Table of Contents
Question 1. 3
Software acquisition models. 3
Relationship between software acquisition and software within the company. 3
Question 2. 3
Policies, Process and Procedures Used in British Telecom company. 3
Issues Raised within the Company Handbook. 4
Question 3. 4
Information Security Strategic Plan. 4
Question 4. 5
Information system External and Internal Threats for British Telecom.. 5
How the British Telecom Company Manages Information Security Threats. 6
Security Assessment Process. 6
Question 5. 7
Access Control Strategy Analysis. 7
Rewriting the Strategic Plan. 8
Best Strategy to Be Used. 8
Question 6. 8
Proper Incident Management Strategy. 8
Implementing Strategy. 9
Question 7. 9
Brief Security Strategy for the company. 9
British Telecom Information Security Strategic Plan. 9
Software acquisition models
Software acquisition refers to the method related to engineering, funding, management, system deployment, integration and long-term software support. There are three models for software acquisition. Purchasing of software, customising of software and renting a software. In software purchase, an organisation acquires software from vendors, either by buying an existing product or paying developers for software development. Other businesses prefer running software which has been developed within the organisation hence custom-developed software. Finally, an organisation may prefer leasing software for a specified period.
Relationship between software acquisition and software within the company
British telecom Company (BT) uses software which is purchased or leased from different vendors. The company uses a Managed Security Service Provider (MSRP) software for managing the company services. The company has recently migrated to cloud computing by leasing a Service as a Software application which is responsible for data availability for the customers. BT company uses employee monitoring system software which had been customised within the company to monitor the company devices.
Policies, Process and Procedures Used in British Telecom company
Every company needs a toolkit that defines how it undertakes its activities, especially on security concerns. British Telecom company has a set of rules described within the handbook. Every company employee is expected to go through the company policies thoroughly to avoid unnecessary issues with the administration. The handbook is divided and implemented in five sections. The first section talks about the introduction. It defines the security strategy of the organisation, how the company is prepared, and the time it has used before the implementation of the security strategy (Feng, Chen, Feng, Li & Li 2019). The handbook introduction describes the strategic steps implemented.
The second section captures several factors. It involves the analysis of the security strategy being used and the policy statements of the security implemented. The section helps a stakeholder to understand the organisation precisely (Horne, Ahmad & Maynard 2016). It involves risk analysis and assessment in the company.it also has the legal qualifications and regulations for the company’s security.
The third section also encompasses several issues. It involves how the strategy is developed and how it is aligned to achieve the company’s security requirements. It also specifies the mission and vision of the company and how the strategy helps it achieve its security goals. The section has the business and strategy analysis that are aligned as per the performance measurements set by the institution (Azmi, Tibben & Win 2016). It encompasses the total costs that the institution used to implement the information security strategy. The section also contains the attributes to ensure that the business runs smoothly and with continuity of processes. It holds the key issues in strategy development.
The fourth section shows how the institution implemented the strategy. It encompasses organisational culture, organisational structure, and communication strategy implemented. It holds the plans and standards used, workforce, and actions committed. The fifth section bears the strategy reviews, along with all the tools that came in handy during the strategy implementation. The reviews are important in the implementation of the strategy (Tan & Yu 2018). They enable the strategy to be updated as per the requirements of the changing requirements and risks. the reviews made are analysed to determine whether key objectives of the company are met.
To monitor network security, British Telecom company strategy follows several attributes. All the network property and assets of the institution are identified. After that, the network security risks are analysed. The tradeoffs and network security are analysed in the handbook too. After that, a security initiative is developed (Dhillon, Torkzadeh & Chang 2018). The handbook defines multiple network security policies to be met. The handbook then gives the procedure on how the security policies were applied in the institution network architecture. A functional and technical network strategy is the result.
Issues Raised within the Company Handbook
Despite the company giving its employees handbook describing various policies and security procedures. There are a number of issues raised regarding access control limits within British Telecom Company. The handbook ensures that the institutional security strategy is optimised in all possible ways with the exclusion of defining how internal users and especially the staff members are obliged to do. There is no set standard for staff members to be limited within the security strategy. Every employee is granted the mandate to integrate into the security strategy, and the diversity of the matter could compromise the entire security strategy (Maynard, Tan, Ahmad & Ruighaver, 2018). The handbook guideline policies do not limit how an employee uses personal devices. An employee could use their devices, such as laptops, to do their tasks. The security strategy does not extend to personal devices, and the risk subjected by this is massive.
