Module 2 | Discussion Posts
Discussion Post # 1 – Initial Post
Considering they hold so much information of significant monetary and intelligence value to cybercriminals and nation-state actors, health care institutions are especially susceptible and targeted by cyberattacks. Gilson et al. (2015) published a study called "Compromising a Medical Mannequin" that discusses cyber risks and their technical components. Brute force and denial of service (DoS) attacks were highlighted as two vulnerabilities in the report. In this piece, we'll talk about them and how to avoid them.
The first vulnerability discussed was DoS. A denial-of-service (DoS) attack is a method of making a system or network inaccessible by overloading it. Attackers do this by flooding the target with more traffic than it can manage, forcing it to crash (Salim et al., 2020). A DDoS assault in the healthcare industry might prevent access to vital services like bed capacity and data exchange, as well as appointment scheduling. In the project, a denial-of-service attack successfully disconnected the simulation device from the controller computer (Andel et al., 2015). DoS assaults are more difficult to resist or avoid than DoS attacks, yet they may still be a major danger. This is performed by verifying that traffic has a source address that matches the list of addresses for the origin site, as well as utilizing filters to prevent dial-up connection spoofing. Attackers often send requests to all devices on a network, doubling the attack's effectiveness. When possible, attacks may be prevented by restricting or preventing broadcast forwarding. Users may disable echo and charging services when it is possible. Ensure that firewalls limit incoming and outbound traffic across the perimeter wherever possible.
Another weakness highlighted in the article was brute force. A brute force attack is a trial-and-error strategy in which computers attempt to decode encrypted information such as passwords or data encryption standard keys rather than using more precise methods (Dilmaghani, 2017). Healthcare organizations, for example, aren't adhering to best practices when it comes to long complex passwords. However, this new ransomware attack vector may be launched with only a basic log-in and password. From the project, BackTrack5 was used to carry out the brute force assaults, which were not difficult to get or complex (Andel et al., 2015). They were able to get the Access point PIN, password, and name in less than three hours (SSID).
If someone is attempting to hack a website, rare-limiting ensures that consumers will have an additional degree of security. Setting the limit to 5 attempts ensures that the hacker will have to spend a significant amount of time attempting to get access, as well as having access to the account's genuine email address. However, it's critical that the genuine owner can quickly authenticate their identity and get fast access to their accounts, allowing them to change passwords in time and avoid a full-fledged assault.
References
Andel, T., Campbell, M., Glisson, W., Jacobs, M., Mayr, J. and McDonald, J., 2015. Compromising a Medical Mannequin.
Dilmaghani, S.E., 2017. A privacy-preserving solution for storage and processing of personal health records against brute-force attacks (Doctoral dissertation, bilkent university).
Salim, M.M., Rathore, S. and Park, J.H., 2020. Distributed denial of service attacks and its defenses in IoT: a survey. The Journal of Supercomputing, 76(7), pp.5320-5363.
McLeod, A. and Dolezel, D., 2018. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems, 108, pp.57-68.
Ronquillo, J.G., Erik Winterholler, J., Cwikla, K., Szymanski, R. and Levy, C., 2018. Health IT, hacking, and cybersecurity: national trends in data breaches of protected health information. JAMIA open, 1(1), pp.15-19.
Discussion Post # 2 – Initial Post
Organizations are victims of malware attacks which continue to grow each year by 350%. The increasing malware attacks have been a result of cryptocurrencies which allow attackers to demand ransom anonymously. Such attacks begin by infecting database systems followed by encryption of the data (Miloslavskaya & Tolstoy, 2019). The attackers then threaten to delete the files or corrupt them unless they pay the ransom. Solutions to ransom wares are to check whether the organization files are backed and worth paying for ransom. Computer viruses and worms are the other threats to the organization and are harmful by infecting documents and spreadsheets (Siahaan, 2017). The exploitation of vulnerabilities on software aids the transmission of viruses and worms. Once the viruses have identified their niche in the system, they affect as many components as possible since they spread like wildfire. The potential solution to viruses and worms is by installing anti-malware to all systems and devices that are networked. In the form of phishing attacks, social engineering is programmed to acquire private data such as usernames and passwords. The attacks impersonate websites, banks, and individuals in messages or emails, which, when clicked, obtain the credentials and financial data and send them to the attacker. The solution to these is that users should be careful on the links they click in emails and be keen on grammar on new emails.
