Blog‎ > ‎

Mitigating Botnet Information Security Risks through EA and the ITSA - Part 4 of 4

posted Apr 1, 2015, 1:55 PM by Christopher Furton   [ updated Dec 13, 2015, 10:35 AM ]

Written by: Christopher Furton
Mitigating Botnet Information Security Risks through Enterprise Architecture (EA) and the Information Technology Security Architecture (ITSA)

Part 4 of 4

Part IV – Conclusion

In conclusion, botnet activity is a substantial threat to the enterprise environment. With evolving capabilities, botmasters will continue to stay at the cutting edge of technology and devise new ways to avoid detection. Part I of this paper discussed the evolution of botnets from the days of Internet Relay Chat to the modern social media. Propagation techniques have evolved to stay ahead of security professionals and some advanced botnets are specifically designed to attack an intended target of the enterprise environment. Lastly, part I briefly described some of the malicious activities that botmasters use botnets for including distributed denial of service and for-profit activities. Throughout part I, 19 risk area topics were identified that directly relates to botnet activity. If unmitigated, these risk area topics can result in botnet infection and subsequent damages.

Part II of this paper introduced a method to mitigate the risk area topics by implementing the Enterprise Architecture and Information Technology Security Architecture models. Through the layers of these models, it was shown that many of the botnet risks can be mitigated by implementing a holistic approach to information security.

Lastly, Part III of this paper provided a case study where a nation-state uses part of the business continuity planning process of the Information Technology Security Architecture to mitigate a distributed denial of service attack.

