Cyber Security Department
Graduation Project (407422)
Project Title Here .
Submitted By:
Student Name
Student ID
Name 1
Id1
Term:
Date:
Table of Contents
List of Figures
List of Tables
1. Introduction
Systems and workstations that are running Microsoft Windows but have not been patched against the vulnerability that is known as “Eternal Blue” are susceptible to having their data stolen if the vulnerability has not been patched. A vulnerability is a fault in a computer system that, when exploited, could compromise the device’s or system’s level of security (Ding, et al., 2019). After the security flaw has been exploited, the hacker will be able to steal information, which will result in a data breach. The SMBv01 protocol that is utilized by Windows systems is the target of the vulnerability known as Eternal Blue.
Techniques such as heap spraying and buffers overrun are utilized throughout the attack in order to gain access to systems and devices that are powered by Windows operating systems. Notably, this vulnerability was exploited in the WannaCry ransomware attack that occurred in 2017, which encrypted the files of victims and demanded a ransom in order to decrypt the information. After it was initially launched, the attack would quickly spread to other systems, delivering corrupted data that would be processed via the SMB protocol. It is inside this protocol that the vulnerability can be located. After a hack by a group of hackers known as the Shadow Brokers in 2017, who broke into a cache of cyber weapons kept by the National Security Agency (NSA), the origin of the eternalblue vulnerability was discovered to be the United States National Security Agency (NSA).
2. Problem Statement
Any company or organization worth its salt recognizes that data and information are among its most valuable assets. A hack of a successful corporation’s data and information might easily bring the organization to its knees. A data breach occurs when an unauthorized entity is able to access information from an individual, an organization, or a system. A data breach can also refer to the act of stealing information. A data breach occurs whenever there is unauthorized access to data, regardless of whether or not the information is utilized inappropriately. Systems and workstations that are running Microsoft Windows but have not been patched against the vulnerability that is known as EternalBlue can have their data compromised if the vulnerability has not been addressed. They are able to insert a variety of code referred to as a “RAT,” which gives the hacker complete control of the device that has been compromised. Even further, it is able to propagate and proliferate over all of the devices that are connected to the same network.
A vulnerability is a fault in a computer system that, when exploited, could compromise the device’s or system’s level of security (Ding, et al., 2019). After the security flaw has been exploited, the hacker will be able to steal information, which will result in a data breach. The goal of this project is to make users more aware of an exploit known as eternalblue and to identify steps that users may take to protect their data and information from being compromised by a data breach caused by eternalblue. A comprehensive explanation of how the vulnerability can be exploited will be provided, along with recommendations for mitigating its effects and safeguarding the affected devices and systems.
3. Background
Numerous researchers have conducted in-depth investigations into the roles that each player played in the development and propagation of the virus that was responsible for the deadly hack. It is possible to cast a wide net of blame on Microsoft’s insecure protocol, Russia’s use of the malware, and the business I.T. professionals within organizations that failed to apply the available patch to all of their compromised systems; however, when analyzing the role of the NSA, journalists primarily focus on what factors contributed to the data breach and what measures could be taken to prevent future leaks. Microsoft’s unsecure protocol was one of the factors that contributed to the data breach. Russia’s use of the malware was They come to the conclusion that the failure of the NSA to protect its secrets, which includes the hacking tools it uses, is the primary source of worry for which the institution must be held accountable. Greenberg exposes the absurdity of the United States’ habit of shifting responsibility for its problems onto former administrations and other nation-states around the world, as he does in his discussion of the WannaCry attack.
Ransomware attack directed on North Korea, without first looking inwards. He draws attention to the policies and procedures at the workplace that enabled two NSA employees to take substantial collections of highly sensitive hacking equipment home with them. One of the employees’ personal PCs reportedly used antivirus software made by Kapersky, a Russian security business. This indicates that the malware crafted by the NSA was uploaded to the corporation’s servers and remained there for an undetermined amount of time. The reporter also brings up the hazy language and the lack of transparency in the implementation of the White House’s Vulnerabilities and Equities Process. This is a document that is intended to guide which vulnerabilities are reported to the associated vendors and which are kept secret to gather foreign intelligence. However, the reporter notes that the document’s language is hazy and that there is a lack of transparency in its implementation (Greenberg, 2017).
