Tuesday, December 10, 2019
Authentication Is A Vital Aspect Of Modernââ¬Myassignmenthelp.Com
Question: Discuss About The Authentication Is A Vital Aspect Of Modern? Answer: Introducation Authentication is a vital aspect of the modern technological landscape as most of the digital platforms are facilitated by personalised accounts and portals. This outcome forces users to use multiple authentication systems that are supported by many passwords which make their management a difficult undertaking. As a solution, OneLogin offers a one stop shop for managing logins into applications (Apps) and online sites. Now, even before mentioning the attack at hand, as a cyber-security expert one can foresee the problems with this systems if compromised, as it gives intruders the access needed to compromise multiple user systems (OneLogin customer)(Coldewey, 2017). In all, the company suffered a breach in its security systems earlier in the year where customers data was exposed. Furthermore, the intruders proceeded to compromise the operational structure of the companys system which affected the ability to decrypt data. To understand, how the operation structure of the system was affected, one needs to understand the foundation of the service offered. OneLogin uses a cloud infrastructure to store and manage its customers vital information such as usernames and passwords. This infrastructure is necessary owing to the extent of the services offered as they span over 44 countries and have over 2000 companies. Therefore, the cloud solutions increase the availability and mobility of resources. However, to ferry the said resources over the internet they are encrypted to unreadable formats which when supplied to customers is decrypted revealing the access details. Therefore, when the decryption facility was affected, this functionality was compromised plus the data exposed(Fiveash, 2017). How and why the attacked occurred In its official statement, OneLogin failed to outline the nature of the attack, only assuring the customers that investigations to the problem would be conducted. However, the worrying outcome of the attack was the steps outlined by the company, as they tried to secure the accounts used by their customers. The steps included the generation of new API (Application Program Interface) keys and OAuth tokens (the general system for accessing the accounts). Moreover, the organization also requested the customers to create new security certificates and recycle all security features within the OneLogin accounts. Finally, the customers were then asked to update their access passwords(OneLogin). A quick glance at these security precautions outlines the how and maybe the why the attack happened. For one, the hosting system used by the company must have been completely compromised to gain primary access or admin credentials which necessitated a complete change in functionalities. How? An independent observer highlighted that the intruders accessed the companys system by gaining access to a number of AWS keys, the cloud infrastructure used by OneLogin. Amazon Web Service (AWS) is a cloud solution that is used by multiple companies across the globe to host their services, and OneLogin equivalently hosted its services across its multiple platforms. Now, having acquired the access passwords/keys, the intruder then used them to access the overall AWS APIs through a subsidiary hosting service offered by an intermediary organization within the United States. The criminal then further created several infrastructure instances within the AWS to perform a general reconnaissance. It is through this assessment that the intruder viewed and accessed the database tables holding the customers access data i.e. the username and passwords(OneLogin). Why? The intruders were only able to access the company AWS infrastructure using a set of legitimate keys used by the organization which means there was an initial breach that was used to acquire the companys access passwords. However, since the organization failed to disclose the methods used to access them, speculations were used to answer the questions. For one, cloud infrastructures and solutions are known to have many security procedures that regularly exposes them to misconfiguration instances. Therefore, OneLogin could have failed to implement certain security procedures to safeguard the root access to the AWS servers which ultimately gave the intruders primary access. The second option is that of negligence where the systems admins exposed the set of keys used to a third party member who subsequently used them to trigger the attack(Barrett, 2017). Possible solutions Single sign-on (SSO) organizations are generally discouraged as they are a single point of failure if compromised. In essence, these systems like any other cyber feature will have multiple vulnerabilities and unlike other systems will have multiple