Defense in cyberspace--an comprehensive analysis of cybersecurity and its impact on high school

As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace”(Newton Lee).

A cyber attack seeks to cause the adversary’s computer systems and networks to be unavailable or untrustworthy and therefore less useful to the adversary(Lin). Such attack, however, is able to trigger more damage in school than in business world, causing serious disorders in school, specifically, cyberbullying. An comprehensive analysis of cybersecurity and its impact on high school is necessary. To start the analysis, the explanation terminology and a short introduction of cybersecurity equip one with basic knowledge to better understand computer system.

In the field of cybersecurity, the word “security flaw” refers to a defect or “bug” that may open the door for opportunistic use of that vulnerability. For a computer or network, a vulnerability is an aspect of the system that can be used to compromise that system; “compromise” is used as a verb meaning to attack or exploit; weaknesses may be introduced accidentally through design or implementation flaws (Lin). Most famous word in this field is “0day.” It refers to the security flaws known to the defender for zero day. It is the most dangerous security flaws and it is most unlikely to be detect. Using the security flaws, the attackers are able to utilize it to achieve their own goal, or to make profits.

Schools are the potential marketing target for a large amount of companies. By attacking the school and leaking the data, those salesmen are able to utilize the personal information, like phone numbers, personal E-mail addresses for marketing.

ISIS is known for its cyber army. Every school is a perfect target for ISIS. Once those terrorists invaded into the intranet, they will fabricate information for supporting ISIS. They could even reeducate the school kids and turn them against the American people.

There are two categories of cyber operation, cyber attack and cyber exploitation.

The first category of security flaw is cyber attack. Cyber attack harms the target system in availability and the credibility of system. The system will be less useful under such operation since the information is not available and not credible. Cyber attack is an typical destructive operation in cyber space.

The second category of security flaws utilization is cyber exploitation. Unlike the cyber attack, cyber exploitation usually doesn’t decrease the availability or credibility. Instead, it secretly steals information that is not available for the attacker. Typical behavior of cyber exploitation is installing spyware and collecting user information, for example, credit card numbers. It remains silent in the background on one’s computer and it doesn’t harm the computer system itself, like a trojan. However, after collecting sufficient information, the attacker may launch a cyber attack to cover his or her own trace on the system, for example, the system log. By wiping up the whole hard disk, the attackers’ critical information, like IP address, cannot be traced.

In order to take advantage of the security flaws, one has to have access to the target system. Such access could be remote access or close access. Remote access cyber operations are launched with a certain distance to the targeting system. With the booming of the Internet, such cyber operation can be achieved via the Internet. Another access level is close access. Close access usually achieved by installing hardware or software locally. In the case of school cyber system, both close access and remote access can be achieved. In typical school cyber system, firewall is the outermost layer before the direct contact of Internet. Remote access can be achieved, but it is harder than the close access due to the existence of firewall. However, remote access can keep one anonymous during the cyber operations. In the contrary, close accesses are easy to achieved because one is able to bypass the firewall physically. However, in side the system, its clearance level could expose the attacker.

In school cyber system, there are two particular attacks that are most harmful and are easiest to implement. Buffer overflow is the most famous one.
The most popular attacks in non-web based application are called buffer overflow. Buffer overflow vulnerabilities are one of the most common security flaws. When the programmer fails to check or check incorrectly the boundary of memory that the program has access to, buffer overflow occurs. In functional programs, the data are stored in stack; when the buffer overflow occurs, or stack is smashed, the attacker simply by-pass the program and write or read the data in stack. The data in stack could be anything in the program, including the credit card information, personal sensitive data like grades, birthday.

The data stored in heap is also vulnerable from buffer overflow attack. In general, heap store data in a large amount. Typical error of using heap is setting a fixed sized buffer for an input. Attacker could trigger buffer overflow by simply write large amount of data to the heap from input. Such data would filled the buffer assigned for the input, thus eventually write to all the data structure below the input buffer. Due to the uncertainty of the position, attacker are harder to use this vulnerability. However, if the code is short enough, the attacker could simply modify the entire heap and plant the code the attacker wants to execute.

However, buffer overflows are hard to detect. The programmers usually don’t do check on the input. If they do, they only do simple check on the input; the attacker could launch the attack by insert certain code to by-pass the security check. What’s more, most of the book that teach people to program fails to discuss about buffer overflow, especially those program written in low level language like C. In C program, pointer is widely used. Pointer is a address that guide the program to access data. However, those pointer could be intentionally modified and point to the data the attacker wants to know.

