11 |
DNS-Tunnel och Försvarsmakten : Hur funkar det och vad innebär det? / DNS-Tunneling and the Swedish armed forces : Process and implications of its usageLindstedt, Rickard January 2023 (has links)
Det säkerhetspolitiska läget i norra europa har stadigt försämrats sedan den ryska occupationen av Krim år 2014. Som ett resultat av detta ökar cyberattacker mot Sverige och resterande EU både i omfattning och frekvens. En av de största hoten är de cyberattacker som genomförs av aktörer som APT 28 och APT29 som har främmande staters stöd. Syftet med cyberattacker varierar stort dock är en av dessa åtkomsten till data/information. För att kunna uppnå det här målet måste aktören ha förmåga till att exfltrera data ur ett system eller nätverk. Det fnns fertalet metoder för att åstadkomma detta där en av metoderna är att exfltrera data över ett alternativt protokoll så som DNS-tunnling. Försvarsmakten nyttjar en rad olika system i syfte att uppnå sina mål och har särskilt utbildade enheter för att försvara dessa. Då varje användare indirekt bidrar till systemet och nätverkets säkerhet/skydd behöver samtliga användare ha en förståelse för hur deras användande påverkar systemet/nätverket. Skapandet av en DNS-tunnel ger användaren möjlighet att skicka ett protokolls (I det här fallet IPv4) data genom ett annat genom en process som heter inkapsling av data. Detta gör det svårare för system att automatiskt detektera illasinnad exfltration och således svårare att blokera trafken. Försvarsmakten bör regelbundet öva underrättelsefunktionerna i nyttjandet av STRIX och TAXII för att hantera hot i cyberdomänen och sprida dessa till övriga organisation. Detta skulle således möjliggöra för Cyberförsvaret att orientera resterande Försvarsmakt mer regelbundet och på så sätt även kunna anpassa de automatiska detektionsmetoder över tid för att bättre kunna fånga upp illasinnad exfltrering av data. Försvarsmakten bör utveckla underrättelsefunktionen så att den kan agera som en tolk mellan Cyberförsvaret och resterande Försvarsmakt. / The security in northern Europe has steadily become worse since the Russian occupation of Crimea in 2014. As a result of this the frequency and magnitude of hostile cyberoperations targeting Sweden and the EU has increased. One of the biggest threats are the cyberoperations that are carried out by state sponsored actors such as APT28 and APT29. The Cyberattacks can have a wide range of objectives, one of them being the acquisition of data/information. In order to accomplish that objective an adversary would require a method to exfltrate the data from the system or network. There are however multiple different methods that can be used, one being exfltration through an alternate protocol such as DNS-tunneling. The Swedish armed forces use a variety of different systems in order to accomplish its missions/tasks. In order to be able to defend the systems from any malicious activity the Swedish armed forces have specially trained units tasked specifically with the defnece of the armed forces systems. This however is not enough as every user in a system is part of that systems defence. This means that every service member must have an understanding of what implications activities in the cyber domain have upon activities in the other domains. The creation of a DNS-tunnel enables a user to send data of one protocol (in this case IPv4 data) over the DNS protocol through the process of encapsulation. This makes it harder for automated processes to detect the malicious exfltration and subsequently block the traffic. The Swedish armed forces should regularly train its intelligence community in order to handle cyber threat intelligence according to STIX and TAXII. This should allow the cyber defnece to more readily share their intelligence with the rest of the armed forces and use the established intelligence community as a translator that can deduce the implications of the threats on the day to day activity of the Army, Navy, Air Force and Home guard.
|
12 |
SDP And VPN For Remote Access : A Comparative Study And Performance EvaluationSintaro, Abel Tariku, Komolafe, Yemi Emmanuel January 2021 (has links)
Remote access is a way of providing access to networks from outside the premises of the network. Virtual Private Network (VPN) is one solution used to provide remote access. Software-Defined Perimeter (SDP) is another solution that is capable of providing access to resources from a remote location. These two technologies use different security models yet provide comparable remote access functionalities. This thesis project investigates the basic components, architecture, and security services of SDP and IPSec VPN. Additionally, a performance evaluation is conducted on SDPand VPN on their connection setup time and network throughput. Our result shows that both SDP and VPN provide secure access, however, SDP has additional features that make it a more secure solution. This thesis project is written in the hopes that it can help enterprises with or without a VPN solution already in place to consider SDP as an alternative solution and learn SDP in comparison with VPN.