The reporting done by Shane, Perlroth, and Sanger includes the National Security Agency (NSA) as a victim within this network, completely deprived of any and all sense of morale, with the Shadow Brokers being the villains responsible for the crime. This framing is obvious when referring to the case as “one of the biggest security debacles ever to afflict American intelligence” and as exceeding by a significant margin the damage that was caused by Edward Snowden. They investigate how members of the NSA’s internal hacking division, known as Tailored Access Operations (T.A.O), have been impacted by the revelations, with some individuals leaving the organization and others being forced to cancel visits abroad out of concern for their safety. The reporting then continues to describe a toxic environment that is now plagued with polygraphs and suspensions, and the company has difficulties maintaining personnel (Makrakis et al., 2021). The journalists also cover additional victims of the actions taken by the Shadow Broker that led to the disruption of business across the globe. These victims include the millions of computers that were locked by ransomware, businesses that experienced the loss of all of their data, and hospitals in Indonesia, Britain, and even Pennsylvania that were forced to reject patients (Shane et al., 2017).
4. Requirements and specification
4.1. User Groups
Table 1 lists the Users or groups of Users who will be interested in using the system
Table 1 User Groups
User Name Role
Executive management Sponsor technological solutions to cyber-attacks
IT manager Plan and conduct assessment about systems vulnerability
Employees Apply the organization systems in service delivery
Clients Use the systems to access their needed services and products
4.2. Functional Requirements
Functional requirements describe a particular behavior of function of the system when certain conditions are met. The solutions functional requirements are;
i. Adherence to administrative rules users will need administrator password to install any program to the system. The adherence would be critical in handling the systems and be capable of avoiding preventable security breaches that are contributed by ignorance and non-adherence that would create to losses to more stakeholders. The administrative rules that include considering a framework of guidance of how strong passwords are developed is critical in assuring the other users and stakeholders that a good initiative is in place in achieving success.
ii. Authentication access to any system will require two-factor authentication (2FA). Authentication is critical to a system security and in this case SFA reduces the chances of a breach since the cyber-attacker would have two security framework that they have to venture and penetrate and the moment they are done with one results to an upgrade of the system and passwords pushing them to the drawing board. The functional approach increase security of the systems and makes the users confident in handling and protecting their data.
iii. Authorization level an authorization hierarchy will be established to guide on rights and privileges for system users. In an organization, there are the individuals in different positions that are authorized to access confidential information in the system. The restriction to a given individuals to access the system is best in increasing accountability and also minimize risks of data breach. There is also the procedure followed when an employee is leaving the organization to make sure that the authorized is changed to prevent them from manipulating the system or exposure of data to competitors of the firm after leaving.
iv. Legal and regulatory requirements all programs used will need to be authentic. No cracked programs to be installed in the system. In system development, there are individuals that developed the cracked version of the system for their own benefits and the best way to control the function is to prevent cracked versions through legal means. The persons found with the cracked version should be charged and this is only achieved when the organization goes the authentic way.
v. Audit tracking the system will be able to keep audit trail for all users. There is the need for an audit tracking that ensure that all users are under control and management to avoid those that might contribute to breaches through poor practices that can be prevented.
4.3. Non-Functional Requirements (NFRs)
The non-functional requirements define the quality and performance attributes of the solution
Table 2 Non Functional Requirements
NFR Type
Requirements
Implications on Design
and/or operation
Security
The solution will be having the high ability to prevent security breaches.
Successful control security breaches is an assurance that organization would operate during the business hours and outside the business hours without any disruptions.
The users will be assured about the security of their data in the organization that makes it viable to seek services from the organization.
A system that is secured protects the data of the clients that builds reputation and trust to work together.
The data access in the system after getting the solution will be on need to know basis.
The individuals that will be accessing the system will be known and authorized to do so.
The approach ensure that unauthorized persons are prevented from causing a breach.
The solution brings about ease among the staff that are using the system.
Usability is about how effective the users can learn to use the system.
The solution provides the easy use to the system including following administrative strategies.
