1. Cybersecurity
1
|
P a g e
Cybersecurity
Issues,
Challenges
and
Security
Controls
Image:
Courtesy
of
Google
By
Asad
Zaman
Information
Assurance
Capstone-‐670
(Research
Paper)
November
2011.
For
Dr.
James
Clark
University
of
Maryland
University
College
(UMUC)
2. Cybersecurity
2
|
P a g e
Table
of
Contents
1. Abstract…………………………………………………………………………………………………………………………………...…3
2. Introduction……………………………………………………………………………………………………………..…………………4
3. Background…………………..…………………………………………….…………………………………………….……………….6
4. Cybersecurity
issues
&
Challenges
-‐
Federal
Information
Systems……………………………………………..6
5. Cybersecurity
Issues
and
Challenges
-‐The
Corporations,
Institutes,
and
Service
Providers..….…..8
6. Cybersecurity
Tools………………….……………………………….………………………………………………………………12
A).
Cybersecurity
Measures………………………………………………………………………………………………………13
7. Cybersecurity
Method………………………………………………………………………………………………………………15
A).
Cryptography
………………………………………………………………………………………………………………………15
B).
Firewall…………………………………………………………………………………………………..……………………………16
C).
Application
gateway…………………………………………………………………………………………………………….17
D).
Pocket
Filtering……………………………………………………………………………………………………………………18
E).
Hybrid………………………………………………………………………………………………………………………………….19
8. Cybersecurity
Management
Issues………………………………………………………………………….………………..20
9. Recommendation
on
Network
security…………………………………………………………………………………….21
10. Wireless
……………………………………………………………………………………………………………………………………21
11. Cybersecurity
Technology…………….……………………………………………………………………..…..……………….23
A).
SSL-‐VPN……………………………………………………………………………………………………………………………….23
B).
Intrusion
Detection
Prevention
System……………………………………………………………………………….24
12. Conclusion………………………………………………………………………………………………………..………..……………24
13. Bibliography……………………………………………………………………………………………………………………………..25
Figure
Figure
1:
Sample
application
of
gateway……………………………………………………………………………………………….18
Figure
2:
Sample
Pocket
filtering……………………………………………………………………………………………………………19
3. Cybersecurity
3
|
P a g e
1. Abstract
Physical
world
is
increasingly
supported
by
a
cyberspace
or
internet
infrastructure.
This
infrastructure
enables
new
business
models,
enhances
communications,
makes
personal
lives
more
convenient,
and
contributes
to
national
defense.
The
flip
side
of
this
increased
reliance,
however,
is
that
vulnerable
to
threats
to
cyberspace
infrastructure.
Network
outages,
data
compromised
by
hackers,
propagating
viruses,
and
other
incidents
affect
lives
in
ways
that
range
from
inconvenient
to
life-‐threatening.
Cybersecurity
necessitates
a
comprehensive
national
policy
to
protect
electronically
transmitted
and
stored
information
from
intrusion.
The
President
of
the
United
State
(U.S.)
declared
that
the
U.S.
economic
prosperity
in
21st
century
depends
on
cybersecurity.
In
the
face
of
severe
exigencies
of
threat,
several
nations
and
organizations
are
addressing
the
issue
independently
as
well
as
jointly.
Cybersecurity
threats
are
increasing
day
by
day
and
making
high
speed
wired/wireless
network
and
internet
services,
insecure
and
unreliable.
Security
measures
works
more
importantly
towards
fulfilling
the
cutting
edge
demands
of
today’s
growing
internet
use.
The
need
is
also
induced
in
to
the
areas
like
defense,
where
secure
and
authenticated
access
of
resources
are
the
key
issues
related
to
information
security.
This
paper
described
the
important
measures
and
parameters
regarding
large
industry/organizational
requirements
for
establishing
a
secure
network
as
well
as
issue
and
challenges
in
cybersecurity.
Wi-‐Fi
networks
are
very
common
in
providing
wireless
network
access
to
different
resources
and
connecting
various
devices
wirelessly.
There
are
need
of
different
requirements
to
handle
Wi-‐Fi
threats
and
network
hacking
attempts.
This
paper
also
4. Cybersecurity
4
|
P a g e
explores
important
security
measures
related
to
cybersecurity,
so
that
a
fully
secured
network
environment
could
be
established
in
an
organization.
2. Introduction
As
government
agencies,
private
sector
corporations,
the
military,
and
even
retail
shoppers
shift
their
activities
to
the
Internet,
cybersecurity
becomes
increasingly
important.
In
October
2010,
the
President
of
the
United
States
(U.S.)
called
upon
U.S.
people
to
recognize
the
importance
of
cybersecurity.
He
emphasized
on
the
confidentiality
of
sensitive
information,
integrity
of
e-‐commerce,
and
resilience
of
cyber
infrastructure.
