Identification of Network Vulnerabilities through IISRA Framework

Abstract

As the globe transitions to complicated networks and as we move towards digitization, its worth is rising daily. Working in an organization across a network and the internet creates vulnerabilities. As is well known, data is a crucial component of every organization and must be safeguarded from threats. The attackers\' job is to try and take advantage of the networks by using these weaknesses. When organizations use the Internet, intranets, and related technologies more frequently, system security becomes one of the key considerations. Network security protects computer systems from unauthorized threats and breaches, which lowers the likelihood that confidential information may be stolen. The organization will feel more secure if these vulnerabilities are closed up in the systems and network well in advance of an attack. The availability of numerous technologies for network vulnerability assessment enables organizations to thwart potential attacks. In this research paper, we have developed an Integrated Information Security Risk Assessment (IISRA) Framework for identification of Network Vulnerabilities. We have implemented this IISRA Framework on real computing environment of an organization.

Introduction

I. INTRODUCTION

The internet is the method that people use the most frequently in the twenty-first century to collect information and data. The main purpose of the internet is to convey information from one node to another through a network. The development of computer networks, mobile devices, and other technologies has significantly increased internet usage. For efficient data distribution, the Internet is a global network of millions of uniquely interconnected computers, networks, and related devices. These data, which were moved from one machine to another, contain extremely sensitive information that must be safeguarded. Cybercriminals are attracted to the internet because of this sudden rise in usage and the significant volume of important data being transferred from one computer to another [1]. [2].

When an unauthorized person, programme, or illegal infiltration enters a computer or network with the intention of doing harm or interfering with the usual course of business, the integrity and security of the computer system are put at risk. ICT (information and communication technology) has significantly improved governance effectiveness and ease for people. The trend of cyberattacks has moved from small-scale intrusion attempts and financial breaches to highly organized state-sponsored operations due to the growing reliance on ICT and sophistication of attack tactics [3].

These cyberattacks prompted the development of cyber security and its defenses against damaging cyberattacks [4]. The human factor is one of the main causes of the success of many cyberattacks since the untrained computer user is the weakest link that social engineering by cybercriminals targets.

To reduce the likelihood that computer hackers and attackers would take advantage of human weaknesses, formal cyber security awareness is necessary [5, 6].

Cybersecurity is a collection of security methods that can be used to safeguard user assets and the internet from intrusion and attack. From this vantage point, it is obvious that cybercriminals have a strong propensity to attack any database that includes important data that could expose that specific database. Additionally, all fields and areas of human endeavor are now the targets of cyberattackers who want to invade their privacy, break into their systems, gather crucial data, and make it accessible to the general public [7-9]. Fighting these cyber security threats and keeping up with their increasing speed is becoming more and more difficult [10-15].

II. IISRA FRAMEWORK FOR NETWORK VULNERABILITIES IDENTIFICATION

We have developed an Integrated Information Security Risk Assessment (IISRA) Framework for identification of Network vulnerabilities. IISRA Framework helps in identifying and assessing potential security vulnerabilities of network.

The process of IISRA network vulnerability identification involves the following steps:

1. Preparation: Before starting the identification, it is important to prepare the network and the vulnerability scanning tool. This may involve installing and configuring the vulnerability scanning tool, determining the scope of the scan (e.g., which systems and devices will be included), and ensuring that the necessary permissions and access controls are in place.
2. Scan Configuration: This involves setting up the vulnerability scanning tool and configuring it to scan the desired network assets. The scan configuration may include specifying the IP address range to be scanned, the types of vulnerabilities to be searched for, and the level of detail to be included in the scan results.
3. Scan Initiation: This involves starting the vulnerability scan, which typically involves sending packets to the target systems and analyzing the responses to identify potential vulnerabilities
4. Scan Progress Monitoring: This involves monitoring the progress of the scan to ensure that it is running as expected and to identify any issues that may impact the accuracy of the scan results.
5. Scan Results Analysis: This involves reviewing the results of the vulnerability scan to identify the potential security risks to the network. The results are typically displayed in a report that includes information about each identified vulnerability, including its severity, the potential impact of exploitation, and recommended remediation steps.
6. False Positive Verification: This involves verifying that the vulnerabilities identified by the scan are actual security weaknesses and not false positives, which are inaccuracies in the scan results that do not represent actual vulnerabilities.
7. Risk Prioritization: This involves prioritizing the vulnerabilities based on their potential impact and likelihood of exploitation, and determining the appropriate response for each vulnerability, such as patching, mitigating, or accepting the risk.
8. Remediation: This involves implementing the recommended remediation steps for each vulnerability, such as applying patches, modifying access controls, or deploying security controls to mitigate the risk.

