Posted: August 11th, 2022
Ethical Hacking and Penetration Testing
Computer Sciences and Information Technology
Topic:
ITS 425 Ethical Hacking and Penetration Testing (CSU Global Campus)
Ethical Hacking and Penetration Testing
Option #1: Report on Organizational Security Threats and Vulnerabilities
Prepare a detailed written report discussing the potential security threats and vulnerabilities of a fictitious organization, Adventure Scuba and Diving Institute (ASDI).
Please see the Specification section for more details on assignment submission requirements.
Scenario:
Adventure Scuba and Diving Institute (ASDI) is located in the United States and offers training and certification programs for scuba and deep-sea diving. ASDI is a premier training school in the area of diving and scuba and has developed a wealth of proprietary training resources, videos, guides and manuals. The school suspects that competitors have tried to breach the organization’s computer systems to gain access to these training materials.
ASDI’s network is comprised of two web servers, two file servers, one email server, 50 employee workstations, and a 50-workstation student computer lab. The school also has public and private Wi-Fi availability throughout the campus.
Your firm has been hired as the IT security analyst to review, evaluate, and make recommendations with respect to maintenance of security of the organization’s computer and network systems. You have been charged by your supervisor to prepare a preliminary report documenting the most critical security threats that ASDI faces. Your supervisor has given you the following resources that might be useful in your research and analysis:
An article on the Help Net Security website (Links to an external site.)
Common Vulnerabilities and Exposure (CVE) database search (Links to an external site.)
Security organizations, such as Secunia (Links to an external site.)
Your supervisor has asked you to consider and account for the following questions as you shortlist the threats and prepare your report:
What threats are new this year and which have become more prevalent?
Why are these threats more common and why are they important?
What threats remain constant from year to year? Why?
What threats do you believe will become more critical in the next 12 months? Why?
Has an exploit been released?
What is the likelihood of an exploit?
How widely used is the software or system?
Specifications for this Assignment:
Submit the report as a single document in Word format.
8-10 pages in length
Document and citation formatting should be in conformity with the CSU Global Writing Center (Links to an external site.).
Cite and discuss at least three credible sources other than (or in addition to) the course textbook. The three sources recommended in this assignment description may be among these sources, which may also include sources found via Web search or in the CSU Global Library.
Include in your report a network diagram of how you propose the network structure should be configured for optimum security. You can create this diagram using any drawing tool, including those embedded in Word, or by drawing the diagram by hand, scanning into an image file, and then pasting into your report.
The sections of your report should be as follows:
Cover Page
Table of Contents
Executive Summary (provide a project overview and summary in this section)
Body of the report in narrative form in two sections: Section 1 of the on Vulnerabilities and Threats in narrative form, providing responses to each of the questions posed in the assignment scenario, and Section 2 on Countermeasures and Prevention
Network Diagram
References
Executive Summary
This report provides an analysis of the Adventure Scuba and Driving Institute (ASDI) computer and network system. The report is provided in two major sections; the vulnerabilities and threats section and the countermeasures and prevention section. It also includes the proposed network structure that should be put in place to support the recommendation’s implementation concerning the maintenance of security of the organization’s computer and network systems. In the vulnerabilities and threats sections, various aspects regarding threats and vulnerabilities facing computer and network systems are discussed. The new threats that have emerged this year identified in the report include cloud network security and vulnerabilities, Artificial Intelligence-enhanced cyberthreats, and IoT devices. The report provides threats that have become more prevalent, including cloud vulnerability, AI-enhanced cyberthreats, and mobile malware. The threats are more common due to the growth and changes currently undergoing in the business operations, where most organizations are shifting to services associated with the threats such as cloud, AI-based operations, and IoT devices. The importance of these threats is discussed in the report concerning the impact they have on enterprise operations based on three factors that include disruption, distortion, and deterioration. The threats that tend to remain constant from year to year were also identified with the reasons for remaining constant provided. They include email vulnerabilities, ransomware attacks, third-party breach threats, and social engineering attacks. The report evaluates threats that are believed to become more critical in the next 12 months. The critical threats discussed are cloud vulnerabilities, IoT devices vulnerabilities, AI-enhanced cyberthreats, social engineering threats, and phishing attacks. The reason behind the threats becoming more critical in the next 12 months is the capability of the threats to bypass sophisticated security features being deployed by organizations. The analysis of the scenario provided identified that the exploit had not been released, but acknowledged the exploit’s likelihood. The reasons contributing to the likelihood of an exploit identified include lack of sophisticated security features in the current ASDI network capable of preventing an exploit. The system is widely used, providing network connection across the campus and conducting the institute operations.