The
President
requested
for
a
universal
co-‐operations
to
reduce
cyber
risk
(http://www.whitehouse.gov/the-‐press-‐
office/2010/10/01/presidential-‐proclamation-‐national-‐cybersecurity-‐awareness-‐month).
Cyberspace
touches
nearly
every
part
of
daily
lives.
It's
the
broadband
networks
beneath
us
and
the
wireless
signals
around
us,
the
local
networks
in
our
schools
and
hospitals
and
businesses,
and
the
massive
grids
that
power
our
nation.
It's
the
classified
military
and
intelligence
networks
that
keep
us
safe,
and
the
World
Wide
Web
that
has
made
us
more
interconnected
than
at
any
time
in
human
history.
We
must
secure
our
cyberspace
to
ensure
that
we
can
continue
to
grow
the
nation’s
economy
and
protect
our
way
of
life
(www.whitehouse.gov/cybersecurity).
Cybersecurity
is
the
measure
to
safeguard
organizational
computing
assets
from
cyber
threats
and
vulnerabilities.
While
computers
provide
increased
features
and
functionality,
they
also
introduce
new
risks.
Any
piece
of
electronic
equipment,
such
as
computer,
cell
phone,
car
navigation
device,
PDA,
etc.
that
uses
some
kind
of
computerized
component
is
vulnerable
to
software
imperfections
and
vulnerabilities.
The
risks
increase
if
the
device
is
connected
to
the
5. Cybersecurity
5
|
P a g e
internet
or
a
network
that
an
attacker
may
be
able
to
access.
The
outside
connection
provides
a
way
for
an
attacker
to
send
information
to
or
extract
information
from
the
connected
device.
Both
wired
and
wireless
connections
are
vulnerable
to
cyber
threats.
Attackers
may
be
able
to
take
advantage
of
these
technological
advancements
to
target
devices
previously
considered
"safe."
For
example,
an
attacker
may
be
able
to
infect
cell
phone
with
a
virus,
steal
phone
or
wireless
service,
or
access
the
data
on
PDA.
Not
only
do
these
activities
have
implications
for
users’
personal
information,
but
they
could
also
have
serious
consequences
if
any
corporate
information
is
stored
on
the
device.
Computing
devices
should
never
be
left
unattended
in
public
or
easily
accessible
areas.
All
patches,
firmware
updates,
and
software
updates
must
be
installed
immediately
after
it
is
released
by
the
vendor
–
installing
them
will
prevent
attackers
from
being
able
to
take
advantage
of
known
problems
or
vulnerabilities.
A
strong
and
unique
password
which
is
difficult
for
thieves
to
guess
should
be
used
for
each
computing
device,
and
option
to
remember
password
should
be
disabled.
Network
connections,
including
wireless
connections,
should
be
kept
disabled
when
they
are
not
in
use.
All
data,
especially
the
privacy
data,
should
be
stored
encrypted.
When
data
is
encrypted,
unauthorized
people
can't
view
data
even
if
they
can
physically
access
it;
the
data
owner
must
remember
the
encryption
password
to
decrypt
data,
otherwise
even
the
owner
will
be
unable
to
see
data
(McDowell
&
Lytle,
2008).
Even
the
U.S.
President,
Barack
Obama,
in
his
address
on
May
29,
2009
to
the
National
Security
Council
(NSC),
declared
that
America's
economic
prosperity
in
the
21st
century
would
depend
on
effective
implementation
of
cybersecurity.
Obama
mentioned
cyber
threat
as
one
of
the
serious
economic
and
national
security
challenges
and
cautioned
about
the
risk
of
6. Cybersecurity
6
|
P a g e
privacy
data,
identity
theft,
botnet,
spyware,
malware,
spoofing,
phishing,
cyber
threats,
and
cyber
criminals.
He
mentioned
that
about
1.5
billion
people
worldwide
use
Internet
and
it
is
growing
rapidly.
The
President
highlighted
that
e-‐commerce
in
U.S.
accounted
for
$132
billion
retail
sales
in
2008.
Obama
estimated
that
cyber
criminals
stole
$1
trillion
worth
of
intellectual
property
in
2008
worldwide
(Obama,
2009).
Cybersecurity
can
be
defined
as
protection
of
networks
and
their
services
from
unauthorized
alteration,
destruction,
or
disclosure,
and
provision
of
assurance
that
the
network
performs
in
critical
situations
and
have
no
harmful
effects
for
neither
user
nor
for
employee
(Jegal,
2008).
It
also
includes
provisions
made
in
an
underlying
computer
network
infrastructure,
policies
adopted
by
the
network
administrator
to
protect
the
network
and
the
network-‐accessible
resources
from
unauthorized
access.
3. Background
Computer
networks
were
developed
in
the
1960s
to
help
a
small
group
of
scientists
to
communicate
among
themselves.
The
Internet
was
developed
in
1969
in
an
effort
to
link
a
few
computers
in
scientific
labs
across
the
Unites
States,
especially
for
military
research,
and
financed
by
Pentagon
through
the
Advanced
Research
Project
Agency
(ARPA).