The handbook raised multiple legal issues. It describes the health and safety requirements. It also addresses the security vetting of the staff members. It also has a PESTEL analysis to determine if there should be a change in the legislation of strategy implemented (Tu, Adkins & Zhao 2019). It has the financial and cost policies used.
Information Security Strategic Plan
An information security strategic plan is the protocol that enables a company to evade, transfer, cherish or deny information risk that may arise in any format, from people, organisation activities, or tech ology used. An information security strategy is important as it is used to integrate the functions and company’s objectives. A security strategy bears several aspects to improve profits and costs after the implementation of the strategy (Atoum & Otoom 2016). The security strategy bears different securities. It has the well-defined security of people in the organisation that extends to the physical security of them. It has information security clearly defined in the company. It has protection against frauds and blackmails. It has process recovery and business continuity procedures. The strategy has crisis analysis, risk evaluation and management. The strategic security plan entails the corporate governance of the organisation.
Implementation of the company Strategic Plan
The company uses a corporate strategic plan to eliminate security threats and to enhance production in the entire company. It helps maintain factors such as information confidentiality, integrity, and enhancing consistency of the same (Atoum & Otoom 2016). The information security strategic plan is implemented via several steps. The first step is describing and designing consistent methods for the development of the strategy. The second is distinguishing threats that may occur and resolve them. The third step is the restraining resources that are used unnecessarily, such as increased execution time. The fourth is finding alternative architectures to implement the same strategy. The next step is about making rational decisions to deliver the required results. The next step is eliminating redundancy and focusing on the company’s core objectives (Layton 2016). The next step is managing human resources and outsourcing if the need arises. The final step is to unifying different company assets, data, information, and processes.
All these cannot be successful without gap assessment, customising the company’s business plan, and setting required standards. The gap assessment is the basic step to determine how information security strategy would be implemented. The company’s vision, mission, and processes should be analysed for possible loopholes. To implement the strategy needs the company to meet the ISO/IEC 27002 standard (Layton 2016). Setting a business plan helps to set the required security targets to be achieved.
Information system External and Internal Threats for British Telecom
Internal threats refer to threats which originate from within the company. On the other hand, an external threat arises from outside the organisation, such as natural threats or other cases such as a company employee operating from outside the company. The most common forms of internal information security threats include malicious cyberattacks, the company employees who are not patriotic to the company operations may decide to deliberately plant a malware program within the system creating havoc within the company (Akbal & Dogan 2018). In other cases, an attacker can gain access to the system by impersonating a company employee to stage an attack. Another form of internal information security threat is through social engineering. An attacker may target the company employees by exploiting their trust nature towards the organisation. Attackers can, therefore, gain vital information for the company such as network security keys which can then be used to stage other related attacks (Gasca-Hurtado et al. 2018). Employees can also provide their personal information through telephone or by clicking phishing emails which can then be used to stage other related offences.
Other accidental methods such as downloading off malicious content from the internet can be a threatening factor to the company data and information. This is a common issue since most employees spend most of their idle time surfing contents from the internet hence threatening data security. An employee can accidentally download a malware or virus application which can introduce destructive payload to the system.
On the other hand, the company faces several external information security threats. The company data centre is located in the United States. The region is subject to occasional hurricanes, floods and earthquakes. Floods or other related external threats can potentially threaten data and information stored within the data centres.
How the British Telecom Company Manages Information Security Threats
The security methodology used within the company ensures all threats which are most likely to affect the company are adequately assessed, and the correct mitigation strategy is implemented. Several steps are followed to ensure both internal threats and external threats are mitigated before the company data is compromised. The company corporate strategy plan incorporates the creation and overseeing IT Risk Management Program. The program ensures all the activities within the company are closely monitored, and any suspicious activity in the network is reported to the top management leading to necessary action to be taken as per the company policy and guideline requirements.
