• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.703 ■ Spring 2022 ■ David Lanter
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Data Breach at Equifax
    • Participation
    • Team Project
  • Harvard Coursepack

In The News

February 2, 2022 by David Lanter 18 Comments

Filed Under: 05 - Secure Networks Tagged With:

Reader Interactions

Comments

  1. Corey Arana says

    February 4, 2022 at 7:48 pm

    Reasons why every business is a target of DDoS attacks
    In 2021 there was a 434% upsurge in DDoS attacks. Advanced DDoS attacks that are typically targeted know as smart attacks rose by 31%. The largest DDoS targets were in US banks and financial institutions over the last few years.
    Some common DDoS targets include educational institutions, telecommunication carriers, online gaming and gambling and healthcare.
    Some of the reasons why businesses are a potential target. Lazy approach to DDoS prevention and security. Growing attack surface, DDoS attacks are easy and economical to orchestrate and there is a potent tool for competitors and disgruntled employees.
    The importance of DDoS protection: Your website is always available, steer away from erosion of search engine rankings, keep your website protected against other kinds of attacks, eliminate possibilities of cyber vandalism and website defacements, and save time, money, and other resources.

    Log in to Reply
    • Corey Arana says

      February 6, 2022 at 3:46 pm

      https://thehackernews.com/2022/01/reasons-why-every-business-is-target-of.html

      Log in to Reply
  2. Matthew Bryan says

    February 5, 2022 at 1:41 pm

    Article: Cisco fixes critical bugs in SMB routers, exploits available
    Author: Bill Toulas
    Published: February 3, 2022
    Link:https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-bugs-in-smb-routers-exploits-available/

    Cisco has released patches for a number of vulnerabilities affecting their routers marketed towards small/mid-sized businesses. These vulnerabilities allow an attacker “to execute arbitrary code, elevate privileges, run commands, bypass authentication protections, retrieve and execute unsigned software, and cause a denial of service (DoS) condition.”

    Multiple vulnerabilities were deemed critical, and had a score of 9.0 or higher. These include CVE-2022-20699, CVE-2022-20700, CVE-2022-20701,CVE-2022-20703, and CVE-2022-20708. Of these vulnerabilities, I found CVE-2022-20700 and CVE-2022-20701 to be most interesting as these dealt with flaws in the router’s web based management console which had “insufficient authorization mechanisms.”

    In Cisco’s statement, they mention that many of these vulnerabilities need to be “chained together” in order to compromise the device. While some devices may not be affected by the more serious vulnerabilities, Cisco advises that an attacker can string together multiple lower level exploits to increase the impact of the attack.

    The Cisco “Product Security Incident Response Team”advises that the code to execute these attacks is in the wild and that devices should be patched as soon as possible. Proof of concepts for these attacks were demonstrated at recent Pwn2Own conferences with additional demonstrations planned for future events.

    Log in to Reply
  3. Shubham Patil says

    February 5, 2022 at 11:31 pm

    Either you’re zero trust or you’re network security. You don’t do both

    While the zero trust approach to security continues to gain traction with customers, the concept is increasingly being misapplied by “legacy” cybersecurity vendors, Zscaler CEO Jay Chaudhry

    Zero trust is the architecture that’s more badly needed in cybersecurity than anything else out there. I’ve been excited to see that it’s picking up. But I’m very disappointed to see that the term has become a buzzword. Legacy companies have hijacked the term. It has lost its meaning. The whole thing started with zero trust network access. The notion was, do not put users on the network–because if you do, they can move laterally and go anywhere. And that’s the biggest security risk today

    Link: https://venturebeat.com/2022/01/31/zscaler-ceo-network-security-firms-have-hijacked-zero-trust/

    Log in to Reply
  4. Mohammed Syed says

    February 6, 2022 at 8:24 pm

    https://www.forbes.com/sites/edwardsegal/2022/02/03/a-majority-of-surveyed-companies-were-hit-by-ransomware-attack-in-2021-and-paid-ransom-demands/?sh=2983b6adb8c6

    Ransomware attacks continue targeting lots of companies and make Ransom demands. According to NBC article, “An independent global surveys of 1,100 IT and cyber security professionals found that:
    • Ransomware attacks hit 80% of the organizations in 2021.
    • More than 60% of those who were hit by the attacks paid the ransom”.

