Cyber Security Department Graduation Project (407422)

   

Cyber Security Department

Graduation Project (407422)

Project Title Here . 

Submitted By:

   

Student Name

Student ID

 

Name 1

Id1

 

Term:  

 

Date: 

   

Table of Contents

   

List of Figures

List of Tables

   

1. Introduction

Systems and workstations that are running Microsoft Windows but have not been patched against the vulnerability that is known as “Eternal Blue” are susceptible to having their data stolen if the vulnerability has not been patched. A vulnerability is a fault in a computer system that, when exploited, could compromise the device’s or system’s level of security (Ding, et al., 2019). After the security flaw has been exploited, the hacker will be able to steal information, which will result in a data breach. The SMBv01 protocol that is utilized by Windows systems is the target of the vulnerability known as Eternal Blue. 

Techniques such as heap spraying and buffers overrun are utilized throughout the attack in order to gain access to systems and devices that are powered by Windows operating systems. Notably, this vulnerability was exploited in the WannaCry ransomware attack that occurred in 2017, which encrypted the files of victims and demanded a ransom in order to decrypt the information. After it was initially launched, the attack would quickly spread to other systems, delivering corrupted data that would be processed via the SMB protocol. It is inside this protocol that the vulnerability can be located. After a hack by a group of hackers known as the Shadow Brokers in 2017, who broke into a cache of cyber weapons kept by the National Security Agency (NSA), the origin of the eternalblue vulnerability was discovered to be the United States National Security Agency (NSA).

2. Problem Statement

Any company or organization worth its salt recognizes that data and information are among its most valuable assets. A hack of a successful corporation’s data and information might easily bring the organization to its knees. A data breach occurs when an unauthorized entity is able to access information from an individual, an organization, or a system. A data breach can also refer to the act of stealing information. A data breach occurs whenever there is unauthorized access to data, regardless of whether or not the information is utilized inappropriately. Systems and workstations that are running Microsoft Windows but have not been patched against the vulnerability that is known as EternalBlue can have their data compromised if the vulnerability has not been addressed. They are able to insert a variety of code referred to as a “RAT,” which gives the hacker complete control of the device that has been compromised. Even further, it is able to propagate and proliferate over all of the devices that are connected to the same network.

A vulnerability is a fault in a computer system that, when exploited, could compromise the device’s or system’s level of security (Ding, et al., 2019). After the security flaw has been exploited, the hacker will be able to steal information, which will result in a data breach. The goal of this project is to make users more aware of an exploit known as eternalblue and to identify steps that users may take to protect their data and information from being compromised by a data breach caused by eternalblue. A comprehensive explanation of how the vulnerability can be exploited will be provided, along with recommendations for mitigating its effects and safeguarding the affected devices and systems.

3. Background

Numerous researchers have conducted in-depth investigations into the roles that each player played in the development and propagation of the virus that was responsible for the deadly hack. It is possible to cast a wide net of blame on Microsoft’s insecure protocol, Russia’s use of the malware, and the business I.T. professionals within organizations that failed to apply the available patch to all of their compromised systems; however, when analyzing the role of the NSA, journalists primarily focus on what factors contributed to the data breach and what measures could be taken to prevent future leaks. Microsoft’s unsecure protocol was one of the factors that contributed to the data breach. Russia’s use of the malware was They come to the conclusion that the failure of the NSA to protect its secrets, which includes the hacking tools it uses, is the primary source of worry for which the institution must be held accountable. Greenberg exposes the absurdity of the United States’ habit of shifting responsibility for its problems onto former administrations and other nation-states around the world, as he does in his discussion of the WannaCry attack. 

Ransomware attack directed on North Korea, without first looking inwards. He draws attention to the policies and procedures at the workplace that enabled two NSA employees to take substantial collections of highly sensitive hacking equipment home with them. One of the employees’ personal PCs reportedly used antivirus software made by Kapersky, a Russian security business. This indicates that the malware crafted by the NSA was uploaded to the corporation’s servers and remained there for an undetermined amount of time. The reporter also brings up the hazy language and the lack of transparency in the implementation of the White House’s Vulnerabilities and Equities Process. This is a document that is intended to guide which vulnerabilities are reported to the associated vendors and which are kept secret to gather foreign intelligence. However, the reporter notes that the document’s language is hazy and that there is a lack of transparency in its implementation (Greenberg, 2017).