Another popular vulnerability is usually found on web-based program. In web-based program, SQL database is usually used. SQL database stored the data collect from the web user. However, when the attacker fabricates special form and submit to the system, such as a form on the website, a login window on a software and etc. Such submission will by-pass the front level of the software and gain direct access to the database. In other words, the attackers are able to access and modify all the data in the database. Sometimes the database doesn’t store critical information, like phone numbers, student names; those information is enough for a sophisticated salesmen to do marketing. Sometimes the database does, storing information like lunch balance, credit card numbers.

Although the critical information usually keeps secure, the less critical information may contains connection with the critical information. For example, people likes to use birthday and telephone number in their password. Once the birthday or cell phone is leaked, the attacker could create a dictionary to go through all the combination of the password. Such process could be done at a fast rate with the help of a scrip. The attacker could simply let the scrip runs several days to crack the password.

In a lot of case, people tend to use a same user name and password for all the application they use. When a attack obtains the user name and password from one site, the password can be used on any other website. When database of one application is compromised and leaked, the other applications could be affected even if the other application didn’t have critical flaws. During the interview with Mr. Wolf, the system administrator for Chester Area School, he told me that the information in Chester Area School is non-critical. However, once the password is leaked, the attack may try to use such password to attack other site that the students registered. Such attack has been done on one of the most popular online shopping website, Jingdong. The attacker simply write a scrip to test each password from the database the attack obtained somewhere else.

In an era of low-age criminal, bullies are happened in every school. Like high-tech criminal, high-tech bullies could happens in a modern school. One possibility is using MITM attack, or man in the middle attack. In a normal network system, the computer send all the packets to the router first, then the router will deliver the packets to other routers, and finally reach the server. In a situation under MIMT attack, all the packets are deliberated delivered to the attacker first, and then may transferred to the router. The computer users would not detect anything, and the network would still working. However, the attackers can intercept the information and find the critical information in the intercepted information. Concerning the cyber bulling, the attacker could simply dropped the packets from whom he or she doesn’t like, thus blocking the Internet access for some student he or she dislike. What’s more, in such case, the attackers could still keep anonymous, and cost is nearly zero, and it is easy to implement: under windows operating system, all they have to do is to install a software called Cain.

Mr. Wolf answer the question whether or not the school has been under cyber operation, and the answer is no. However, with the acceleratingly increasing usage of Internet-access device, such attack may appears gradually. More attention should be drown on cyber security in school. If the student could easily gain administrator access, the system is simply just not secure enough.

Annotated Work Cited
  1. Halfond, William G.J. "A Classification of SQL-Injection Attacks and Countermeasures (bibtex)." Thesis. Georgia Institute of Technology, 2006. A Classification of SQL-Injection Attacks and Countermeasures (bibtex). International Symposium on Secure Software Engineering, Mar. 2006. Web. 14 Oct. 2015.
    This thesis focus on one particular security vulnerabilities in computer programs. Its credibility is guaranteed by Georgia Institute of Technology. This source is used as an example of security flaws.

  2. Haugh, Eric, and Matt Bishop. Testing C Programs for Buffer Overflow Vulnerabilities. Thesis. University of California at Davis, 2003. N.p.: n.p., n.d. Print.
    This thesis focuses on one particular security vulnerabilities in computer programs. Its credibility is guaranteed by University of California at Davis. This source is used as an example of security flaws.

  3. Hinduja, Sameer, and Justin W. Patchin. "Cyberbullying: An Exploratory Analysis of Factors Related to Offending and Victimization." Taylor & Francis. Taylor & Francis Group, LLC, 1 Feb. 2008. Web. 13 Oct. 2015.
    This thesis analyzes the impact of Internet use on teenagers and the links to cyber- violence. This thesis is creditable because it is published online by a database, and it is cited 644 times. This thesis will be used to discuss the impact of cyberbullying.

  4. Lin, Herbert S. "Offensive Cyber Operations and the Use of Force." Offensive Cyber Operations and the Use of Force. Journal of National Security Law & Policy, 13 Aug. 2010. Web. 13 Oct. 2015.
    This thesis defines the terminology in the field of cyber security and cyber operation. Its credibility is guaranteed because it is largely cited by others. This thesis is used to define the terminology.

  5. Lohr, Steve. "The Age of Big Data." The New York Times. The New York Times, 11 Feb. 2012. Web. 14 Oct. 2015.
    This thesis discusses about the significance of Big Data. The New York Times is a world- famous newspaper, which makes this editorial credible. This thesis provides a arena about Big Data. Wolf, Jami. Personal Interview. 15 Nov.2015.