Maintenance of security of the organization’s computer and network systems is important to enabling the system to provide services in a more secure environment. The report recommends various countermeasures and prevention against computer and network threats in the second section. The recommendation includes promulgating Comprehensive Generally Accepted System Security Principles (GSSP), such as software quality control, controlling access, user identification and authentication mechanism, and systems to protect against manipulation or modification of the executable code. Various network security measures are recommended, including anti-virus software, Firewall, Secure Shell (SSH), secure multipurpose internet mail extensions (S/MIME), network address translation (NAT) and port address translation (PAT), and Wi-Fi protected access (WPA). Other security best practices to ensure system security recommended include providing the computer and network security education program, regular monitoring of the systems and network logs, developing an Incident Response Plan (IRP), and restricting access to systems.
Ethical Hacking and Penetration Testing
This report provides an analysis of the Adventure Scuba and Driving Institute (ASDI) computer and network system. ASDI offers training and certification programs for scuba and deep-sea diving, with the services being associated with the institution training resources, videos, guides, and manuals located on its systems. The current network of ASDI is composed of two web servers, two file servers, one email server, 50 employee workstations, and a 50-workstation student computer lab. The institution also provides public and private Wi-Fi-connected across the campus. This report’s main objective is to document the threats that face ASDI’s computer and network systems and provide recommendations that should be adopted to maintain the security of the institution systems. The report is divided into two main sections; the vulnerabilities and threats section, which covers various aspects including the computer and network systems threats that are new this year and those that have become more prevalent, why the threats are more common, why they are important for the analysis, the threats that tend to remain constant yearly, possible threats that would become more critical in a year time, the likelihood of an exploit and the how the organization system is widely used. The second section of the report provides countermeasures and prevention recommendations that should be implemented to curb the threats facing the institution computer and network system. The report also provides the proposed network structure that should be put in place to support the recommendation’s implementation concerning the maintenance of security of the organization’s computer and network systems.
Vulnerabilities and Threats
The digital transformation and globalization currently undergoing come with both negative and positive impacts in the cyber world. Despite the advancement that the transformation has brought, it has also resulted in an increase of cybercrime, with attackers constantly looking for more sophisticated tools and advanced strategies to exploit, defraud, and damage organizations. With regard to this fact, organizations are forced to worry about the existing and ever-growing threats and the threats that are yet to come. For instance, several new threats to computer and network system have emerged this year, with other becoming more prevalent.
Some of the notable threats that have emerged this year that ASDI should be aware of include cloud network security and vulnerabilities, which has since emerged due to the high leverage by the business organization of cloud services. Organizations since late 2019 have continued to connect their computer and network systems to cloud-based applications and continue to utilize the cloud for storing sensitive information regarding their business operations and employees. The Forbes prediction of 2018 indicated that by 2020, 83% of enterprise workloads would be in the cloud (Columbus, 2018). The prediction has since been considered to be true with organizations’ operations now linked to cloud services. Despite cloud having been proved good for business, it poses a threat to enterprise data. Cloud network security has not been proved to be sophisticated enough to deal with vulnerabilities that the cloud faces. New vulnerabilities for the cloud that have been identified this year include data breach, DDoS attacks, insecure APIs and interfaces, misconfiguration, and malicious insider threats (Belani, 2020). The other threat associated with cloud vulnerabilities is the inability of cloud service providers such as Amazon and Google to provide 100% cloud security. The failure has seen emerging cyber intrusions tools such as Operation Cloud Hopper to explore cloud security vulnerabilities.
