Monitoring the type of DDoS attack, the frequency of the attack, duration of attack, and the aggressiveness of the attack all provide clues as to whom may be instituting the attack. The packet stream can be disrupted by the victim by 'pretending' to go offline to the protocol receiving the bandwidth from that particular attack. The rerouting of using available bandwidth to other protocols via an alternative port can remove the ramifications of the attack.
Applying the aforementioned framework within the cloud environment offers an unprecedented level of security enabling the transmission and storage of information in an environment where DDoS is actively monitored and attacks are recognizable. The strategy of using the cloud ostensibly removes the bottleneck constriction due to the lack of physical infrastructure such as a server that purports a chokepoint should an attacker stream an abundance of packet information to the target server.
According to Koutepas, Stamatelopoulos,…...
mlaReferences
Attacks test firms' internet defenses; inside PayPal's war room, engineers face chess match with WikiLeaks-inspired hackers. (2010, Wall Street Journal (Online), pp. n/a. Retrieved from http://search.proquest.com/docview/816948344?accountid=13044
Connolly, P.J. (2001). Fight DDoS attacks with intelligence. InfoWorld, 23(39), 58. Retrieved from http://search.proquest.com/docview/194345351?accountid=13044
Fonseca, B. (2001). Warning: DDoS attacks on the rise. InfoWorld, 23(22), 49. Retrieved from http://search.proquest.com/docview/194357031?accountid=13044
Gezelter, R. (2000). Stopping spoofed packets can cut down DDoS attacks. Network World, 17(33), 53. Retrieved from http://search.proquest.com/docview/215970452?accountid=13044
Detecting, Preventing or Mitigating Distributed Dos (DDOS) Attacks
The Internet continues to be a critical subject due to the increasing attacks based on the major universal communication infrastructures. This study identifies the one detection and two mitigation approaches in developing content to show that DDoS are becoming common in daily business operations.
ationale for selecting the papers
The first research paper I selected is titled "Mitigating Dos Attacks Using Performance Model-Driven Adaptive Algorithms" by Barna and others. The article is recent and goes in length in elucidating the most invaluable method of mitigating DDoS. I also selected this article because it goes in lengths showing how DDoS affects the operations of an organization warranting the adoption of succinct measures in case of an attack.
I also selected an article by ahmani, Sahli, and Kamoun, titled "Distributed Denial-Of-Service Attack Detection Scheme-Based Joint-Entropy" as it elucidates clearly the best way of detecting DDoS in an organization's…...
mlaReferences
Barna, C., Shtern, M., Smit, M., Tzerpos, V., and Litoiu, M. (2014). Mitigating Dos Attacks Using Performance Model-Driven Adaptive Algorithms. ACM Trans. Auton. Adapt. Syst. 9, 1: 1-26
Carl, G., Kesidis, G., Brooks, R.R. & Rai, S. (2006). Denial-of-Service Attack-Detection Techniques. IEEE Internet Computing. Vol. 10(1): 82-89
Rahmani, H., Sahli, N., & Kamoun, F., (2012). Distributed Denial-Of-Service Attack Detection Scheme-Based Joint-Entropy. Security Comm. Networks; 5:1049 -- 1061
Tripathi, S., Gupta, B., Mishra, A., & Veluru, S., (2013). Hadoop-Based Defense Solution To Handle Distributed Denial Of Service (DDoS) Attacks. Journal of Information Security, 4, 150-164.
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks concentrate on rendering any resource (i.e., site, server, or application) inaccessible for whichever function it was created for. There are numerous means for making services inaccessible to their legitimate customers, including manipulation of network packets, resource handling, programming, or logical vulnerabilities. When services receive several requests, they may become unavailable for legitimate customers. Likewise, services can also stop due to exploitation of programming vulnerability, or how the service manages the resources it utilizes. The attacker may, at times, inject and effect arbitrary code when carrying out DoS attacks for accessing key data or executing server commands. DoS attacks considerably damage the service quality, negatively affecting legitimate customers experience. They give rise to significant delays in response, service disruptions, and huge losses, thereby directly affecting the availability of service (OWASP, 2015). This form of cyber-attack attempts to make a certain target service inaccessible for…...
mlaReferences
Oesterling, C. (2015, October 18). Denial of Service Attacks: Definition & Prevention. Retrieved from JavaPie: https://javapipe.com/denial-of-service-attack
OWASP. (2015, Febuary 2). Denial of Service. Retrieved from The Open Web Application Security Project: https://www.owasp.org/index.php/Denial_of_Service
Patrikakis, C., Masikos, M., & Zouraraki, O. (2004). Distributed Denial of Service Attacks. The Internet Protocol Journal, 7(4).
