CYBERSECURITY CASE STUDY REPORT

Abstract

Every system, architecture, and application needs to be designed with Security in mind. There’s too much at risk. For instance, a denial of service attack could prevent your customer from reaching your web site or services and block you from doing business. And a data breach could be even worse — as it can ruin hard-earned trust, while causing significant personal and financial harm. As administrators, developers, and IT management, we all must work to guarantee the Security of our systems. This paper, therefore, focuses on the recommendation for a regional data center design. Further, the paper examines the possible vulnerabilities for the network architecture as well as the giving recommendations on reasonable measures, which are essential as far as mitigation of these vulnerabilities is concerned.

Introduction

The design shall divide the world into regions that are defined by geopolitical boundaries or country borders. Geography is a discrete market typically containing two or more regions that preserve data residency and compliance boundaries. However, Data residency refers to the physical or geographic location of an organization’s data or information (Ansari, 2016, p. 707). It shows the legal as well as regulatory necessities that are put on data based on the region or nation where it is, and it is an essential consideration in the event of planning for storage of data. This division has several benefits.

• Regions provide the capacity for clients who have specified data residency, as well as compliance needs to keep their data close to their places of preference.
• Regions ensure that residency of data, compliance, sovereignty, as well as equipment for residency, are adhered to inside the geographical boundaries.
• Regions tolerate faults to some level, which allows withstanding complete failure in a region in their entire connection to determining high capacity networking infrastructure.

Regions

A region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. The setup or design shall have the following regions:

• Americas
• Europe
• Asia Pacific
• Australia

The organization (Versand) want to ensure their services and data are redundant so they can protect their information in case of failure. When you are hosting your infrastructure, this requires creating duplicate hardware environments. This can be achieved for Versand through the use of Availability Zones.

Using Availability Zones

Availability Zones are physically separate data centers within a region. Each Availability Zone is made up of one or more data centers equipped with independent power, cooling, and networking. It is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability Zones are connected through high-speed, private fiber-optic networks. Availability zones are created using one or more data centers, and there is a minimum of three zones within a single region (Chaczko, 2011, p. 137). However, it’s possible that a large enough disaster could cause an outage large enough to affect even two datacenters.

Figure 1 Availability Zones

Versand can use Availability Zones to run mission-critical tasks and build high-availability into their data by co-locating their storage, networking, and data resources within a zone and replicating in other zones. However, there could be a cost to duplicating these services and transferring data between zones depending on the cloud service provider that Versand shall have chosen. Availability Zones are primarily for VMs, managed disks, load balancers, and SQL databases.

Use of region pair

Each region needs to be paired with another region within the same geography (such as America, Europe, or Asia) at least 300 miles away. According to (Rocha, 2011, p. 46), this approach allows for the replication of resources (such as virtual machine storage) across geography that helps reduce the likelihood of interruptions due to events such as natural disasters, civil unrest, power outages, or physical network outages affecting both regions at once. If a region in a pair were affected by a natural disaster, for instance, services would automatically failover to the other region in its region pair.

I would recommend region pairs of America paired with Europe, and if possible, Asia paired with Australia.

Figure 2 Region Pairs

Since the pair of regions are directly connected and far enough apart to be isolated from regional disasters, you can use them to provide reliable services and data redundancy. Some services offer automatic geo-redundant storage using region pairs.

Additional advantages of region pairs include:

• If there’s an extensive outage, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.
• Planned updates are rolled out to pair regions one region at a time to minimize downtime and risk of application outage.
• Data continues to reside within the same geography as its pair

Network vulnerabilities

Malicious clients are consistently making attempts sneaking into networks as well as making issues, and therefore, they combatively affect a few companies around the world in general. During 2002, for instance, a survey by the CSI/FBI computer crime security found that approximately ninety percent of the respondents identified security issues. Nevertheless, only about thirty-four percent identified the violation of the law. This is a clear indication that no network is guaranteed safety judging from the potential of such kind of security breaches.

