Williams, P. A., & Woodward, A. J. (2015). Cybersecurity
vulnerabilities in medical devices: a complex environment and multifaceted
problem. Retrieved November 16, 2017, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4516335/
Winterfeld, S., & Andress, J. (2012). The basics of cyber warfare:
Understanding the fundamentals of cyber warfare in theory and practice. S.l.:
Ware, W. H., United States, & Critical Technologies Institute (Rand
Corporation) (1998). The cyber-posture of the national information
infrastructure. Santa Monica, CA: Rand.
Top Network Security Weakness. (n.d.). Retrieved from
Snedaker, S., & Rima, C. (2014). Business continuity and disaster
recovery planning for IT professionals. Waltham, MA: Syngress.
Rowland, C. H. (2002, June 11). Patent US6405318 – Intrusion detection
system – Google Patents. Retrieved January 12, 2018, from
Knapp, K. J. (2009). Cyber-security and global information assurance:
Threat analysis and response solutions. Hershey, Pa: Information Science
Klevinsky, T. J., Laliberte, S., & Gupta, A. (2002). Hack I.T:
Security through penetration testing. Boston: Addison-Wesley.
Graham, J., & Howard, R. (2009). Cyber fraud: Tactics, techniques,
and procedures. Boca Raton: CRC Press.
Bays, L. R., Oliveira, R. R., Barcellos, M. P., Gaspary, L. P., &
Madeira, E. R. (2015, January 27). Virtual network security: threats,
countermeasures, and challenges. Retrieved November 16, 2017, from
Basu, E. (2015, November 05). The Top 5 Data Breach Vulnerabilities.
Retrieved November 16, 2017, from
conclusion, cyber security is an ever evolving field in the IT world and it
isn’t one that will be easily slowed down. This is due to the pace of
technology coming out, only eleven years ago did we just get introduced to the
smart phone and that opened a whole new world to cyber security, so who knows
what the future actually holds. Now we have drones, self driving cars, and
other pleasure items that can be hacked and cause a plethora of issues among
society. Netflix has recently introduced a new series called Black Mirror that
shows the issue with all the technology that is coming out now.
talking about cyber security, vulnerabilities could be defined as weaknesses
that allow a threat to reduce a systems security (Graham & Howard, 2009, p.
30). Vulnerabilities of a network vary just as much as what goes into protecting
the network. Something as simple as having a complex password can go a long way
into protecting a work station from remote access. Organizations, businesses,
and governments around the world have to solve and prevent these weaknesses
while also maintaining the integrity of their entire infrastructure (Winterfeld
& Andress, 2009, p. 25). Hardware,
software, networks, location, and most importantly people play a very large
role in this subject (Graham & Howard, 2009, p. 80). Hardware is a unique
asset to protect because you are not only trying to protect the virtual
network, but you’re also trying to protect the physical machine as well. This
is said because you could have the greatest physical network security design
that relies on a combination of hardware and software, just for it to be foiled
because something overheated. Hardware is also very susceptible to physical
harm also like humidity, liquid, or dust (Graham & Howard, 2009, p. 52). The
location of a system can play a vital role. Questions like “Is the area
surrounding the network systems subject to hurricanes, tornadoes, flood, power
outages, and etc.?” (Snedaker & Rima, 2014, p. 25).
technique that is used to secure information
systems (Winterfeld & Andress, 2009, p. 38). Cryptography’s main purpose is
authentication and can be considered the first line of defense for cyber
security. Encryption of information is essential for those who want to try and
keep their information secured from those who do not have the need to know. Data
encryption is the key, but literary the “key” is the key (Winterfeld &
Andress, 2009, p. 33). Cryptography can be explained as person y wants to send
person z information without person x knowing anything about it. Now if person
x has hacked into the network and can see all the data being transmitted to and
from y and z, then encryption will help make it difficult for person x to see
it. That’s because it will take the information and follow an algorithm that
person z will have the key to decrypt. Since person x does not have the key
then all they will see is a bunch of information that makes absolutely no sense
to them because they do not have the key. Having a strong key is the literally
the key to having a good cryptographic system. Cryptography is defined by how
many bits the key has, the more bits the keys have the better it will be,
however just like Cyber security, there is no way of making a crackproof key. A
128-bit encryption is a perfect example of how long a key should be and how
difficult it should be to crack (Winterfeld & Andress, 2009, p. 35). A 128
bit encryption is by all means a great encryption length because it can take
possibly decades for somebody to crack that information, so by the time they
crack it the information within the message is more than likely null and
useless. Now it’s not just messages that can be encrypted, whenever you see the
https:// in front of a web address you will see that it has a lock which means
it is secured.
can be found in a variety of software programs related to cyber security.