Security Assessment Process
British Telecom Company uses the following risk assessment methodology to identify and mitigate risks: (a) characterisation (b) threat assessment (c) vulnerability assessment (d) risk evaluation and (e) risk treatment as shown below.
Access Control Strategy Analysis
The access control strategy is built on technology, requirements and implementation. There are different access controls which have been adopted within the British Telecom Company such as Attribute-Based Access Control (ABAC), Role-Based Access control, mandatory access control and discretionary access control. The organisation has implemented role-based access control (RBAC). Access control within the company is dependent on the responsibilities and roles of an employee operating within an organisation (Sandhu, 2016). Employees working as engineers can only modify their data and information. The restriction is highly made on accessing other essential and confidential data such as production and project level data (Sandhu, 2013). The role of financial and HR databases is only accessible by the Human resource managers. Due to high employee turnover experienced within the organisation, security is only reinforced using the various roles and responsibilities given to employees. Top executive, however, has root access to all system operation. The company access control strategy can be employed using the following conception framework.
Figure 4-3. A Role-Based Access Control
Rewriting the Strategic Plan
If the British Telecom company’s strategic plan was to be rewritten, the modification could be done on operational continuity section. The company should instead focus on developing a robust system which ensures monitoring of the network traffic within the company. The system will be able to identify any suspicious activity happening within the company. This will include the employee queries to the internet and identification of any remote device trying to connect to the network.
Best Strategy to Be Used
The best strategy for the company to use in this case, would be a proactive model. The proactive approach ensures relevant action is taken towards a specific malicious activity, or recovery method is immediately incorporated, and the system is restored to its operational state (Osborn, Sandhu & Munawer, 2010).
Proper Incident Management Strategy
The best incident response strategy in the British Telecom Company can be achieved by increasing the stakeholder’s awareness of security concerns within the organisation. Due to high employee turnover, enhancing the role-based security measures can be put in place. The employees should be made aware of physical computer theft and ensuring all the activities carried within the organisation are by the company guidelines and principles. This will ensure all the human resources within the company activities are regulated at all levels ensuring accountability on the roles and duties as assigned to the individuals. Most security threats occur due to the presence of faults in policy implementation. If an employee is made aware of specific regulation regarding the company’s data security, they are likely to abide by the rules and practice the relevant preventive measures which ensure the safeguarding of the overall system.
Implementing the Strategy
Implementing incident management strategy depending on the employee roles and responsibilities will be a thorough developing policy which ensures all the company employees signs an agreement term towards security implementation strategies set in the organisation. Any employee joining the organisation will be expected to sign the agreement and take an oath of being accountable for any security breach resulting from their misconduct or security-related mistakes.
Brief Security Strategy for the company
British Telecom Information Security Strategic Plan
Mission Statement: The Information security office mission is designing, implementing and maintaining information security strategy aimed at protecting the organisation’s system, data and the various services against damage, loss, modification, information disclosure, and unauthorised use. The information security office tries to engage all the organisation activities establishing information strategy for the whole company operation.
The organisation recognises the fact that its data and information are critical aspects for the company and therefore, should be managed appropriately against any illegal access or compromised through negligence or exposing the company data to potential attackers. The company security strategy will be built on the following logical architecture:
Data Loss Prevention – all the initiatives made towards this objective will ensure reduction and protection against federally protected information, and information disclosure which may potentially result in data loss.
Services – all the initiative toward this measure provides increased security to essential organisation services.
Proactive risk management- the initiative developed under this method will ensure the overall protection of the company by providing awareness of the company human resource towards the likelihood of information assets and the vulnerability associated with company devices. Identify controls to reduce those risks, and understand what risks remain after any identified controls have been implemented.
Crisis and security incident management- this initiative will promote data recovery and company normal operational state in case an attack happens. The imitative will focus on data recovery techniques such as replication measures and other related methods which ensure the company running operations are not interrupted in case of a security breach.
Akbal, E., & Dogan, S. (2018). Forensics Image Acquisition Process of Digital Evidence. International Journal of Computer Network and Information Security, 10(5), 1-8.