To run the trace route, a command prompt window was opened. The next step was to type tracert customersrus.co.uk which is the domain name for the website. We then let it run for a few seconds.
Results from website scan
C:\Users\PC> tracert customersrus.co.uk
Tracing route to customersrus.co.uk [68.66.247.187]
Over a maximum of 30 hops:
1 4 ms 4 ms 4 ms 192.168.43.1
2 * * * Request timed out.
3 82 ms 31 ms 34 ms 10.36.0.69
4 53 ms 40 ms 46 ms 10.36.0.38
5 35 ms 35 ms 56 ms simba.telkom.co.ke [212.49.88.82]
6 38 ms 41 ms 27 ms 10.10.1.22
7 * * * Request timed out.
8 37 ms 35 ms 37 ms 10.10.240.1
9 26 ms 32 ms 35 ms 10.10.240.14
10 42 ms 37 ms 34 ms 105.21.32.97
11 259 ms 183 ms 178 ms ae-2.cr-01-nbo.ke.seacomnet.com [105.16.19.1]
12 203 ms 188 ms 175 ms xe-0-7-0-5.cr-01-mba.ke.seacomnet.com [105.16.9.230]
13 193 ms 216 ms 183 ms xe-0-0-31-2.cr-01-lhr.uk.seacomnet.com [105.16.9.130]
14 274 ms 407 ms 216 ms xe-0-0-1-0.br-01-lhr.uk.seacomnet.com [105.16.35.254]
15 185 ms 176 ms 176 ms ldn-b1-link.ip.twelve99.net [62.115.169.210]
16 370 ms 182 ms 212 ms ldn-bb4-link.ip.twelve99.net [62.115.121.28]
17 184 ms 175 ms 176 ms adm-bb4-link.ip.twelve99.net [62.115.134.26]
18 199 ms 184 ms 208 ms adm-b10-link.ip.twelve99.net [62.115.120.229]
19 193 ms 179 ms 193 ms a2hosting-svc080530-ic370345.ip.twelve99-cust.net [62.115.145.217]
20 184 ms 199 ms 176 ms 209.124.94.237.static.a2webhosting.com [209.124.94.237]
21 198 ms 182 ms 189 ms 68.66.247.187.static.a2webhosting.com [68.66.247.187]
Trace complete.
There are 29 hops in this case. Step 2 has the biggest delay with 82 ms and I caused by timeout error which is normal as the responsible device might not be responding to traceoute requests. The first hop indicates any issue within the users’ network while the last few hopes show issues that arising on the provider domain
The hosting website is a2 web hosting
Results from the traceroute indicate that the IP address of the website is usual, and there’s nothing of concern. Timeout errors were expected as they are typical for systems against recording those details due to security reasons. Our traceroute indicated “request timed out,” meaning we had internet connectivity with our location. What we did to counter the problem was running the traceroute multiple times in a period of several minutes
The MX record for this website is:
|
No DMARC Record found |
|
|
DMARC Policy Not Enabled |
DMARC Quarantine/Reject policy not enabled |
|
DNS Record Published |
DNS Record found |
The website hosting is a2webhosting.com
HARDENING SOLUTIONS for customersrus.co.uk:
Unit 1 Team Notes
Objectives:
- Install cloud-based WAF to prevent website hacks and DDoS attacks
- Add security header for ClickJacking Protection and prevent Content Type sniffing
- Add Strict-Transport-Security security header
- Add Content-Security-Policy directive
- Discuss planning of project.