Cryptography can be looked as a basis for securing information that needs to be
sent from one person or system to another. Cryptography is a mathematical
intrusion detection systems will alert the administrator upon suspicious
network traffic, intrusion prevention systems alert and try to stop the threat
(Rowland, 2002, p. 77). Intrusion prevention systems can be classified as a
higher evolution intrusion detection system, due to the fact they can both
detect and make the attempt to prevent the attack from occurring without having
to alert the technician about it. The best quality of the intrusion prevention
system is that it searches for common or known intrusion attacks throughout the
network and also unknown attacks as well (Rowland, 2002, p. 22). Intrusion
prevention systems can be more difficult to implement, but they are a step
above a simple IDS.
type of software that is used in cyber security is intrusion detection system
commonly referred to as IDS (Rowland, 2002, p. 60). Intrusion detection system
is the primary software that is most likely to be associated with cyber
security. The simplest explanation of what Intrusion detection system actually
does is pretty self-explanatory. Intrusion detection system specifically looks
for and analyzes signs of possible intrusions on a network system. Monitoring
traffic associated with the network it will then identify and alert the
information technology technicians about the attack in order to help secure
that weak point in the network. Intrusion detection systems look for known
suspicious activity and tracks them down (Rowland, 2002, p. 75). An intrusion
detection system tracks activity that is irregular in the computer network and
sends this information to the appropriate professionals to handle (Rowland,
2002, p. 63). It will alert the technician in a variety of manners depending on
the software being used.
of cloud programs or applications have very strong and secure servers, but that
still will not stop all threats 100 percent (Winterfeld & Andress, 2009, p.
90). The cloud is a newer technology
that allows users to save data onto a server that is located in another place. Most
users have the full faith and confidence that their information is safe at this
location as most of the time it is a company that runs these cloud services
such as Apple or Microsoft. Although there have been attacks on the cloud, the
information stored there is relatively safe, this is due to the amount of
public outcry whenever an attack succeeds on the cloud.
in the 2000’s when online gaming was becoming big due to the introduction of
Xbox Live, people would manipulate the network in order to help their team win
the game. This can be viewed as an attack on Xbox Live because they are
infiltrating the network in order to gain profit for themselves. Speaking from
experience there are also people who would phish information from people in
order to garner access to their account causing the other person to lose their
account. These are just forms of cyber attacks the can be overlooked because it
isn’t necessarily somebody going Hollywood and hacking into Xbox Live and
stealing other people’s personal information such as credit card and other
personal identifiable information.
switches can be useful to helping prevent a physical attack on the network,
what I mean by that is an attack that is done by simply plugging the attacker’s
own computer into the network. This can be prevented in numerous diverse ways
such as the command stickymac. Stickymacing a port on a switch just tells that
particular port on the switch to look for the mac address (the physical address
of the piece of hardware normally found on the network interface card). So when
the attacker plugs his computer into the switch the port automatically shuts
down preventing any attack on the network. Now obviously this can be
circumvented by spoofing the mac address of that particular hardware.
people who use the technology that are at risk aren’t always going to be what
most call computer whizzes, because most people don’t care how the technology
works, they just care that it does work. That’s why those who help implement
security measures are the proverbial Batman’s of the cyber world. Those who
wish to do harm know this and will prey on those who aren’t the most savvy with
technology and use their skills to attack the weak points of a network in order
to get into it and scavenge around for what they truly want. A good way at
looking how Cyber security can be viewed at is hardware and software. A prime
example of hardware relating to cyber security is something that is commonly
known as a firewall. Firewalls can come in a hardware form or software
depending on the intended usage. Hardware firewalls are going to be used on a
larger scale platform because that’s what it was designed to do, it was
designed to be the first line of defense in a large scale network such as that
of a business or even school. Multiple
cables can be used to connect these devices to the computer network so
communication can transmit between the devices (Winterfeld & Andress, 2009,
p. 46). The switches have the ability to operate at one or more layers of the
OSI model (Winterfeld & Andress, 2009, p. 50). What Winterfeld and Andress
are talking about here is how network switches can be a part of the network
security plan due to their ability to be a multi layered troubleshooting
there are a few aspects that will be covered during this paper. One of the main
topics to focus on is the technology that is involved with cyber security.
Another is weaknesses and primary vulnerabilities of security designs used
throughout the information technology world. How does cyber security affect the
world and what is the future of cyber security? Can we ever truly have a secure
network or are we doomed to being at risk at any given time.
security is becoming such a threat that it may be very well one of the top
priorities among governments worldwide. The hard part is keeping up with the ever-evolving
technology and the threats that can come along with it. Even today you see
people taping their webcams on computers because they’re scared of somebody
viewing them at any given time. Cyber security doesn’t just limit itself to a
computer and the internet however, mobile phones, even cars are at threat of a cyber-attack.
With the emergence of self-driving cars the threat of somebody being able to
take over the car has to linger amongst all those who help design the vehicle. You
hear all the time of something being the backbone of a particular system, you
can think of cyber security being the immune system of the network. It helps
protect the network from becoming sick or infected. All networks and data
should be protected at all costs because anything lost can be deemed harmful. Integrity
of the computer system is vital to the overall success of cyber security.
security is a challenge that everyone will need to overcome in today’s society.
Cyber security can be defined in a variety of ways. One example is that cyber
security focuses on the protection of computer networks and work stations from
unwanted access. Cyber security can be referred to as information security,
cyberspace security, or simply put computer security. Cyber security is one of
the many focal points amongst the information technology experts. Everybody’s
life can be defined as some sort of a virtual dimension, from paying bills
online to playing online video games. Cyber security has been the focal point
for the past decade but even today in 2018 there is still news of cyber
threats, this just goes to show that cyber security is an ever-evolving threat.
The threats can range from phishing attacks to even now another country
interfering with another country’s elections. The question isn’t how we stop
Cyber threats, because that is an impossible question to answer because there
will always be the threat. The question is how we prevent the easy attacks.
28 January 2018
American Military University
ISSC342 Operating Systems:
Hardening and Security