It is important to perform regular vulnerability scans to ensure that the network remains secure and to identify new vulnerabilities as they emerge. The results of the vulnerability scan should be combined with the results of other assessment methods, such as manual review and penetration testing, to provide a complete view of the network's security posture.

III. RESULTS AND REMEDIATION PLAN

We have implemented IISRA Framework in the real scenario of an organization to assess the Network vulnerabilities of that organization. We have identified total 94 assets in the organization [ ].

Conclusion

In this Research paper, we have developed an Integrated Information Security Risk Assessment (IISRA) Framework for network vulnerabilities identification. We have assessed network vulnerabilities of an organization through IISRA framework. For the network vulnerability assessment, we have categorized assets in four categories: Network devices, servers, workstations and WIFI controller. We have observed that these devices are vulnerable to various network related security issues as on date tasted. We found that these devices has eight critical, nine high, twenty five medium and six low network risk vulnerability.

References

[1] K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, “A Survey on Machine Learning Techniques for Cyber Security in the Last Decade,” IEEE Access, vol. 8, pp. 222310– 222354, 2020, doi: 10.1109/ACCESS.2020.3041951. [2] M. Manulis, C. P. Bridges, R. Harrison, V. Sekar, and A. Davis, “Cyber security in New Space: Analysis of threats, key enabling technologies and challenges,” Int J Inf Secur, vol. 20, no. 3, pp. 287–311, Jun. 2021, doi: 10.1007/s10207- 020-00503-w. [3] N. Shafqat and A. Masood, “Comparative Analysis of Various National Cyber Security Strategies,” 2016. [Online]. Available: https://sites.google.com/site/ijcsis / [4] M. Z. Gunduz and R. Das, “Cybersecurity on smart grid: Threats and potential solutions,” Computer Networks, vol. 169, Mar. 2020, doi: 10.1016/j.comnet.2019.107094. [5] M. D. Richardson, P. A. Lemoine, W. E. Stephens, and R. E. Waller, “Educational Planning,” 2020. [6] D. Craigen, N. Diakun-Thibault, and R. Purse, “Technology Innovation Management Review Defining Cybersecurity,” 2014. [Online]. Available: www.timreview.ca. [7] D. Ghelani, Diptiben Ghelani., “Cyber Security, Cyber Threats, Implications and Future Perspectives: A Review,” American Journal of Science, Engineering and Technology, vol. 3, no. 6, pp. 12–19, 2022, doi: 10.22541/au.166385207.73483369 /v1. [8] D. Schatz, R. Bashroush, and J. Wall, “Towards a More Representative Definition of Cyber Security,” The Journal of Digital Forensics, Security and Law, 2017, doi: 10.15394/jdfsl.2017.1476. [9] S. P.S, N. S, and S. M, “Overview of Cyber Security,” IJARCCE, vol. 7, no. 11, pp. 125–128, Nov. 2018, doi: 10.17148/ijarcce.2018.71127. [10] Keerti Dixit, “Information Security Risk Assessment in Higher Educational Institutions-Issues and Challenges” presented in 36th M.P. Young Scientist Congress, March 23 - 26, 2021 [11] K. Dixit, U. K. Singh, B. K. Pandya, “Comparative Framework for Information Security Risk Assessment Model”, ICCIDS-2022 International Conference on Computational and Intelligent Data Science(Elsevier) 21 May 2022. [12] K. Dixit, U. K. Singh, B. K. Pandya, “Threat and Asset Identification through IISRA Framework”, International Journal of Creative Research Thought (IJCRT), Vol. 11, Issue 4, Apr. 2023. [13] K. Dixit, U. K. Singh, B. K. Pandya, “Identification of Web Vulnerabilities through IISRA Framework”, International Journal of Novel Research and Development (IJNRD), Vol. 8, Issue 5, May 2023. [14] K. Dixit, U. K. Singh, B. K. Pandya, “Comparative study of Information Security Risk Assessment Model”, International Journal of Computer Application (IJCA), Vol. 185, No. 7, May 2023. [15] K. Dixit, U. K. Singh, B. K. Pandya, “An Integrated Information Security Risk Assessment (IISRA) Approach” presented in 2ndInternational Conference on Data Science and Artificial Intelligence ICDSAI 2023, California State University USA and Lendi Institute of Engineering and Technology, Apr. 24-25, 2023.

Copyright

Copyright © 2023 Keerti Dixit, Dr. Umesh Kumar Singh, Dr. Bhupendra Kumar Pandya. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.