Atoum, I., & Otoom, A. (2016). A holistic performance model for cybersecurity implementation frameworks. International Journal of Security and Its Applications, 10(3), 111-120. https://www.researchgate.net/profile/Issa_Atoum/publication/299594967_Holistic_Performance_Model_for_Cyber_Security_Implementation_Frameworks/links/57016df408aee995dde8da02/Holistic-Performance-Model-for-Cyber-Security-Implementation-Frameworks.pdf
Azmi, R., Tibben, W., & Win, K. T. (2016). Motives behind Cyber Security Strategy Development: A Literature Review of National Cyber Security Strategy. https://ro.uow.edu.au/acis2016/papers/1/45/
Dhillon, G., Torkzadeh, G., & Chang, J. (2018, June). Strategic planning for IS security: Designing objectives. In International Conference on Design Science Research in Information Systems and Technology (pp. 285-299). Springer, Cham. https://link.springer.com/chapter/10.1007/978-3-319-91800-6_19
Feng, N., Chen, Y., Feng, H., Li, D., & Li, M. (2019). To outsource or not: The impact of information leakage risk on information security strategy. Information & Management, 103215. https://www.sciencedirect.com/science/article/pii/S037872061830702X
Gandhi, K. I. (2017). Perception-Oriented Model-Driven Development for Designing Data Acquisition Process in Wireless Sensor Networks. International Journal of Computer and Systems Engineering, 11(5), 552-557.
Gasca-Hurtado, G. P., Arias, J. A. E., & Gómez, M. C. (2018). Technique for risk identification of software acquisition and information technologies. In Global Business Expansion: Concepts, Methodologies, Tools, and Applications (pp. 1337-1352). IGI Global.
Horne, C. A., Ahmad, A., & Maynard, S. B. (2016). Information security strategy in organisations: Review, discussion and future research directions. arXiv preprint arXiv:1606.03528. https://arxiv.org/abs/1606.03528
Jayasimha, K. R., & Nargundkar, R. V. (2020). Impact of software as a service (SaaS) on software acquisition process. Journal of Business & Industrial Marketing.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press. https://books.google.com/books?hl=en&lr=&id=s80qBgAAQBAJ&oi=fnd&pg=PP1&dq=information+security+strategy+implementation&ots=eYko06krDy&sig=esqSyReAggpVAaAXagfSsvCpFyk
Maynard, S. B., Tan, T., Ahmad, A., & Ruighaver, T. (2018). Towards a Framework for Strategic Security Context in Information Security Governance. Pacific Asia Journal of the Association for Information Systems, 10(4). https://www.journal.ecrc.nsysu.edu.tw/index.php/pajais/article/view/491
Osborn, S., Sandhu, R., & Munawer, Q. (2010). Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security (TISSEC), 3(2), 85-106.
Richter, T., Baum, S., Böhmer, S., Klemenjak, S., Roettgen, A., Stich, C., … & Westerfeld, F. (2017). DIGITAL TRANSFORMATION IN HIGHER EDUCATION: SELECTION, TEST AND ACQUISITION OF A BUSINESS SUPPORT SYSTEM–EXPERIENCES FROM THE FIELD AND LESSONS LEARNED.
Sandhu, R. (2016, June). Access control: The neglected frontier. In Australasian Conference on Information Security and Privacy (pp. 219-227). Springer, Berlin, Heidelberg.
Sandhu, R. S. (2013). Lattice-based access control models. Computer, 26(11), 9-19.
Sen, S. K. (2017). Applying Quality Assurance in Software Acquisition and Development.
Tan, T. H., Maynard, S. B., Ahmad, A., & Ruighaver, T. (2017, July). Information Security Governance: A Case Study of the Strategic Context of Information Security. In PACIS (p. 43). https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1252&context=pacis2017
Tan, X., & Yu, F. (2018). Research and application of virtual user context information security strategy based on intelligent group computing. Cognitive Systems Research, 52, 629-639. https://www.sciencedirect.com/science/article/pii/S1389041718302894
Tu, C. Z., Adkins, J., & Zhao, G. Y. (2019). A Review of Information Systems Security Management: An Integrated Framework. https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1014&context=mwais2019
Yan, R., Jian, Y., Hao, L. C., Han, X. Y., & Tang, L. L. (2019, August). Research on Automatic Knowledge Acquisition Technology for Software Fault Diagnosis. In 2019 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (QR2MSE) (pp. 901-907). IEEE.
