CMIT 320 Network Security Paper Elizabeth Flaim

974 words 4 pages
Network Security Paper - Stuxnet
Elizabeth Flaim
CMIT 320, Section 6380
Professor Charles Pak
Due March 8, 2015

Technical Analysis Ralph Langner’s article on the Stuxnet worm discusses the hardware, distribution and targets of the attack. He also goes into detail regarding the outlook of future attacks and what we can do to prevent them. The Stuxnet attack was not executed to steal or erase information. It was carried out to physically destroy a military target; Iran’s Natanz nuclear facility. The attack was aimed at industrial SCADA controllers and was a stand-alone attack. It was not an attack that required access to the Internet. The attackers relied on local networks and USB drives to carry out the attack.
…show more content…

This vulnerability would automatically launch when Windows Explorer was used to access a thumb drive, causing .dll files to be loaded and executed on the host machine. It would patch the Windows kernel to mask its operation. Once the kernel was patched, the main payload of the worm would install, including the logic for infecting any new, non-infected media that was attached to the computer, as well as logic that would allow it to propagate to the trusted local network. The payload also contained the logic for interacting with the Siemens control system, as well as communicating with command and control servers. This later version of the worm would also collect information regarding the systems that it infected, and was updatable as new exploits were discovered or created by the authors of the worm.
Personal Reflection
Case re: Defensive/Offensive Cyberware Strategy Prevention Recommendation Stuxnet and other attacks have caused significant damage over the years. While it is important to be aware of past and current attacks, it is also imperative to implement strategies and policies in order to prevent future attacks. In cases like Stuxnet, prevention can be very tricky. It is not as easy as using passwords and access control, because computers with proper credentials were attacked and infected with Stuxnet. Once infected, the account was