    Ransomware attacks are a rising problem compared to last year and are just continuing to rise. Many of the cyberattacks were coming not only from outside the organizations, but they also seem to be found internally with a 17% increase from last year.

    Log in to Reply
  5. Oluwaseun Soyomokun says

    February 6, 2022 at 8:32 pm

    Azure DDoS Protection—2021 Q3 and Q4 DDoS attack trends and review
    In the second half of 2021, the world experienced an unprecedented level of Distributed Denial-of-Service (DDoS) activity in both complexity and frequency. The gaming industry was perhaps the hardest hit, with DDoS attacks disrupting gameplay of Blizzard games1, Titanfall2, Escape from Tarkov3, Dead by Daylight4, and Final Fantasy 145 among many others. Voice over IP (VoIP) service providers such as Bandwidth.com6, VoIP Unlimited7, and VoIP.ms8 suffered outages following ransom DDoS attacks. In India, we saw a 30-fold increase of DDoS attacks during the nation’s festive season in October9 with multiple broadband providers targeted, which shows that the holidays are indeed an attractive time for cybercriminals. As we highlighted in the 2021 Microsoft Digital Defense Report, the availability of DDoS for-hire services as well as the cheap costs—at only approximately $300 USD per month—make it extremely easy for anyone to conduct targeted DDoS attacks.

    At Microsoft, despite the evolving challenges in the cyber landscape, the Azure DDoS Protection team was able to successfully mitigate some of the largest DDoS attacks ever, both in Azure and in the course of history. In this review, we share trends and insights into DDoS attacks we observed and mitigated throughout the second half of 2021.
    https://azure.microsoft.com/en-us/blog/azure-ddos-protection-2021-q3-and-q4-ddos-attack-trends/

    Log in to Reply
  6. Elizabeth Gutierrez says

    February 7, 2022 at 8:45 pm

    Title: A DDoS Attack Wiped Out Andorra’s Internet
    Author: Brian Barrett
    Date: January 30, 2020
    Link: https://www.wired.com/story/andorra-ddos-minecraft-nso-group-security-news/

    A distributed denial of service (DDoS) attack targeted Andorra Telecom, the sole internet provider in Andorra resulting in a country-wide internet outage for hour-long stretches over four days. Experts believe the attack aimed to disrupt a Squid Game-themed Minecraft tournament, hosted by Twitch, with a prize fund of USD $100,000. Internet monitor NetBlocks found that the attack brought the nation’s connectivity down to around 37.5 percent. As a result, over a dozen players had to drop out due to the disruptions.

    Log in to Reply
  7. Amelia Safirstein says

    February 8, 2022 at 2:54 am

    Researchers found that a common EAP misconfiguration has left numerous Eduroam users vulnerable to evil twin attacks. The last stage of EAP, “inner authentication” can be done in plaintext through Plain Authentication Protocol (PAP) or hashed through Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2). A research organization found that many universities were using the PAP protocol. Since Eduroam connectivity is available at thousands of Universities across the world and many end-users have auto-connect enabled with stored credentials, those users could have their credentials stolen without even realizing they connected to the network.

    https://threatpost.com/misconfiguration-university-wifi-login-credentials/175157/

    Log in to Reply
  8. Hang Nu Song Nguyen says

    February 8, 2022 at 8:33 am

    https://www.nextplatform.com/2022/01/21/why-global-ddos-protection-is-essential-for-anycast-networks/
    Why Global DDoS Protection is essential for anycast networks
    This article introduced me a new term: Anycast network – “a collection of servers share the same IP address and send data from a source computer to the server that is topographically the closest.”
    The article started with a Facebook incident about its disappearance in 10/2021. The article talked about the benefits to use anycast networks, the IT budgets of small-medium entities, and the way anycast networks copes with BGP. However, DDoS is out there. With the big DDoS attacks (terabit DDoS), anycast networks will still have impacts of being overloaded even an entity has 100 servers.

    Log in to Reply
  9. Jason Burwell says

    February 8, 2022 at 9:01 am

    “VoIP.ms phone services disrupted by DDoS extortion attack”

    Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that’s severely disrupting the company’s operation.