There is up to 97% reliability of the solution to the ExternalBlue vulnerability. The term “reliability” refers to both the probability and the percentage that the program will continue to function correctly for a predetermined number of times or for a set period of time.
The system would be operational 24/7 where it serves its functions attaining 97% of effectiveness. .
The system would be relied upon by the users within the business hours and beyond.
There would be an increase in the clients that seeks services from the organization due to positive reputation.
Limited security issues when the solution is effective eliminate fines and charges associated with breach of client data.
Integrity is achieved when authorized persons access the system only.
The integrity of the data is about maintaining and assuring the consistency and accuracy through all the lifecycle.
The integrity is achieved through good mechanisms that the system solution offers by minimizing on breaches.
A successful usability is experienced through satisfaction of clients/customers.
Efficiency in security protection.
The reliability dictates that the solution to ExternalBlue is the right intervention towards having a functional system that performs its functions as expected.
Data Integrity
Usability
Reliability
5. System Design
The creation of a technological solution that complies with the system’s functional requirements is the goal of the System Design phase of the software development life cycle. At this stage in the lifecycle of the project, there ought to be a Functional Specification that is primarily written in business terminology. This document ought to contain a comprehensive description of the operational requirements of the various organizational entities that will use the new system (Eian et al., 2020). The difficult task at hand is to convert all of this information into Technical Specifications that not only precisely define the layout of the system but also have the potential to be used as input during System Construction.
5.1. Solution Concept
Within the context of the system development lifecycle, the graphic that follows provides an illustration of all of the processes and deliverables associated with this phase. As part of the System Requirements Analysis process, a Functional Specification is developed, which is then converted into a physical architecture (Eian et al., 2020). The components of the system are dispersed over the physical architecture, useable interfaces are established and prototyped, and technical specifications are drafted for the application developers. This enables the application developers to construct and test the system.
5.2. Proposed System Architecture
A system’s architecture is a description of its primary components, the relationships (structures) between those components, and the ways in which those components interact with one another. The architecture of a system can be thought of as its blueprint (Makrakis et al., 2021). It establishes a communication and coordination mechanism among the components of the system while also providing an abstraction for managing the complexity of the system. It defines a structured solution that may meet all of the technological and operational needs while simultaneously optimizing the common quality aspects, such as performance and security.
5.2.1 Alternative 1
The alternative 1 that the team chosen was an architecture that focuses on bringing about effectiveness and efficiency in the workplace and has a 50% effectiveness in terms of addressing the security issue. The alternative was worth until when the second alternative was drafted based on the blueprint.
5.2.2 Alternative 2
The alternative is more promising to be adopted in the organization because it addresses the issues that is experienced in the system especially the ExternalBlue through the provision of an abstraction in the management of system complexity and coordination mechanism among components.
5.2.3 Reason of Choosing the Alternative
My team chosen the second alternative because they consider that it carries simplicity and also secure. Architecture serves as a blueprint for a system. It provides an abstraction to manage the system complexity and establish a communication and coordination mechanism among components. It defines a structured solution to meet all the technical and operational requirements, while optimizing the common quality attributes like performance and security.
5.2.4 Production and Staging Environments
A testing environment that is referred to as a stage, staging, or pre-production environment is one that is designed to seem exactly like a production environment. It attempts to simulate a real-world production setting as accurately as possible and may establish connections to various production-related services, data, and resources, such as databases. There is a requirement for staging in order to determine whether or not the system is effective in terms of both its security and its functionality by means of conducting tests.
5.3. Component Design
Component
Off shelf/Custom
Justification/Alternative
Processor – 2.8-3.0 GHz
Off the Shelf
Ryzen 5, 7
RAM 4 GB per core
Off the Shelf
n/a
Standard Hard drive
Off the Shelf
256 GB Solid State Drive
Oracle Enterprise Linux 4
Custom
To be able to autonomously work with the specified hardware requirements
Oracle Enterprise Linux 7
Off the Shelf
Oracle Solaris 10 (x86)
Custom
To be able to autonomously work with the specified hardware requirements
5.3
5.3.1 Hardware Components
a. 4 Cores, 2.8-3.0 GHz each (2.8 GHz minimum speed)
b. 4 GB RAM per core
c. Standard hard drive, 100 GB free
d. Network connectivity
1.
