The management has asked you and your team to prepare a report to describe the p

Question

The management has asked you and your team to prepare a report to describe the potential mechanisms that can be used to steal digital information from LMJ-Ad. The report should focus on how client records and information as well as digital material (used in marketing campaigns) can be removed or taken.

List and describe at least 4 different mechanisms or devices and potential methods that can be used.

Explain the difference between an insider attack and an external attack.

Review the assignment scenario. Are you more likely inclined to suspect someone internal or external? Explain why.

Explanation / Answer

For many years, designers, developers, and evaluators of "trusted systems" for processing national security sensitive information have wrestled with issues about the ways hardware, operating systems, and application software can be used to establish covert channels in order to steal sensitive information.In fact, there are four different definitions of covert channels in the National Computer Security

1) In the broadest sense, a covert channel for communications is a way for someone to communicate with anyone else in such a way as to conceal the fact the communication is taking place.Steganography, which comes from the Greek words "steganos," or "covered" and "graphy," or "writing," can be used to establish covert channels between an insider and one, or more, external entities. Essentially, steganography is used to "cover" the "writing" so as to conceal its very existence. Modern use is called digital steganography.

2) In April 2006, the National Science and Technology Council released the Federal Plan for Cyber Security and Information Assurance Research and Development,2 which defines steganography as "the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message."

3) The plan states that international interest in steganography technology research and development has exploded in recent years and because of the potential for using digital steganography applications to establish covert channels for communications, these technologies pose a potential threat to U.S. national security.

4) It is highly noteworthy that the plan lists use of cyberspace for covert communication immediately after physical attacks against key data centers and communications nodes, particularly by terrorists, on the list of immediate concerns for the U.S. information technology infrastructure.

Information is being categorized, as confidential, sensitive and critical. There are automation tools for extracting and gleaning information. There are management solution products such as content management, knowledge management and document management for managing the collected information. There are different storage mechanisms for preserving information. Finally, on securing information,there are tools and techniques. In this white paper, we are to discuss about the three important types of information security, such as securing information from hackers, securing information while on transit and securing information stored in systems that can be lost or
stolen.

- Signature Detector
- Digital Steganography
- Remote Authentication Dial-In User Service
- Secure Socket Layer

The SSL protocol is used to provide secure access to Web sites via a combination of public key technology and secret key technology.Secret key encryption, also referred to as symmetric encryption is faster, but asymmetric public key encryption provides for better authentication so SSL, being a hybrid one, has been designed to benefit form the advantages of both. The SSL is being supported in almost all the current Web browsers and Web servers. SSL operates at the application layer of the OSI reference model. This means applications must be written to use it.

Securing a network consists of several crucial steps. The first and foremost one is devising a successful authentication strategy. One has to be sure the users trying to access resources actually are who they say they are. There are many ways to execute this authentication. In addition to basic structural elements such as credential input devices, demands on user data input, and layering of data validation, network authentication employs numerous methods and protocols to issue certificates and pass data packets back and forth.

Insiders vs. Outsiders

      Seventy-three percent of the breaches involved outsiders, 18 percent resulted from the actions of insiders, with business partners blamed for 39 percent.the percentages exceed 100 percent due to the fact that some involve multiple breaches, with varying degrees of internal or external involvement.

      "The relative infrequency of data breaches attributed to insiders may be surprising to some. It is widely believed and commonly reported that insider incidents outnumber those caused by other sources," the report states.

The whole insiders vs. outsiders debate has always been one of semantics more than anything else. If you count by attacks, there are a lot more outsider attacks, simply because there are orders of magnitude more outsider attackers. If you count incidents, the numbers tend to get closer: 75% vs. 18% in this case. And if you count damages, insiders generally come out on top -- mostly because they have a lot more detailed information and can target their attacks better.

The insider attack is already an authorized use.Insider acquires privileged access.exploiting bugs in privileged system programs.exploiting poorly configured privileges.Install backdoors/Trojan horses to facilitate subsequent acquisition of privileged access.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.