(Solved): network security...
Security Paper Instructions and Grading Rubric
You are to write a research essay on an approved computer security or privacy topic (see page 3 for a list of approved topics). Your essay must include a work cited page for any information that you find from at least three sources (your book can count for one source). If you choose to use internet sources, they must be cited correctly. The specifications for the paper are listed below. All essays will be run through a plagiarism checking software. If any portion of your paper is copied directly from an internet source or copied from another student, I will take action as deemed appropriate according to the Academic Dishonesty portion of your syllabus.
• You can submit the paper only once
• No late papers will be accepted
• The paper must be submitted in a Word, pdf, or GoogleDoc format
Word Document – Written Essay
• Length: Must be at least 3 full pages but no more than 6 NOT including the cover page and works cited page (that mean at least 3 pages of written text).
• References: You should have at least 3 sources and they need to be referenced according to APA rules.
• Title page: Your header will appear on the first page only (cover page) in the upper-left header and contain the words “Running head: TITLE OF YOUR PAPER”. Following pages will only contain the title of your paper in the upper-left section of the header. The page number should appear in the right section of the header and not appear on the first page. In addition, the title should appear centered horizontally and vertically on the page. The title should be your own unique name for your paper, not just the topic of the essay. Under the title you should have your name and the name of the college.
• Font: Times New Roman, 12pt.
• Spacing: Double spaced, with no extra spacing between paragraphs
• Margins: All margins set to 1”
• Works Cited Page: This page should appear on a page of its own at the end of the essay. No separate document or file will be accepted.
• No abstract is needed for this paper.
The formatting of this paper follows general APA formatting. If you need further information on how to set up a research paper using APA format you can go to: Purdue University Online Writing Lab-General APA Guidelines (opens new window)
Below is a list of approved topics for your security paper. If you would like to write about another topic on computer security, please email your instructor prior to writing the paper for approval. Unapproved topics will receive a grade of zero (0).
1. Ransomware: What is it? Examples and prevention.
2. What security vulnerabilities does Bluetooth technology pose/
3. How does encryption help computer and network security?
4. Biometric security
5. Describe at least 4 measures that help make passwords more secure, e.g. length, complexity, one-way hash, lockout, frequency of change, pepper, etc.
6. What is two-factor authentication?
7. Tips to making secure financial transactions online and preventing financial fraud
8. Social engineering: what is it? Examples and prevention
9. Safe use of consumer devices such as baby monitors, voice-activated devices, etc.
10. Phishing: What is it? Examples and prevention.
11. How do patches and updates prevent hacking?
12. Review 3 top antivirus software packages
13. Describe the security concept of “layers of defense”.
14. Describe the security concept of “CIA Triad”.
15. Are computer keyboards and webcam vulnerable to computer attacks? If so, how and what can be done to reduce the vulnerability.
16. Describe 3 of the most damaging and widely publicized incidents of hacking that resulted in the theft of personal data and/or financial loss.
17. Describe 3 methods to secure your home network.
18. Describe 3 current U.S. laws related to computer security
19. Describe a honeypot or honeynet.
20. Rootkit. What is it? Examples and prevention.
21. Scareware. What is it? Examples and prevention.
22. Describe DoS and DDoS attacks.
23. Describe the role of computer and data backups in security and 3 good methods of completing backups.
24. Describe a data breach and what companies can do to prevent it.
25. White hat and black hat hackers: who are they?
The need for computer security is increasing each day. New applications that threaten the computer security are developed each day. The applications greatly impacts on the computer performance on top of interfering with data. These applications are classified as malwares a short form of malicious software. Malware applications have the ability to steal data, damage devices and cause chaos in organizational systems. Up to this day, a number of malwares have been identified and they include viruses, ransomware, Trojans and may more (Regan, 2020).
Malware programs are created by people who work as a team or individually and there are a number of reasons behind the development of the software. The first reason is money. The destruction caused on information systems by malware programs sometimes can create a very big impact and once a system has been attacked, the owners of the malware will have no choice other than paying money to the creators in order to remove it. Ransomware for example uses a form of blackmail to extort money from organizations. When a ransomware gets access to information, the owners will demand to be paid in order not destroy or expose the information. Some other malware programs are able to crack login details to financial systems and they use them to steal money. Other than for money, some malware programs are created for the purpose of protesting against the government’s policies, war or any other evils committed to the citizens by those in authority (Regan, 2020).
Malware work in different ways and one way of removing or preventing them is by understanding their mode of operations. Some malware have a number of similarities in their mode of operation but there is always that one feature which will be able to differentiate one from the other. Some malware programs are quite complicated to deal with because of the nature of their structure while others are quite simple to remove.
The most popular malware that many organizations do deal with most of the time is the ransomware. It is one of the biggest security problem that computer users are facing these days. Ransomware is a malware that gets access to a computer and starts displaying messages either as popups or any other form demanding for money (ransom) for the computer to start working again. Basically a ransomware holds a computer device hostage until a certain feel has been paid. Some ransomware work by locking computer systems or the data in the systems. They will continue locking the systems until the time a ransom is paid(Palmer, 2020).
