Browser Attacks and Protection
The growth and development of technologies have caused an increasednumber of threats that emanate from the weakness of the systems.Multinational corporations have also taken up the opportunity andembraced the technologies such as the internet and social media.However, there have been increased cases of hacking as evidenced bythe establishment of the cybercrime unit whose objective is toprotect citizens and companies from the attacks. The increased onlinetransactions have prompted hackers to attack the systems both forfinancial gain and fame. Browser attacks are a common phenomenonbecause individuals access the web pages through the browser as aplatform (Computer Emergency Readiness Team (CERT), 2016). It iscrucial to understand the dynamics of browser operations andweaknesses as a means to comprehend the attacks and essence ofprotection.
According to Barua, Zulkernine & Weldemariam (2013), a browser isa software application that authorizes the users to observe andinterrelate with particular content that is present on a given webpage. Various things are available on a web page such as video,games, graphics and text. It should be noted that a browser is one ofthe popular and conventional means through which users use to accessthe internet. There are different kinds of browsers as depicted bytheir respective companies or developers. Mozilla Firefox, InternetExplorer, Opera and Safari are some of the prevalent browsers(Bugliesi, Calzavara, Focardi& Khan, 2015). Plug-ins or add-onsplay a significant role in ensuring an effective and efficientfunctioning of the browsers (Barua et al., 2013). They have thecapacity to extend the functionality of the browsers. In some cases,web pages will require specific plug-ins or add-ons for the user toview content. Some of the most common plug-ins include flash player,acrobat reader, Java, QuickTime player and shockwave player.
From the functionality of the browser, it is easy to identify andanalyze the entry points into networks. The common form of attacksarises from malicious software that has a high likelihood ofinfecting the system. The software can either render the systemunusable to the legitimate users or steal passwords. The presence oftraditional security products or services that possess browserdefense constraints makes it a challenge to prevent browser attacks(Barua et al., 2013). For example, companies who use the networksmanage and safeguard their information through the corporate securitytools. However, with the large workforce, it is typically hard toprevent them from visiting malicious sites from their browsers.Making matters worse, most of the browser developers depend onthird-party data as a source of revenue. Other parties control theadvertisements on the web pages. In most cases, the ads are a form ofmalware. The company runs the risk of browser attacks due to themalicious websites. A browser attack is a complicated process thatcannot be recognized at times until the damage has been inflicted(CERT, 2016).
Patching is one of the browser issues because of the frequent codeupdates that need to be addressed (Bugliesi et al., 2015). Theprocess is one in a cycle such that when a flaw is detected, there istesting and validation. Patching provides potential attack because ofthe exposure between the cycles. Attackers may exploit theopportunity and use the program to their benefit. For example, Adobereleased critical patches to address the 29 weaknesses in the Flashplug-in (Kovacs, 2016). The window between the patching cycles arisesfrom testing. It is important to test because it ensures that thepatches do not affect the functionality of the browser. The patchesare effective in addressing the known issues affecting the browsers(Bugliesi et al., 2015). On the contrary, it should be acknowledgedthat there are browser issues that do not have solutions. The humanwho is the end user is the biggest problem that poses a threat to theorganization because it cannot be fixed with the presence oftechnology. Most browser attacks are attributed to users. Attackersknow that there is less resistance among the end users as evidencedby their ease of opening emails without checking whether they havemalicious attachments and links (Barua et al., 2013). Althoughcompanies have invested in user awareness training, the employees arestill the best chance for the attackers. The browser attacks are notlimited to desktops and laptops. With the increase in popularity ofsmartphones such as iPhones and Android phones, they have becometargets of the attacks due to their ability to internet access andpresence of built-in browsers technology.