References

  • (IN)Secure. (2010, April 02). Botnets drive the rise of ransomeware. Retrieved April 25, 2012, from Help Net Security: http://www.net-security.org/secworld.php?id=9095 
  • Uses of botnets. (2008, August 10). Retrieved April 22, 2012, from The Honeynet Project: http://www.honeynet.org/node/52 
  • Bailey, M., Cooke, E., Jahanian, F., Xu, Y., & Karir, M. (2009). A Survey of Botnet Technology and Defenses. Ann Arbor, MI. 
  • Bernard, S. (2008-2009). Enterprise Information Security Architecture V2.2. KSA Learning Point 5.7. 
  • Bernard, S. A. (2005). An Introduction to Enterprise Architecture: second edition. Bloomington, IN: AuthorHouse. 
  • Bernard, S., & Ho, S. M. (2008). Enterprise Architecture as Context and Method for Designing and Implementing Information Security and Data Privacy Controls in Government Agencies. 
  • Bu, Z., Bueno, P., Kashyap, R., & Wosotowsky, A. (2010). The New Era of Botnets. Santa Clara, CA: McAfee Labs. 
  • Choo, K.-K. R. (2007). Zombies and botnets. Woden: Australian Institute of Criminology. 
  • Cooke, E., Jahanian, F., & McPherson, D. (2005). The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. Ann Arbor, MI: University of Michigan and Arbor Networks. 
  • Dagon, D. (2005). Botnet Detection and Response: The Network is the Infection. Retrieved Aorik 22, 2012, from OARC Workshop: http://www.caida.org/funding/dns-itr/events/200507/slides/oarc0507-Dagon.pdf 
  • Dagon, D., Gu, G., Lee, C. P., & Lee, W. (n.d.). A Taxonomy of Botnet Structures. Atlanta, GA: Georgia Institute of Technology. 
  • Damballa. (2011, February 8th). Canned Sandboxing. Retrieved April 26, 2012, from Damballa - The Day Before Zero: http://blog.damballa.com/?p=1097 
  • Ferguson, R. (2010, December 15). 2010 - Year of the Zombie Cloud? Retrieved April 20, 2012, from TrendMicro - ConterMeasures Blog: http://countermeasures.trendmicro.eu/2010-year-of-the-zombie-cloud/ 
  • Ferguson, R. (2010, September 24). The history of the botnet - Part I. Retrieved April 19, 2012, from TrendMicro - CounterMeasures Blog: http://countermeasures.trendmicro.eu/the-history-of-the-botnet-part-i/ 
  • Ferguson, R. (2010, September 27). The history of the botnet - Part II. Retrieved April 19, 2012, from TrendMicro - CounterMeasures Blog: http://countermeasures.trendmicro.eu/the-history-of-the-botnet-part-ii/ 
  • Ferguson, R. (2010, November 5). The history of the botnet - Part III. Retrieved April 19, 2012, from TrendMicro - CounterMeasures Blog: http://countermeasures.trendmicro.eu/the-history-of-the-botnet-part-iii/ 
  • Haag, S., Cummings, M., & Rea, Jr, A. I. (2004). Computing Concepts, 2nd Edition. McGraw-Hill Higher Education. 
  • Hinson, G. (2008, April 29). CERT's podcasts: Security for Business Leaders: Show Notes. Retrieved April 25, 2012, from Cert.org: http://www.cert.org/podcast/notes/20080429hinson-notes.html 
  • Kartaltepe, E. J., Morales, J. A., Xu, S., & Sandhu, R. (2010). Social Network-Based Command-and-Control: Emerging Threats and Countermeasures. San Antonio, TX: Springer-Verlag Berlin Heidelberg. 
  • Kolakowski, N. (2010, March 03). Spain, IT Security Companies Sting Mariposa Botnet. Retrieved April 22, 2012, from eWeek: IT Security & Network Security News: http://www.eweek.com/c/a/Security/Spain-IT-Security-Companies-Sting-Mariposa-Botnet-390027/ 
  • Martin, R. A. (2003). Integrating Your Information Security Vulnerability Management Capabilities Through Industry Standards (CVE & OVAL). IEEE, 1528-1533. 
  • McAfee, Inc. (n.d.). Network Intrusion Prevention. Retrieved April 26, 2012, from McAfee.com: http://www.mcafee.com/us/products/network-security/network-intrusion-prevention.aspx 
  • MXPolice. (2011, July 1). Zeus Botnet Being Spread Through Fake IRS Spam Campaign. Retrieved April 22, 2012, from MXPolice.com: http://www.mxpolice.com/spam-trends/zeus-botnet-being-spread-through-fake-irs-spam-campaign/ 
  • Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., & Borisov, N. (n.d.). Stegobot: a covert social network botnet. New Delhi, India & Urbana, IL. 
  • Naseem, F., Shafqat, M., Sabir, U., & Shahzad, A. (2010). A Survey of Botnet Technology and Detection. International Journal of Video & Image Processing and Network Security, 13-17. 
  • Ollmann, G. (2009, November 25). Enterprise versus Broad-spectrum Internet Botnets. Retrieved April 19, 2012, from Damballa Blog: The Day Before Zero: http://blog.damballa.com/?p=426 
  • Raywood, D. (2010, November 29). A condensed history of the botnet. Retrieved April 19, 2012, from SCMagazine UK: http://www.scmagazineuk.com/a-condensed-history-of-the-botnet/article/191636/ 
  • Scambusters. (2006). Ransomware: How to Protect Yourself. Retrieved April 25, 2012, from Scambusters.org: http://www.scambusters.org/ransomware.html 
  • Schectman, J. (2012, April 12). Get Ready for the Return of the Botnets. Retrieved April 29, 2012, from wsj.com: http://mobile.blogs.wsj.com/cio/2012/04/12/get-ready-for-the-return-of-the-botnets/ 
  • Security Focus. (2008, November 13). McColo takedown nets massive drop in spam. Retrieved April 20, 2012, from Security Focus: http://www.securityfocus.com/brief/855 
  • Singer, M. (2010). Security and the Virtual Enterprise. Retrieved April 26, 2012, from AT&T: http://www.corp.att.com/tlf/docs/singer_presentation.pdf 
  • The H Security. (2011, August 25). Botnet attacks pizza delivery service. Retrieved April 19, 2012, from The H Security: http://www.h-online.com/security/news/item/Botnet-attacks-pizza-delivery-service-1330816.html 
  • The H Security. (2011, April 4). Twitter-controlled botnet mines Bitcoins. Retrieved April 19, 2012, from The H Security: http://www.h-online.com/security/news/item/Twitter-controlled-botnet-mines-Bitcoins-1318497.html 
  • Tikk, E., Kaska, K., Runnimeri, K., Kert, M., Taliharm, A.-M., & Vihul, L. (2008). Cyber Attacks Against Georgia: Legal Lessons Identified. Tallinn, Estonia: CCDCOE. 
  • Wang, P., Sparks, S., & Zou, C. C. (2010). An Advanced Hybrid Peer-to-Peer Botnet. IEEE Transactions on Dependable and Secure Computing, Vol. 7(No. 2), 113-127. 
  • Websense. (2008). Websense Security Labs: State of Internet Security Q1-Q2, 2008. Websense, Inc. 
  • Xin-liang, W., Lu-Ying, C., Fang, L., & Zhen-ming, L. (2010). Analysis and Modeling of the Botnet Propagation Characteristics. Beijing, China: IEEE- Beijing University of Posts and Telecommunications. 
  • Zavoina, A. (1998). Crafting an Internet Acceptable Use Policy. ABA Bank Compliance, 29-31. 
  • Zhang, G.-Y., Li, J., & Gu, G.-C. (2004). Research on Defending DDoS Attack - An Expert System Approach. 2004 IEEE International Conference on Systems, Man and Cybernetics, 3554-3558. 



About the Author

Christopher Furton author bio picture
Christopher Furton

is an Information Technology Professional with over 12 years in the industry.  He attended The University of Michigan earning a B.S. in Computer Science and recently completed a M.S. in Information Management from Syracuse University.  His career includes managing small to medium size IT infrastructures, service desks, and IT operations.  Over the years, Christopher has specialized in Cyber Security while working within the Department of the Defense and the United States Marine Corps. His research topics include vulnerability management, cyber security governance, privacy, and cyber risk management.  He holds active IT Certifications including the CISSP, CEH, ITIL Foundations, Security+CE and Network+CE.  He can be found on , , and .  

Additional information available on Christopher Furton's website at
Comments