The attack experience that has been described is of a friend that was working for a small scale finance firm. The firm experienced a large scale ransomware attack earlier this year that led to the unavailability of the systems and the information that was present in the systems. The ransomware attack was given shape by using the networks as the agents of the threat and the reproducible malware got multiplied and impacted all of the computer systems that were being used in the firm. The impact resulted in the damage causing deterioration of the system availability and also led to the compromise on the confidentiality and privacy of the information.
The primary reason of the attack was the security vulnerabilities that were present in the computer systems and networks that were associated with the organization. There were security loopholes that were present which were utilized by the attackers and the ransomware was launched. The fix was done by using the patching and upgrade of the system along with reporting of the same to the information security bodies of the country.
The attack could have been prevented by using anti-malware tools and system monitoring tools that would have generated an alert at the first attempt of the attack itself.
Trojans are defined as the form of malware which allow the hacker or the attacker to have remote access to the system which is attacked. There is an executable file or a complier that is required to install Trojans in a particular computer system. These cannot multiply by themselves but can have extremely severe damages and impacts.
The damage that is caused by a Trojan attack is the compromise of the security and confidentiality of the information that is present in the system and applications that are attacked. The latest form of Trojan attacks is the Android based Trojans which make use of Android based mobile device as the platform and can lead to the damage along with enhanced probability of further cyber risks and attacks.
The sensitive information that is present in the mobile devices or the computer systems get compromised as a result. There can also be further damages that may be caused by a Trojan attack, such as, DNS server manipulation and many more. The security vulnerabilities are the primary reasons and causes of the occurrence of the Trojan attacks.
There may be security vulnerabilities and loopholes that may be present in a product or a service and the vendor may not be aware about the same. The attackers may get hold of this information and may cause the occurrence of other attacks taking advantage of these unknown vulnerabilities and weaknesses. Such attacks are termed as the zero-day attacks.
The security vulnerabilities are highlighted during the next round of validation and verification and may also be highlighted during the installation of the updates and the regression testing phase.
There have been many zero day attacks that have been observed recently. These include the Encapsulated PostScript (EPS) type confusion and restore use-after free along with SOAP WSDL parser code injection. There can be some significant damage that may be observed as a result of the occurrence of the zero-day attacks. It is because the damage intensifies with such occurrences. The targeted systems become liable to rectify the security vulnerability that gets highlighted with the occurrence of the zero day attack and also need to control the damage cause by the attack itself. These may have an adverse impact on the confidentiality and privacy of the information and can also lead to the overall system weakness.
The cause of the zero-day attacks are not pre-determined or known and get highlighted at the time of the attack itself. It is therefore, not easy to form the defense against such attacks. There are certain tools and techniques that can be used for the prevention and avoidance of these attacks comprising of efficient patch management along with the use and installation of anti-malware tools.
|
Bitdefender |
Norton |
McAfee |
ClamAV |
|
|
Starting Price |
USD 58 which can be availed for 3 devices for a period of one year |
USD 40 which can be availed for 5 devices for a period of one year |
USD 30 which can be availed unlimited for a period of one year |
It is an open source anti-virus |
|
Free Trial |
Expires after using the product for 30 days |
Expires after using the product for 30 days |
Expires after using the product for 30 days |
It is an open source anti-virus |
|
Anti-phishing and anti-spam |
Available in this anti-virus package |
Available in this anti-virus package |
Available in this anti-virus package |
Available in this anti-virus package |
|
Browser Protection |
Available in this anti-virus package |
Available in this anti-virus package |
Not available in this anti-virus package |
Not available in this anti-virus package |
|
Tamper Protection |
Not available in this anti-virus package |
Available in this anti-virus package |
Not available in this anti-virus package |
Not available in this anti-virus package |
|
Scripted Updates and Digital Signatures |
Available in this anti-virus package |
Available in this anti-virus package |
Available in this anti-virus package |
Available in this anti-virus package |
|
Vulnerability Scanner and Digital Shredder |
Available in this anti-virus package |
Supports vulnerability scanner but not digital shredder |
Available in this anti-virus package |
Available in this anti-virus package |
|
Cloud backup |
Unlimited |
25GB |
1GB |
N/A |
|
Unique features |
Safepay and startup optimizer |
Idle time optimizer and power saving mode |
Home network manager |
Command line scanner |
On the basis of the analysis that has been done above, the recommended product is Bitdefender as it comes with the latest security features to protect the system and networks from the security risks and attacks. There are many new forms of security risks and attacks that may take place in terms of the malware attacks, information breaches, network security attacks and likewise. Bitdefender is an anti-virus package that has the ability to handle these new forms of risks and attacks.