In general terms, network vulnerability is an imperfection or weak points in the structure or implementation of a data framework (counting the security strategies as well as the security controls which are linked to the request) which would be purposefully or inadvertently abused in combatively influencing an organization’s events as well as resources through lost classification, respectability or accessibility (NIST, 2010). What then is network vulnerability? As simple as it would appear to be, it is a potentially difficult term to understand. Network vulnerability is whatever brings in a latent avenues for attacks or security rupture against a network such as social engineering and so on. These types of activities enhance the attacks on a network.

Because of the foregoing and in the setting necessary to security experts, network vulnerability is a security exposure that has the propensity of causing an unforeseen and bothersome event that compromises the Security of system networks because of the presence of a weakness, structure, or usage errors. Network vulnerability is an imperfection in a network which makes it inconceivable even where implementation, as well as deployment, are suitably done, to keep a hacker from unapproved access to a system and a subsequent modification activity and information compromise on it; or the unlawful usurping of trust (Yang, 2011, p. 321). Much of the time, mainly where the vulnerability is software related, it is normal that the merchant fixes such found defects through the arrival of patches.

The necessity for a protected network has and will consistently be of central significance to anybody designing or controlling it. The Security of any system includes the prosperity of data and framework where the chance of thriving and undetected theft, altering, as well as disturbance of data is kept low or simply impossible. A good security network is that network which prides itself of sufficient integrity (dependent on information as well as system resources), legitimacy, accessibility (a condition whereby wanted resources are available and possible), as well as secrecy (protection of data or resources) (Yan, 2012, p. 289). In most cases, if a hacker needs to hack into an organization network or system, all things considered, there is very little which you can do about it, especially if no or insufficient mitigation procedures are put in place. Maybe, what should be possible is to do away with all avenues or weak points, which leads to vulnerability and make the network hard for the hacker to break the network security or minimize the possibilities.

Modes of attacks

SQL injection

This is a type of security abuse in which the attackers infuses Structured Query Language (SQL) code through a web structure input box to access resources or make changes to information. In this case, the hacker infuses SQL orders to misuse no approved information weaknesses, especially in a web app database backend, as well as subsequently implement discretionary SQL commands through the website app. Since software engineers utilize ensuing commands with user input, it makes it simpler for attackers to infuse orders.

Password cracking

This is a term used to depict the infiltration of a system, network, or an organizational resource with or without the utilization of tools to open a resource that has been protected by the use of the password. Password cracking does not generally include refined tools. It tends to be as straightforward as getting a sticky note with a password put somewhere like on a table or under the keyboard or anywhere else. Another rough system is known as “dumpster jumping,” which includes an attacker experiencing trash to discover disposed documents or papers which may contain passwords (Fusaro, 2011). Attackers can consist of far more significant levels of modernity, and this incorporates the utilization of procedures, for example, animal power, word reference, and hybrid attacks.

Phishing

This is a method for attempting to secure data, for example, usernames, passwords, and Visa subtleties by pretending to be an authorized person in electronic communication. Communications assuming to be from mainstream social sites, auction sites, online installment processors, as well as information technology administrators are ordinarily used in attracting the unsuspicious public. Therefore, a client is persuaded to give away essential data. This is additionally accomplished by diverting the client to an alternate site through messages, texts, and so on. Phishers offer ill-conceived sites to the client to fill individual data. The primary role of phishing is gaining admittance to the client’s financial balances, passwords, as well as other data security (Perez-Botero, 2013, p. 4). Hackers can target people through massive mailing; these are a large number of email addresses that focus on a large number of people in some cases, globally. Phishers can trick clients by persuading them to get into a phony site with the area name somewhat not quite the same as the first site, which is hard to take note of.

Social engineering

This is the rational way of gaining unauthorized access into an organization system or network. Organizations with verification forms, firewalls, virtual private networks (VPNs), and system monitoring software are also likely to be susceptible to attacks. For instance, a company employee may accidentally part with primary data on an email or through responding to questions through the telephone with someone who they do not have an idea of their intentions. This can also happen even though discussing a task with friends or peers at a nearby bar or restaurant, especially during free time. It is the technique or stunt of increasing sensitive data by not using the fundamental human instinct correctly, for instance, trust, dread, and the longing to help. Social attackers try assembling data, for example, classified data, approval, as well as access subtleties (Dahbur, 2011, p. 3). Social engineering is amongst the most challenging kinds of threat to guard against simply because it is difficult to be defended using various tools or software only and also because people are the most vulnerable connection in the security chain. An active protection method will be to have acceptable policies and the training of employees to follow such setup security policies. Spying, surfing, dumpster jumping (looking through waste/refuse containers for essential data), closely following are amongst the mechanisms through which social engineers complete their activities.