Table of Contents
Question 1 ……………………………………………………………………………………16
Most Typical Scenarios Leading to the Increased Exposure to DoS Attacks …………….16
Distributed Denial of Service Attack. 16
Application Layer DDoS Attacks. 16
Advanced Persistent DoS. 16
Denial of Service as a Service. 16
Banana attack. 16
Strategies to Incorporated into the British Telecommunications’ Information Security Strategy………………………………………………………………………………………….17
Securing the hardware. 17
Encryption and the backup of data. 17
Having cyber-security insurance. 17
Creating a security-focused workplace culture. 17
Educating the staff on the dangers of using/accessing unsecured networks. 17
Avoiding the use of work devices on unsecured networks. 18
Password sharing should be discouraged. 18
Restricting network administrator rights. 18
Continuing to educate the employees. 18
The use of a robust firewall and antimalware software. 18
Infrastructure Measures of Protection (Preventive Approach)………………………………18
Mechanisms to Mitigate Denial of Service Attacks (Reactive Approach)…………………..19
Using Access Control Lists (ACL) 19
The use of Rate Limiting. 19
Combining the Access Control Lists and Rate Limit features. 19
Automatic Command Insertion using SSH.. 20
Policies and Standards that are to be Put in Place to Either Control or Prevent Denial of Service Attacks……………………………………………………………………………………21
Recovering Deleted Files…………………………………………………………………………22
Extracting Used Passwords……………………………………………………………………….26
Most Typical Scenarios Leading to the Increased Exposure to DoS Attacks
Denial of service attack is where the hacker makes the network resources not available/unavailable to the users by disrupting the services of the computer connected to the internet. (Arce, 2004, p. 18). The different DoS that British Telecommunications can face include the following:
Distributed Denial of Service Attack
This is a large scale sensor where the hacker that is to refer to a black hacker, in this case, uses several unique Internet Protocol addresses from thousands of hosts that are infected with malware.
Application Layer DDoS Attacks
The application layer is layer seven of the OSI model. Here the attacker targets the processes that take place in layer 7 by disabling all those functions.
Advanced Persistent DoS
These are threats that are persistent for long periods say, a month or even more. Here, the hacker creates a diversion to evade defensive Distributed Denial of Service countermeasures but aiming to attack only a single victim.
Denial of Service as a Service
Here, stress testing tools are used to perform unauthorised DoS attacks; hence they allow advanced and skilled attackers to access very sophisticated tools of attack.
This Involve the redirection of the outgoing messages from the clients’ back onto the client, thus preventing outside access and flooding the client with packets that are sent
This is also called permanent denial of service attack. This kind of attack causes irreversible damages to the system that it may not function again; thus, a replacement of the system with a new one is required.
Strategies to Incorporated into the British Telecommunications’ Information Security Strategy
Securing the hardware
All hardware devices in British Telecommunications should be protected with complicated passwords, and the password should be with the user of the device/hardware only. The password should be memorised and not written on a piece of paper as it could fall into the wrong hands.
Encryption and the backup of data
Data encryption and backup consist of two elements of strategies, namely preventing access to sensitive data and making sure that you render the data useless in case it falls into the wrong people/ hands. All sensitive data should be encrypted, and the encryption software should be updated all the time. Finally, backing up data and keeping them far away or separately is another way of preventing security breaches.
Having cyber-security insurance
Cybercriminals are tirelessly working, and in case they hack the company’s computer/ system, the loss incurred is enormous. Thus, somehow by insuring your systems and data will help mitigate these losses. Seeking the best specialist for advice on the cybersecurity insurance selection will help minimise the risk. The specialists will advise on the cybersecurity financial impact in case of such an event as a loss of data.
Creating a security-focused workplace culture
Most corporate employees do not know or understand how external threats have occurred and how their daily activities and actions leave the British Telecommunications vulnerable to these attacks. All corporate employees should be trained and educated to ensure that they use their devices carefully to provide sufficient security to British Telecommunications.
Educating the staff on the dangers of using/accessing unsecured networks
Corporate employees should be openly told not and never to use their devices for work while in the corporate buildings. Somehow, by having policies may not work sometimes; thus it is important to teach the staff how and when to use their devices while in the British Telecommunications’ offices to minimise these attacks on the British Telecommunications’ systems.
