This paper examines three critical network security threats—denial-of-service (DoS) attacks, man-in-the-middle (MITM) attacks, and phishing—and recommends risk management strategies and controls to mitigate their impact. For each attack scenario, the paper applies risk mitigation, assignment, and acceptance strategies alongside technical, administrative, detective, preventive, and corrective controls aligned with NIST SP 800-30 and ISO 27005 standards. Recommendations include hardening systems, implementing intrusion detection and prevention systems, deploying encryption protocols, enhancing employee training, and establishing ongoing risk assessments and business continuity planning to reduce organizational vulnerability and liability.
The impact of a denial-of-service (DoS) attack on the production server and other production devices was high due to multiple security breaches. The assets affected include loss of data, loss of revenue, loss of employee productivity, and damage to the company's reputation. The security breaches also cause CIA (Confidentiality, Integrity, Availability) violations, specifically loss of availability and integrity. The likelihood of this DoS attack and other types of DoS attacks happening again is high due to the nature of DoS attacks themselves. Any non-secure or under-secured devices connected to the internet are prime candidates for all types of DoS attacks. The DoS attack exploited several vulnerabilities in the security system across administrative, technical, detective, preventive, and corrective control categories.
To reduce DoS attacks and prevent future DoS attacks, the first immediate risk management strategy is risk mitigation. Risk mitigation responds to DoS attacks through the implementation of targeted controls. DoS attacks can be immediately eliminated and reduced by implementing technical controls such as hardening processes, configuring and verifying configuration tables with rules, updating hardware devices and software with the latest patches, and deploying both network and application-level protections. The installation of updated anti-malware software on both client and server operating systems, combined with penetration testing, ensures that all existing device vulnerabilities—including backdoors, unneeded ports, services, and bugs—are detected and remediated. Additional technical controls include installing a warning system consisting of an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS).
Detective, preventive, and corrective controls also play vital roles in reducing DoS attacks. A detective control such as an IDS helps detect DoS attacks by identifying the signatures of DoS patterns or unusual system and network behaviors. A preventive control such as an IPS stops detected DoS attacks from entering the network, while corrective controls such as backup systems and removable media enable re-installation of the operating system and recovery of lost data. Administrative controls prevent future DoS attacks through scheduled maintenance documentation, implementation of documented procedures, and enforcement of security policies. This ensures that all policies and procedures are documented and consistently followed, that countermeasures are defined and supported, and that scheduled risk analysis, employee training, certification, and compliance policies are in place and current.
Due to CIA violations causing data loss and revenue loss, the risk assignment strategy will be used to insure against the data loss and revenue loss, transferring some of the company's liability to insurance carriers. Risk acceptance applies if data and revenue loss exceeds the liability insurance coverage, meaning the company is accepting the residual risk. Recommendations for these strategies and controls include not only reducing and stopping most DoS attacks but also reducing the company's liability, training both technical and non-technical employees on security best practices, maintaining a scheduled method of identifying new risks, and always testing new systems before putting them into production. Keeping anti-malware and security patches up to date is essential for ongoing protection.
A man-in-the-middle attack targeted the database server and the database administrator's (DBA's) client. The attacker deceived the DBA into supplying credentials by using a fraudulent technique called phishing. The attacker sent an email that appeared to come from a legitimate source—the company's DBA department in California—requesting the DBA provide email, user ID, and password information to update their email account. Once the DBA provided this information and sent it back, the attacker established a connection with the webserver and began intercepting the DBA's messages before forwarding them to the database server. Similarly, messages sent from the database server were intercepted by the attacker and then relayed to the DBA. As a result of this security breach, data was stolen, and the company was initially unaware of how long the attack had been ongoing. The impact was high due to CIA violations of confidentiality and potentially data integrity.
To reduce man-in-the-middle attacks and prevent future occurrences, the first risk management strategy is risk mitigation. Risk mitigation responds to man-in-the-middle attacks through targeted controls. These attacks can be reduced immediately by implementing technical controls such as shutting down unnecessary ports, deploying Secure Socket Layer (SSL), HTTPS, Virtual Private Networks (VPN), implementing Certificate Authority (CA) and Public Key Infrastructure (PKI) solutions. Administrative controls prevent future man-in-the-middle attacks through scheduled maintenance documentation, implementation of documented procedures, enforcement of security policies, definition and support of countermeasures, scheduled risk analysis, and employee training and certification programs.
Due to CIA violations involving stolen data and possible compromised data, the risk assignment strategy will be used to insure against these losses, transferring some of the company's liability. Risk acceptance applies if stolen data and compromised data exceed the liability insurance coverage, with the company accepting the residual risk. The combination of technical encryption, administrative oversight, and insurance coverage creates a multi-layered defense against man-in-the-middle attacks.
Phishing is a form of fraud and identity theft in which someone impersonates another person or organization over the internet. Phishing occurs when an attacker tricks a user into providing private information via email or instant messaging. It is frequently used in conjunction with man-in-the-middle attacks. The messages appear to come from legitimate sources such as banks or trusted companies. The email message may request the user to click a link asking them to update their account information. Once the user clicks the link, they are sent to a phony website where they are expected to provide private information.
The impact of phishing is high, especially when used in conjunction with man-in-the-middle attacks, and the likelihood of it happening again is high. To mitigate phishing, the following strategies should be employed: risk mitigation, risk assignment, and risk acceptance. The administrative control is being exploited by the attacker due to vulnerability in security awareness and procedures. This control should be reviewed along with its policy and procedures regarding the handling of confidential information, passwords, and user IDs. Organizations should recommend more training for the entire company, update and review the Acceptable User Policy and other pertinent documentation.
Training should focus on recognizing phishing scams, including identifying similar-looking characters in URLs. For example, attackers might use a "1" (one) in place of a lowercase "l" (letter L), creating URLs such as paypa1.com to mimic paypal.com. Attackers also exploit the site's security certificate, so users should pay close attention to where a link will send them before clicking it. If a domain name looks odd, users should not click the link. Instead, they should contact the legitimate website's customer service or technical support group to verify whether the link is valid. Some attackers purchase domain names similar to legitimate ones, such as "Walmartorder.com" instead of "Walmart.com," or use similar domain extensions such as "walmart.org." Users should avoid providing personal information when prompted by email or instant messages. If they believe a request is legitimate, they should call the company directly using a phone number obtained independently rather than from the message itself, and they should manually type the website address into the browser rather than clicking provided links.
Organizations should also contact the Anti-Phishing Working Group (APWG), a global pan-industrial law enforcement association focused on eliminating fraud and identity theft from email spoofing, and the Federal Trade Commission (FTC), which offers advice for consumers, provides email addresses for reporting phishing activity, and supplies forms for reporting identity theft. Risk assignment should be used to insure against damages incurred from phishing and man-in-the-middle attacks. Risk acceptance applies when damages exceed the liability insurance coverage, with the company accepting the residual risk.
"Overview of recovery planning and business continuity measures"
"Synthesis of findings and long-term security improvement strategies"
You’re 83% through this paper. Sign up to read the remaining 2 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.