Recommendations and possible solutions/actions

Provide training

Security is everybody’s responsibility in an organization. The administration, as well as project managers, must comprehend security necessities as well as basics. They all must realize how to incorporate Security in their various departments or roles and administrations to make items increasingly secure while at the same time putting an eye on the business goals and objectives and maintaining quality services to the clients. Great preparation will supplement and strengthen security approaches, SDL practices, guidelines, and prerequisites of essential Security, and be guided by bits of knowledge determined through information or recently accessible specialized capacities (Dahbur, 2011, p. 4). Even though Security is everybody’s activity, it’s essential to recollect that not every person should be a security master nor endeavor to turn into a capable infiltration analyzer. Nonetheless, guaranteeing everybody comprehends the attacker’s perspective, their objectives, and the specialty of the conceivable will help catch the attention of everybody and raise the cumulative knowledge bar.

Define security requirements

Security and privacy are critical for any organization regarding the line of operation or industry. Notwithstanding the type of industry or operation, security necessities must be updated progressively to address changes in required usefulness and changes to the threat landscape. The ideal time to characterize the security necessities is during the initial design as well as planning stages. Early arrangements permit security teams to incorporate Security in manners that limit disruption.

Factors that influence security requirements include, but are not limited to:

• Legal as well as industry requirements
• Review of previous incidents
• Known threats

These requirements should be tracked through a work-tracking system, or through telemetry that is derived from the engineering pipeline.

Define metrics and compliance reporting

It’s essential for an organization to have a definition of the acceptable primary level of the quality of Security, as well as considering to design persons or experts who are mainly charged with ensuring the security policies are adhered to, this can help minimize various threats. Setting these teams at the right time enables the team to understand the threats which are likely to be encountered in the network infrastructure, determine and fix various defects, as well as apply the standards in the risk mitigation procedure. Setting a vital security measure includes clearly defining the essential limits relating to the security vulnerabilities, and assists with building up a game plan when vulnerabilities are experienced (Suryateja, 2013, p. 300). For instance, every realized weakness found with a “basic” or “significant” seriousness rating must be fixed with a predetermined time span.

Perform threat modeling

Threat modeling ought to be utilized in conditions where there is a critical security risk. As a practice, it permits security teams to make considerations, record, as well as talking of data safety consequences of strategies concerning their networked functional condition, as well as in an ordered design. Application a coordinated procedure of dealing with threat scenarios assists the security team efficiently and less costly, determine weak security points, identify risks from the threats, and afterward make Security include choices and set up proper mitigation mechanisms or procedures. An organization can apply threat modeling at the component, application, or system level, and this ensures maximum protection possible.

Establish design requirements

The SDL is regarded as confirmation exercises that assist engineers with implementing increasingly secure highlights, which means the highlights are very much built for Security. To accomplish this confirmation, builds as a rule depend on security highlights, for instance, cryptography, verification, and logging. Much of the time, choosing or executing security highlights has demonstrated to be entangled to the point that design or usage decisions are probably going to bring about vulnerabilities (Suryateja, 2013, p. 303). Along these lines, they should be applied effectively as well as with a solid understanding of the Security which they provide.

Define and use cryptography standards

With the increase of mobile as well as cloud computation, it’s fundamental to guarantee all information – including security-delicate data as well as management and information control – are protected from unauthorized access or alteration in transit or when they are being deleted. Encryption is commonly applicable in accomplishing this task. In most cases, depending only on the fundamental decision when utilizing any part of cryptography can be tragic (Modi, 2013, p. 565). In this way, it’s ideal for growing clear encryption principles, which indicates points of consideration on each component of the encryption implementation.

However, matters Encryption needs to be handled by the technical team. An incredible general recommendation is just to utilize industry-screened encryption libraries and guarantee they’re actualized in a manner that permits them to be suitably ousted in case of need arises.