Detecting, Preventing and Mitigating Dos or DDOS Attacks
Detecting, Preventing and mitigating DoS or distributed Dos Attacks
Distributed Denial of Services is constantly evolving from small megabits to massive megabits of data. Many Internet Service providers lack the capacity and the ability to mitigate this problem. Most of these attacks are run from one master station that takes control of millions or many stations and use them as Zombies to launch the attack. This paper uses ideas from peer-reviewed articles to summarize aspects related to detection, prevention, and mitigation of DoS attacks.
ationale of selecting the papers
The first research paper selected by Kompella, Singh, and Varghese (2007)is titled "On Scallable Attack Detection in the network" from IEEE/ACM Transactions on Networking Journal. I selected this research paper because it showed a significant research on the current issue of denial of service. The research paper also contains knowledge that captures researcher's attention to this topic.
The…...
mlaReferences
Chen, R., Park, J.-m., & Marchany, R. (May 2007). A Divide-and-Conquer Strategy for Thwarting Distributed Denial- of - Service Attacks. IEEE Transanctions on Parallel and Distributed Systems, VOL. 18 NO. 5. 577-588
Francois, J., Aib, I., & Boutaba, R. (DECEMBER 2012). FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks. IEEE / ACM Transactions On Networking, VOL. 20, NO. 6. 1828-1841
Khattab, S., Melhem, R., Mosse, D., & Znati, T. (2006). HoneyPot back-propagation for mitigating Spoofing distributed Denial-of-Service attacks. Journal of Parallel and Distributed Computing, 1152-1164.
Kompella, R.R., Singh, S., & Varghese, G. (Feb 2007). On Scalable Attack Detection in the Network. IEEE/ACM Transanctions on Networking, Vol. 15, No. 1, Vol.15, No. 1. 14-25
Auditing, Monitoring, and Detecting of Dos or DDoS Attacks
A Dos (denial of service attack) is an attempt to make network or machine resources non-available to legitimate users. Attackers use the Dos to accomplish their goals by flooding the target resources or machines with the superfluous requests or useless packets to overload the systems and prevent users to fulfill their legitimate requests. When Dos originates from a single network or host node, it is termed a Dos attack, however, a distributed Dos is a more serious attack that attempts to consume computer resources to prevent the system from providing services. A DDoS occurs when there are multiple sources of attacks and often come from thousands of unique IP addresses. However, the rates of the DDoS have increased in the last few years, and criminals target high profile servers such as credit card payment gateways, banks other big corporations to achieve their…...
mlaReference
Black, P.E. Fong, E. Okun, V. et al.(2007). Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0. NIST. Special Publication 500-269.
Chang, J. Venkatasubramanian, K.K. West A.G.et al. (2013). Analyzing and Defending Against Web-based Malware. ACM Computing Survey. 14(9) No 4.
Disterer, G. Alles, A. & Hervatin, A. (2008). Chapter XXXI Denial-of-Service (Dos) Attacks: Prevention, Intrusion Detection, and Mitigation. IRMA-International.org.
Han, D., Shen, W., Duong, T.Q., et al. (2014). A proposed security scheme against Denial of Service attacks in cluster-based wireless sensor networks. Security Comm. Networks. 7:2542 -- 2554
DDoSCISA Warns of Possible DDoS Risk in Contec Patient Monitor Medical deviceshttps://www.scmagazine.com/analysis/device-security/cisa-warns-of-possible-ddos-risk-in-contec-patient-monitor-medical-devicesIn September 2022, CISA reported that Contec Health patient monitor medical devicesnamely, the CME8000are vulnerable to possible threat actor attacks, such as mass DDoS attacks or malicious firmware updatesanywhere Contec Health patient monitor medical devices are used due to security bugs in the devices. One bug is that uncontrolled resource consumption causes failures in the parsing of malformed network data in the CMS800, for example. The bugs could be exploited by threat actors looking to gain control of health networks or sensitive data. This report is significant because it shows that the lack of security in the devices makes employees and patients vulnerable to a threat actor. One possible solution for addressing this issue is to improve authentication/controls that would prevent a threat actor from accessing the network through the devices; fix security bugs in the CME8000.Who, What, When,…...