The reporting done by Shane, Perlroth, and Sanger includes the National Security Agency (NSA) as a victim within this network,  completely deprived of any and all sense of morale, with the Shadow Brokers being the villains responsible for the crime. This framing is obvious when referring to the case as “one of the biggest security debacles ever to afflict American intelligence” and as exceeding by a significant margin the damage that was caused by Edward Snowden. They investigate how members of the NSA’s internal hacking division, known as Tailored Access Operations (T.A.O), have been impacted by the revelations, with some individuals leaving the organization and others being forced to cancel visits abroad out of concern for their safety. The reporting then continues to describe a toxic environment that is now plagued with polygraphs and suspensions, and the company has difficulties maintaining personnel (Makrakis et al., 2021). The journalists also cover additional victims of the actions taken by the Shadow Broker that led to the disruption of business across the globe. These victims include the millions of computers that were locked by ransomware, businesses that experienced the loss of all of their data, and hospitals in Indonesia, Britain, and even Pennsylvania that were forced to reject patients (Shane et al., 2017).

4. Requirements and specification

4.1. User Groups

Table 1 lists the Users or groups of Users who will be interested in using the system

   

Table 1 User Groups

  

User Name Role

Executive management  Sponsor technological solutions to   cyber-attacks

IT manager   Plan and conduct assessment about systems   vulnerability

Employees   Apply the organization systems in service   delivery

Clients   Use the systems to access their needed   services and products

4.2. Functional Requirements

Functional requirements describe a particular behavior of function of the system when certain conditions are met. The solutions functional requirements are;

i. Adherence to administrative rules users will need administrator password to install any program to the system. The adherence would be critical in handling the systems and be capable of avoiding preventable security breaches that are contributed by ignorance and non-adherence that would create to losses to more stakeholders. The administrative rules that include considering a framework of guidance of how strong passwords are developed is critical in assuring the other users and stakeholders that a good initiative is in place in achieving success. 

ii. Authentication access to any system will require two-factor authentication (2FA). Authentication is critical to a system security and in this case SFA reduces the chances of a breach since the cyber-attacker would have two security framework that they have to venture and penetrate and the moment they are done with one results to an upgrade of the system and passwords pushing them to the drawing board. The functional approach increase security of the systems and makes the users confident in handling and protecting their data. 

iii. Authorization level an authorization hierarchy will be established to guide on rights and privileges for system users. In an organization, there are the individuals in different positions that are authorized to access confidential information in the system. The restriction to a given individuals to access the system is best in increasing accountability and also minimize risks of data breach. There is also the procedure followed when an employee is leaving the organization to make sure that the authorized is changed to prevent them from manipulating the system or exposure of data to competitors of the firm after leaving. 

iv. Legal and regulatory requirements all programs used will need to be authentic. No cracked programs to be installed in the system. In system development, there are individuals that developed the cracked version of the system for their own benefits and the best way to control the function is to prevent cracked versions through legal means. The persons found with the cracked version should be charged and this is only achieved when the organization goes the authentic way. 

v. Audit tracking the system will be able to keep audit trail for all users. There is the need for an audit tracking that ensure that all users are under control and management to avoid those that might contribute to breaches through poor practices that can be prevented.

4.3. Non-Functional Requirements (NFRs)

The non-functional requirements define the quality and performance attributes of the solution 

   

Table 2 Non Functional Requirements

  

NFR Type

Requirements

Implications on Design

and/or operation

 

Security

The solution   will be having the high ability to prevent security breaches.

Successful   control security breaches is an assurance that organization would operate   during the business hours and outside the business hours without any   disruptions.

The users will   be assured about the security of their data in the organization that makes it   viable to seek services from the organization.

A system that   is secured protects the data of the clients that builds reputation and trust   to work together. 

The data access   in the system after getting the solution will be on need to know basis. 

The individuals   that will be accessing the system will be known and authorized to do so. 

The approach   ensure that unauthorized persons are prevented from causing a breach. 

The solution   brings about ease among the staff that are using the system. 

Usability is   about how effective the users can learn to use the system.

The solution   provides the easy use to the system including following administrative   strategies. 

There is up to   97% reliability of the solution to the ExternalBlue vulnerability. The term   “reliability” refers to both the probability and the percentage   that the program will continue to function correctly for a predetermined   number of times or for a set period of time.