- Sign Team Contract
Source: Malware and Security Protection (https://sitecheck.sucuri.net/results/customersrus.co.uk)
References
Miloslavskaya, N., & Tolstoy, A. (2019). Internet of things: information security challenges and solutions. Cluster Computing, 22(1), 103-119.
Siahaan, A. P. U. (2017). Threats of Computer System and its Prevention.
Discussion Post # 2 – Peer Response # 1
Thank you for your post, Haseeb. You provided some insightful information. Your hop count was 15 hops, which seems to be slightly average when compared with other results. Two of your hops, that is, hop 2 and hop 4, indicated no response and got “Request time out.” In addition, your results indicated no change when the scan is performed using different Windows MTR tool (CISA, 2010). However, the delay reduced from 533ms to 186ms with the hops remaining the same. The NSLOOKUP command too you used to find the website IP address is a very tool that enabled you to find the names of your four servers (Parziale et al., 2006). However, the tool is technically deprecated so it is important to consider other modern and reliable alternatives.
Recognizing the different names of serves was a very interesting idea. As you stated, this will help fight against attacks such as Dos (Mahjabin et al., 2017).
References
CISA.(2010) Understanding Denial-of-Service Attacks. Available from: https://www.cisa.gov/uscert/ncas/tips/ST04-015 [Accessed 11 December 2021].
Mahjabin, T., Xiao, Y., Sun, G. and Jiang, W., 2017. A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13(12), p.1550147717741463.
Parziale et al.(2006) TCP/IP Tutorial and Technical Overview. 8th ed. New York: IBM Redbooks. Available from: https://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf [Accessed 11 December 2021].
Discussion Post # 2 – Peer Response # 2
The trace route results are consistent, and the latency is relatively close, implying that the packets are travelling the same route from different countries. Because there is no steady rise in latency and no concerns with packets dropping off, your WinMTR conclusions support these findings. The mismatch is most likely due to the user's location. Using a variety of scanning equipment helps to ensure that the results are well-rounded (O'reilly & Associates, 2002). Furthermore, the use of the dig command would have been advantageous. Because it provides name servers, IP addresses, and mail servers, the dig utility is more flexible than nslookup (Nmap, 2021). Because of the simplicity of this method, it can be completed with a single command. Dig provided options for sending inquiries to specific ports and specific TCP-based queries in terms of settings (Parziale et al., 2006). Nmap, which can scan open ports for additional research and email security protocols, can also provide useful information (Nmap, 2021). This is useful for unique security designs that don't require the use of well-known ports.
References
Nmap Online. (N.D.). Scan. Available: https://nmap.online/ [Accessed 5 December 2021].
O'reilly & Associates. (2002). DNS and BIND. Available: https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch12_09.htm [Accessed 13 December 2021].
Discussion Post # 2 – Peer Response # 3
You were able to obtain route information as well as the time required for each hop, router by router, from the source computer to the destination IP by using the traceroute command. The three group members' data showed inconsistencies in locations and timings, with up to 25 hops and a maximum delay of 307 milliseconds. Some routes, however, included asterisks or the message "Request timed out" in their responses. It's possible that the packets arrived at a router with a firewall that prevents traceroute requests from being broadcast online, or that the router did not respond before the timeout occurred (Parziale et al., 2006). Nslookup is a sophisticated command-line utility for network management, according to PEYCHEV (2021). It may be used to obtain information such as domain names, IP addresses, and mail exchange (MX), and name servers records (Nslookup.io, 2021). It is available as software as a command line and as an online tool.
References
Nslookup.io (2021). Available from: https://www.nslookup.io/dns-records/allmytype.co.uk [Accessed 14 December 2021].
Peychev, B. (2021) 10 most used Nslookup commands. Available from: https://www.cloudns.net/blog/10-most-used-nslookup-commands/ [Accessed 14 December 2021].