The one that is currently being used on a personal level is the same product and the experience has been pretty good so far. Bitdefender has made sure that the security of the applications and services is not impacted.
Hash function is a mathematical function which is used to change the numerical input value to a secure mathematical form. There are various hash functions and hash algorithms that are used. Some of the popular hash functions are message digest, secure hashing algorithm, RIPEMD and Whirlpool.
Message Digest 5 (MD5) is an upgraded version of Message Direct 4 (MD4). Security of MD5 is the major strength of this hashing algorithm. However, it is a bit slower than its predecessor. In the applications where a high degree of security is demanded, MD5 is the hashing algorithm that is most preferred.
Secure Hashing Algorithms are also known as SHA and there are different variations of this algorithm. The avalanche effect that is involved in the SHA includes the randomizing feature. SHA-256 is the algorithm in which a hashing string of 256 bits is produced.
RIPEMD is a hashing algorithm that stands for RACE Integrity Primitives Evaluation Message Digest. The algorithm provides the ability to make sure that longer hash strings are developed and implemented. RIPEMD-320 is an algorithm in which double string of the widely used RIPEMD-160. The speed of the algorithm is an issue in this case.
The latest release in the field of hashing algorithms is the Whirlpool algorithm. It is an algorithm in which 128 digit hexadecimal string is used and there have been many variations that have been done in this algorithm since its release. This algorithm is an advanced version of Advanced Encryption Standard (AES).
There are various processes and steps that are present in the key management life cycle. These phases or steps include creation, backup, deployment, monitoring, rotation, expiration, archival and destruction. Each of these phases is significant in the efficient management of the key.
The duration of the validity of a key depends upon a number of different factors. Some of these factors include the sensitivity of the data or information sets that are required to be protected. The length or the size of the data sets also plays a significant role in this decision. The duration of the validity of the key may also be impacted by certain unpredictable circumstances like a security occurrence.
Current and past instances of the key shall be adequately managed at the time of the expiration. The accountability of these tasks shall be on the key manager. The replacement must be done as per the pre-determined schedule and the expiration shall be followed by the processes of archival and destruction.
The organization is responsible for the key management and the organization. The users shall be informed about the certain practices that they must follow for the security of the key. It is the duty of the organization to make sure that all the steps in the key management life cycle are followed.
|
Cisco |
Juniper |
McAfee |
|
|
Rule-based/Application-aware |
This network firewall is Application-aware in nature |
This network firewall is Application-aware in nature |
This network firewall is rule-based in nature |
|
Stateless/Stateful Packet Filtering |
Supports both stateless and stateful packet filtering as per the need |
Supports both stateless and stateful packet filtering as per the need |
Supports both stateless and stateful packet filtering as per the need |
|
Costs |
|||
|
Features |
Advanced breach detection Security automation Time to detection Malware protection URL filtering |
Supports all cloud models Flexible option Advanced threat mitigation and routing |
Endpoint security Advanced encryption Internet Security Virus Protection Flexible configuration Ease of usage |
On the basis of the features and the nature of firewall, the recommended option is Cisco network firewall. It is because of the reason that breaches are the most common form of security attacks and this firewall option is providing an advanced protection for the same. There are also additional features and benefits that are included as shown in the table above.
Cloud computing will provide many benefits to the school and the work place. There will be benefits as described below:
There are many cloud vendors in the market. The two of the most popular include Amazon and Microsoft. Amazon has its cloud services by the name of Amazon Web Services (AWS). It provides cloud services such as cloud databases, data analysis, Big Data tools, Business Intelligence, digital marketing and many more. Microsoft has its cloud services by the name of Microsoft Azure as the cloud vendor. It provides a number of cloud models such as public, private or hybrid cloud and also supports cloud as a platform, service or infrastructure.
The use of cloud in school or the workplace would be feasible as the tools and techniques that are necessary for the implementation of cloud can be easily achieved.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download