The system   would be operational 24/7 where it serves its functions attaining 97% of   effectiveness. .

The system   would be relied upon by the users within the business hours and beyond. 

There would be   an increase in the clients that seeks services from the organization due to   positive reputation.

Limited   security issues when the solution is effective eliminate fines and charges   associated with breach of client data. 

Integrity is   achieved when authorized persons access the system only.

The integrity   of the data is about maintaining and assuring the consistency and accuracy   through all the lifecycle.

The integrity   is achieved through good mechanisms that the system solution offers by   minimizing on breaches.

A successful   usability is experienced through satisfaction of clients/customers.

Efficiency in   security protection.

The reliability dictates that the solution to   ExternalBlue is the right intervention towards having a functional system   that performs its functions as expected. 

 

 

Data Integrity

 

Usability 

 

Reliability

   
  

5. System Design

The creation of a technological solution that complies with the system’s functional requirements is the goal of the System Design phase of the software development life cycle. At this stage in the lifecycle of the project, there ought to be a Functional Specification that is primarily written in business terminology. This document ought to contain a comprehensive description of the operational requirements of the various organizational entities that will use the new system (Eian et al., 2020). The difficult task at hand is to convert all of this information into Technical Specifications that not only precisely define the layout of the system but also have the potential to be used as input during System Construction.

5.1. Solution Concept

Within the context of the system development lifecycle, the graphic that follows provides an illustration of all of the processes and deliverables associated with this phase. As part of the System Requirements Analysis process, a Functional Specification is developed, which is then converted into a physical architecture (Eian et al., 2020). The components of the system are dispersed over the physical architecture, useable interfaces are established and prototyped, and technical specifications are drafted for the application developers. This enables the application developers to construct and test the system.

                   

5.2. Proposed System Architecture

A system’s architecture is a description of its primary components, the relationships (structures) between those components, and the ways in which those components interact with one another. The architecture of a system can be thought of as its blueprint (Makrakis et al., 2021). It establishes a communication and coordination mechanism among the components of the system while also providing an abstraction for managing the complexity of the system. It defines a structured solution that may meet all of the technological and operational needs while simultaneously optimizing the common quality aspects, such as performance and security.

5.2.1 Alternative 1

The alternative 1 that the team chosen was an architecture that focuses on bringing about effectiveness and efficiency in the workplace and has a 50% effectiveness in terms of addressing the security issue. The alternative was worth until when the second alternative was drafted based on the blueprint. 

5.2.2 Alternative 2

The alternative is more promising to be adopted in the organization because it addresses the issues that is experienced in the system especially the ExternalBlue through the provision of an abstraction in the management of system complexity and coordination mechanism among components. 

5.2.3 Reason of Choosing the Alternative

My team chosen the second alternative because they consider that it carries simplicity and also secure. Architecture serves as a blueprint for a system. It provides an abstraction to manage the system complexity and establish a communication and coordination mechanism among components. It defines a structured solution to meet all the technical and operational requirements, while optimizing the common quality attributes like performance and security.

   
  

5.2.4 Production and Staging Environments

A testing environment that is referred to as a stage, staging, or pre-production environment is one that is designed to seem exactly like a production environment. It attempts to simulate a real-world production setting as accurately as possible and may establish connections to various production-related services, data, and resources, such as databases. There is a requirement for staging in order to determine whether or not the system is effective in terms of both its security and its functionality by means of conducting tests.

5.3. Component Design

  

Component 

Off shelf/Custom 

Justification/Alternative 

 

Processor – 2.8-3.0 GHz

Off the Shelf

Ryzen 5, 7

 

RAM 4 GB per core

Off the Shelf

n/a

 

Standard Hard drive 

Off the Shelf

256 GB Solid State Drive

 

Oracle Enterprise Linux 4

Custom

To be able to autonomously work   with the specified hardware requirements 

 

Oracle Enterprise Linux 7

Off the Shelf

 

Oracle Solaris 10 (x86)

Custom

To be able to autonomously work   with the specified hardware requirements

5.3  

5.3.1 Hardware Components

a. 4 Cores, 2.8-3.0 GHz each (2.8 GHz minimum speed)

b. 4 GB RAM per core

c. Standard hard drive, 100 GB free

d. Network connectivity

1.  

