March 31, 2024

INFO24178 Computer and Network Security

Security Products

Brandon Kettle

1
Vehicle Security

In recent years, the rise of technology in automobiles has brought about

numerous benefits, but also new security risks. One such risk is the potential for

remote attacks. These attacks occur when hackers exploit one of many possible

vulnerabilities in a vehicles communication devices such as Bluetooth or Telematics, to

gain unauthorized access and control over various functions of the vehicle.

By using the vehicles Bluetooth hackers can intercept the vehicles

communications remotely to connect to a car's Bluetooth system and manipulate

features such as locking/unlocking doors, starting the engine, controlling the radio or

GPS navigation system, and even disabling critical safety systems like brakes or

airbags. One common method of conducting a Bluetooth attack is through a technique

known as "Bluejacking," where an attacker sends unsolicited messages or files to a

nearby Bluetooth-enabled vehicle. Another method is "Bluesnarfing," where an

attacker gains unauthorized access to a vehicles data by exploiting a vulnerability in

the Object Exchange (OBEX) transfer protocol. This protocol has no authentication

measures making it an easy exploit for those who know how to intercept it. An attacker

can also use telematics to gain access to a vehicle. Attackers are able to gain access

because of an exploitable port left open by the manufacture. Ports are communication

endpoints that allow different devices and services to connect and exchange data over

a network. When a port is left open, it means that there is an active connection point

that can be exploited. By scanning for open ports, attackers can identify vulnerable

2
vehicles and launch various types of attacks. Additionally, open ports can also be used

to install backdoors or other malicious software that can compromise the security of

the vehicle. This poses a serious threat to both the safety of drivers and passengers,

as well as the security of personal information stored within the vehicle.

To protect against remote Bluetooth and Telematics attacks on cars,

manufacturers must continuously update their software to patch vulnerabilities and

implement strong encryption protocols. Additionally, car owners should be vigilant

about keeping their systems up-to-date and avoid connecting to unsecured networks

while driving. By taking these precautions, we can help prevent malicious actors from

exploiting our vehicles' technology for nefarious purposes.

HIDS

In the realm of network security, firewalls play a crucial role in protecting

sensitive information from cyber threats. Three popular network firewalls that are

widely used in the industry are Cisco ASA, Palo Alto, and Fortinet FortiGate.

Cisco ASA is a widely used firewall known for its robust security features and

scalability. One of its key features is the ability to provide stateful inspection, which

3
allows it to monitor and control incoming and outgoing traffic based on predefined

rules. Additionally, Cisco ASA supports VPN connectivity, intrusion prevention, and

threat detection capabilities. However, like any technology, Cisco ASA also has its

limitations. One major limitation is its performance bottleneck when handling high

volumes of traffic. This can lead to latency issues and decreased network efficiency.

Another limitation is the complexity of configuration and management, which can be

challenging for users without extensive technical expertise.

Palo Alto Networks is another top choice for organizations looking for threat

prevention capabilities. The platform also includes advanced features such as URL

filtering, application control, and SSL decryption. However, Palo Alto Networks has a

high cost associated with implementing and maintaining the platform. Additionally,

some users have reported difficulties in integrating Palo Alto Networks with other

security tools and platforms.

Fortinet FortiGate, another popular firewall, is known for its security features

including firewall protection, intrusion prevention, and VPN capabilities. The standout

advantage of Fortinet Fortigate is its user-friendly interface, making it easy for even

non-technical users to navigate and manage their security settings.

In conclusion, while all three firewall solutions have strong security features,

organizations should carefully evaluate their specific needs and requirements before

choosing the best option for their network security needs.

4
Task 2

- The more complex a system or network is, the harder it becomes to secure it

effectively. This is because complexity introduces more opportunities for vulnerabilities

to be exploited by malicious actors. Complex systems are difficult to understand and

manage, making it easier for hackers to find weaknesses and exploit them.

Additionally, complex systems often require more resources and expertise to secure

properly, which can lead to oversights and gaps in security measures. Simplicity, on

the other hand, is key to effective security. By keeping systems and networks as

simple as possible, organizations can reduce the potential attack surface and make it

easier to identify and address security risks.

- Proactive vs reactive in cybersecurity. One of the main reasons why it is better to be

proactive in cybersecurity is that it allows for better preparation and planning. By

identifying potential vulnerabilities and implementing security measures in advance,

organizations can significantly reduce the likelihood of falling victim to cyber attacks.

Additionally, being proactive helps in staying ahead of cybercriminals who are

constantly evolving their tactics.

- The earlier a cybersecurity threat is detected, the better chance there is of mitigating

its impact.

- Sun Tzu, "The supreme art of war is to subdue the enemy without fighting" Just as in

traditional warfare, where victory is achieved through strategic maneuvers and

deception rather than brute force, cybersecurity professionals must employ cunning

5
tactics to outwit malicious hackers. By focusing on prevention and proactive defense

measures, organizations can effectively neutralize threats before they have a chance

to cause harm. This approach involves constantly monitoring networks for suspicious

activity, implementing strong encryption protocols, and staying one step ahead of

potential attackers. Furthermore, by understanding the motivations and tactics of

cybercriminals, security experts can anticipate their next move and take preemptive

action to thwart their efforts. In essence, the key to success in cybersecurity lies in

outsmarting adversaries through intelligence gathering and strategic planning rather

than engaging in direct confrontation. Just as Sun Tzu's teachings emphasize the

importance of winning without fighting on the battlefield, so too must cybersecurity

professionals strive to subdue their enemies without resorting to overt aggression.

- Mitre Att&ck, short for Adversarial Tactics, Techniques, and Common Knowledge, is a

comprehensive framework that categorizes and describes the various tactics and

techniques used by cyber adversaries to compromise systems and networks.

Developed by the Mitre Corporation, this framework provides a common language for

cybersecurity professionals to understand and communicate about cyber threats.

Mitre Att&ck is organized into several categories, including initial access, execution,

persistence, privilege escalation, defense evasion, credential access, discovery, lateral

movement, collection, exfiltration, and impact. Each category contains specific

techniques that adversaries may use to achieve their objectives. By using Mitre Att&ck

as a reference point, organizations can better understand the tactics employed by

6
threat actors and develop more effective defence strategies. This framework helps

security teams prioritize their efforts and focus on mitigating the most critical threats

facing their systems.

- TTPs, or Tactics, Techniques, and Procedures refer to the methods used by threat

actors to carry out attacks. By analyzing these tactics, techniques, and procedures,

organizations can identify patterns and trends in cyber threats. This information can

then be used to develop effective defense strategies and improve overall security

measures. To strengthen an organization's security posture using TTPs, it is important

to continuously monitor and analyze cyber threats. By staying informed about the

latest TTPs employed by threat actors, organizations can proactively update their

defences and mitigate potential risks.

https://www.techtarget.com/searchmobilecomputing/definition/bluesnarfing

7
https://sysdig.com/learn-cloud-native/detection-and-response/what-is-hids/

https://www.dnsstuff.com/host-based-intrusion-detection-systems

https://www.geeksforgeeks.org/adaptive-security-appliance-asa-features/