assets that heavily exposes the users. Therefore as an isolation tactic, they are never used as they grant intruders an all access point to any assets owned by a user. So, the first and most important solution to the problem at hand is to avoid the service in general, other than for supplementary features that have minimal confidential information(Kerbs, 2017). Nevertheless, when used, several solutions exist more so to the supporting organization i.e. OneLogin. The company should reassess their security policy as it gave access to a third party member. In the future, the AWS infrastructure should have multiple check points before being deployed online. These points or access procedures would verify the applications used before they are deployed. Furthermore, the same system would help account for access, a functionality that helped contain the problem in this instance. Therefore, the existing intrusion detection systems should continue to be used as it helped manage the situation and even avoided any financial damage. On behalf of the users, they should regularly update their access procedures as outlined by the host company. Furthermore, they should never store their passwords using the automatic features available in web browsers(10 basic cybersecurity measures: best prcatices to reduce exploitable weaknesses and attacks, 2017). May ransomware attack One of the most troubling and extensive attacks occurred earlier in the year where millions of cyber systems users were attacked by a vicious malware program known as WannaCry. As a malware program, WannaCry is the complete definition of a ransomware as it was able to penetrate many systems throughout different networks demanding ransoms in exchange for restoring services. Furthermore, the malware was a complete revolution of the existing programs that had been neutralised using several vulnerabilities that they held. In comparison, WannaCry was quick and invisible to security protocols which made it difficult to contain it, in fact, it was only detected after the damage was done(Greenberg, 2017). The root or problem WannaCry started its attacks in May, where it affected thousands of computers worldwide using the internet connection. According to Kerbs (2017), the attack was witnessed in over 100 countries after its access methods were unveiled in the United States. Now, the access method was done using a vulnerability in Windows computer system, an outcome that was instigated by a rogue hack group called Shadow Brokers that gained access to NSA hack tools. Therefore, using the hack tools the intruders infected multiple cyber systems in an attempt to gain some financial returns(Gibbs, 2017). Who was affected and how According to Greenberg (2017), the heaviest attack was witnessed across 150 countries where approximately 200,000 systems were compromised. These systems failed to work for hours and some of them lost their content permanently as they were reconfigured to stop the spread of the malware. Nevertheless, some countries were more affected as compared to others, the likes of United Kingdom (UK), Russia, Spain and China. In the UK for instance, the ransomware viciously infected the medical industry to an almost crippling effect as many systems were compromised. To the medical personnel, the attack halted their work as it demanded a ransom of $300. Similarly, the patients and other affiliated users of the NHS (National Health System, UK) had to live with extended delays as medical records went missing(Sherr, 2017). On the other hand, Russia had to deal with a worrying possibility of losing a grip on its public systems including the Health and Interior ministries. Furthermore, the countrys railway system was affected and so was the private sector after an extensive attack targeted the banking industry. The same outcome was also witnessed in Spain as the countrys telecommunication and electrical industry was affected by the attacks on Telefonica (Spains second largest telecommunication company) and Iberdrola (electrical company)(Hern Gibbs, 2017). The attack method and steps The National Security Agency (NSA) was the root of the problem as their access systems provided the foundation of the intrusion. This organization holds several hacking tools or techniques that they use as cyber-weapons, among these tools was the Windows vulnerability witnessed in this attack. In the attack, the EternalBlue vulnerability was used where it accessed Window messaging blocks, through the server messaging block protocol (SMB). In all the SMB protocol can serve as an all access item if compromised, an outcome that was verified by the WannaCry attack. As a protocol, SMB will enable machines connected in networks to access, read and write files which facilitate the different functionalities of computers. Moreover, the same protocol will enable the same machines to request services and even resources