Malicious Attacks/Threats Case Study Example

Identifying Potential Risk, Response, and Recovery

EXECUTIVE SUMMARY AND RECOMMENDATIONS
The sustenance and continued growth of Video Game Development Company is based on utilization of its assets and resources to develop products that appeal to the customer. One aspect of achieving a competitive edge is by using unique strategies and development plans that are unrivalled. Security of these strategic plans in form of R&D, patents and proprietary rights is a factor of the overall organizational security architecture. Currently, the company has witnessed various security breaches originating from internal and external sources. Intrusion, DoS and social engineering issues have emerged and disrupted operations in the organization. In my capacity as a security engineer, I have proposed a raft of security measures to completely counter and reduce security breaches. Proposed measures include firewall configuration and law enforcement agencies for DoS attacks, development and implementation of security policies and education programs to curb social engineering issues, deploying intelligent WAN/LAN to control remote scanning and applying antimalware programs.
The organization should also engage in an extensive risks identification, assessment and mitigation practices. Identified risks such as insider threats are analyzed to determine the probability of occurrence and their severity. This will facilitate development of a mitigation strategy and recovery program suitable for the company. It is highly anticipated that these security considerations will foster security in the company and promote growth.
A video game development company has been experiencing malicious activities over a while now. As a newly hired Information Security Engineer, I am mandated with establishing potential malicious attacks and threats specific to the organization and developing a plan or addressing these issues. In this paper, an analysis of the three common malicious attacks is undertaken. For the identified attacks, a potential control mechanism is also established. Finally, an explanation of the importance of risk management, control identification and selection process is given.

Security threats in an organization are categorically classified as data security, access security and system security. As e-transactions via networks become popular, security issues of sending sensitive data such as proprietary information and financial transactions become critical.

Remote scanning of organizational networks

An attacker masquerading as an employee can scans the network of the company to retrieve confidential information. Using scanning and monitoring tools such as Nessus, an attacker surveys for service providing programs, exploits and open ports before launching subsequent attacks. Not only are organizational assets targeted, attackers direct their scanning activities to local targets to gather for information and vulnerabilities that could help launch extra attacks.

Denial of service

Attackers can block the services provided by the servers so that users are cut off from accessing them. This kind of malicious activity is referred ad denial of service. For example, a perpetrator may launch TCP SYNC flood attacks to exhaust the waiting queues of the host and ICMP echo reply flood to finish the bandwidth of the host. Hosts are left with no services and the normal operations in the company are no longer supported.

Social engineering

This attack is common in the organizations. Employees of the video game company are dumped via email to believing that they are communicating with genuine personnel only to realize that they have disclosed sensitive information to attackers. For instance, an attacker manipulates employees by leveraging their weaknesses via telephone or email conversations. An attacker will send a mail or makes a call to working employees requesting private information of the user in a cunning way. This information is used to log in to company systems and perpetrate other attacks such as theft of property. An employee might also be requested to click a mail attachment purporting to come from the company partners or top level managers. These attachments contain root kits which compromise the system and allow the attacker to cause harm without being detected. Additionally, social engineering involves peeking for passwords and accessing their computer systems when legitimate users are not around.

Control measures

Controls for remote scanning and intrusion
Technical controls need to be applied to prevent remote scanning and intrusions. Because scanning is always conducted via the routers, it is recommended that unwanted HTTP ports are closed, plain text access modes turned off, limit router access and use authentication methods. An intelligent security solution is devised at the WAN and LAN level to ensure secure access. By using a VPN, for instance, remote users will be able to log in and access company resources without opening room for attackers to scan and leverage vulnerabilities to cause attacks.

Controls for social engineering

Social engineering is a serious security threat that needs comprehensive collaboration between employees and the management. To control social engineering, a comprehensive security policy is required in addition to employee education. Employees need to understand security incidences and hoe they are perpetrated. As a result, mandatory security training is undertaken yearly in the organizations. The training is used to explore security threats and gauge progress in prevention.
A security policy on the other hand documents employee’s behavior while handling and using organizational assets. A security policy on network access, password and username management, IT, storage media and information exchange among others will be established in the organization. These policies will guide employees, management and third parties in their interactions with computing resources. The policy is updated periodically to ensure that dynamic security issues are covered.

Controls for denial of service attacks

A number of methods are suggested for controlling denial of service attacks in the organization. They include filtering all RFC-1918 addresses using Access Control Lists, using ingress and egress filtering, configuring SYNC packets and using CAR to rate limit ICMP. These technical configurations are effected on a firewall. Also, using traffic capturing tools such as tcpdump and forwarding the traffic sample to law enforcement agencies is recommended.

Importance of risks assessment, control identification and selection process

The purpose of risk assessment is to identify potential risks before they occur in the organization. Risks assessment promotes knowledge of risks before they occur and development of plans to efficiently mitigate them or reduce adverse effects. When the risks are identified earlier, the probability of incidents happening or causing damage is reduced. Risk assessment is conducted by a multidisciplinary team involving relevant stakeholders. Strong leadership is required in the assessment to facilitate free and open disclosure and risk discussion.
After risks have been assessed, they are classified as severe or mild and a control strategy is developed. Risk control processes are individualized according to the risks too output a workable solution. For instance, in this case, social engineering is a common security nightmare. Their impacts are high since they can lead to disclosure of confidential information. A tailored solution is required that encompasses multiple aspects including education, security policy and technical controls. The selection of a particular solution should be founded on proven effectiveness of the method.

References

association, I. S. (2014). Critcal elements for information security programs .
Bandyopathyay, S. (2010). Implementing Intrusion Detection System by Considering Insider Threats. Journal of Security Engineering. .
Woody, A. (2013). Enterprise Security: A Data-Centric Approach to Securing the Enterprise. Packt Publishing Ltd.