¶ … gathered on the DOD
The tools and a description of the how they are used
What sort of attacks would work in this case? Give some examples and how you would carry them out
What social engineering and physical security aspects were discovered / devised? Give a detailed explanation
What methods could you employ to help secure these vulnerabilities? What suggestions would you make to the organization if you were a penetration tester?
Attack Project Paper
Over the last several years, the Department of Defense (DOD) has become the subject of cyber attacks. This is because of the information, which is possessed on their networks and the large turnover of people is exposing them to more threats. A good example of this can be seen with information compiled by the U.S. Department of Homeland Security. They found that the DOD is receiving a total of 10 million attacks per day. ("How Many Cyber Attacks Hit the U.S. last year," 2014) This is problematic, as it has the potential to create severe disruptions and a loss of sensitive information.
To address these issues a new strategy must be implemented. This involve analyzing the information which is gathered, the tools, the kinds of attacks that work, social engineering / physical security and the methods to deal with vulnerabilities. Together, these elements will illustrate the best avenues for preventing these kinds of attacks against the DOD.
The information that was gathered on the DOD
The various sources are showing how the DOD is vulnerable to a variety of cyber attacks. The most notable include: social engineering, password based, and Trojans...
Each one of them has been utilized in the past to disable their networks and make it difficult for personnel to access them. This exposes the DOD to major breaches, with hackers able to steal a number of classified documents in the process. (Insinna, 2013) To make matters, worse they are planning on rolling out their own version of 4G. This is supposed, to allow personnel to have access to greater amounts of information. However, the problem is that it exposes them to more threats with hackers being able to breach these devices and the information that is on them. (Roulo, 2013)
The tools and a description of the how they are used
There are a number of tools which are used by hackers to attack the DOD's network. The most notable include: social engineering, password based and Trojan types of attacks. Social engineering is when there is an attempt to use deception to gain access to information. This is achieved utilizing a number of tactics such as: cloning IDs or emails to tricking an individual into thinking it is from an important source. Once this happens, is when they can gain access to employee names, numbers or passwords. Password-based techniques are trying to break into the site through trying a series of user names and passwords. This is used in conjunction with social engineering or brute force to find methods that are successful. A Trojan is when a malicious email is sent to individuals inside the organization. The basic idea is to encourage them to open it and visit the link inside. This will enable the hackers to gain access to organization's information. (Amoroso, 2012) (Pelt, 2014)
What sort of attacks would work in this case? Give some…
