100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CSEC 610 Final Exam £13.41   Add to cart

Exam (elaborations)

CSEC 610 Final Exam

 5 views  0 purchase
  • Module
  • CSEC 610
  • Institution
  • CSEC 610

1. The interesting article referenced below covers topics such as backdoors, corporate espionage, government fronts, and government spying. Sanger, D. and N. Perlroth. (2014, March 22). N.S.A. Breached Chinese Servers Seen as Security Threat. The NY Times. Retrieved from Conference.) a. Wh...

[Show more]

Preview 2 out of 13  pages

  • August 4, 2024
  • 13
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CSEC 610
  • CSEC 610
avatar-seller
Randy Rose Prof. Alkadi, Section 9024


Randy Rose
CSEC 610 Final Exam
1. The interesting article referenced below covers topics such as backdoors, corporate espionage,
government fronts, and government spying.
Sanger, D. and N. Perlroth. (2014, March 22). N.S.A. Breached Chinese Servers Seen as Security Threat.
The NY Times. Retrieved from http://nyti.ms/1rcQZRO (The article is also attached in this week’s
Conference.)
a. What would you engineer into your equipment if you were a manufacturer of telecommunications,
computing and/or Internet/intranet systems equipment and you wanted to be able to conduct corporate
espionage and/or help your country or its proxies spy on other countries?
If I were an engineer for an organization such as Huawei and I was interested in corporate or
government espionage, I would include at least three logical data collection, access, and sabotage
techniques. The first thing I would consider installing is keylogging malware, which collect
keystrokes in an effort to capture sensitive data including user and administrator credentials
(Wilhelm & Andress, 2011, p. 210). Having both physical and logical access to the devices would
allow me to install software versions of the keylogger and configure them to send logs back to a
centralized command and control server. The logs could collect a variety of information including
IP and MAC addresses, usernames and passwords, and whole device configurations. A software
keylogger is essentially a piece of malware and is installed and configured in much the same way as
malware (pp. 210-212). The data will have to be encrypted by the device to avoid being detected by
intrusion detection software or deep packet inspecting firewalls, so I will have to build in an
encryption tool. After encryption, it would be best to use a common protocol, such as HTTP or
HTTPS to transfer the data off the network to my command and control server. Using common
protocols will make it more likely that the right ports will already be open on the firewall and will
also make the traffic look less suspicious.
The second thing I would consider installing on my devices is a backdoor. Backdoors allow
attackers “a method of bypassing the normal authentication process” to “carry out our activities
unimpeded” (p.269). To guarantee access, I might actually install multiple backdoors or a single
backdoor that can use multiple ports. It may also be wise to program the backdoor to call home to a
command and control server on occasion just to populate a log entry on my end. This way, I would
know what devices are still active and that I have access to.
The third thing I would install is a rootkit that would be configured to recognize when changes
were made to the system that could negatively impact my access and to create an alternate route.
For example, if my backdoor uses one of three random ports and one or two of those ports is taken
up by another service for some reason, the rootkit will find that conflict and either correct it by
opening a new port for the existing service or a new port for my backdoor. It would also be
programmed to hide any activity that I generate by coming through the backdoor by deleting log
entries, masking PIDs, moving files, etc.
b. Discuss the specific things you as a purchaser of telecommunications, computing and/or
Internet/intranet systems equipment should do to ensure that the equipment meets the security required for
your work and industry during the acquisition phase.

, Randy Rose Prof. Alkadi, Section 9024


Ensuring that equipment meets standards is a difficult task. Most organizations, especially
government organizations, buy commercial-off-the-shelf (COTS) or government-off-the-shelf
(GOTS) products that either cannot be or do not require being tested. If I was buying American or
Canadian equipment, I would buy COTS or GOTS and not bother inspecting it. This might not be
the most secure solution, but at the same time, operating a business is about managing risk, and I
would accept the risk that there was embedded malware in American or Canadian equipment
because I believe it to be low risk and low likelihood. However, if I did not trust the manufacturer
or the country of the manufacturer, I would buy the equipment, install it in a test network that did
not mimic my own and did not contain sensitive information, let it run for a while and watch what
it does, review the logs, and then reverse engineer it as best as I could. One of the reverse
engineering tests I would perform is to fuzz it. Fuzzing involves sending “random, malformed data
as inputs” to the system or software being tested in an attempt to crash it (Conrad, Misener, &
Feldman, 2012, p. 194). Causing systems or software to deliberately crash can reveal system
information that might not normally be seen. For example, a crash may show memory events that
are hidden by the system or by a piece of malware. Speaking of memory, conducting memory
forensics can also nefarious system calls and other significant information, such as timestamps, that
could reveal the ulterior motives of the device.
c. What security hardening procedures would you implement to prevent these intrusions on a daily basis?
Defense-in-depth and situational awareness are essential for all systems, especially those that store
or transport sensitive information. As such, I would have packet-inspecting firewalls with
restrictive access control lists and secure configurations that match those recommended by NIST
and the Center for Internet Security. I would deploy intrusion detection and prevention systems,
such as the Host-Based Security System (HBSS) and network sniffers, such as Snort or OSSEC. I
would keep all high target systems in a DMZ and have an alternate or secondary DMZ to act as a
honeynet. I would have two separate DNS zones, one external and one internal and I would deploy
DNS Security Extensions. I would ensure that all of my systems were taking adequate logs with
time stamps and detailed information. I would have strong, explicit policies and procedures for user
access, disaster recovery, incident response, and continuity of operations. In addition, all essential
staff would be trained in the policies and procedures and know exactly what roles and
responsibilities they were assigned should they be required to assist. All system and third party
patches will be installed following a strict patch management testing and deployment schedule.
Antivirus and IDS/IPS heuristics will be updated daily or more frequently. All privileged users will
have separate accounts and will only use their privileged accounts for administrator functions.
Privileged system accounts will have different credentials than privileged software configuration
accounts, such as Cisco Privileged Exec Mode passwords. Lastly, all user accounts will be
configured following the principle of least privilege and will be closely monitored and audited
regularly to ensure that users only have the access they require to perform their jobs.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller StudyCenter1. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for £13.41. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77858 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now

Start selling
£13.41
  • (0)
  Add to cart