Parziale, L., Britt, D., Davis, C., Forrester, J., Lui, W., Matthews, C. & Rosselot, N. (2006). TCP/IP Tutorial And Technical Overview. 8th ed. New York, IBM.
Discussion Post # 2 – Summary Post
By examining the website customersrus.co.uk with the help of the traceroute model and different online tools as well as programs, interesting information about the website as well as insights into troubleshooting could be obtained. The traceroute results showed that the website's IP address is normal, and there is nothing to be concerned about. Timeout problems were expected, as they're common in systems that don't want to record those facts for security reasons. To solve the problem, the traceroute process was repeated several times over a period of several minutes. In the modern world, security breach cases have increased due to advancements in technology. One of the common security breach issues faced by many modern organizations is malware attacks (Clincy & Shahriar, 2018). Most of the attacks are triggered by the advanced use of cryptocurrencies which make it easy for the attackers to anonymously demand complicated ransoms (Chen et al., 2017). Before demanding the ransoms, the attacker first infects the organization's database system, encrypts important data and then threatens to corrupt or delete it unless a ransom is paid. To solve these malware attacks, organizations are urged to keep their vital data-backed and always consider the value of paying for the ransom. The other security breach issues organizations face today is computer viruses and worms that infect important spreadsheets and documents (Rakotondravony et al., 2017). To limit the impacts of computer viruses and worms, organizations are required to install anti-malware to all devices and systems.
Organizations should ensure their sites are protected by installing a Web Application Firewall which runs at layer 7 of the OSI model to filter, monitor, and block all malicious HTTP/S traffic that targeted the organizations’ web (Rodríguez et al., 2020). To avoid security breach cases, organizations should use the WAF to ensure all internet-facing websites and applications are protected against Structured Query Language injection, Cross-Site Scripting attacks, and cookie poisoning (Wang et al., 2020). Although the WAF is expensive and demands regular inspection which can slow the organization's network, it is a valuable tool that will keep the organization safe from advanced security breaches.
References
Chen, L., Hou, S. and Ye, Y., 2017, December. Securedroid: Enhancing security of machine learning-based detection against adversarial android malware attacks. In Proceedings of the 33rd Annual Computer Security Applications Conference (pp. 362-372).
Clincy, V., & Shahriar, H. (2018, July). Web application firewall: Network security models and configuration. In 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC) (Vol. 1, pp. 835-836). IEEE.
Rakotondravony, N., Taubmann, B., Mandarawi, W., Weishäupl, E., Xu, P., Kolosnjaji, B., Protsenko, M., De Meer, H. and Reiser, H.P., 2017. Classifying malware attacks in IaaS cloud environments. Journal of Cloud Computing, 6(1), pp.1-12.
Rodríguez, G. E., Torres, J. G., Flores, P., & Benavides, D. E. (2020). Cross-site scripting (XSS) attacks and mitigation: A survey. Computer Networks, 166, 106960.
Wang, Y., Xu, G., Liu, X., Mao, W., Si, C., Pedrycz, W., & Wang, W. (2020). Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis. Journal of Systems and Software, 167, 110609.
Discussion Post # 3 – Initial Post
Data breaching was violated according to the GDPR. The case addresses the data breach incidences where there is unauthorized CCTV surveillance that the foremen installed for the maintenance due to concerns relative to the office security. It became problematic since private information could be accessed with no consent.
The problem was resolved by writing to the HSE (Health Service Executive ) that indicated the complaint detail. Internal investigations were conducted about CCTV installations without noticing the Letterkenny General Hospital Management and highlighted other instructions given to the staff on the internal investigations. The HSE highlighted that it was unlawful action by the staff in the workplace because they were not supposed to be subjected to unauthorized surveillance, and thus such actions should never be repeated. The specific policy was written to detail justification, purpose, measures, safeguards, and procedures for the covert surveillance system to be installed.
