1

Computer Security Assignment 1

Student Name

Institution Name

Fundamentals of Computer Security

ITSY 201

Instructor Name

December 25, 2022

 2

Computer Security Assignment 1

Task 1

The UTAS-Shinas University of Technology and Applied Sciences Shinas has decided to

Create a Security Policy for the Local Area Network of the University of Technology

and Applied Sciences -Shinas in terms of

a) a Policy for the Physical Security of computers

This policy aims to ensure that the university's sensitive data and information are safe from

unauthorized access and misuse. This policy will provide a secure environment for storing,

retrieving, and transmitting data and information (Ministry of Justice, 2022). Additionally, all

users must adhere to this policy to maintain the integrity, availability, and confidentiality of the

university network. This policy will encompass the physical security of computers, servers,

routers, switches, and other network devices. Additionally, the university's security policy will

also address the protection of its intellectual property and sensitive data stored on the network.

The procedure requires that all system users adhere to a set of guidelines for physical security,

such as limiting access to the system, encrypting any stored data, and ensuring data backups are

done regularly. The policy will also cover other areas such as passwords, monitoring and

logging of activities, and security measures for remote users. This policy is necessary to protect

the integrity of our systems and ensure compliance with local laws and regulations.

b) a Policy for the Logical Security of computers

In addition to the physical security policy, the University of Technology and Applied Sciences

– Shinas has also decided to create a policy for the logical security of computers connected to

the LAN. This policy will provide guidelines and procedures that should support the security

objectives of UTAS-Shinas and protect computers from malicious software and unauthorized

access. The policy will cover things such as password strength and length, user activity

monitoring, and sensitive data encryption (NCES, 2019). It will also outline proper procedures
 3

for responding to suspicious activity on the network. The policy will also set out guidelines for

ensuring that computer systems are patched and updated regularly and that antivirus and

malware protection is kept up to date. The policy will also state the acceptable use of UTAS-

Shinas' Local Area Network and outline any additional security measures that may be

necessary.

c) Policy for the User Logins

In terms of a policy for user logins, a two-factor authentication process must be used. All users

must have a unique username and strong password. Furthermore, any accounts inactive for an

extended period must be disabled. Finally, any user accounts that have been compromised must

be immediately disabled to prevent any further damage to the network or data stored on the

computers. The passwords should be changed regularly and must meet the company's standards

for length and complexity. Access to sensitive data must be restricted to authorized personnel

only, and all attempts to access the system must be logged. Furthermore, the policy should

include provisions for monitoring user activity to ensure that it complies with the procedure.

c) Policy for the Wireless Access

The policy outlines the security measures to be implemented to provide a secure and reliable

network environment. This policy is designed to ensure that the network resources are

protected from malicious attacks and unauthorized access. It also ensures that users and

systems on the network are protected from any potential threats and risks. Additionally, this

policy outlines the provisions for firewalls, antivirus applications, and intrusion detection

procedures that will ensure users will have a secure environment for using the network

(Policies and Guidelines, 2018). Additionally, it establishes procedures for the authentication of

users and the management of network devices. Furthermore, this policy describes the best

practices and guidelines which must be followed to ensure that the network is free from

malicious threats.
 4

Task 3

Choose and Analyze any latest online attack which has taken place Either in Oman or

anywhere else and conclude the following information from the attack. (Register the

Attack with your lecturer)

a) Identify the Date and Time of the Attack

During April and May of 2020, major cyberattacks took place, compromising the data of

government organizations and businesses worldwide. The attack occurred on April 14, 2020, at

4:00 am UTC. Analysis of the Attack has revealed that it was initiated by a malicious program

called EKANS. The ransomware is believed to have been created by an advanced persistent

threat (APT) group known as Dark Overlord.

b) Identify the Duration of the Attack

After the initial attack, cyber analysts found the malicious EKANS virus had spread to over a

hundred countries worldwide within 72 hours and had caused extensive damage to thousands of

networks, including government and corporate networks. The extent of the attack was so large

that it took weeks for organizations to respond to the threat and fully recover from it. The full

duration of the attack was estimated to be at least two months, lasting until the end of May