Network Intrusion Prevention,Detection and Event Analytics
According to Stanciu (2013), network intrusion is an unauthorizedaccess to a computer system. It is vital to understand the variousmechanisms of invasion when developing a prevention and detectionsystem. Network intrusion sets back the company’s operations. Theunwanted activity or unauthorized entry may absorb the resourcespresent in the network that were intended for other essential usages(Liao, Lin, Lin & Tung, 2013). Additionally, it threatens thesecurity of the network and the available data and information.Companies should ensure that the prevention and detectioncapabilities have the capacity to address the intruders` techniques.
Network intrusion prevention system (NIPS) is where there is theemployment of a security technology that can examine and analyze thevulnerabilities in the packets, security violations, and address thethreats via a defined course of action such as dropping the entireconnections or packets (Stanciu, 2013). Some NIPS can scan the packettraffic at the application, internet and transport layers. Most ofthese network architectures are placed behind the firewall such thatthey have the power to permit and deny traffic based on suspicioustraits or violations of signatures. It should be noted that NIPS doesnot have to be positioned involuntarily in a blocking mode. Arora(2013) asserts that an effective NIPS is measured through a passivemethod rather than active method. The use of this kind of techniquewill show whether NIPS can gather insight on malicious packets andascertain if it can distinguish the attack. The placement of the NIPSbehind the firewall ensures that the attacks that were able tosurpass the firewall are prevented from causing further harm to thenetwork activities (Stanciu, 2013).
Various issues should be considered before the installation of NIPS.The concerns include bandwidth and blocking of valid traffic. NIPS isresource intensive in nature. The presence of high performing loadswill halt the functioning of the system. It should be noted that NIPShas been structured such that it can identify and block maliciousactivities based on the signatures of known violations (Arora, 2013).In this case, there will be unnecessary disruptions and false alarms.Real attacks can be ignored under the pretext that they are falsealarms. The current tools do not have the capacity to address theissues because they are within encrypted traffic. The tools fail toinspect encrypted traffic, especially those protected by Secure Shell(SSH) sessions, Virtual Private Network (VPN) traffic and HypertextTransfer Protocol (HTTP) connections (Stanciu, 2013).
There has been increased use of Secure Sockets Layer (SSL)encryptions among the attackers to avoid security. Approximately, SSLaccounts for 40 percent of all internet traffic (Arora, 2013). TheNIPS issues can be prevented by adequate investment in educating andtraining network engineers. They will be responsible for ensuringthat there are minimal or no attack signatures. Moreover, theengineers should assess the environment when creating protocol rules.Load balancers and strategic positioning of the sensors on thenetwork will be crucial in addressing bandwidth problems.
According to Arora (2013), network intrusion detection system (NIDS)can inspect and identify malicious activities and send alert to othersystems if the threat matches the attack profile or signature. Itmeans that NIDS uses pre-established rules and regulations indetermining the alerts on any suspicious activity on the networktraffic (Stanciu, 2013). NIDS employs Internet Protocol (IP) addressin examining and evaluating an attack. The major NIDS’ issuescomprise of signature updates and visibility (Liao et al., 2013). Logsources are a challenge to various organizations. There is a need tounderstand distinct behavior in the environment because the falsealerts may warrant redundant investigations. With the increase in thefalse positive alerts and probes, the team will be exhausted andconsumed (Stanciu, 2013). At times they may find themselvesneglecting the alerts and considering them normal. In this case,there will be a legitimate attack on the unmonitored segments of thenetwork.
The primary NIDS problem that does not have a solution is thecapability to identify advanced persistent threats (APTs) that arepresent in the environment. APT can be defined as stealthy attacksthat are performed by individuals who have advanced skills andknowledge of networks (Big Data Working Group (BDWG), 2013). Similarto NIPS, the current tools do not have the capacity to inspectencrypted traffic (Liao et al., 2013). The inability makes it easierfor APTs to enter the network while avoiding detection. Crucialsecurity controls such as authorizing inventory of hardware andsoftware should be adopted when addressing visibility and signatureupdates issues (Stanciu, 2013). The development of valuable NIDSsignatures and attack profiles will depend on the understanding ofapplications, ports, and devices present on the network.
