: IEEE. Whitman, M., Mattord, H. (2011). Principles of Information Security. Cengage Learning.