    VoIP.ms is an Internet phone service company that provides affordable voice-over-IP service to businesses around the world.

    https://www.bleepingcomputer.com/news/security/voipms-phone-services-disrupted-by-ddos-extortion-attack/

    Log in to Reply
  10. Ryan Trapp says

    February 8, 2022 at 10:44 am

    Microsoft to block downloaded VBA macros in Office – you may be able to run ’em anyway

    In an upcoming update to Microsoft office, untrusted visual basics for applications macros will be blocked by default. This change is a welcome one in the security community as many viruses are installed via documents with malicious VBA macros installed. Users will have the ability to override this setting when they open up the document. However, IT admins will have the ability to create a group policy to prevent users from overriding the warning. Implementing these policies should affect positive change for a company as one important attack vector is mitigated from exploitation. One important note, however is that the mechanism will not work if the drive is using a FAT32 filesystem. As most Windows systems use NTFS this should not be that common of a problem but it is still noteworthy.

    https://www.theregister.com/2022/02/08/microsoft_office_default_macro_block/

    Log in to Reply
  11. Bryan Garrahan says

    February 8, 2022 at 7:54 pm

    https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/#more-58018

    Security investigator Brian Krebs wrote an article on his blog “Krebs on Security” attempting to unmask the person behind the Wazawaka hacker handle. Wazawaka is well known across many Russian hacker forums, including Exploit, as having a diverse skillset specializing in botnet operations, keylogger malware, spam botnets, and several other hacker techniques. On his distributed denial of service (DDoS) operations, Krebs writes, “Wazawaka spent his early days on Exploit and other forums selling distributed denial-of-service (DDoS) attacks that could knock websites offline for about USD $80 a day”.

    Krebs was able to access a number of frequently utilized usernames and passwords used by Wazawaka across several Russian hacker forums. In addition, Krebs was able to identify three domains which were tied to one of the frequently used usernames of Wazawaka and determined each belonged to a Mikhail P. Matveyev in the Russian republic of Khakassia. At first it would seem as though Matveyev was sloppy in their attempts to hide their identity. However, it seems they may not be too concerned about hiding their identity since they do not attack any Russian entities. Wazawaka stated on a hacker forum, “Mother Russia will help you…Love your country, and you will always get away with everything”

    Log in to Reply
  12. Yangyuan Lin says

    February 8, 2022 at 10:52 pm

    How Attack Surface Management Preempts Cyberattacks

    With the widespread use of cloud facilities and remote working, the cyber attack surface that organizations are exposed to has massively expanded, and the number of blind spots in connected architectures is increasing. The main issues are unmonitored blind spots used by cyber-attackers to breach organizations’ infrastructure and escalate their attack or move laterally, seeking valuable information. And many organizations are growing faster than they can track all relevant activity, which means Organizations have no way to monitor every single thing, and any unmonitored place may lead to a patient intrusion.

    Attack Surface Management (ASM) is a technique that mines Internet datasets and credential databases or simulates attackers running reconnaissance techniques. Its goal is to ensure that no exposed assets are left unmonitored and to eliminate any entry that could evolve into an attacker’s exploit blind spot. ASM scans your domains, subdomains, IPs, ports, shadow IT, and more for Internet-facing assets, then analyzes them to detect vulnerabilities and security breaches. Advanced ASM also provides mitigation recommendations for each undiscovered security vulnerability, warning personal emails for phishing attacks.

    Link: https://thehackernews.com/2022/02/how-attack-surface-management-preempts.html

    Log in to Reply
  13. Michael Duffy says

    February 8, 2022 at 11:51 pm

    I found this article and thought it was interesting. Especially because Cybersecurity will proceed to go through the same advances as the rest of the industry did with Artificial Intelligence. What is noted though is that artificial intelligence can handle threats much faster than humanly possible – monitoring networks and devices while also efficiently generating results much faster than humanly possible. More companies are now using AI then previously due to the stress on data analysts that spend an extraordinary amount of time with large data arrays. AI is also going to be a key element in cybersecurity as automated machine attacks have drastically increased over the years; and this wont be possible to monitor at the human level.