Manage security risks from using third-party components

While choosing which third parts to utilize, it’s fundamental to comprehend the effect that a security vulnerability in them could have on the Security of the more broad framework into which they are coordinated. Having an exact stock of these parts, and an arrangement to react when new vulnerabilities are found will go far toward alleviating dangers (Hashizume, 2013, p. 5). Nevertheless, you ought to likewise think about other approval, contingent upon your association’s hazard resistance, the sort of components being utilized, and the potential effect of a security weakness.

Establish a standard incident response process

Coming up with an effective incident response plan is critical for tending to new attacks that can arise after some time, and your program ought to be made as a team with your association’s committed Product Security Incident Response Team (PSIRT). The incident reaction plan should:

• Incorporate who to contact if a security crisis happens
• Build up the convention for security servicing
• Be tried before it is used

Perform penetration testing

Pen testing is a security investigation of software systems that are carried out by skillful security experts who imitates the possible activities of an attacker. The goal of a pen test is to reveal potential vulnerabilities that are coming about because of various mistakes, framework design deficiencies, or other operational arrangement vulnerabilities. Pen tests regularly locate the widest variety of vulnerabilities (Chou, 2013, p. 79). In various circumstances, they are mostly carried out in conjunction with automated as well as manual code reviews to provide a higher level of analysis than could ordinarily be possible.

Comparison of the Company’s present and recommended security plan

By presenting institutionalized Security and consistent contemplations all through all phases of every activity, the organization can diminish the probability of vulnerabilities in their information as well as services, and abstain from a repeat of similar security mistakes. Likewise, security interaction all through the organization lifecycle will help with keeping up the proposed security measures. Operational Security Assurance practices ought to line up with the activities of the organization; this game plan will bring about less time and cost spent on triage and reaction sometime later, and give your clients the affirmation that your items are profoundly secure. Hence, adherence to the recommended security measures shall undoubtedly ensure the organization resources are safe and not vulnerable to security attacks, to the very least, have minimal vulnerabilities.

Conclusion

Defense in depth is the overriding theme – think about Security as a multi-layer, multi-vector concern. Threats come from places we don’t expect, and they can come with a strength that will surprise us. However, there is a various great deal of the security issues we face. One of the first steps we should take is assessing the potential or possible risks or threats which are likely to be experienced in a network infrastructure. It is also very essential to take into consideration underlying Security best practices to avoid security threats and to very least, limit their occurrence. Continuously updated machine learning algorithms help identify whether the latest threats are aimed at your resources. And it helps your organization mitigate risks. This paper has only a few of the protective mechanisms against network attacks. Security is a deep and complex topic, so whatever your cloud approach, ongoing security education is necessary.

References

Ansari, K. a., 2016. Profit maximization for geographically dispersed green data centers. IEEE Transactions on Smart Grid, 711(707), pp. 703-711.

Chaczko, 2011. Availability and load balancing in cloud computing. In International Conference on Computer and Software Modeling. 14(137), pp. 134-140.

Chou, 2013. security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology. 3(79).

Dahbur, 2011. A survey of risks, threats, and vulnerabilities in cloud computing. In Proceedings of the 2011 International conference on intelligent semantic Web-services and applications. Issue 3, pp. 1-6.

Fusaro, 2011. Biomedical cloud computing with amazon web services. PLoS computational biology. Volume 7.

Hashizume, 2013. An analysis of security issues for cloud computing. Journal of internet services and applications. 1(5).

Modi, 2013. A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing. 2(565), pp. 561-92.

Perez-Botero, 2013. Characterizing hypervisor vulnerabilities in cloud computing servers. In Proceedings of the 2013 international workshop on Security in cloud computing. Issue 4, pp. 3-10.

Rocha, 2011. The final frontier: Confidentiality and privacy in the cloud. Computer, 9(46), pp. 44-50.

Suryateja, 2013. Threats and vulnerabilities of cloud computing: A review. International Journal of Computer Sciences and Engineering. 3(300), pp. 297-302.

Yan, 2012. Security challenges in vehicular cloud computing. IEEE Transactions on intelligent transportation systems. 1(289), pp. 284-294.

Yang, 2011. Spatial cloud computing: how can the geospatial sciences use and help shape cloud computing?. International Journal of Digital Earth. 4(321), pp. 305-329.