Mitigating Cyber Security Attacks by Being Aware of Vulnerabilities and Bugs

Ömer Aslan, R. Samet
{"title":"Mitigating Cyber Security Attacks by Being Aware of Vulnerabilities and Bugs","authors":"Ömer Aslan, R. Samet","doi":"10.1109/CW.2017.22","DOIUrl":null,"url":null,"abstract":"Because the Internet makes human lives easier, many devices are connected to the Internet daily. The private data of individuals and large companies, including health-related data, user bank accounts, and military and manufacturing data, are increasingly accessible via the Internet. Because almost all data is now accessible through the Internet, protecting these valuable assets has become a major concern. The goal of cyber security is to protect such assets from unauthorized use. Attackers use automated tools and manual techniques to penetrate systems by exploiting existing vulnerabilities and software bugs. To provide good enough security; attack methodologies, vulnerability concepts and defence strategies should be thoroughly investigated. The main purpose of this study is to show that the patches released for existing vulnerabilities at the operating system (OS) level and in software programs does not completely prevent cyber-attack. Instead, producing specific patches for each company and fixing software bugs by being aware of the software running on each specific system can provide a better result. This study also demonstrates that firewalls, antivirus software, Windows Defender and other prevention techniques are not sufficient to prevent attacks. Instead, this study examines different aspects of penetration testing to determine vulnerable applications and hosts using the Nmap and Metasploit frameworks. For a test case, a virtualized system is used that includes different versions of Windows and Linux OS.","PeriodicalId":309728,"journal":{"name":"2017 International Conference on Cyberworlds (CW)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Cyberworlds (CW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CW.2017.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9

Abstract

Because the Internet makes human lives easier, many devices are connected to the Internet daily. The private data of individuals and large companies, including health-related data, user bank accounts, and military and manufacturing data, are increasingly accessible via the Internet. Because almost all data is now accessible through the Internet, protecting these valuable assets has become a major concern. The goal of cyber security is to protect such assets from unauthorized use. Attackers use automated tools and manual techniques to penetrate systems by exploiting existing vulnerabilities and software bugs. To provide good enough security; attack methodologies, vulnerability concepts and defence strategies should be thoroughly investigated. The main purpose of this study is to show that the patches released for existing vulnerabilities at the operating system (OS) level and in software programs does not completely prevent cyber-attack. Instead, producing specific patches for each company and fixing software bugs by being aware of the software running on each specific system can provide a better result. This study also demonstrates that firewalls, antivirus software, Windows Defender and other prevention techniques are not sufficient to prevent attacks. Instead, this study examines different aspects of penetration testing to determine vulnerable applications and hosts using the Nmap and Metasploit frameworks. For a test case, a virtualized system is used that includes different versions of Windows and Linux OS.
通过意识到漏洞和错误来减轻网络安全攻击
由于互联网使人们的生活更加便利,每天都有许多设备连接到互联网。个人和大公司的私人数据,包括健康相关数据、用户银行账户以及军事和制造业数据,越来越多地可以通过互联网访问。由于现在几乎所有的数据都可以通过互联网访问,因此保护这些有价值的资产已成为一个主要问题。网络安全的目标是保护这些资产免遭未经授权的使用。攻击者使用自动化工具和手动技术,利用现有的漏洞和软件缺陷来渗透系统。提供足够好的安全保障;应彻底调查攻击方法、脆弱性概念和防御策略。本研究的主要目的是表明,针对操作系统(OS)级别和软件程序中存在的漏洞发布的补丁并不能完全防止网络攻击。相反,为每个公司制作特定的补丁,并通过了解每个特定系统上运行的软件来修复软件错误,可以提供更好的结果。研究还表明,防火墙、杀毒软件、Windows Defender等防范技术不足以防范攻击。相反,本研究使用Nmap和Metasploit框架检查渗透测试的不同方面,以确定易受攻击的应用程序和主机。对于一个测试用例,使用一个虚拟化的系统,其中包括不同版本的Windows和Linux操作系统。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信