RSA SECURITY ISSUE

Mobile Computing and Social NetworkingAggression and Social Norms EG351 w3 Analysis EG351 w3 assign 2 EG351 w3 assign1 EG351 w3-1 EG351 W10 asgn 2 EG351 wk 10 EG351_w1 assg 1 – Copy EG351_w1 assg 1 EG351_w1 assg 2doc – Copy EG351_w1 assg 2doc EG351_w1 assg 2doc EG351_w2 assg 2 EG351_w2 EG462 WK 9 – Copy EG462 WK 9 EG481 PROJ 3 WK9 – Copy EG481 PROJ 3 WK9 Project 2 wk 6 wk 9 assign 3eco 5500 week 2 DQs Estimating DemandAnalyze the APT Summit Findings article as well as the RSA Security Brief article and identify the vulnerabilities that existed in the system. An evolution in the goals and sophistication of computer network intrusions has rendered these approaches insufficient for the threats facing many modern networked organizations. A new class of adversaries, appropriately dubbed the “Advanced Persistent Threat” (APT), represents well-resourced and trained adversaries that conduct multi-year intrusion campaigns targeting highly sensitive and valuable data in an attempt to gain a competitive edge, particularly in international business and law, or nation-state political and military affairs. These adversaries accomplish their goals using advanced tools and techniques designed to circumvent most conventional computer network defense mechanisms and remain undetected in their intrusion efforts or presence on networks over long periods of time. 3.  Greg Rattray, Chief Executive Officer,Delta Risk LLC (SANS Institute, 2013).

According to Mike Cloppert Cyber Threat Intelligence Summit Co-Chairs, network defense techniques which leverage knowledge about these adversaries – known as cyber threat intelligence – can enable defenders to establish a state of information superiority which decreases the adversary’s likelihood of success with each subsequent intrusion attempt. Threat intelligence can be a force multiplier as organizations look to update their security programs and defenses to deal with increasingly sophisticated advanced persistent threats. Security managers need accurate, timely and detailed information to continuously monitor new and evolving attacks, and methods to exploit this information in furtherance of an improved defensive posture. Make no mistake about it: contemporaneous computer network defense contains a strong element of intelligence and counterintelligence that analysts and managers alike must understand and leverage. 5. The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.

The tokens, of which 40 million have been deployed, and 250 million mobile software versions, are the market leader for two-factor authentication. They are used in addition to a password, providing a randomly generated number that allows a user to access a network. The tokens are commonly used in financial transactions and government agencies; one source who asked to remain anonymous said SecurID users in those sensitive areas were scrambling to figure out what to do in light of the breach.

Analyze the attack methods carried out in pursuit of the authentication breach and explain which methods were successful and why. The breach at RSA that could compromise the effectiveness of the firm’s two-factor authentication SecurID tokens was accomplished via phishing e-mails and an exploit for a previously unpatched Adobe Flash hole, RSA has revealed. According to, Elinor Mills The attacker sent two different phishing e-mails over a two-day period last month with a subject line of “2011 Recruitment Plan” to two small groups of employees who weren’t considered particularly high-profile or high-value targets, Uri Rivner, head of new technologies in consumer identity protection at RSA, wrote in a blog post. Attached to the e-mails was an Excel file that contained “The attacker in this case installed a customized remote administration tool known as Poison Ivy RAT (remote administration tool) variant,” Rivner wrote. “Often these remote administration tools, the purpose of which is simply to allow external control of the PC or server, are set up in a reverse-connect mode: this means they pull commands from the central command & control servers, then execute the commands, rather than getting commands remotely. This connectivity method makes them more difficult to detect, as the PC reaches out to the command and control rather than the other way around.” The type of attack RSA was hit with is known as an “Advanced Persistent Threat” (APT). Such attacks are often used to target source code and other information useful in espionage, and they involve knowledge of the company’s operations, network, and employees and their roles. With APTs, attackers often have months to snoop around the network and gather information. But RSA stopped this attack early on, although the attacker still had time to “identify and gain access to more strategic users,” Rivner said. “Since RSA detected this attack in progress, it is likely the attacker had to move very quickly to accomplish anything in this phase,” he added. Advanced Persistent Attacks often target source code and other information useful in espionage and involve knowledge of the company’s network, key employees, and workings. Attackers use social engineering and exploits hidden in e-mail and other messages to sneak key loggers and other snooping tools onto employees’ computers. Google announced last year that it and other companies had been targeted in such an attack and it later came out that attackers used an unpatched hole in Internet Explorer to get into the company computers. Google said at the time that intellectual property was stolen and that the attacks appeared to originate in China

According to CNET, RSA has sent security advisory notes to 60,000 customers, briefed 15,000 customers, and had one-on-one briefings with hundreds of customers in sensitive industries who have signed non-disclosure agreements to talk more specifically about how they can best protect themselves.