If this was my organization, I would take several steps to mitigate the problem. As a manager, I would download and install the critical security patches (Hammouchi et al., 2019). My second step would be keeping the OS updated, and personal security patches are essential in data breach mitigations. My third step would be to configure internal firewalls. A firewall prevents unauthorized traffic from accessing sensitive systems (Roumani, 2022). My third step would be to verify and enforce the user account security. My fourth step would be to remove the user account privileges when the business relationship is terminated. My fifth step would be to avoid keeping unnecessary sensitive data. The last step would be to run a penetration test.
References
Roumani, Y. (2022). Detection time of data breaches. Computers & Security, 112, 102508. https://doi.org/10.1016/j.cose.2021.102508
Discussion Post # 3 – Peer Response # 1
Thank you for the work. You have done an excellent job on the case analysis. Unsolicited marketing is a significant problem. Unsolicited marketing is also an essential factor of GDPR that requires stringent measures to be undertaken. I concur that development of a privacy policy can help to lessen the problem. Besides, I believe that nurturing creativity can greatly help deal with unsolicited marketing. Failure to respond toemails can also be a solution. Responding to such emails and even unsubscribing conforms to the live address, leading to additional solicitation and other scams that can clog the email (Saleem and Mustafa, 2020). I also acknowledge that training staff to prevent data breaching can be effective. Hence, data breaching can be significantly reduced when staff is given the tactics to mitigate the risks. Using cookies is also recommendable. Cookies can have sensitive information like credit card numbers and passwords sent on the HTTP connections with a high capability of being stored as plain text in the web browser (Li and Nurse, 2020). Protecting cookies are essential in safeguarding personal information.
References
Li, S., & Nurse, J. (2020). How to beat the cybercriminals and stay safe online. Futurum Careers. https://doi.org/10.33424/futurum43
Saleem, M., & Mustafa, M. B. (2020). Unsolicited SMS Marketing in Driving Consumers’ Buying Behavior through Consumer Perception. Academic Journal of Social Sciences (AJSS ), 4(3), 724–740. http://ojs.lgu.edu.pk/index.php/ajss/article/view/1084
Discussion Post # 3 – Peer Response # 2
Splendid work on the case analysis. Lack of consent on unsolicited marketing is related to GDPR. I am overwhelmed that you have illustrated some tactics that organizations can apply, like assessing their database on whether they are safe or not from data breaches. Hence, there are legal formalities in several regulations relating to email marketing consent. The consumer must consent to receive the marketing messages (Yang et al., 2018). Consent is only provided through clear affirmation (Yang et al., 2018). Besides, the marketing company should ensure that the marketing database is valid and updated.
References
Yang, K., Min, J. H., & Garza-Baker, K. (2018). Post-stay email marketing implications for the hotel industry: Role of email features, attitude, revisit intention, and leisure involvement level. Journal of Vacation Marketing, 25(4), 405–417. https://doi.org/10.1177/1356766718814081
Discussion Post # 3 – Summary Post
GDPR has affected the organization in the modern days. Notably, unauthorized CCTV surveillance is one critical aspect of the case. One of the solutions to the problem addressed is identifying the issue and formulating the policy on using unauthorized CCTV surveillance. Several strategies can be applied to mitigate data breaches. The techniques include; downloading and installing the critical security patches, keeping the OS updated and personal security patches, configuring internal firewalls, verifying and enforcing the user account security, and removing the user account privileges when the business relationship is terminated. Other strategies include; avoiding keeping unnecessary sensitive data and running a penetration test. The tactics are necessary for ensuring the rate of data breaching is reduced.
The unsolicited marketing and lack of consent to receive marketing emails are also issues addressed by peers. Some of the solution strategies to unsolicited marketing include; privacy policy development, nurturing creativity, and failing to respond to the email can be a solution. Regarding consent on the unsolicited marketing, legal formalities can apply. The consumer must give consent to receive the marketing messages through clear affirmation. Also, the marketing database should be valid and updated. Adherence to security measures can help organizations deal with challenges related to information technology.