" (Muntenu, 2004)
According to Muntenu (2004) "It is almost impossible for a security analyst with only technical background to quantify security risk for intangible assets. He can perform a quantitative or qualitative evaluation using dedicated software to improve the security of the information systems, but not a complete risk assessment for the whole information system. Qualitative assessment based on questionnaires use in fact statistical quantitative methods to obtain results. Statistical estimation represents the basis for quantitative models." Muntenu states conclusion that in each of these approaches the "moral hazard of the analyst has influence on the results because human nature is subjective. He must use a sliding window approach according to business and information systems features, balancing from qualitative to quantitative assessment." (2004) qualitative study of information systems security is reported in a study conducted in U.S. academic institutions in the work of Steffani a. urd, Principal Investigator for Information…...
mlaBibliography
Burd, Steffani a. (2006) Impact of Information Security in Academic Institutions on Public Safety and Security: Assessing the Impact and Developing Solutions for Policy and Practice. Final Report." NCJ 215953, United States Department of Justice. National Institute of Justice, Oct 2006.
Muntenu, Adrian (2004) Managing Information in the Digital Economy: Issues & Solutions Information Security Risk Assessment: The Qualitative vs. Quantitative Dilemma
Full text PDF: Adrian (2004) the Information Security Risk Assessment: The Qualitative vs. Quantitative Dilemma. Managing Information in the Digital Economy: Issues & Solutions.http://www.ncjrs.gov/pdffiles1/nij/grants/215953.pdfMunteanu ,
Social Engineering as it Applies to Information Systems Security
The research takes into account several aspects that better create an overview of the term and the impact it has on security systems. In this sense, the first part of the analysis reviews the concept of social engineering and the aspects it entails. Secondly, it provides a series of cases that were influenced by social engineering and the effects each had on the wider picture of information security. Thirdly, the research looks at what policies are set in place to avoid this type of practice and how has the information security society responded to the threat posed by social engineering. Finally, possible solutions to the issues social engineering raises are also presented in the context of the increased technological environment in which business is conducted in the world we live in today.
General aspects on social engineering
A non-academic definition of what social engineering…...
mlaReferences
Allen, Malcolm. "Social Engineering: A Means To Violate A Computer System," SANS Institute, 2006, available online at https://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-violate-computer-system-529
Dimension Research. "The Risk Of Social Engineering On Information Security:
A Survey Of It Professionals" in Dimension Research, Sept. 2011, available online at http://www.checkpoint.com/press/downloads/social-engineering-survey.pdf
Honan, Mat. "How Apple and Amazon Security Flaws Led to My Epic Hacking" in Wired. 8 June 2012, available at http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
Cloud Computing Security Pros & Cons
Over the last ten years, cloud computing has rapidly grown and it is expected to grow even further as more businesses move online. When cloud computing was first conceived, many skeptics dismissed it as being just another tech fad that will quickly disappear. However, over the last three years cloud computing has truly changed the way we think about IT nowadays. The Cloud has significantly reduced the cost of doing business and has allowed businesses to focus on their core activities and not IT related issues (Krutz & Vines, 2010; Ali, Khan &Vasilakos, 2015). These reasons and many other which we will highlight in this essay show that Cloud computing is here to stay. However, like any other technology, cloud computing has also been associated with a few challenges and inefficiencies. This paper will look at the pros and cons of cloud computing. In the…...
mlaReferences
Ali, M., Khan, S. U., &Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information Sciences, 305, 357-383.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Nedelcu, B., Stefanet, M. E., Tamasescu, I. F., Tintoiu, S. E., & Vezeanu, A. (2015). Cloud
Computing and its Challenges and Benefits in the Bank System. Database Systems Journal, 6(1), 44-58.
(%) Cross Site Scripting (XSS) errors -- by far the most common strategy hackers use to gain access to the source code of websites and the databases supporting them is to use a technique called cross-site scripting (Brodkin, 2007). Actively monitoring the percentage of XSS errors over time can determine patterns of when hackers attempt to gain access to a website's source code, database links, pricing and e-commerce systems. This is one of the most often used metrics in security dashboards used for monitoring Web-based applications and multisite installations.
