THREAT PROFILE 2
Risk Assessment 3
Likelihood Estimation 3
Severity Estimation 3
Figure 1 4
Figure 2 5
Mitigation Strategies 5
International Scope 6
The main theme of this assignment is about the security threats and security vulnerabilities. Countless to minor corporations are being attacked by hackers to steal data and to crash frameworks. Another bug came into lime light on the 7th of April 2014 named as "Heartbleed". On the 8th of April a Major corporation was hit by this bug stealing and draining a considerable measure of data. Hackers exploited the Heartbleed vulnerability to break into Community Health Systems (CHS) network, not as much as a day after the bug was brought into public's attention. From that point forward Heartbleed is considered as a genuine and disastrous threat.
Heartbleed is defects in OpenSSL, the open-source encryption standard utilized by the majority of destinations on the web that need to transmit data clients need to keep secure. It fundamentally issues you a "secure line" when you're sending an email or visiting on IM. This shortcoming permits stealing the information ensured, under ordinary conditions, by the SSL/TLS encryption used to secure the Internet. The Heartbleed bug permits anybody on the Internet to peruse the memory of the frameworks secured by the defenceless forms of the OpenSSL programming. This bargains the mystery keys used to distinguish the service providers and to scramble the traffic, the names and passwords of the clients and the actual content. This permits attackers to listen in on interchanges, steal data straightforwardly from the administrations and clients and to impersonate administrations and clients.
The Heartbleed bug permits anybody on the Internet to peruse the memory of the systems secured by the vulnerable versions of the OpenSSL programming. " Heartbleed" vulnerability in the OpenSSL cryptographic library was reported to the Internet community. Appropriately named as the Heartbleed bug, this vulnerability influences OpenSSL versions 1.0.1 through 1.0.1f. The Heartbleed bug is not a defect in the SSL or TLS protocols; rather, it is an imperfection in the OpenSSL execution of the TLS/DTLS heartbeat usefulness. The flaw is not related or presented by freely trusted authentications and is rather an issue with server software.The vulnerable versions has been out there for more than two years now and they have been quickly embraced by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came accessible with the first vulnerable OpenSSL variant (1.0.1) and security community has been pushing the TLS 1.2 because of prior assaults against TLS.
Web servers can keep a great deal of information in their dynamic memory, including user names, passwords, and even the substance that user have transferred to an administration. Indeed, even credit card numbers could be hauled out of the data sitting in memory on the servers that power a few services. At the same time more regrettable even than that, the flaw has made it workable for hackers to steal encryption keys, the codes used to transform nonsense encoded data into discernable information. With encryption keys, hackers can capture encoded data moving to and from a site's servers and read it without making a secure association. This implies that unless the organizations running vulnerable servers change their keys, even future traffic will be vulnerable.
The disclosure of Heartbleed, a flaw in a standout amongst the most broad encryption norms utilized online, has panicked webmasters and users alike. The bug has gone unnoticed for over two years and could have possibly given hackers access to a boundless exhibit of secure data – everything from passwords and login details to…