Thwarting cybercriminals is not an easy task. However, companies, governments, and organizations have started to take parallel action to limit and discourage cybercriminals. The following are actions thwarting cybercriminals.
They are creating early warning system sensors and alert systems. The system is too costly, so, therefore, it is impossible to watch each network. Organizations only watch high-value targets because these high-value targets have more chances of experiencing cyber attacks.
They are creating complete databases of identified system vulnerabilities and attack signatures. Organizations distribute these databases over the globe to help prepare for and keep away from many common attacks.
We are establishing information security management standards for national and international organizations.
Sharing of cyber intelligence information between the organization and nations. Government agencies and countries now work together to share critical information about severe attacks to prevent similar attacks in other places. Several countries have organized cyber intelligence agencies to work together worldwide in warfare, especially in major cyber attacks.
They are making new laws to discourage cyber attacks and data breaches. These laws also have strict penalties for cyber criminals caught engaging in unlawful actions.
The following are the measures for thwarting cybercriminals and a brief explanation of each.
Vulnerability Database
The National Common Vulnerabilities and Exposure (CVE) was developed as a national database to give a publicly available database of all known vulnerabilities. CVE is a list of entries containing the identification number, description, and at least one public note for publicly known cybersecurity vulnerabilities.
Early Warning System
Cyber early warning systems (CEWS) aim to alert such attempts in their growing stages. The design and implementation of such systems involve many research challenges.
The Honeynet Project is an international security research organization investigating the latest attacks, developing open-source security tools to improve Internet security, and learning how hackers behave. It is an example of an Early Warning System. The project also provides a HoneyMap, which displays attacks in real time.
Share Cyber Intelligence
Sharing cyber information and intelligence is a technique to prevent hostile cyber-attacks. InfraGard is a partnership between the FBI and the private sector, which is an example of the widespread sharing of cyber intelligence.
ISM Standards
The ISO/IEC 2700 standards are an example of information security management standards. They are also called ISO 2700 standards. The ISO/IEC 2700 standards help organizations keep information assets secure, such as financial information, intellectual property, employee details, or information entrusted to them by third parties. They are the best-known standard in the family, providing requirements for an information security management system (ISMS).
New Laws
ISACA is a self-governing, nonprofit, global association that tracks laws related to cybersecurity. It is previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only.
These laws address personal privacy for the protection of intellectual property. These laws include the Cybersecurity Act, the Data Breach Notification Act, the Federal Exchange, and the Data Accountability and Trust Act.
Security Threats to network are an emergent problem for the individual as well as organizations in the whole world, and the security threats become worse and multiply day by day. Computer networks are necessary for everyday activities and both Individuals and organizations depend on their computers and networks.
Intrusion to these computers by an illegal person can result in a network breakdown and loss of data and work. Attacks on a network can be disturbing, resulting in a loss of time and money due to damage or theft of significant information.
The Intruders can enter the network through software vulnerabilities, guessing someone’s username and password, and hardware attacks. An intruder is an individual, commonly called a hacker or software, that enters a computer without authorization. When an intruder (hacker) successfully gains access to the network, four types of security threats may happen:-
Loss of Data and manipulation
When a hacker successfully enters someone’s computer, he destroys or alters data records. Examples include sending a virus reforming a computer’s hard drive and breaking into a records system to change information.
Information Theft
In this case, an intruder accessed the computer and obtained confidential information. The intruder used this information for different purposes and also sold it.
Identity Theft
The individual usually obtains the personal document on their personal computer. The intruder stole this personal information. Using this information, an intruder can get legal documents, make an unauthorized purchase, and apply for credit.
Disruption of service
If the intruder can’t get in, he tries to ensure that no one else can. This is the Dos (denial-of-service attack). This kind of security threat does not try to get information directly. Depending on which service crashes under the load, its effect can expose other previously protected resources.
Physical Security Threats
Physical security is another crucial aspect of network security. The elements of physical security must be dealt with in the organizational policy. Physical security threats have four classes:
Hardware security threats– this is a security threat related to hardware. It damages network devices, servers, and workstations.