(%) Incidence and Trending of Buffer Overflow Injection Flaws -- This is most commonly associated with attempts to gain access to SQL databases supporting a website by forcing a buffer overflow condition (Brodkin, 2007). This is one of the most effective hacking strategies there are as it forces a system to fail and allow access.
(%) Authentication Soft and Hard Errors -- the…...
mlaReferences
Brodkin, J.. (2007, October). The top 10 reasons Web sites get hacked. Network World, 24(39), 1,16-17,20.
Su, M., Yu, G., & Lin, C.. (2009). A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach. Computers & Security, 28(5), 301.
Xiong, K., & Perros, H. (2008). Trustworthy Web services provisioning for differentiated customer services. Telecommunication Systems, 39(3-4), 171-185.
Crime
Workplace is not safe from numerous types of crimes. These crimes can range anywhere from burglary to homicides and from discrimination on the basis of sex to even rape for that matter. But these crimes are physical crimes and it is easy to avoid them or keep them at bay by making use of physical barriers, security cameras and a few sensible risk/security management tactics. For instance, if only 3 or 4 people work at night-time, it is easy to target anyone of them but if a considerable amount of people work together and have no hostility towards each other, these types of situations can be avoided. Use of security systems is a pre-requisite for the protection of material wealth and belongings. These types of systems can help avoid theft and burglary but if somehow these do occur, it will inform the managers of the incident at the earliest…...
mlaReference List
McCollonel '(2000). Cybercrime And Punishment. Page 8-9. www.mcconnellinternational.com.
Balkin J. M (2007)Cybercrime: digital cops in a networked environment. NYU PRESS. New York. USA.
Perline I.H. & Goldschmidt J. (2004). The psychology and law of workplace violence:a handbook for mental health professionals and employers. Charles C. Thomas Publisher. USA
Keats J. (2010) Virtual Words: Language on the Edge of Science and Technology. Oxford University Press. USA.
CYBE CIME AND COPOATE SECUITYAbstractIn the past, various businesses have lost huge sums of money to cybercriminals, while others have experienced severe service disruptions. This has been the case as cyber criminals execute schemes meant to advance certain agendas. For this reason, cybercrime is increasingly being seen as one of the most serious challenges that business enterprises (as well as government agencies) face today. Various surveys conducted in the past indicate that the problem could be worsening. The problem is aided by the emergence of what could be deemed as cybercrime facilitating factors such as crypto currencies. The dynamic nature of cybercrime, i.e. in relation to variations in the methodology and conduct of attacks, also makes it difficult for this particular challenge to be effectively dealt with. It is with this in mind that various interventions have been floated in the past to reign in this particular challenge. However, to…...
mlaReferencesAlexopoulou, S. & Pavli, A. (2021). ‘Beneath This Mask There is More Than Flesh, Beneath This Mask There is an Idea’: Anonymous as the (Super) heroes of the Internet? International Journal for the Semiotics Law, 34, 237-264. Connolly, L.Y. & Wall, D.S. (2019). The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures. Computer & Security, 87, 14-16. Dolezel, D. & McLeod, A. (2019). Cyber-Analytics: Identifying Discriminants of Data Breaches. Perspectives Health Inf. Manag., 16(1a), 55-59. Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M. & Rajarajan, M. (2014). Android security: A survey of issues, malware penetration, and defenses. IEEE Communications Surveys & Tutorials, 17(2), 998-1022.Galeano-Brajones, J., Carmona-Murillo, J., Valenzuela-Valdes, J.F. and Luna-Valero, F. (2020). Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach. Sensors, 20(3), 8-16. Kumar, G. (2016). Denial of service attacks – an updated perspective. Systems Science & Control Engineering, 4(1), 285-294. Monteith, S., Bauer, M., Alda, M., Geddes, J., Whybrow, P.C. & Glenn, T. (2021). Increasing Cybercrime Since the Pandemic: Concerns for Psychiatry. Curr Psychiatry Rep., 23(4), 18. Moon, B., Blurton, D. & McCluskey, J.D. (2007). General Strain Theory and Delinquency: Focusing on the Influences of Key Strain Characteristics on Delinquency. Crime and Delinquency, 54(4), 582-613. Khan, N., Yaqoob, I., Hashem, I.A., Inayat, Z., Ali, W.K., Alam, M., Shiraz, M. & Gani, A. (2014). Big Data: Survey, Technologies, Opportunities, and Challenges. Scientific World Journal, 24(6), 66-71. Reshmi, T.R. (2021). Information security breaches due to ransomware attacks - a systematic literature review. International Journal of Information Management Data Insights, 1(2), 211-218. Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity 2(2), 121-135. Sorell, T. (2015). Human Rights and Hacktivism: The Cases of Wikileaks and Anonymous. Journal of Human Rights Practice, 7(3), 391-410. Soderberg, J. & Maxigas (2021). The Three Pillars of Functional Autonomy of Hackers. NanoEthics, 15, 43-56. Willing, M., Dresen, C., Gerlitz, E., Haering, M., Smith, M., Binnewies, C., Guess, T., Heverkamp, U. & Schinzel, S. (2021). Behavioral responses to a cyber-attack in a hospital environment. Scientific Reports, 11(9), 78-83.
