Date of Award

12-2017

Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.

Department

Information Assurance and Information Systems

College

Herberger School of Business

First Advisor

Dennis Guster

Second Advisor

Lynn Collen

Third Advisor

Kasi Balasubramanian

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Keywords and Subject Headings

cloud security, mobile application, real time attacks, dos, routing cache

Abstract

Cyber threat indicators that can be instantly shared in real-time may often be the only mitigating factor between preventing and succumbing to a cyber-attack. Detecting threats in cloud computing environment can be even more of a challenge given the dynamic and complex nature of hosts as well as the services running. Information security professionals have long relied on automated tools such as intrusion detection/prevention systems, SIEM (security information and event management), and vulnerability scanners to report system, application and architectural weaknesses. Although these mechanisms are widely accepted and considered effective at helping organizations stay more secure, each can also have unique limitations that can hinder in this regard. Therefore, in addition to utilizing these resources, a more proactive approach must be incorporated to bring to light possible attack vectors and hidden places where hackers may infiltrate.

This paper shares an insightful example of such lessor known attack vectors by closely examining a host routing table cache, which unveiled a great deal of information that went unrecognized by an intrusion detection system. Furthermore, the author researched and developed a robust mobile app tool that has a multitude of functions which can provide the information security community with a low-cost countermeasure that can be used in a variety of infrastructures (e.g. cloud, host-based etc.). The designed mobile app also illustrates how system administrators and other IT leaders can be alerted of brute force attacks and other rogue processes by quickly identifying and blocking the attacking IP addresses. Furthermore, it is an Android based application that also uses logs created by the Fail2Ban intrusion prevention framework for Linux. Additionally, the paper will also familiarize readers with indirect detection techniques, ways to tune and protect the routing cache, the impact of low and slow hacking techniques, as well as the need for mobile app management in a cloud.

Comments/Acknowledgements

I am grateful to Dr. Dennis Guster for all the immense help I have received in the context of my starred paper. His guidance also led this paper win 2nd prize in Midwest instruction and computing symposium (MICS) 2016.

Share

COinS