2.
3.
4.
4.1.
4.2.
4.3.
4.3.1.
5.3.2 Software Components
a) Oracle Enterprise Linux 4 Update 7 or greater, 64-bit
b) Oracle Enterprise Linux 5 Update 3 or greater, 64-bit
c) Oracle Enterprise Linux 6 64-bit
d) Oracle Solaris 10 (x86)
e) Red Hat Enterprise Linux 4.0 Update 7 or greater, 64-bit
f) Red Hat Enterprise Linux 5.0 Update 3 or greater, 64-bit
5.3.2.1 User Interface Web client
– Based on the system requirements listed in the previous sections, we present the system use case diagram as shown in Figure x
5.3.2.2. Use Case Description
For each of the identified use cases, we provide, in Table 3, a more detailed description. Use case description shows how users will interact with the solution. It describes, from a users point of view, the solutions behavior as it responds to user requests.
5.3.2.3. Back-End Database
The system will use the back-end database file system that ensure that the users experience a better usability when accessing data that they have already keyed. The back-end database is offering the possibility of accessing stored data especially for products ordered online guiding on delivery (Makrakis et al., 2021).
4.4.Design Evaluation
Table 4 shows a comparison between the On-Cloud Option and the On-Site Option
Where do you want to host your system << on-cloud vs on-site and why>>
Table 4
6. Implementation
In order to facilitate the understanding of the system that contains several major components, we start with high level architecture. The source code for this project is provided in Appendix C.
6.1 System Implemented Architecture
Figure 7 shows the major components of the system.
Figure 7 High Level Implementation Architecture
2
3
4
5
6
6.1
6.1.1
6.2 Access Levels
When it comes to determining whether or not a user is allowed to interact with a software, public and private are two of the most prevalent access levels. In a third instance, a guarded, all members of the appropriate class are granted access. The solution ensure that only authorized system users are allowed to access the system and minimize breach.
6.2
6.3
6.1.
6.3 System Services or Functionalities
The system services/functionality include allowing data to be collected and stored in the electronic format that facilitate an easy access by the users. The system is needed to bring effectiveness and efficiency to the users through its functionality in processing data and creates a centralized platform. The system is designed that it carries best components and structure that helps in countering cybersecurity challenges and make it effective .
Testing, Analysis and Evaluation
7.1 Testing Methodology
The verification procedure concludes with system testing. These tests are used to see if all of the integrated components are working to their full potential. When it comes to evaluating whether a system can meet quality standards and adhere to all essential requirements, the testing procedure is critical. To ensure objectivity, testers who were not involved in the application’s development are used to test this technique. This operation is also carried out in an atmosphere that is quite similar to that of the manufacturing phase. A critical part of the development process is system testing, which ensures that the application is meeting all of its functional, technical, and commercial goals. System testing is critical because it ensures that the application meets the customer’s technical, functional, and business requirements. There are steps that are followed and this include the requirement analysis, software testing planning, environmental setup, test case development environmental setup and finally the execution test step. The test results are recorded based on the target system function, feature/functions and how they are working, and finally the functionality. The information is then recorded and documented and all this are done following the test schedule and later exit criteria is adopted last.
7.2 System Analysis and Evaluation
System analysis and evaluation is critical in the process of making any system and this is contributed by the fact that expectation of every system is to make sure that it serves its purpose.
7.3 Test Execution and Test Results
It is necessary to execute tests in order to see if the expected and actual outcomes match up. During the course of a test, the following considerations should be kept in mind: Select a subset of the test suite for this cycle based on a risk. For each testing process, assign a set of test cases to be executed by a tester. The results was impressive that it met the expectations of system development and capable to counter the ExternalBlue vulnerability.
7.3.1 Functional Testing
For each feature of the system, we have checked to see if the delivered solution already meets the requirements of that feature. Manual exploratory testing was performed for functional testing, in which we ran and evaluated each required scenario. Based on the functions it was designed to accomplish, the system was found to be functionally sound.
7.4 Examples on testing
7.4.1 Check password Strength
The password strength was tested and this is where the results showed a positive outcome of the system development where 8 digit password was needed and effective combining numbers, letters, capital and small letters. The testing example showed efficacy in meeting the expected desire.