Event analytics is defined as the examination of the problem originby consolidating data and information from various log sources suchthat it depicts an organized story. The sources comprise of logs froma database, firewall, anti-virus, NIDS/NIPS and content filteringsoftware (BDWG, 2013). The analytics software can collect and analyzethem such that it portrays the timelines of various features such astrends and events that could positively influence the securityactivities. Although event analytics has improved the responsepotentials, it still has issues just like the other systems. Themajor problem facing event analytics is the huge amount of data.According to the BDWG (2013), large corporations generate close toone trillion events on a typical day. With a large amount of data, itis impossible to ascertain regular activities from actionableintelligence. It should be noted that event analytics software isstill in the development stages. The analytic technology will take aconsiderable time to mature and find appropriate ways to deal withthe dissimilar data (BDWG, 2013). The only possible and availablesolution to the problem is the need to focus on gathering logs anduser actions from the critical resources. Data classification andasset management will be achieved by observing the logs and useractivities (BDWG, 2013).
From the discussed information on browser attacks and protection,network intrusion prevention, detection, and event analytics, it isclear that the security personnel and stakeholders have a long way inachieving safety on the platform. A browser attack is contributed byvulnerable coding and third party applications. NIPS and NIDS involvethe inspection of the traffic for any malicious activity andresponding based on the set rules. Event analytics include thecorrelation of the data and information that originates fromdifferent sources with an objective of explaining an occurrence.There is a relationship between NIDS and NIPS based on the recurringproblems and issues. The functionality of the NIPS and NIDS can bedegraded without proper signatures as they are unable to inspect anyform of encrypted data and lack the capacity to detect APTs. Networkresource constraints is a huge challenge to many organizations. It isan issue when installing security applications or software such asevent analytics, NIPS, and NIDS. The issues faced by the software inall the categories can be addressed through secure configurations,patching and asset management. From the review, it is apparent thattechnologies face a significant challenge or weakness. For example,the use of SSL by the hackers implies that there will be a hugecontinuous gap in the internet security. The advances in thetechnologies indicate that companies need to invest in the safety oftheir networks if they wish to survive in the current conditions. Thepresence of APTs who are capable of infiltrating the environmentwithout detection are evidence that more needs to be done. Theinvestment through proper training will have a positive influence onthe organization as the personnel would be knowledgeable in the ruledevelopment. They will also have the ability to detect and manage newand emerging threats from any attackers.
Arora, H. (2013, March 19). Introduction to intrusion preventionsystems. IBM DeveloperWorks. Retrieved from:https://www.ibm.com/developerworks/library/se-intrusion/
Big Data Working Group (2013). Big data analytics for securityintelligence. Cloud Security Alliance. Retrieved from:https://downloads.cloudsecurityalliance.org/initiatives/bdwg/Big_Data_Analytics_for_Security_Intelligence.pdf
Bugliesi, M., Calzavara, S.,Focardi, R., & Khan, W. (2015). Cookiext: Patching the browseragainst session hijacking attacks. Journalof Computer Security, 23(4),509-537.
Computer Emergency Readiness Team (CERT) Publication. (2016).Securingyour web browser. Department of Homeland Security. Retrievedfrom:https://www.uscert.gov/publications/securing-your-web-browser#how_to_secure
Kovacs, E. (2016, September 13).Microsoft patches browservulnerability exploited in attacks. SecurityWeek. Retrieved from:http://www.securityweek.com/microsoft-patchesbrowser-vulnerability-exploited-attacks
Liao, H. J., Lin, C. H. R., Lin, Y.C., & Tung, K. Y. (2013). Intrusion detection system: Acomprehensive review. Journalof Network and Computer Applications, 36(1),16-24.
Stanciu, N. (2013). Technologies,Methodologies and Challenges in Network Intrusion Detection andPrevention Systems. InformaticaEconomica, 17(1),144.