Avoiding the use of work devices on unsecured networks
Employees should be taught about the benefits of not accessing unsecured websites through the use of work devices. A breach of this rule will lead to cyber-attacks on direct and sensitive data stored in these devices; hence data will be stolen/lost.
Password sharing should be discouraged
Employees should be educated on the risks of sharing passwords or otherwise letting them log in using the Guest Account. Sometimes, the use of protocols to create temporary passwords for employees can also be used to minimise the sharing of passwords.
Infrastructure Measures of Protection (Preventive Approach)
Networking hardware devices such as switches, routers, nano – stations and even servers, should be protected from such attacks. Such attacks, like the Denial of Service attacks, may cripple the normal operations of the British Telecommunications. Software inside these networking devices should be updated automatically, as failure to do so will cause the hardware to be exploited for failures hence giving the attacker an easy way to access the system. It should be noted that once the attacker hacks the server, for example, then the entire British Telecommunications is under his control and sometimes all the British Telecommunications operations will be brought to their knees. This has an impact on the economy. However, companies using Windows Operating Systems should also be conversant enough e as follows these, control the Transmission Control Protocol Internet Protocol (TCP/IP) to prevent SYN flood attacks.
In case of Linux Operating Systems likewise, registers like SYN-Cookies, SYN-Cache and SYN-Proxy are to be set up. Normally, all of the above solutions are installed in separate devices because of their processing requirements. Web application firewalls should be implemented while hosting a website when the server is being set up.
Mechanisms to Mitigate Denial of Service Attacks (Reactive Approach)
Using Access Control Lists (ACL)
These are rules applied to a system to control permissions. The Access Control Lists can be applied to routers to check the incoming Internet Protocol packets. (Browne, 1972, p.6). Only when they satisfy the requirements, it is when they are allowed to pass. For example; there is a file with an ACL, and it contains (Carlister: read, write; Godfrey: read). This kind of ACL will allow Carlister to read and write the file while Godfrey will be given permissions to read-only. ACLs are usually table-like data structures that have entries to specify a single user or groups of users who have rights (Anderson, 1996, n.p).
The use of Rate Limiting
This uses or places a cap and sets up a traffic limit called the threshold to the network interface controller, commonly known as servers so that the server cannot be overwhelmed by too many packets. This prevents “permanent denial of service” attacks.
Combining the Access Control Lists and Rate Limit features
This method is effective as it stops ‘bad traffic’ and that is legitimate. For instance, allowing a web crawler that is not very demanding, and it comes from the Internet Protocol source could be legitimate to that specific crawler. Alternatively, allowing a single client that comes from the directors’ Internet Protocol and that file is already malware-infected, and by accessing it will cause Denial of Service attack? Access Control Lists that are advanced may provide a room of flexibility for the complex conditions. Combining any of these criteria or combining all of these criteria listed below will help:
- Source of Internet Protocol
- The rate limit which should include the specific types of content rate limiting.
- Hypertext Transfer Protocol header and response code
- The packet timeout interval and transaction
- The Unified Resource Locator
- Enforcement of the real browsers
If you want to configure the advanced access control rules, here are a few steps to follow:
Go to the web protection, then select advanced protection, then, select custom rule
Accessing the User Interface of this part, your administrators’ access account profiles should provide permissions to read and write in the category of web protection configuration.
Generally, only two issues can be done, but only one is chosen at a time. These two are listed below:
i). Creation of a new rule by clicking ‘Create New’
ii). Creation of a new rule based on predefined rules, then selecting the predefined rules you will want to use, and then finally you click Clone
After these, a dialogue box appears.
iii). When you want to clone predefined rules, a name should be entered for the new rule, then click OK.
In case you need to edit and review the rule settings, you will select the rule then click edit.
iv). After all, these are done configuration of the settings is already complete.
Automatic Command Insertion using SSH
By inserting the SSH to the router makes the network secure and much stronger and does not require updating while it is inserted. The following is a list of basic commands in SSH:
This kind of Command lists all the files and all the directories.