2.  

3.  

4.  

4.1.  

4.2.  

4.3.  

4.3.1.  

5.3.2 Software Components 

a) Oracle Enterprise Linux 4 Update 7 or greater, 64-bit

b) Oracle Enterprise Linux 5 Update 3 or greater, 64-bit

c) Oracle Enterprise Linux 6 64-bit

d) Oracle Solaris 10 (x86)

e) Red Hat Enterprise Linux 4.0 Update 7 or greater, 64-bit

f) Red Hat Enterprise Linux 5.0 Update 3 or greater, 64-bit

5.3.2.1 User Interface Web client

– Based on the system requirements listed in the previous sections, we present the system use case diagram as shown in  Figure x

5.3.2.2. Use Case Description

For each of the identified use cases, we provide, in Table 3, a more detailed description. Use case description shows how users will interact with the solution. It describes, from a users point of view, the solutions behavior as it responds to user requests.

   

5.3.2.3. Back-End Database

The system will use the back-end database file system that ensure that the users experience a better usability when accessing data that they have already keyed. The back-end database is offering the possibility of accessing stored data especially for products ordered online guiding on delivery (Makrakis et al., 2021). 

4.4.Design Evaluation

Table 4 shows a comparison between the On-Cloud Option and the On-Site Option

Where do you want to host your system << on-cloud vs on-site and why>>

Table 4   

   

6. Implementation

In order to facilitate the understanding of the system that contains several major components, we start with high level architecture. The source code for this project is provided in Appendix C.

6.1 System Implemented Architecture

Figure 7 shows the major components of the system.  

Figure 7 High Level Implementation Architecture

2 

3 

4 

5 

6 

6.1 

6.1.1 

 

6.2 Access Levels

When it comes to determining whether or not a user is allowed to interact with a software, public and private are two of the most prevalent access levels. In a third instance, a guarded, all members of the appropriate class are granted access. The solution ensure that only authorized system users are allowed to access the system and minimize breach. 

6.2  

6.3  

6.1.  

6.3 System Services or Functionalities

The system services/functionality include allowing data to be collected and stored in the electronic format that facilitate an easy access by the users. The system is needed to bring effectiveness and efficiency to the users through its functionality in processing data and creates a centralized platform. The system is designed that it carries best components and structure that helps in countering cybersecurity challenges and make it effective .

   

Testing, Analysis and Evaluation

7.1  Testing Methodology

The verification procedure concludes with system testing. These tests are used to see if all of the integrated components are working to their full potential. When it comes to evaluating whether a system can meet quality standards and adhere to all essential requirements, the testing procedure is critical. To ensure objectivity, testers who were not involved in the application’s development are used to test this technique. This operation is also carried out in an atmosphere that is quite similar to that of the manufacturing phase. A critical part of the development process is system testing, which ensures that the application is meeting all of its functional, technical, and commercial goals. System testing is critical because it ensures that the application meets the customer’s technical, functional, and business requirements. There are steps that are followed and this include the requirement analysis, software testing planning, environmental setup, test case development environmental setup and finally the execution test step. The test results are recorded based on the target system function, feature/functions and how they are working, and finally the functionality. The information is then recorded and documented and all this are done following the test schedule and later exit criteria is adopted last. 

7.2 System Analysis and Evaluation

System analysis and evaluation is critical in the process of making any system and this is contributed by the fact that expectation of every system is to make sure that it serves its purpose.

7.3  Test Execution and Test Results

 It is necessary to execute tests in order to see if the expected and actual outcomes match up. During the course of a test, the following considerations should be kept in mind: Select a subset of the test suite for this cycle based on a risk. For each testing process, assign a set of test cases to be executed by a tester. The results was impressive that it met the expectations of system development and capable to counter the ExternalBlue vulnerability. 

7.3.1 Functional Testing

For each feature of the system, we have checked to see if the delivered solution already meets the requirements of that feature. Manual exploratory testing was performed for functional testing, in which we ran and evaluated each required scenario. Based on the functions it was designed to accomplish, the system was found to be functionally sound.

7.4 Examples on testing 

7.4.1 Check password Strength

The password strength was tested and this is where the results showed a positive outcome of the system development where 8 digit password was needed and effective combining numbers, letters, capital and small letters. The testing example showed efficacy in meeting the expected desire. 