|
13 |
<strong>Countermeasures for Preventing Malicious Infiltration on the Information Technology Supply Chain</strong>Leah Michelle Roberts (15952769) 31 May 2023 (has links)
<p> </p>
<p>Supply chain security continues to be an overlooked field with consequences that can disrupt industrial complexes, cause irreparable harm to critical infrastructure services, and bring unparalleled devastation to human lives. These risks, once constrained to physical tactics, have advanced to undetectable cyber strategies as in the case of the infamous third-party attacks on Target and SolarWinds (Wright, 2021). Moreover, no one sector appears to be immune, as a study by the Government Accountability Office (GAO) found that federal agencies also lag in complying with their own standards as published by the National Institute of Standards and Technology (NIST) (Eyadema, 2021). Throughout this research study, malicious infiltrations propagated by nefarious actors were explored to identify countermeasures and best practices that can be deployed to protect organizations. Often, the lack of defense strategies is not from an absence of information, but from overly complex procedures and a lack of concise requirements. In a recent survey of Department of Defense (DoD) suppliers, 46% of respondents claimed that the supply chain requirements were too difficult to understand, thus reaffirming the importance of creating tools and techniques that are pragmatic and easily implementable (Boyd, 2020).</p>
<p><br></p>
<p>The research study presented offered notable safeguards through a literature review of prior studies, standards, and a document analysis of three prominent Information Technology (IT) companies who have made considerable advances in the field of IT supply chain. The results of the research led to the creation of the <em>Roberts Categorization Pyramid </em>which follows a zero-trust framework of “never trust, always verify” (Pavana & Prasad, 2022, p. 2). The pyramid is then further broken down into a formidable six-layer support structure consisting of governance, physical security, sourcing security, manufacturing, hardware security, and software security best practices. Finally, the importance of persistent vigilance throughout the life cycle of IT is highlighted through a continuous monitoring defense strategy layer that engulfs the entirety of the pyramid. Through this compilation of pragmatic countermeasures, supply chain practitioners can become more informed, leading to more mindful decisions and protective requirements in future solicitations and supplier flow-downs. </p>
|
14 |
A Comprehensive Analysis of the Environmental Impact on ROPUFs employed in Hardware Security, and Techniques for Trojan DetectionAlsulami, Faris Nafea January 2022 (has links)
No description available.
|
15 |
Quishing i Sikte:Försvarsstrategier och Verktyg : -En Studie om medarbetares Medvetenhet om QR-kod Phishing och En Undersökning av Anti-Phishing-VerktygIvarsson, Anton, Stefanescu, Adrian January 2024 (has links)
Denna studie undersöker det växande fenomenet quishing (QR-kod phishing) i ljuset av den ökande användningen av QR-koder under COVID-19-pandemin. QR-koder, som är en lösning för beröringsfri interaktion, har blivit allt vanligare och utnyttjas alltmer frekvent i skadliga phishing-attacker mot företag och deras anställda. Under 2023 observerades en dramatisk ökning på över 2 400 procent i en omfattande quishing-kampanj. Undersökningen granskar tidigare studier och forskning om quishing och framhäver behovet av att öka medvetenheten bland anställda och hur man kan implementera effektiva skyddsåtgärder. En central del av studien inkluderar en enkätundersökning och en Attack Simulation Training (AST) som genomförs i samarbete med en Managed Security Service Provider (MSSP). Målet med undersökningen är att belysa anställdas medvetenhet om quishing, deras reaktioner och vad som ligger till grund för de anställdas agerande. Vidare inkluderar studien ett experiment rörande hur effektivt MDO (Microsoft Defender for Office) och andra säkerhetslösningar upptäcker inbäddade QR-koder i olika bildformat och rörliga animationer i epost. Resultaten från enkätundersökningen och ASTn ger insikter som stärker förståelsen för företagens och de anställdas handlande i förhållande till en av många varianter av phishing.Utifrån detta kan rekommendationer för förbättringar, verktyg och policys för att motverka hotet utvecklas och anpassas till hur det verkliga förhållandet är i dagsläget. Studien strävar efter att bidra till en mer omfattande förståelse av quishing och främja framtidens säkerhetskultur inom företagsmiljöer. / This study explores the rising trend of quishing (QR code phishing) in the context of the increased use of QR codes during the COVID-19 pandemic. QR codes, which facilitate contactless interactions, have become more prevalent and are increasingly exploited in malicious phishing attacks targeting companies and their employees. In 2023, a significant surge of over 2,400 percent was observed in a major quishing campaign. The research reviews previous studies on quishing and underscores the necessity of raising employee awareness and implementing effective protective measures. A key component of the study involves a survey and an Attack Simulation Training (AST) conducted in partnership with a Managed Security Service Provider (MSSP). The objective is to assess employees' awareness of quishing, their responses, and the factors influencing their behavior. Additionally, the study includes an experiment to evaluate how effectively Microsoft Defender for Office (MDO) and other security solutions detect embedded QR codes in various image formats and animations in emails. The findings from the survey and AST provide valuable insights into how companies and employees respond to different types of phishing attacks. Based on these insights, recommendations for improvements, tools, and policies can be developed and tailored to the current threat landscape. The study aims to enhance the overall understanding of quishing and promote a stronger security culture within corporate environments.
|
16 |
Zero Trust Adoption : Qualitative research on factors affecting the adoption of Zero TrustHansen, Jennifer January 2022 (has links)
The following qualitative research explores the adoption of Zero Trust in organisations from an organisational and user acceptance perspective. From an organisational perspective, the research highlights essential aspects such as testing the Zero Trust architecture in a pre-adoption phase, involving top management in the planning phase, communicating in a non-technical language, and making end-users feel a personal connection to IS security. The research highlights the importance of balancing the ease of use with security, evaluating the end-user's technical maturity, and carrying out evaluations from a user acceptance perspective. To gather valuable empirical data, the researcher has conducted semi-structured interviews with highly competent respondents within the field of Zero Trust. Most of the literature available today within Zero Trust focuses on technical aspects, and this research is a unique and vital contribution to the limited available research.
|
Page generated in 0.0582 seconds