Cd means change directory. By typing cd and being followed by the directories name, you will be jumping between directories
Mkcdir means Make Directory. This kind of command is used to create directories or simply directories.
This kind of command creates new commands
r m Command
this command is used to remove directories or choose files
if you want to display contents of a file, the use the cat command
This kind of command is used to output the full paths of directories.
This command is used to copy folders and files.
This type of command is used to move folders and files. It does not copy them.
this is a type of command used to look for strings in the files.
it is a type of command used to search or find the files that have met certain criteria
they are used in text editors to open files
is used to display the commands that were used last.
when you want to clear all the text from the screen, use this command
this kind of command is used to extract or create.tar.gz files
this kind of command is for downloading or fetching files from the internet
du means Disk Usage. The above command is used to view folders and file sizes in specified directories.
Policies and Standards that are to be Put in Place to Either Control or Prevent Denial of Service Attacks
When companies fail to have policies document, drafting of procedures and processes, they are merely causing a serious mistake that has severe consequences in the future (Hamill,2005, p.469). Policies in an actual sense are high-level principles and requirements, and every department or British Telecommunications must follow as set out or stipulated by the British Telecommunications’ management. These policies could entail, documenting all the policies, procedures, and processes, as well as determining the current monitoring capabilities- the organisation. This will involve the company trying to find out if these policies, procedures and processes are being adhered to, and if each department is following them strictly and daily (Da Veiga, 2010, p.202).
During monitoring, the following questions should be answered; Is there a training curriculum for the new employees hired into British Telecommunications? If it is there, is it being followed and what is the response of the new employees towards the curriculum (Da Veiga, 2010, p.202). Further, the monitoring should answer whether these policies make part of the organisational decision-making process. Finally, British Telecommunications should have policies to determine if the training in existence is adequate while putting forth all the requirements controls and risks, dependencies and all the communication processes. Say, for example, a British Telecommunications has a policy documented on how to terminate IT access to a staff or employee who has resigned and wants to leave the British Telecommunications. (Dourish, 2002, n.p).
Procedures to be followed alongside other processes of terminating employment and monitoring activities should all be contained therein. The specific functions and objectives should also be outlined. (Evans, 2004, p.60). The inner workings of a business are so complex. Without principles and requirements that are very clear that defines the British Telecommunications’ direction and tone, then it’s difficult for even a smart Executive to understand it (Barford, 2010, p.9). Any corporate body that requires stronger policies, procedures and processes, it must first examine its executive management, the board of directors, and all other stakeholders across the entire British Telecommunications inclusive of its branches if any, and find out who can be involved in the effort of documenting. These documents if at all they existed, then reviewing of these documents should be done manually.
Recovering Deleted Files
After installing WinHex, the window appears as indicated in the screenshot below.
After installing WinHex, click on FILE and then select Create Disk Image as shown below:
After clicking Create Disk Image, the screen looks like this one below:
After clicking the OK button on-screen short 3 above, the screen looks as below:
The next screen looks like this.
Copies of Drive C are being copied.
After the file has been successfully copied as an image, it is the image that is then tested for the recovered files. After it is successful, you close the window and then on desktop, find WinHex and reload it again, now to find the recovered files (Bryne, 2006, p.9). The recovered files will appear at the bottom of the screen. In this case, the recovered files that were deleted were 200KB. We cannot recover more than 200 KB or rather 100 percentages when using this software.
Extracting Used Passwords
The windows operation systems usually store account of passwords used to log in to the memory of the users. This is to say starting with windows XP all through to Windows 10 use the above method. These passwords are encrypted and cannot be visible in plain text, but they can be searched and decrypted. When the computer hibernates, its windows writes all of its contents to drive C with the following abbreviations; C:\hiberfil.sys. This creates a memory image, and it contains all the encrypted windows passwords and accounts.
When the passwords are in image form and encrypted, we need to use special tools like winhex or boot system into the windows recovery console so that we can access the file. To access the file with winhex, this is the procedure:
Click on Tools to open the Disk and then select the physical disk that has the hibernation file.
Select the windows boot partition, then locate the ‘hiberfil.sys’ in the root folder.
Right-click to select recovery copy and then select the target folder that has the hibernation file.
