Security Principles – Diversity and Commonality to prevent Botnet attacks

Making national infrastructure further diverse with the aim of creating superior pliability against cyber-attack is a sensible approach. A botnet is generally quite a lot of Internet-connected devices, each running one or more bots. Botnets are popularly used to perform distributed denial-of-service attack (DDoS attack), bargain data, send spam, and lets the attacker access the device and the connection. The word Botnet is created from two words 'robot' and 'network'. Cybercriminals use superior Trojan viruses to break the security of numerous users' computers, gain access to each computer and unite all the infected machines to form a network of 'bots' that the criminal can manage. They instruct the infected bot army to overload a website to the point when it stops functioning and the access is denied. Individuals who write and operate malware cannot physically log onto each computer they have infected, rather they use botnets to infect the systems and do it routinely. A botnet is also a network of infected computers, where the network is consumed by the malware to spread.

The drawback from a national infrastructure viewpoint is that adversaries have a stress-free time generating attacks with substantial reach and insinuation. When a botnet operator hypothesizes the strategy of a new botnet, the most significant design consideration is reached where the botnet operator will pursue to create malware which can infect the largest number of target PCs.

The computing power provided in a single botnet allows criminals to obligate multiple crimes rapidly and every so often without detection. For example, in 2016 a botnet was used to cause the largest DDoS attack in history, distressing websites like Twitter, Amazon, and Netflix.

Due to this reason, it’s vital to keep the computer from becoming infected in the first place.

• Always keep your software updated and install the latest patches as they are released to prevent any kind of vulnerabilities.
• Use an internet security protection solution that contains botnet the protection which can detect and block malware and firewall defense to filter communications between the computer and the internet.
• Use carefulness when downloading files or apps or clicking on attachments to ensure that’s legitimate.
• Install the software which can detect botnet malware and can block the communication of the malicious malware and reporting to users.
• Users should be qualified to refrain from activity that puts them at risk of bot infections or other malware. This includes opening emails or messages, downloading attachments, or snapping links from untrusted/unfamiliar sources.

To better understand the diversity goals, it is required to introduce a simple model of desktop computing systems. The model is signified as a linear spectrum of choices related to the degree to which systems are either diverse or nondiverse. On one side of the spectrum is the option to complete no diversity, where every desktop system in the organization is the same. On the other side of the spectrum has the option of complete diversity across the organization, where no two desktop systems are identical. In the middle of the spectrum it has the usual types of settings, where the about minor degree of diversity occurs, but with a visibly dominant platform.

The collection of necessary security attributes are typically referred to cooperatively as security best practices. Example: best practices comprise routine scanning of systems, steady penetration testing of networks, agendas for security awareness, and integrity management checking on servers.

Any organization is considered in a solicitation involves national infrastructure to provide evidence of at least the following past practices:

• Past damage —The organization is required to provide evidence of past security incidents that it dealt with to produce real malicious damage to some valued asset. This might seem inconsistent as no organization can claim true skill in securing large infrastructure if it has not dealt with a real incident in the past.
• Past prevention —In the same way, the organization should be able to offer evidence of incidents prevented. The truly skilled security organizations can provide this indication of deliberate action that prohibited an attack from succeeding. A good example might be the establishment of real-time network filtering well in advance of any DDOS attack.
• Past response — Most commonly cited security experience component. Groups can generally point to their response functions as being appealed during worms, viruses, and further attacks. In any formal project solicitation, these requirements should be highlighted and assigned with high priority.

 Providing proof of successful preventive measures is a task for most organizations. When security best practices are effortlessly identified and measurable, they can become the foundation for what is known as a security standard. The security standard then converts the basis for a process known as a security audit, in which an impartial third-party observer controls based on evidence whether the necessities in the standard are met. The key issue for national infrastructure protection is that best practices, standards, and audits establish a low-water mark for all pertinent organizations.

Challenges of diversity and commonality at the national infrastructure level

For national infrastructure protection, a large-scale association of all-source data by organizations with a comprehensive vantage point is difficult by several technical, operational, and business factors, including the following:

• Data formats —Separate national asset environments will collect data in unsuited formats due to a lack of standards in security data collection tools. Consequently, all security-relevant data is collected in an exclusive or locally defined format. This characterizes a significant challenge for any important collection from multiple sources.
• Collection targets —Individual asset environments are likely to be collecting data from dissimilar types of events and triggers. Approximately, for example, collect detailed information about networks and only incomplete information from systems, whereas others might do the reverse.
• Competition —Numerous commercial groups gathering relevant data might be in direct business competition. This competitive profile suggests that any aggregated information and any clarification that would result from correlative analysis must be prudently protected and associated with suitable concealment.

To deal with these challenges on a large scale, a thoughtful correlation process must be employed. The process must break down each module of the correlation task into discrete entities with defined inputs and outputs. This process is unsurpassedly viewed in aggregate as containing five different passes important from collected data to actionable information.

  Reference

 [1] Amoroso, E. (2012). Cyber-attacks: protecting national infrastructure. Elsevier. ISBN: 978-0123918550

 [2] ESET botnet protection. Retrieved from https://www.eset.com/us/botnet/

 [3] Veracode. Appsec Knowledge Base. Retrieved from https://www.veracode.com/security/botnet