This year has also seen the emergence of Artificial Intelligence-enhanced cyberthreats. Cybercriminals are now utilizing AI and machine learning capabilities to hack and launch sophisticated cyberattacks. The AI-based threats are more complex and adaptive, making it hard to develop tools capable of stopping their exploitation. Some of the new AI-based threats include AI fuzzing, which was designed to detected vulnerabilities in computer and network systems when it integrates with traditional fuzzing techniques. The AI fuzzing capability gives the attackers the opportunity to access an organization system for vulnerabilities to launch attacks. Another new AI-based threat is machine learning poisoning, which involves attackers injecting instructions into the target machine learning model, making it vulnerable to attacks (Belani, 2020). The growth of the Internet of Things (IoT) has seen most organizations adopting it to support business operations in the past two years. However, the increased use of IoT connected devices has increased threats against the computer and network systems. With most IoT devices connected to computers and network systems still in their infancy, they still hold a high number of vulnerabilities that can be exploited to attack enterprise systems. Modern botnets have been proved as a source of creating attacks such as DDoS to explore vulnerabilities in IoT devices (Emmitt, 2020). A high number of organizations in 2020 transformed from the usual desktop operating systems to mobile devices due to the Corona Virus pandemic that forced most organizations to implement working from strategies. The move meant that most enterprise data stored on mobile devices increased, which allowed the emergence of the mobile malware threat that targets mobile phones’ operating systems.
Some of the new threats that have been identified for this are more prevalent than others. The new threats that are considered prevalent include cloud vulnerability, AI-enhanced cyberthreats, and mobile malware. The three threats are more prevalent due to the increased usage of their related capabilities in enterprise operations. The number of organizations moving to the cloud continues to increase, and so is the prevalent of the cloud vulnerability threat. Mobile devices, especially smartphones in 2020, have provided an opportunity for mobile malware threat to become more prevalent and a prominent cybersecurity concern. The impact of AI and machine learning in creating business opportunities such as providing marketing services and customer care services has seen most organizations integrate them into their business operations. The high integration of AI and machine learning has increased the prevalence of the AI-enhanced cyberthreats such as AI fuzzing. The prevalent threats and other new threats are important due to the amount of impact they can have on an organization. The importance of the threats is based on three factors, including the disruption, which involves attackers utilizing threats such as IoT and cloud vulnerability that cause fragile connectivity enabling attacks such as ransomware to be launched (Moore, 2020). Distortion is another factor that involves the spread or use of misinformation to comprise the enterprise reputation and trust in the information integrity. With the use of new threats such as mobile malware, IoT device vulnerability, and AI-enhanced cyberthreats, attackers can access the organization’s information systems to comprise the integrity of information and launch other attacks. Another factor that makes the threats important is deterioration, whereby threats such as AI-enhanced cyberthreats and IoT device vulnerability can be exploited to comprise an enterprise’s ability to control their own information.
It is important to identify some of the threats that tend to remain constant from year to year since such threats, when not prevented, play a significant role in boosting new threats. Various countermeasures and prevention mechanisms have since been implemented by organizations against the threats that are constant. However, the threats still manage to overcome some of the defense put in place to cause a negative impact on the institution. The inability of strict adherence to measures to counter the threats is considered to have contributed to the recurrence and the constant existence of those threats. Some of the notable threats that remain constant yearly include email vulnerabilities, which are considered one of the oldest network security threats (Dobran, 2018). Emails have long been the main means of communication in the business sector, which has enabled the continuous existence of the email network security risks. Phishing is the common attack technique that attackers utilize to explore email vulnerability, especially against errant or untrained employees. Email vulnerabilities have managed to remain constant from year to year due to most organizations failing to provide their employees with standard training regarding email security best practices.
Another threat that has managed to remain constant yearly is the ransomware attacks. Ransomware attacks involve attackers deploying technologies that take control of the target database and keep captive the information for a ransom. Although stronger defenses to guard against ransomware attacks continue to be developed, the attackers have shifted to evolved ransomware strategies and the use of cryptocurrencies that enable the anonymous payment of ransomware, making it hard for tracing the attackers (Dobran, 2018). One of the ransomware evolved strategy being employed is the long-term extortion technique. The technique involves exploiting the network system’s vulnerability to create a digital back door that is used to slowly still the organization information. With the digital door open, the attackers can demand the organization to continually pay them to avoid exploiting the vulnerability making the attack last longer. The ransomware attack is one of the easiest malicious attacks to deploy, has been the main contribution for it to remain a constant threat yearly. Third-party breach threat continues to remain constant from year to year. The majority of third parties, including vendors, partners, and contractors, lack sophisticated security systems, and they may not be aware the attackers are exploiting their system to penetrate their client system (Moore, 2020). The other reason for the threat to remain constant is that most organizations do not have security standards and a dedicated security team to manage and monitor third parties’ systems.