Because of the hiberfil.sys contains both “hidden” and “system” attributes, we shall be required to change settings in the explorer by clicking on tools then select folders and click to display both system and hidden files.
After the above, we now launch the password kit and then select, analyse memory and decrypt the hard disk options
We then select the windows user option.
The winhex software officially now starts to scan the memory for any hibernation files, including account passwords for Windows users.
A dialogue will show the progress.
After it has finished scanning, it will now display the users and all the passwords used to log in.
This process will normally take between 10 to 20 minutes, depending on the system features of the computer you are using. This method does not depend either on the character set or the strength of the password.
Now extracting used passwords, you load the editor. Log in to some account say facebook. Enter both your user name and password then log in, then log out. Then click on the taskbar then taskbar manager. It will open the windows task manager. In windows task manager, find chrome setup.exe. Click on it and scroll through to create dump file then click on it. Then it will run and then it will ask where you want your files to be dumped. Select ‘Temp’ meaning temporary. Create a folder on the desktop and paste contents from the temporary file. (Dunn, 1982, n.p). Go back to winhex and open, and the contents will be displayed on the folder you created and on the editor itself. Scroll down to find some similarity in data. Remember to be very careful not to miss and take irrelevant information. There you will find the password.
Anderson, R.H.,& Hearn, A.C, (1996). An exploration of cyberspace security RD investment strategies for DARPA: ‘The day after… in cyberspace’. RAND.
Arce I., McGraw G (2004) Why attacking systems is a good idea. IEEE Security Privacy 2(4): 17-19
Artail H., Safa H., Sraj M., Kuwatly I., Al- Masri Z. (2006) A hybrid honeypot framework for improving intrusion detection systems in protecting organisational networks. Computers & Security 25: 274-288
Barford P., Dacier M., Dietterich T. G., Fredrikson M., Giffin j., jajodia S. et al (2010) Cyber SA: Situational awareness for cyber defense. Cyber Situational Awareness, Advances in Information security 46: 3-13
Bearavolu, R., Lakkaraju, K., Yurcik, W., & Raje, H. (2003). A visualisation tool for situational awareness of tactical and strategic security events on large and complex computer networks. In paper presented at the military communications conference (MILCOM) 2003, 13-6 )ctober.
Bowen, P., Hash, j., Wilson, M., Bartol, N., & jamaldinian, G. (2006). Information security handbook: A guide for managers. NIST special publication 800-100. Gaithersburg: NIST.
Browne P.S. (1972) Computer security: A survey. ACM SIGMIS Database 4(3): 1-12
Burnburg, M. K. (2003). A proposed framework for business information security based on the concept of defence-in-depth. Master’s Thesis, Springfield: University of Illinois at Springfield.
Bryne P. (2006) Application firewalls in a defence-in-depth design. Network security 9:9-11
Chakrabarti A., Manimaran G. (2002) Internet infrastructure security: A taxonomy. IEEE Network 16(6): 13-21
Cohen, F., & Koike, D. (2004). Misleading attackers with deception. In paper presented at the information assurance workshop, 2004. Proceedings from the fifth annual IEEE SMC, 10-11 June 2004.
Da Veiga A., Eloff J. H. P. (2010) A framework and assessment instrument for information security culture. Computers and Security 29(2): 196-207
Dourish, P., & Redmiles, D. (2002). An approach to usable security based on event monitoring and visualisation. In paper presented at the 2002 workshop on new security paradigms, Virginia Beach, September.
Dunn, T. S. (1982). Methodology for the optimisation of resources in the detection of computer fraud. The University of Arizona.
Evans S., Kyle D. H., Piorkowski J., Wallner J. (2004) Risk-based systems security engineering: Stopping attacks with intention. IEEE Security Privacy 2(6): 59-62
Fowler C., Nesbit R. (1995) Tactical deception in air-land warfare. Journal of Electronic Defense 18(6): 37-79
Hamill J. T., Deckro R. F., Kloeber J. M. Jr. (2005) Evaluating information assurance strategies. Decision Support Systems 39: 463-484
Hu Q., Xu Z., Dinev T., Ling H. (20011) Does deterrence work in reducing information security policy abuse by employees. Communications of the ACM 54(6): 54-60