    However, I expect that as AI evolves – it will also evolve to be used as a weapon opposed to security as well. Which is likely going to be my next article if I find an interesting one.

    https://geekflare.com/ai-affects-cybersecurity/

    Log in to Reply
  14. Michael Galdo says

    February 8, 2022 at 11:52 pm

    China Suspected of News Corp Cyberespionage Attack

    The hackers who were responsible for an attack on News Corp last month were searching for intelligence to serve China’s interests in a cyberespionage incident that shows the vulnerabilities of corporate networks to email-based attacks. The incident involved an attack on journalists’ email accounts that gave the intruders access to sensitive data. The breach has raised concerns over the safety of confidential sources working with journalists affected by the incident. News Corp stated that a “foreign government” was responsible for the “persistent nation-state attack” and that some data was stolen. The media giant enlisted the help of cybersecurity firm Mandiant to investigate the incident, which the firm said is likely the work of a China-sponsored actor.

    https://threatpost.com/china-suspected-news-corp-cyberespionage/178277/

    Log in to Reply
  15. Joshua Moses says

    February 8, 2022 at 11:55 pm

    This week I found a very interesting article about QR code privacy and security concerns. The popularity of QR codes are growing and they are now being seen in variety of new places, such as; advertisements, tracking shipping labels, and more recently menus at restaurants and hotels. Cybercriminals have capitalized on it as an opportunity to install “malicious links over legitimate QR codes like on menus. Hackers simply make their own QR code and delicately place it on top of legitimate codes, with most users unable to spot any malfeasance.” (Ford Hatchett) According to the article, QR codes are very easy to make (especially with the assistance of a Google search).

    These QR codes will redirect you to a website, and if it isn’t legitimate there may be some giveaways in the url. Although it will be similar to a legitimate website you may discover some grammatical errors like typos or a misplaced letter. If that is the case, there should be no doubt that the user was redirected to a malicious site. Moreover, this can have some severe consequences. For example, the malicious site the user was redirected to might be capable of “tracking and stealing your data in the background for weeks to come”. Besides that these malicious links could also potentially “install malware in our devices, add contacts to our contact lists, or even send out emails.”

    At the bottom of the article, there’s a list of things users could do to prevent the above from happening. One of the most notable things that should be heeded on this list is to “avoid scanning the QR code altogether and type in the web address yourself.”

    https://www.wxii12.com/article/fbi-and-cybersecurity-experts-warn-about-qr-code-privacy-and-security-concerns/39003110

    Log in to Reply
  16. Alexander William Knoll says

    February 9, 2022 at 4:35 pm

    “Microsoft Considers Pursuing a Deal for Cybersecurity Firm Mandiant”
    by William Turton, Liana Baker, and Dina Bass
    Updated on February 8th

    According to this article, Microsoft is in recurring talks to acquire the cybersecurity research & incident response company Mandiant Inc. The Reason Microsoft is eyeing this company is because it would allow them to further beef up their products to better protect customers from attacks. Talks are private currently, and neither company was willing to comment, but it is uncertain if an offer will get done. The talks have resulted in Mandiant’s shares going up 18%. Microsoft bought two smaller cybersecurity companies in 2021, amassing $15 billion in security software sales, up 45% from 2020. Microsoft has also hired former Amazon.com executive Charlie Bell to oversee security efforts, with 3,500 employees designated to customer protection. “In the future, the cloud with the most security features would win”, so this would be a smart move for Microsoft, and also allow them to compete with security companies and push cloud rivals into similar acquisitions. Mandiant because a standalone company last year when sold off by FireEye Inc, a company that’s focused on security for networks, emails, & cloud systems. Mandiant’s work is more incident response-based & cyber-intelligence cases. The deal would give Microsoft deeper insight into consequential hacks, and combined with Mandiant would result in unparalleled cybersecurity knowledge for the organization.

    Log in to Reply
    • Alexander William Knoll says

      February 9, 2022 at 5:06 pm

      Link*
      https://www.bloomberg.com/news/articles/2022-02-08/microsoft-is-said-to-pursue-deal-for-cybersecurity-firm-mandiant

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (2)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (6)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (6)
  • 11 – Data Protection (4)
  • 12 – Incident and Disaster Response (5)
  • 13 – Review (1)
  • 13 – Team Project Presentations and Review for Final (1)
Fox School of Business

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in