Cybersecurity exploits that take advantage of weak passwords continue to succeed in virtually every industry. This motivates interest in empirically determining the extent to which websites that invite visitors to create new user accounts on them encourage or require users to engage in better password management practices, including strong passwords. This project examined a statistically significant sample of websites to assess how closely they voluntarily adhere to the National Institute of Standards and Technology’s authoritative guidance on password policies. Over 100 representative websites were selected from industries that consistently report the most breaches in the Verizon Data Breach Investigation Report. Their respective user account creation processes were assessed via a scorecard approach based on observations collected when following standardized experimental procedures. Scorecard data then were aggregated and analyzed for trends. The research findings highlight potential vulnerabilities that persist in online account password creation practices, leaving many websites susceptible to brute force attacks due to cyber hygiene lapses. Recommendations to help remediate compliance gaps and as paths forward to build upon this work include refining the proposed scorecard, creating and using standardized user registration and profile manager plugins, widely adopting user-friendly password management tools, and enacting tougher legal consequences for website hosts when breaches occur.
based DoS network activities are not isolated, but related as different stages of a series of cyber-attacks. Intuitively, their traces could be caught even though they are carefully hidden behind normal network activities and have forged footprints. For example, the distribution of inter-arrival time of a series of malicious requests on a web-server could be identified even through those malicious requests implemented with forged IP headers. In order to launch a successful flooding-based DoS attack, the hacker has to make large enough requests to overwhelm the target's service capacity. Therefore, such malicious service requests are tended to be intensive and follow best-effort approach.The remainder of this paper is organized as follows: Section 2 reviews related work. Section 3 covers background of flooding-based DoS attack. Section 4 introduces the simulated normal and malicious traffic. Section 5 describes characteristics of the selected network traffic captured by CADIA. Section 6 explains fluid-based approach on a single congested network. Section 7 discusses performance of our model under the simulated normal and malicious traffic. Section 8 concludes this paper and points out future work. Related WorkSeveral literatures have studied and addressed strategies for mitigating cyber-attacks. Lobo et al.[9] studied attacks and countermeasures of the Windows Rootkits: software that is used to hide malicious activities and permit hackers to take control of victims. Several suggestions were issued to the Microsoft and research communities for developing future Windows operating systems. Shafi [10] surveyed security challenges in Cyber-Physical Systems (CPS). Agresti [11] proposed four distinct forces that will shape the future evolution of cybersecurity. Michael et al. [12] emphasized the importance of integrating legal and policy in cyber-preparedness. Eom et al. [13] developed an active cyber-attack model for accessing network vulnerabilities. Yu et al. [14] discussed models and countermeasures for AbstractNetwork traffic traces provide valuable information for researchers to study behaviors of normal and malicious network activities. Although traffic traces are enough to reveal packet-level and connection-level details of most network activities, identifying specific malicious network activities is still a huge challenge: many malicious network activities are able to hide themselves behind normal activities with forged packet and connection information. In practice, mechanisms that are able to effectively extract malicious network activities from raw traffic traces are emerging and will benefit network security and other related communities as well. In this paper, a fluid-based approach for modeling simulated normal and malicious flooding-based denial of service network activities is developed. To approach this goal, several raw traffic traces gathered by the Cooperative Association for Internet Data Analysis (CADIA) are analyzed and investigated.
Due to the recent pandemic, video conferencing platforms – once niche products aimed at limited communities have become a pervasive way of conducting business and sustaining social connections on a global scale. This project explored cybersecurity vulnerabilities and risks faced by these platforms – their data, hardware, and the information exchanged during virtual meetings – and explains some ways these issues can be mitigated. Published research was compiled and analyzed to uncover general risks, vulnerabilities, and security measures. Then, three popular platforms – Zoom, Skype and GoToMeeting were subjected to closer scrutiny. Findings show that platform vendors, business organizations, education institutions, and end users all bear responsibility to train themselves and their constituents on specific cybersecurity steps to enhance video conferencing security. Targeted recommendations are shared, along with some opportunities to build upon this research in the future.
Security plays a large role in software development; simply without its existence the software would be vulnerable to many different types of attacks. Software security prevents leaks of data, alternation of data, and unauthorized access to data. Building a secure software involves a number of different processes but security awareness and implementation are the most important ones among them. To produce high quality software security engineers need to meet today's cybersecurity demands, security awareness and implementation must be integrated in undergraduate computer science programming courses. In this paper, we demonstrate the importance of adopting security guidelines in undergraduate software engineering education. Thus, this paper focuses on integrating secure guidelines into existing applications to eliminate common security vulnerabilities. An assessment table, derived from several existing Java security guidelines, is developed to provide in depth critiques of the selected capstone project. Potential security vulnerabilities in the capstone project are identified and presented in a form showing the degree of threats against the three security characteristics: confidentiality, integrity, and availability addressed in the McCumber Cube model. Meanwhile, vulnerability density of the capstone project is calculated to demonstrate the performance of this research.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.