Electrical threats—This threat concerns the input voltage. The voltage may be insufficient, spike, unconditioned, or loss of power.
Maintenance threats—This threat concerns poor handling of electrical components, poor cabling and labeling, and a lack of spare parts.
Environmental threats—Environmental threats are also significant. Temperatures that are too hot or cold and humidity that are too wet or dry are ecological threats.
To Limit the physical damage to equipment, make a security plan as follows:-
Lockup equipment
Prevent unauthorized access
Maintain electronic logs of entry and exits
Use security cameras
The figure below illustrates a general floor plan for a secure computer room for a network.
Defense Against Threats
In defending against network attacks, there are four sets of tools that will help you keep your network secure against unauthorized access, monitoring, and network attacks: management, firewall, encryption, and endpoint security.
Management
Management is the primary defense against network attacks. The following actions should be implemented in configuration management against network attacks.
Backup, Upgrade, Update, and Patch
The machines in the network should be running up-to-date because the latest update can provide more effective defence against network attacks. Whenever new malware is released, the operating systems need the latest update with the latest antivirus software. The best way to keep up-to-date against network attacks is to download security updates and patches from the operating system vendor.
The management needs to create a central patch server for critical security patches. All other systems must have access from time to time. Any required security patches not installed on a host are automatically downloaded from the server and installed automatically for user intrusion.
Backup is essential when defending against network attacks. Each computer should have the latest copy of the backup. All configuration files in your Operating Systems or Applications should have enough security.
Authentication, Authorization, and Accounting
Authentication, authorization, and accounting (AAA) network security services provide primary access control on a network device. AAA authenticates and controls access to a network; it also controls the users’ what they can do while they are logged in.
Passwords
The password is very important to protect network devices against attacks. It is important to use strong passwords rather than the default password or an easy password. For passwords, implementation follows the below steps.
Use a complex password, including uppercase letters, lowercase letters, numbers, symbols, and spaces, only if allowed.
Use a minimum of 8 characters password, preferably 10 or more characters.
Do not use common dictionary words for the password.
Avoid passwords based on repetition, number sequences, letter sequences, usernames, relative or pet names, and misspell words.
Do not use biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable information.
Change passwords often.
Do not write passwords down and leave them in precise places.
Following are examples of passwords
Weak Password
Amrick
Michel
Yasir
Nokia
Khan1975
1234567
Strong Password
P@12>fo<ur^1978
No ^^&34@fsc^hub
On Cisco routers and switches, leading spaces are ignored for passwords, but spaces after the first character are part of the passwords. The passphrase is a password that uses the space bar to create a phrase of many words. The passphrase is also a strong password.
Firewalls
A firewall is the most efficient security tool for protecting users from network attacks. The firewalls exist in between two or more networks, controlling traffic and preventing unauthorized access between them. End systems also use a personal firewall. The following are different techniques that use a firewall for filtering:
URL filtering prevents or allows access to websites using Keywords or URLs. Packet filtering uses a MAC address or IP address to prevent or allow access.
Application filtering – Prevents or allows access by specific application types.
State full packet inspection (SPI) – Incoming packets must be valid responses from internal hosts. Voluntary packets are blocked unless permitted particularly. SPI also recognizes and filters specific types of attacks.
Encryption
The administrator can use encryption as a defense against network attacks. It can give protection against eavesdropping as well as sniffer attacks. Internet Protocol Security (IPSec), Private Key Infrastructure (PKI), and Virtual Private Networks (VPN) can also secure a network against attacks.
Endpoint Security
Individual computer (host) system or device that acts as a network client, common endpoints are laptops, desktops, servers, smartphones, and tablets. Securing and preventing these devices from a network attack is the most challenging task for a network administrator.
Securing endpoints must have well-documented policies, and the employees must be aware of these rules. The employees must be trained for proper using the network. The policies also include the use of antivirus software and host intrusion prevention.
