Challenges for fixing vulnerabilities, writing homework help

Review the “Challenges for Fixing Vulnerabilities” activity.

Create a table comparing ten of the vulnerabilities, threats, and risks for the real world security incident discussed by the class, along with related vulnerabilities that may have contributed to the security incident.

Include the following as at least 3 of the comparisons used in the table.

  • How was the vulnerability detected?
  • What protocol was attacked?
  • How steps were taken to resolve the vulnerability?

Write a 175- to 350-word narrative explaining trends shown from the table.

This is the conversation from my learning team

> look forward to working with you on our discussions. I am not sure what kind of company we would like to research, but a couple come to mind. I remember when I used to play on the PlayStation Network a lot, they used to be plagued with DDoS attacks. I have not signed on in a while, so I do not know if they are still suffering from those, but it could possibly be interesting to look into. I would think they would also have other four vulnerabilities, threats, and risks.

The other company I was thinking of could be any of the companies that were hit with the recent ransomware attack. As far as a common threat/risk (I still have trouble differentiating between them), I think perhaps phishing would be a good threat/risk (sorry!) to write about and it seems like any company can suffer from those.

Once I go through some of the readings, I will try and come up with some more ideas. I look forward to brainstorming this with all of you!

> Alyssa, I think you are going down the right path.

So playstation, online gaming platform.

I would think these risks are pretty high:

PCI – Credit Card leakage/attacks/efiltration

User Personal Info – stealing of personal user account info

Account Hacks – Stealing of the account itself and then using/selling it like identity theft

Cracking of Online game codes – So you can play games for free

Cracking of the online games – Cheats/hacks for playing games

Denial of service attacks – attacks on their network so users can’t access

Brand Attacks – using social media to deface the Sony brand

Other thoughts?

> Sorry, I called it a night early yesterday due to a really bad headache. Drew, this is a great list to cover. I know DDoS attacks were quite common when I used to play. I haven’t signed on in about a year or so, so I don’t know if there has been one lately, but I will search. I think they also had a breach once where either employee or customer information was leaked.

Hello team I been researching on vulnerabilities for gaming and this is what I found so far. Injection, cross-site scripting (XSS), broken authentication and session management, insecure direct object references, cross site request forgery (CSRF), security misconfiguration, insecure cryptographic storage, weak designs, programming language structure. access control.

I needed to research for the table we need to do. I hope this helps you guys. You can find this information also on Lynda.com under

https://www.lynda.com/CISSP-tutorials/OWASP-top-10-vulnerabilities/516600/556421-4.html>

> Hello everyone and Alyssa. I do not know what company to start with either I am not employed so I really do not see it physically I can go by what I study in class. But I am going to start with a common vulnerability such as failure to cover cyber security basics. Data loss or theft, Compliance/ regulatory incidents, phishing/social engineering attacks, denial of service, physical threats such as hacktivisms/activisms, domain based threats/cyber attack infrastructure, and executive threats/impersonations.

Lack of cyber securtiy policies, not prioritizing cyber security policy and not getting employees to engage. Resolution to prioritize caber security police, employee awareness and training. As part of policy is to identify risk related to cyber security, establish security governance, develop policies, procedures and oversight process, protect company networks and information, identify and address risk associated with remote access to client information and transfers, define and handle risk associate with vendors and other third parties and be able to detect unauthorized activity.

Define compliance and security.

Human factors are weakest links some people abuse privileges creating data leakages using group policy managements on desktops would help. Monitoring and using firewalls and intrusion detections

> Alyssa, I think gaming platform is a great start to this assignment. Couple years ago a group claimed responsibility for bringing down networks on Christmas Eve, which could have affected nearly 160 million gamers. Since online gaming platforms are highly sensitive to latency and availability issues, they’re ideal DDoS attack targets. The following are a few to include to the list Drew provided in his post.

  • Privacy Problems
  • Personal information on the PC/console
  • Webcam – this can also be controlled by hackers since they are connected to the network
  • Phishing site that will ask for a players credentials

> Hello Rhonda I am not to familiar with gaming methods for attacks but I researched it because this sounded interesting. ISIS terrorist used play station 4 to discuss and plan attacks they used voice chatting. Documents leaked by Edward Snowden that NSA and CIA actually embedded themselves in the games to infiltrate terrorist meet ups.

https://www.forbes.com/sites/insertcoin/2015/11/14…

Here was another interesting article on how hackers group disrupted video game service in DDoS attack. Servers operated by Blizzard Entertainment went down distributed denial of service DDoS attack against video game company.

http://www.securityweek.com/hacker-group-disrupts-video-game-service-ddos-attack

Hacktivism use DoS attacks to express their criticism of government and politicians including big businesses and current events. Anonymous maybe one of the best known hacktivist groups.

Kiddie scripting maybe cyber vandals teenagers trying to get that adrenaline rush or to vent out anger or frustration against institution or school or person that they feel wronged them. They use DDoS attacks.

> Yes, it was the Lizard Squad that brought down the PlayStation Network during Christmas. I believe they also brought down the xBox community too in the past.

I am glad that you brought phishing up. That is one that I started to think about before I passed out yesterday. It is a threat that can pretty much affect anyone/any company, and without proper knowledge, can be extremely damaging.

> Drew and Rhonda came up with a good list of threats/risks/vulnerabilities that we can use. I think probably the biggest one that I have seen a lot are the DDoS attacks.

I did a search to see if they have experienced any recently and it looks like they did get hit with DDoS attacks last year.

https://www.polygon.com/2016/10/21/13361014/psn-xbox-live-down-ddos-attack-dyn

https://www.theverge.com/2017/8/18/16170536/mirai-ddos-playstation-network-dyn-internet-angry-gamers

Here is a list of both put together.

PCI – Credit Card leakage/attacks/efiltration

User Personal Info – stealing of personal user account info

Account Hacks – Stealing of the account itself and then using/selling it like identity theft

Cracking of Online game codes – So you can play games for free

Cracking of the online games – Cheats/hacks for playing games

Denial of service attacks – attacks on their network so users can’t access

Brand Attacks – using social media to deface the Sony brand

Privacy Problems
Personal information on the PC/console
Webcam – this can also be controlled by hackers since they are connected to the network
Phishing site that will ask for a players credentials

From first looks in a quick search, it unfortunately looks like companies like Sony and Microsoft were not able to fix their issues with preventing DDoS attacks. I will see if I can research more on if they were able to mitigate any of the other threats listed above.

I also want to point out one of the threats that Drew listed, which is cracking of online games. This is something that can cause a loss of data files for the victim player. From what I understand, you can save your game save onto a flash drive and modify the code of it. There was a game that I used to play where people would mod their game saves to give their character better equipment or set their stats to ridiculous highs. If this player interacted with another player’s character, it tended to cause the other players game file to become corrupt and lost. I had t his happen to me once, and I will say, I was beyond enraged. Players can mitigate this by backing up their saves on flash drives, as from what I understood, within this game, there wasn’t really a way to stop the players from modding their files.


Words: 377

“Get 15% discount on your first 3 orders with us”
Use the following coupon
FIRST15

Order Now