Another threat that remains constant from year to year is the social engineering attacks, which involve attackers tricking victims into providing sensitive data and information, such as login details. The most common social engineering attack techniques used include email phishing and SMS phishing. Although enterprises have implemented sophisticated email security to prevent phishing attacks, attackers have on their side developed sophisticated phishing kits, such as using encryption in the browser, geolocation techniques, and narrowing targets through the collection of various PII (Desai, 2018). Social engineering attacks have also continued to remain constant due to messaging apps’ vast popularity, such as Skype, WhatsApp, and WeChat. The attackers can easily trick users on the messaging platform to download files or click links that transfer malware on their phones or computers (Belani, 2020). Social engineers have also developed the ability to use human psychology by exploiting the target’s weakness to trick them into providing access to sensitive data. The last threat that has remained constant is the insider threat associated with lack of awareness among employees in terms of systems and data usage.
With digital transformation and globalization set to continue, it is expected that the threats facing organizations computer and network systems to continue evolving and being more sophisticated. While other threats would be easily controlled and prevented, others would become more critical. Some of the threats that are considered to become more critical in the next 12 months include cloud vulnerabilities resulting from organizations’ resilience in cloud computing (Lohrmann, 2019). The rate of an enterprise engaging cloud services in their business operations is increasing, with almost 90% of organizations data and employee information predicted to be stored on cloud in the next 12 months. The attackers consider enterprise migration to the cloud as an opportunity for their malicious activities. Some cloud vulnerability attacks, such as cloud jacking, are likely to emerge as prominent threats in the next 12 months. Cloud jacking is set to utilize misconfiguration errors and vulnerable third-party linked to the target organization system.
The other threat that would be critical in the next 12 months is IoT devices vulnerabilities. The IoT market is likely to increase with the widespread use of the IoT connected devices, which will come with increased complex cybersecurity threats. As businesses continue to adopt IoT devices, some of them are traditional organizations new in the digital world, and they might not have enough skills, experience, and awareness in terms of securing the devices effectively (Nadeau, 2017). The attackers are likely to explore vulnerable IoT devices that keep up emerging, giving organizations less time to develop cybersecurity strategies. AI-enhanced cyberthreats are considered to be critical in the next 12 months. Hackers in the future would try to enhance and modify their attack techniques to conduct real-time attacks. With sophisticated cybersecurity strategies being developed, attackers are likely to rely on AI-based tools that can bypass sophisticated systems security. For instance, AI and computer learning tools play a significant role in the social engineering threat. With AI, attackers will develop more sophisticated social engineering techniques, such as deepfakes, which can be used to manipulate or mimic human identities to deploy phishing attacks (Emmitt, 2020).
Based on the ASDI scenario, the institute is not aware of an exploit was released. However, since the school had not yet identified any missing materials or the evidence of unauthorized access, there is a possibility that the exploit has been released. Despite the lack of evidence of the exploit having been released, there is the likelihood of an exploit. The current computer and network systems architecture of ASDI does not incorporate sophisticated tools to detect and prevent an exploit. The likelihood of an exploit in the institution computer and network system also increases due to the public and private Wi-Fi available throughout the campus. In case the private Wi-Fi connection is not well secured, the attackers can use its vulnerability to inject an exploit in the network. Public Wi-Fi is commonly vulnerable to attacks. With the network being available to everyone across the campus, it increases the possibility of releasing an exploit. Attackers can also try to send an exploit through the employee and student workstations when the attacks employed can bypass the security measures in place. Lack of security tools to protect both the file servers and email servers from unauthorized access and malicious attacks increases an exploit’s likelihood.
The institution system provides a wide range of services related to school business operations. The system holds proprietary training resources, videos, guides, and manuals. The system also caters for 50 employee workstations that are linked to the file and email servers. Providing public and private Wi-Fi throughout the campus means the institution network system servers the whole campus in terms of connectivity. The wide use of the system without proper cybersecurity puts the system at attack risks. The second section of this report provides countermeasures and prevention recommendations that should be implemented to ensure the ASDI’s network remains secured when providing a wide range of services.
Countermeasures and Prevention
Various computer and network systems threats countermeasures and prevention are available on a wide array. ASDI’s network security can be enhanced by adding security measures, implementing security policies, and prevention mechanisms. The first recommendation concerning the maintenance of the security of the organization’s computer and network systems is to promulgate comprehensive Generally Accepted System Security Principles (GSSP). The GSSP set a general expected minimum level of protection of the system by both third-parties and users. The safety-related practices that are stressed by the GSSP include quality control in terms of software purchase, the systems in the network to have ways of controlling access, the systems to incorporate user identification and authentication mechanism, and systems to have protection against manipulation or modification of the executable code (National Academy of Sciences, 2020).