2020. This attack serves as a reminder of the importance of maintaining secure networks and

taking precautions against cyber threats.

c) Identify the Vulnerability exploited to launch the attack

The attack exploited a vulnerability in the Windows Remote Desktop Protocol (RDP). RDP is a

protocol to remotely access computers, making them an ideal target for attackers. During the

attack, hackers exploited this vulnerability to gain access to data and install the EKANS

ransomware. The attack quickly spread across the world, disrupting businesses and government

organizations.
 5

d) Check the Approximate Financial loss that has happened to the Organization /

Individual

The financial loss these organizations and individuals endured following the attack is estimated

to exceed $60 million. Furthermore, numerous personal details and sensitive data were also

compromised and leaked online, causing further financial damage to those affected by the

attack. The EKANS ransomware is also believed to have been responsible for encrypting

victims' hard drives, making it difficult or impossible to access their data without payment. As

a result, the attack has caused millions in losses and continues to be a major concern for

companies, governments, and individuals worldwide.

e) Identify the Reputation loss

The April 2020 attack caused significant reputational damage to the affected organizations and

businesses. It also resulted in a strong backlash from the security community, with many

feeling that the companies involved should have been better prepared for such an attack. As a

result of the cyberattack, many companies have implemented security measures to ensure that

they are better prepared for future episodes. Additionally, industry experts have warned of the

potential for future attacks from the same threat actor or other APIs.

f) Analyze the time taken to recover from the attack and get to normal

The cyberattack, which has been dubbed EKANS, took organizations and businesses time to

recover from (GoldSparrow, n.d.). As the attack was global, the repercussions were felt around

the world. Immediately, the organizations impacted by the malicious attack had to work to

mitigate the damage and re-secure their systems. Security experts had to save time assessing

the damage and analyzing the attack to properly defend against it in the future (Darktrace,

2020). The attack caused significant financial losses and disruptions to services, but many

organizations recovered in days or weeks due to their swift response. Nonetheless, the damage

caused by the attack will not be forgotten for some time.

 6

g) What Countermeasure has been taken to overcome the attack is not repeated

In response to the attack, many organizations have taken countermeasures such as increased

security protocols, awareness of threats and training of personnel, and monitoring of networks

(Lemos, 2020). Moreover, businesses have sought cyber insurance policies to protect their data

from future cyberattacks. Other cybersecurity practices include implementing multi-factor

authentication, regularly patching software, and utilizing anti-malware solutions. In addition,

companies have been encouraged to develop better backup and disaster recovery plans and

enhance their cyber security training and education.

 7

References

Ministry of Justice. (2022). Physical Security Policy - Security Guidance. Security-

Guidance.service.justice.gov.uk.

https://security-guidance.service.justice.gov.uk/physical-security-policy/

Lemos, R. (2020, February 3). EKANS Ransomware Raises Industrial-Control Worries. Dark

Reading. https://www.darkreading.com/attacks-breaches/ekans-ransomware-raises-

industrial-control-worries

NCES. (2019). Chapter 3-Security Policy: Development and Implementation, from

Safeguarding Your Technology, NCES Publication 98-297 (National Center for

Education Statistics). Ed.gov. https://nces.ed.gov/pubs98/safetech/chapter3.asp

Policies and Guidelines. (2018, November 2). Wireless Access Policy. SVA Policies.

https://policy.sva.edu/information-technology/wireless-access-policy/

Darktrace. (2020, June 25). What the EKANS ransomware attack reveals about the future of

OT cyber-attacks - Darktrace Blog. Darktrace.com. https://darktrace.com/blog/what-

the-ekans-ransomware-attack-reveals-about-the-future-of-ot-cyber-attacks

GoldSparrow. (n.d.). Ekans Ransomware Removal Report. Www.enigmasoftware.com.

Retrieved December 25, 2022, from

https://www.enigmasoftware.com/ekanransomware-removal/