Preventing Cyber Attacks Technology is everywhere, which is evident in the everyday products that we as a society use such as computers, cell phones, global positioning devices, and the Internet. As technology expands and grows, so does the reliance and dependence on these types of products. But reliance and dependence are not the only things that technology brings.
Cyber attacks are a gradually increasing occurrence that is derived from technology; however, stopping these types of attacks before they occur is usually more difficult than can be expected, but is overall not impossible. The trick to averting such an attack lies in the programs and applications that one Uses for defense that recognizes, detects and notifies the user that an attack is imminent. This can be something as simple as a mallard and/or virus program to something more complex such as a firewall.
The purpose of this paper is to discuss what constitutes a cyber attack, examine the steps involved in a cyber attack, and determine how to prevent them, which was discussed in the article by Tony M. Domino entitled Cyber Attack Prevention for the Home User: How to Prevent a Cyber Attack (2009) and other sources. Cyber Attack: What It Is A cyber attack, also known as Cyber Warfare, is “an attempt to undermine or compromise the function of a computer-based system, or an attempt to track the online movements of individuals without their permission” (Weeklies, 2011).
To put it in simpler terms, a cyber attack is the targeting of something electronic to make them malfunction so that some type of reward can be collected. As mentioned in the first definition, cyber attacks fall into two basic categories: hose acts that are intended to collect information and those that are intended to do harm. Cyber attacks that are specifically carried out for the sole purpose of information gathering range from tracking the movements that a user makes to copying important documents contained upon a hard drive, while those that do harm usually involve monetary theft and disruption of services.
No matter what type of cyber attack is performed, it is usually done following a set of specific steps. Steps of a Cyber Attack Cyber attacks, although different in quality and quantity, generally follow a pacific path, as can be seen in Appendices A and B. This path contains basically seven steps (SANS website, 2009) and includes: Placement of Mallard on Trusted Websites, Client-Side Exploitation, Reverse Backdoor, Hash Dumping, Pass-the- Hack Attack to Pivot, Compromise of the Domain Controller, and Exfoliation.
In some instances, the path of a cyber attack can be shortened to five steps (Amah, 2010) and includes: Selection of Mallard, Social Engineering, Spoofing, Exploitation, and Exploration. Placement of Mallard on Trusted Website During this first step, the attacker places their own embedded code on n unsuspecting third-party website. The embedded code usually contains some type of manipulation code, which is opened during Step 2. Client-Side Exploitation During Step 2, the user unknowingly opens the attackers coding using some client-side program (media player, Microsoft Word, Adobe Acrobat Reader, etc. , which allows the attacker to gain entry into the user’s system. Reverse Backdoor In Step 3, the attacker’s manipulation code installs a shell backdoor on the user’s computer giving command access, which is masked as outgoing Internet information and is not recognized as anything out of the ordinary by the user’s really or network systems. Hash Dumping In Step 4, the attacker uses the backdoor created during Step 3 to install privileges onto the user’s system, which gives the attacker full system control.
Password hashes are then deposited for all accounts on the user system, to include an administrator account. Pass-the-Hack Attack to Pivot During Step 5 and using the password hash deposit from Step 4, the attacker uses a Windows pass-the-hash program to verify another Windows machine on the network, giving the attacker a second fully patched client system with full administrator privileges. Using the privileges from the first machine, the attacker then transfers the password hashes of all accounts onto the fully patched second machine.
Compromise of Domain Controller In Step 6, the attacker gains access to the domain controller system using the password hash from the secondary account thereby giving admittance to the domain controller using the pass-the-hack method. Due to the password for the administrator account being identical to the domain administrator account, the attacker now has complete control over all the other accounts and computers within the domain. Exfoliation During the last step (Step 7), which was not illustrated in either Appendix, the attacker collects any and all information desired and sends it to the Internet from the server.
Because the attacker has full domain administrator privileges, detection is almost impossible. Prevention Techniques While the basic flow of how most cyber attacks occur looks discouraging, almost if not all cyber attacks can be prevented. This requires the combination of at least one of the following prevention techniques; however, all are recommended: Risk Assessment and Identity of Weaknesses, Back-up of Vital Information, Anti-Virus Software and Firewalls, and Account Activity Monitoring (Waist ; Etcetera, 2011, p. And Redenbacher, n. D. , p. L). Risk Assessment and Identity of Weaknesses A Strengths, Weaknesses, Opportunities, and Threats (SOOT) analysis can be used to give a company a birds-eye view of their risks and weaknesses. This SOOT analysis should not be taken lightly and should include anything and everything that may be a factor in contributing to possible security breaches. Once a SOOT analysis is completed, it will assist a company in understanding where their problems lie and how best to respond to them.
Appendix C shows a generic SOOT analysis using Judder Fine Foods, a University of Phoenix virtual organization, as the example company (Apollo Group, 2006). Back-up of Vital Information Backing up information is not only good practice, but can save countless hours of time, manpower, and money. The best approach in doing this is to set up a regular schedule in which all important and sensitive files and information is backed up, either to the host system or to a separate hard drive.
This schedule can be done automatically either daily, weekly, or monthly and should be performed based on the needs of the individual or company. Anti-Virus Software and Firewalls Anti-virus software scans a computer for potential viruses before they can do harm; however, some viruses can be hidden in common actions such as pop-ups. While it is not imperative that the most recent anti-virus program be used, it is vital that all updates to that specific anti-virus program be installed. Additionally, the firewall should be activated.
This can be checked by clicking on the “Control Panel” button listed under the “Start” menu. Account Activity Monitoring All activity on an account (home user) or a network (company) should be instantly monitored to determine if unwanted action has been taken. When an action that is not recognized is discovered, immediate steps should be taken to determine where the illegal action came from, what the illegal action is attempting to do, and what the best course of action to take to stop the illegal action should be.
If unwanted activity is discovered and stopped before it becomes a huge problem, information is less likely to be stolen or damaged. Conclusion Cyber attacks are an ever growing problem, not only in the United States, but throughout the world. By utilizing some of the prevention methods listed in this paper, cyber attacks can be greatly reduced. Because the criminal element is always finding new and innovative ways to bypass security measures found on most computers and the Internet, individuals and companies alike must also develop better and more sophisticated programs to stop them.