7. Issues, Engineering Tools and Standards
7.1. Issues
The several issues that we faced in the process include:
Delays in the project implementation.
System failure to meet desired standards per sections developed
Inadequacy of the resources needed
7.2. Engineering Tools and Standards
The standards that I considered in the process of system development include the usability, security, interoperability, accuracy and standards. The tools that were critical include the compilers and code editor.
8. Teamwork
Teamwork has contributed much to the current success of the project and this was possible where we would share ideas and concepts that brings about solutions to the problem.
Appendix B
Table 7 shows the responsiblites, Contributions, and expertise of each of the team members.
Table 7 Team responsiblites, Contributions, and expertise
Student
Responsiblities
Contribution
Expertise
Student 1
Evaluation
Authorization
Design
Implementing database
Business concepts
Technical lead
Design lead
Develops databases
– Business analyst
Student 2
– Architect
Student 3
– System Design
Student 4
– Developer
9. Conclusion
In this section, we list the conclusion and future work respectively.
9.1. Conclusion
Handling the ExternalBlue vulnerability in a system is a challenge that is addressed once the problem is well identified analyzed and addressed in a more extensive way to avoid losses that it brings to an organization. Vulnerabilities has become a threat to most organization where there are annual reports about cyber-attacks that affect the resources of organization and one of the common vulnerability reported is ExternalBlue. In this paper, more focus has been directed towards developing a system that addresses the vulnerability in the system used in the organization making sure that it has security features that counter the vulnerability for prevention purposes.
9.2. Future Work
There is the need for more research in future that would target other vulnerability apart from the ExternalBlue to consider addressing the cybersecurity challenges that are there (Eian et al., 2020). There are other major vulnerabilities that needs an intervention and researchers need to focus on them.
Appendix A: Test Plan
Solution Name
Team Leader:
Student 1
Student 2
Student 3
Test
No. ID
Related Feature
Pre-conditions
Test Description (steps)
Expected Outcome
Test Outcome
1
security
Not Applicable
1. Try with a hacker penetrating the password identification system.
System Database will record the attempted attack
Test evaluation on effectiveness and allow improvement
Appendix B: Progress Report-Teamwork
ID Task Name / Owner Timespan – Week # Status Mitigation Action
Description 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Risk Likelihood Impact Severity
of the Risk if the based on Occurring Risk Impact
occurs and likelihood
1.0
Project Plan
Team
X
X
X
Completed
5.1
ER Diagram
Project ERD is incomplete
Low
High
Low
Completed
The team do the review
5.2
Use Case Diagram
Use cases do not reflect
actual requirements
Low
Moderate
moderate
Completed
Stakeholders representative review
8.3
Final Report
Team
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Do not complete the report on time
Low
High
High
Completed
Team will reflect changes to the Final Report as we go. By the deadline Team should have the major parts of the final report already
in place
References
Blanchard, B. & Fabrycky, W. (2010). Systems Engineering and Analysis (5th Ed.), New Jersey: Prentice Hall.
Ding, A., De Jesus, G., & Janssen, M. (2019). Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure. Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing – ICTRS ’19
Eian, I.,Yong., Li, M, Hasmaddi, N & tuz-Zahra, F. (2020). Integration of Security Modules in Software Development Lifecycle Phases.
Makrakis, Georgios Michail & Kolias, Constantinos & Kambourakis, Georgios & Rieger, Craig & Benjamin, Jacob. (2021). Vulnerabilities and Attacks Against Industrial Control Systems and Critical Infrastructures.
Warren, Tom (April 15, 2017). Microsoft has already patched the NSA’s leaked Windows hacks. The Verge.
Greenberg, A. (2017, December 19). Hold North Korea accountable for WannaCryAnd the NSA, too. Wired. Retrieved March 1, 2020, from .
Greenberg, A. (2018, August 22). The untold story of NotPetya, the most devastating cyberattack in history. Wired. Retrieved March 1, 2020, from .
Shane, S., Perlroth, N., & Sanger, D. E. (2017, November 12). Security breach and spilled secrets have shaken the N.S.A. to its core. The New York Times. Retrieved March 1, 2020, from .