through the connected networks(News, 2017). Now, WannaCry banked on this vulnerability to attack machines as an access to one computer gave complete access to the connected networks, in fact, the attack process was aided by the same systems that facilitated the operations of the networks. Attack procedure: At the start, the intrusion first targeted unsecured networks as identified by unprotected access ports. Through these ports, the malwares starter (stager) was uploaded into a machine while being encrypted. In the next stage, the encrypted file was decrypted and the malware activated to perform its illicit operations. Furthermore, while conducting its activities, the malware also scanned for other unsecured ports where it sent the starter program to start the process all over again. Therefore, at the end of the attack, a complete and self-replicating program was used to infect thousands of machines without any form of human intervention(McGoogan, Titcomb, Krol, 2017). Solution A strong reminder of why machines and networks should have secured ports at all time with the unused ports being deactivated. In most cases, networks are infiltrated because of the negligence witnessed in setting them up. Therefore, even though the malware was stopped by its own vulnerabilities, its overwhelming success was propelled by networks problems because the users failed to implement the best security features. In some networks, the users had rogue access points through their mobile devices which facilitated the malwares success as these devices lacked the necessary security countermeasures(labs, 2016). However, while outlining the solutions that might have been used to avoid the attack, one cannot overlook the contribution of the vulnerability exploited by WannaCry (EternalBlue). Windows like any other modern organization prioritised on system deployment as compared to the security features, which was verified by them releasing an update patch. Furthermore, the users of the said systems should have had adequate security procedures to detect the faults in the messaging blocks before they were exploited. Therefore, these organization should restructure their security policies to have procedures that continuously evaluate their access protocols, the ultimate solution to the problem(labs, 2016). References 10 basic cybersecurity measures: best prcatices to reduce exploitable weaknesses and attacks. (2017). WaterISAC, Retrieved 28 August, 2017, from: https://www.mamsb.org.my/wp-content/uploads/10_Basic_Cybersecurity_MeasuresOct20162.pdf. Barrett, B. (2017). Security News This Week: OneLogin Had One Very Bad Breach. Wired, Retrieved 28 August, 2017, from: https://www.wired.com/2017/06/security-news-week-onelogin-one-bad-breach/. Coldewey, D. (2017). OneLogin admits recent breach is pretty dang serious. Tech crunch, Retrieved 28 August, 2017, from: https://techcrunch.com/2017/06/01/onelogin-admits-recent-breach-is-pretty-dang-serious/. Fiveash, K. (2017). OneLogin suffers breachcustomer data said to be exposed, decrypted. Retrieved 28 August, 2017, from: https://arstechnica.com/information-technology/2017/06/onelogin-data-breach-compromised-decrypted/. Gibbs, S. (2017). WannaCry: hackers withdraw 108,000 of bitcoin ransom. The guardian, Retrieved 28 August, 2017, from: https://www.theguardian.com/technology/2017/aug/03/wannacry-hackers-withdraw-108000-pounds-bitcoin-ransom. Greenberg, A. (2017). The WannaCry Ransomware Hackers Made Some Real Amateur Mistakes. Wired, Retrieved 28 August, 2017, from: https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur-mistakes/. Hern, A., Gibbs, S. (2017). What is WannaCry ransomware and why is it attacking global computers? . The guardian, Retrieved 28 August, 2017, from: https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20. Kerbs. (2017). OneLogin: Breach Exposed Ability to Decrypt Data. Kerbs on security, Retrieved 28 August, 2017, from: https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/. labs, F. s. (2016). Ransomware: How to predict, prevent, detect and respond. F secure, Retrieved 28 August, 2017, from: https://www.f-secure.com/documents/996508/1030745/Ransomware_how_to_ppdr.pdf. McGoogan, C., Titcomb, J., Krol, C. (2017). What is WannaCry and how does ransomware work? The Telegraph, Retrieved 28 August, 2017, from: https://www.telegraph.co.uk/technology/0/ransomware-does-work/. News, B. (2017). Massive ransomware infection hits computers in 99 countries. BBC News, Retrieved 28 August, 2017, from: https://www.bbc.com/news/technology-39901382. OneLogin. (n.d.). May 31, 2017 Security Incident (UPDATED June 8, 2017). Onelogin block, Retrieved 28 August, 2017, from: https://www.onelogin.com/blog/may-31-2017-security-incident. Sherr, I. (2017). WannaCry ransomware: Everything you need to know. Cnet, Retrieved 28 August, 2017, from: https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.