Mode of operation
There are two modes on how ransomware operate and the methods are derived from the types of the ransomware which are the crypto and locker ransoware. The encryption method of operation enables a ransomware to encrypt computer files and folder and this prevents a user from accessing them. The second mode is by locking the device or the entire network. Therefore a user will not be able to access the device until he or she has paid the ransom demanded by the cybercriminal.
Types of ransomware
There are a number of ransoware that have emerged in the recent history. One of them is the Clop ransomware. The first incident of Clop ransomware was reported in 2016. Since the first incident, no serious incident was reported until 2019 when more serious attacks with high impact were reported. The attacks by this ransomware have been over times linked to a specific group that has been using the same method of attack which is like the very first one. There mode of operation is very simple. The first get infiltrate an organization systems and get hold of the information which they believe is the most critical such as the financial records, data backups and others. After they are done, they will send information to the company that they have got the information and will demand for ransoms and will initiate a ransom negotiation process. They will go on threatening that without a ransom, they will leak the information ("Cyber Swachhta Kendra: CLOP Ransomware", 2020).
Clop ransomware is spread by updating a software using fake updates. This means that a computer will have a genuine software which will request for updates but the updates that the software will download are fake. The updates will download with a clop ransoware (Bracken, 2020).
Another example of a ransomware is Locky. This ransomware was released in 2016 by a group of organizaed hackers. The ransomware has the ability to encrypt more than 160 types of files. Locky more often is spread by tricking computer users to make installation of the ransomware which is sent in form of an email attachment. This kind of transmitting a ransomware is named phishing and it is a type of social engineering ("What are the different types of ransomware?", n.d.).
In 2017, a ransomware called WannaCry spread and attacked computer systems in over 150 countries. The ransonware is designed to take advantage of the security vulnerability in Windows operating systems. According to some rumors, WannaCry was developed by United States National Security Agency and allegedly got exposed to the public by Shadow Brokers Group. Globally, WannaCry affected over 230 computers ("What is WannaCry | Ransomware Attack Examples | Imperva", 2020).
Bad Rabbit is another example of a ransonware. Bad Rabbit attack was experienced in 2017. The ransonware spreads using a “drive-by” attack. This is where websites that are insecure are targeted to and they are used to carry out most of the attacks. In a drive-by attack, a user will visit a site which is genuine but the website is compromised by cybercriminals because of its insecurity. Drive-by attacks do not require any action by the victim. Browsing a compromised website is enough to install the malware ("What are the different types of ransomware?", n.d.).
Protecting computers against ransomware
Some ransomware attacks can be accidental but it is important to protect devices and computer systems against preventable attacks. The first method of preventing is by installing genuine software. Software that are not genuine most times can easily request for updates from unsecure websites which will increase the computer risks. The second method is to ensure that any email attachment you receive has been scanned before opening it. It is important that one does not open an email attachment with a file type that is not recognizable. While browsing it is important that one does not click on unverified links because they may be having the ransomware embedded there. Finally it is important that when doing downloads, users only download from verified sites ("Tips on how to prevent ransomware attacks", n.d.).
The cost of ransonware attack outweighs the cost of preventing. Sometimes a ransomware can stop operations in an organization for several days. Once attacked, there are high changes of another attack because the attacker understands the vulnerability of your system. Therefore individuals and organizations need to invest in security systems that can be able to detect malware in a fast way and prevent them as much as possible.
Bracken, B. (2020). Software AG Data Released After Clop Ransomware Strike – Report. Threatpost.com. Retrieved 29 October 2020, from https://threatpost.com/software-ag-data-clop-ransomware/160042/.
Cyber Swachhta Kendra: CLOP Ransomware. Cyberswachhtakendra.gov.in. (2020). Retrieved 29 October 2020, from https://www.cyberswachhtakendra.gov.in/alerts/ClopRansomware.html#:~:text=In%20most%20cases%2C%20Clop%20is,to%20carry%20out%20the%20attack.
Regan, J. (2020). What Is Malware? How Malware Works & How to Remove It. What Is Malware? How Malware Works & How to Remove It. Retrieved 29 October 2020, from https://www.avg.com/en/signal/what-is-malware#:~:text=The%20term%20malware%20refers%20to,tool%20like%20AVG%20AntiVirus%20FREE.
Tips on how to prevent ransomware attacks. www.kaspersky.com. Retrieved 10 November 2020, from https://www.kaspersky.com/resource-center/threats/how-to-prevent-ransomware.
What are the different types of ransomware?. www.kaspersky.com. Retrieved 10 November 2020, from https://www.kaspersky.com/resource-center/threats/ransomware-examples.
What is WannaCry | Ransomware Attack Examples | Imperva. Learning Center. (2020). Retrieved 10 November 2020, from https://www.imperva.com/learn/application-security/wannacry-ransomware/.
Palmer, D. (2020). What is ransomware? Everything you need to know about one of the biggest menaces on the web | ZDNet. ZDNet. Retrieved 10 November 2020, from https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/.