cloud computing will be discussed to show that the good outweighs the bad. Furthermore, it will be further discussed that the government is looking into using cloud computing because it will cut IT cost down and increase capabilities despite the fact people are concerned with security issues that this may bring to the public.
In completing a dissertation, it is very hard to go through the challenges that it requires. From the start and until this moment, I had gone through many challenging stages. The challenges that I faced were deciding the topic, reading various journals and articles, narrowing down focus within a large area, getting information on cloud computing, which all required time and effort. Despite the strong tasks that I faced, I finally made it and the 'final product' is about to be released. I feel extremely happy to have this chance to learn through the process since…...
mla2009. Benefits, risks and recommendations for information security. Internet document.
2010. Cloud Computing Security. Viewed 30 April 2010. http://www.computer.org/portal/web/computingnow/spcfp6
2010. Cloud Computing: IT's role in governance. Viewed 30 April 2010. http://blog.bluelock.com/blog/benefits-of-cloud-computing
Threat Identification
The threats
How the threats are detected
Ever since the September 11, 2001 terrorist attacks, businesses have had to critically rethink on the level of adequacy of their disaster recovery arrangements in relation to their business continuity plans as noted by Lam (2002,p.19). The September 11, 2001 tragedy effectively highlighted the importance for organizations to continue with their commercial operations even under the most exceptional of circumstance. My business which has a considerable e-commerce operation is particularly vulnerable to the IT related threats. It is therefore crucial that these threats be identified and eliminated or mitigated before they result to loss of revenue.
In my business, I face several threats. However, the ones that I consider most dominant are technology threats and information threats. These threats can cause a major disruption to the to business continuity planning (BCP) cycle. Technology threats include natural disasters like fire and flooding, system failure, network failure,…...
mlaReferences
Lam, W (2002).Ensuring Business Continuity. IT Pro. Available online at Accessed on 3/5/2012http://paul-hadrien.info/backup/LSE/IS%20490/Ensuring%20Business%20continuity.pdf
Snedaker, S (2007). The Best Damn IT Security Management Book Period. Syngress
Business Impact Analysis
The heart of any major business, beyond its human capital, is usually its technological resources and status. A business that relies on internet access and an arsenal of computer hardware and software must collect and harness the necessary knowledge, people and tools to manage this technology in an efficient yet effective way. Doing otherwise can expose trade secrets and customer data. Loss of productivity can also be exceedingly damaging.
Mission Critical Functions
As it relates to technology, there are three major functions that are mission critical. The first, and most important, is the network itself. If the network goes down, any networking and Internet functions will grind to a halt. Having such a happenstance drag on for a considerable amount of time can cause massive amounts of damage in terms of client deliverables not being provided and necessary administration work not getting done. It is true that not all tasks…...
mlaReferences
Give IT employees what they need to thrive, research finds. (2009, August 03). Newswise.
Retrieved from http://www.newswise.com/articles/give-information-technology-employees-what-they-need-to-thrive-research-finds
Schmidt, M.S. (2012, March 13). New interest in hacking as threat to security. New York Times.
Retrieved from http://www.nytimes.com/2012/03/14/us/new-interest-in-hacking-as-threat-to-us-security.html
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now