Suggest three (3) techniques or methods to protect against APT attacks in the future as the CSO for a large organization. simple defense strategies will go a long way to preparing businesses for APTs and reducing the risk, according to IT security professionals. Although some APTs, like Stuxnet, target zero-day vulnerabilities and most are highly targeted, what usually makes these threats “advanced” is that they combine a raft of infiltration techniques. But taken individually, these techniques are typically well-known and easy to defend against. Doing the basics properly will provide a level of security that will reduce the likelihood of opportunistic having a vulnerability management system in place, keeping security patches up to date, and continually testing the security posture of the IT infrastructure. Such best practice techniques should enable businesses to detect a fair number of APTs. c hacking or accidental compromise. Defense in depth, a detection capability, an APT incident response plan, a recovery plan, and security awareness and training. businesses to move from a perimeter-based mentality to one where “every component is taught karate”, with security controls asset-specific and live with that asset, rather than relying on another device upstream or downstream to protect that particular asset. As part of the re-assessment process, an organization must ensure it understands why it may be attacked. “Every organization should draw up a risk register that will allow the allocation of funds and resources to protect the assets that are most valuable to the organization, which may include business processes as well as information.

Determine what types of technologies would help alleviate the problems identified in the articles assuming you are the CSO or CTO in an organization. It is essential to regularly test areas of the organization identified as having the highest risk ratings. “It is important to know when an attack is underway, and how to gather evidence to be able to understand the purpose and origin of the attack. If an organization has experienced an APT incident, it should define an approach to determine how to close down an attack or eavesdropping activity while preserving forensic evidence. “Senior executives and the corporate communications function should be engaged to ensure that PR messages are crafted and released so as to minimize brand damage. Whatever an individual’s role is within the business, from chief executives to secretaries, businesses must ensure that everyone is provided with an adequate level of security awareness training so they will be able to identify anything suspicious. Let’s stop talking down to people, let’s treat them as adults and explain the real risks and the potential consequences of a successful attack. Let’s provide guidance on protecting their personal information as well as the organization’s data and everyone will win – except the criminals. If all the common entry points are blocked, and additional security takes care of the zero-day threats, most organizations should be able to put up a reasonable defense. References Ashford, W. (2013).How to combat advanced persistent threats: APT strategies to protect your organization. http://www.computerweekly.com/feature/How-to-combat-advanced-persistent-threats-APT-strategies-to-protect-your-organisation Mills, E. (2011). Attack on RSA used zero-day Flash exploit in Excel; CNET. http://news.cnet.com/8301-27080_3-20051071-245.html. SANS Institute, (2013). SANS Cyber Threat Intelligence Summit – 22 Mar 2013. http://computer-forensics.sans.org/blog/2013/02/11/sans-cyber-threat-intelligence-summit-22-mar-2013.

8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

ECO 550 WORK SOLUTION

Estimating Demand

Provide an example when it would be appropriate to conduct a time-series or cross sectional data. Evaluate the potential problems that may arise with your example and identify strategies for minimizing the impact of the potential problems.

Cross-sectional data talks about the data collected by observing many subjects at the same point of time, or without regard to differences in time. Analysis of cross-sectional data usually consists of comparing the differences among the subjects. Knowing that these tasks could not be done within existing range or imputation algorithms, so they cannot handle as many variables as needed even in the simpler cross-sectional data for which they were designed, then the need to also develop a new algorithm that substantially expands the range of computationally feasible data types and sizes for which multiple imputation can be used. Cross-sectional, time series, or especially “time-series cross-section” (TSCS) data sets (i.e., those with T units for each of N cross-sectional entities such as countries, where often T < N), as is common in comparative politics and international relations; or for when qualitative knowledge exists about specific missing cell values. The new methods greatly increase the information researchers are able to extract from given amounts of data and are equivalent to having much larger numbers of observations available. Under normal circumstances, researchers can impute once and then analyze the imputed data sets as many times and for as many purposes as they wish (Honaker, 2010).

Discuss the meaning of the regression coefficient of the independent variable(s) and how it could be used to estimate the elasticitys of each of these variables. Discuss how managers use the elasticities measurements to make managerial decisions.

It is important to take into account the uncertainty in the estimation of the regression coefficient. Regression analysis is used when you want to predict a continuous dependent variable from a number of independent variables. If the dependent variable is dichotomous, then logistic regression should be used. (If the split between the two levels of the dependent variable is close to 50-50, then both logistic and linear regression will end up giving you similar results.)in let the “X,” “Y,” “dependent,” “independent” be associated with the magnitude of the regression coefficient ( ) with the change in the dependent variable that results from the unit increase in the independent variable, X.  This magnitude does not tell you how much X changes.   X always increases by one unit to get Y to change by   units. The sign associated with   tells us whether Y increases or decreases by   units when X increases by one unit. (If you begin your interpretation with a unit decrease in X, then remember to reverse the direction indicated by the sign when you describe the change in Y.) . A positive coefficient means X and Y change in the same direction.  If X increases, then Y increases.  If X decreases, then Y decreases.  A negative coefficient means X and Y change in opposite directions.  If X increases, then Y decreases.  If X decreases, then Y increases.

So when you think about it the regression coefficient is not what excel calls them both coefficients, but people should then be concerned and talk about the intercept or constant. Remember that we are talking about changes in X and changes in Y, not levels of either. This is like the idea of a marginal change. It can be stated that the regression line is linear (y = ax + b) the regression coefficient is the constant (a) that represents the rate of change of one variable (y) as a function of changes in the other (x); it is the slope of the regression line (Osgood, 2000).

Reference

Honaker, J. (2010). What to Do about Missing Values in Time-Series Cross-Section Data. American Journal of Political Science, Vol. 54, No. 2, Pp. 561–581 http://gking.harvard.edu/files/gking/files/pr.pdf

Osgood, D.W. (2000). Poisson-Based Regression Analysis of Aggregate Crime Rates.Journal of Quantitative Criminology 16:21-43.