7. Issues, Engineering Tools and Standards

7.1.  Issues 

The several issues that we faced in the process include:

Delays in the project implementation.

System failure to meet desired standards per sections developed

Inadequacy of the resources needed

7.2.  Engineering Tools and Standards

The standards that I considered in the process of system development include the usability, security, interoperability, accuracy and standards. The tools that were critical include the compilers and code editor.  

8. Teamwork

Teamwork has contributed much to the current success of the project and this was possible where we would share ideas and concepts that brings about solutions to the problem. 

Appendix B

Table 7 shows the responsiblites, Contributions, and expertise of each of the team members. 

Table 7 Team responsiblites, Contributions, and expertise

  

Student

Responsiblities

Contribution

Expertise

 

Student 1

Evaluation

Authorization

Design

Implementing   database

Business concepts

Technical   lead

Design lead

Develops   databases

–  Business analyst

 

Student 2

– Architect

 

Student 3

– System Design

 

Student 4

– Developer

   

9. Conclusion

In this section, we list the conclusion and future work respectively.

9.1. Conclusion

Handling the ExternalBlue vulnerability in a system is a challenge that is addressed once the problem is well identified analyzed and addressed in a more extensive way to avoid losses that it brings to an organization. Vulnerabilities has become a threat to most organization where there are annual reports about cyber-attacks that affect the resources of organization and one of the common vulnerability reported is ExternalBlue. In this paper, more focus has been directed towards developing a system that addresses the vulnerability in the system used in the organization making sure that it has security features that counter the vulnerability for prevention purposes. 

9.2. Future Work

There is the need for more research in future that would target other vulnerability apart from the ExternalBlue to consider addressing the cybersecurity challenges that are there (Eian et al., 2020). There are other major vulnerabilities that needs an intervention and researchers need to focus on them. 

  

   

Appendix A: Test Plan

   

Solution    Name

Team    Leader:  

Student 1

 

Student 2

 

Student 3

 

Test    
   No. ID

Related    Feature

Pre-conditions

Test    Description (steps) 

Expected    Outcome

Test Outcome

 

1

security

Not   Applicable

1. Try   with a hacker penetrating the password identification system.

System   Database will record the attempted attack

 Test evaluation on effectiveness   and allow improvement 

   

Appendix B: Progress Report-Teamwork

  

ID Task Name / Owner Timespan Week # Status Mitigation Action

Description 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Risk Likelihood Impact Severity

of the Risk if the based on Occurring Risk Impact

occurs and likelihood

 

1.0

Project Plan

Team

X

X

X

Completed

 

5.1

ER Diagram

Project   ERD is incomplete

Low

High

Low

Completed

The   team do the review

 

5.2

Use Case Diagram

Use cases do not reflect

actual requirements

Low

Moderate

moderate

Completed

Stakeholders representative review

   

  

8.3

Final Report

Team

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

Do not complete the report on time

Low

High

High

Completed

Team   will reflect changes to the Final Report as we go. By the deadline Team should have   the major parts of the final report already

in place

  

References

Blanchard, B. & Fabrycky, W. (2010). Systems Engineering and Analysis (5th Ed.), New Jersey: Prentice Hall.

Ding, A., De Jesus, G., & Janssen, M. (2019). Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure. Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing – ICTRS ’19

Eian, I.,Yong., Li, M, Hasmaddi, N & tuz-Zahra, F. (2020). Integration of Security Modules in Software Development Lifecycle Phases.

Makrakis, Georgios Michail & Kolias, Constantinos & Kambourakis, Georgios & Rieger, Craig & Benjamin, Jacob. (2021). Vulnerabilities and Attacks Against Industrial Control Systems and Critical Infrastructures.

Warren, Tom (April 15, 2017). Microsoft has already patched the NSA’s leaked Windows hacks. The Verge.

Greenberg, A. (2017, December 19). Hold North Korea accountable for WannaCryAnd the NSA, too. Wired. Retrieved March 1, 2020, from .

Greenberg, A. (2018, August 22). The untold story of NotPetya, the most devastating cyberattack in history. Wired. Retrieved March 1, 2020, from .

Shane, S., Perlroth, N., & Sanger, D. E. (2017, November 12). Security breach and spilled secrets have shaken the N.S.A. to its core. The New York Times. Retrieved March 1, 2020, from .