The other recommendation is the implementation of network security countermeasures. The recommended countermeasures that should be implemented within the institute’s network include installing anti-virus software on all computers, including both servers. Anti-virus software can apply a variety of techniques for scanning and detecting viruses within computer and network systems. A firewall should also be installed within the network to protect it from unwanted traffic and intrusions. Another network security countermeasure that should be implemented is Secure Shell (SSH) to secure the servers. SSH encrypts data flowing between the user and client by ensuring the information within the packets exchanged can be viewed with an authorized recipient (Hack the Stack, 2006). The secure multipurpose internet mail extensions (S/MIME) should be implemented to secure the email. S/MIME uses the public key cryptographic standard to encrypt and secure emails, ensuring integrity, authentication, and confidentiality of the information is achieved. Network address translation (NAT) and port address translation (PAT) should be implemented to provide intrusion detection addresses for private and public IP addresses. The implementation of Wi-Fi protected access (WPA) is recommended to secure Wi-Fi connectivity. WPA secures Wi-Fi connectivity by using the Temporal Key Integrity Protocol (TKIP) that uses a hashing algorithm to scramble the keys and employs an integrity-checking feature to ensure the keys have not been adjusted.
The other recommendation is to enforce security best practices, including regular monitoring of the systems and network logs. The practice will enable the organization to identify malicious activities and software early enough before impacting the network and systems’ functionality. The organization should also restrict access to systems by ensuring end users do not have administrative privileges to their workstations and requirement of authentications mechanism, such as a password to access the workstations. It is also recommended for active engagement in education provision. The provision of early training to employees regarding security practices and ethics about computer and network systems usage would enhance employees’ ability to control and prevent threats. An Incident Response Plan (IRP) should be developed. IRP should clearly outline the procedures and processes concerning the response to any security breach.
Proposed Network Diagram
References
Belani, G. (2020). 5 Cybersecurity Threats to Be Aware of in 2020. Computer Society. Retrieved from https://www.computer.org/publications/tech-news/trends/5-cybersecurity-threats-to-be-aware-of-in-2020
Columbus, L. (2018). 83% Of Enterprise Workloads Will Be In The Cloud By 2020. Forbes. Retrieved from https://www.forbes.com/sites/louiscolumbus/2018/01/07/83-of-enterprise-workloads-will-be-in-the-cloud-by-2020/#40e4d8416261
Desai, N. (2018). Credential phishing kits target victims differently depending on location. Help Net Security. Retrieved from https://www.helpnetsecurity.com/2018/02/08/credential-phishing-kits/
Dobran, B. (2018). Network Security Threats, 11 Emerging Trends For 2020. PhoenixNA. Retrieved from https://phoenixnap.com/blog/network-security-threats
Emmitt, J. (2020). Cybersecurity Threats in 2020. Kaseya. Retrieved from https://www.kaseya.com/blog/2020/04/15/top-10-cybersecurity-threats-in-2020/
Hack the Stack. (2006). Using Snort and Ethereal to Master the 8 Layers of an Insecure Network. Elsevier Inc. https://doi.org/10.1016/B978-1-59749-109-9.X5000-X
Lohrmann, D. (2019). The Top 20 Security Predictions for 2020. Government Technology. Retrieved from https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-20-security-predictions-for-2020.html
Moore, M. (2020). Top Cybersecurity Threats in 2020. University of San Diego. Retrieved from https://onlinedegrees.sandiego.edu/top-cyber-security-threats/#:~:text=Cybersecurity%20Threats%20and%20Trends%20for,data%2C%20are%20becoming%20more%20sophisticated.
Nadeau, M. (2017). Future cyber security threats and challenges. CSO. Retrieved from https://www.csoonline.com/article/3226392/future-cyber-security-threats-and-challenges-are-you-ready-for-whats-coming.html
National Academy of Sciences. (2020). Computers at Risk: Safe Computing in the Information Age. Retrieved from https://www.nap.edu/read/1581/chapter/3
Order | Check Discount
Sample Homework Assignments & Research Topics
Tags:
Computer Sciences and Information Technology Topic: ITS 425 Ethical Hacking and Penetration Testing (CSU Global Campus),
Ethical Hacking and Penetration Testing