The
first
network
was
called
ARPANET.
In
1989,
the
Internet
was
transformed
to
World
Wide
Web
(WWW)
allowing
millions
of
people
to
access.
In
the
early
1990s,
the
development
of
Netscape
Navigator
even
made
the
WWW
easier
to
use.
Today,
the
Internet
is
used
by
millions
of
people
on
a
daily
basis
(Stevenson,
2000).
4. Cybersecurity Issues & Challenges (The Federal Information Systems)
Federal agencies are facing a set of emerging cybersecurity threats that are the result of
increasingly sophisticated methods of attack and the blending of once distinct types of attack into
7. Cybersecurity
7
|
P a g e
more complex and damaging forms. Examples of these threats include spam (unsolicited
commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and
spyware (software that monitors user activity without user knowledge or consent). To address
these issues, GAO was asked to determine (1) the potential risks to federal systems from these
emerging cybersecurity threats, (2) the federal agencies' perceptions of risk and their actions to
mitigate them, (3) federal and private-sector actions to address the threats on a national level, and
(4) government faces a wide challenges to protecting federal systems from these threats. Spam,
phishing, and spyware pose security risks to federal information systems. Spam consumes
significant resources and is used as a delivery mechanism for other types of cyber attacks;
phishing can lead to identity theft, loss of sensitive information, and reduced trust and use of
electronic government services; and spyware can capture and release sensitive data, make
unauthorized changes, and decrease system performance. The blending of these threats creates
additional risks that cannot be easily mitigated with currently available tools. Agencies'
perceptions of the risks of spam, phishing, and spyware vary. In addition, most agencies were not
applying the information security program requirements of the Federal Information Security
Management Act of 2002 (FISMA) to these emerging threats, including performing risk
assessments, implementing effective mitigating controls, providing security awareness training,
and ensuring that their incident-response plans and procedures addressed these threats. Several
entities within the federal government and the private sector have begun initiatives to address
these emerging threats. These efforts range from educating consumers to targeting cybercrime.
Similar efforts are not, however, being made to assist and educate federal agencies. Although
federal agencies are required to report incidents to a central federal entity, they are not
consistently reporting incidents of emerging cybersecurity threats. Pursuant to FISMA, the
8. Cybersecurity
8
|
P a g e
Office Management and Budget (OMB) and the Department of Homeland Security (DHS) share
responsibility for the federal government's capability to detect, analyze, and respond to
cybersecurity incidents. However, government a wide guidance has not been issued to clarify to
agencies which incidents they should be reporting, as well as how and to whom they should
report. Without effective coordination, the federal government is limited in its ability to identify
and respond to emerging cybersecurity threats, including sophisticated and coordinated attacks
that target multiple federal entities (Wilschsen, 2005).
5. Cybersecurity
Issue
&
Challenges
(The
Corporations,
Institutes,
and
Service
Providers)
A
Deloitte
study
in
2010
found
that
cyber
threats
posed
to
organizations
have
increased
faster
than
potential
victims,
the
cybersecurity
professionals,
can
cope
with
them.
This
placed
organizations
at
significant
risk.
Cyber
criminals
are
increasingly
adept
at
gaining
undetected
access
and
maintaining
a
persistent,
low-‐profile,
long-‐term
presence
in
IT
environments.
An
underground
economy
has
evolved
around
stealing,
packaging,
and
reselling
information.
Malware
authors
for
hire
provide
skills,
capabilities,
products,
and
outsourced
services
to
cyber
criminals.
These
include,
among
others,
identity
collection
and
theft,
data
acquisition
and
storage,
stealthy
access
to
systems,
misdirection
of
communications,
keystroke
identification,
identity
authentication,
and
botnets.
Security
models
today
are
primarily
“reactive,”
and
cyber
criminals
are
exploiting
that
weakness.
Many
security
organizations
may
be
leaving
themselves
vulnerable
to
cyber
crime
based
on
a
false
sense
of
security,
perhaps
even
complacency,
driven
by
non-‐agile
security
tools
and
processes.
Many
are
failing
to
recognize
cyber
crimes
in
their
information
technology
(IT)
environments
and
misallocating
limited
resources
to
lesser
threats.
9. Cybersecurity
9
|
P a g e
For
example,
many
organizations
focus
heavily
on
foiling
hackers
and
blocking
pornography
while
potential
cyber
crimes
are
going
undetected
and
unaddressed
(DeZabala
&
Baich,
2010).
There
are
concerns
that
Apple
uploads
clients’
data,
up
to
73MB
a
night,
from
every
iPhone
device
in-‐use.
Apple
is
claiming
that
they
are
uploading
location
data
only.
Uploading
up
to
73
MB
of
location
data
every
night?
Is
that
true?
What
Apple
is
really
uploading?
Are
they
harvesting
keyboard
cache,
GeoTag
(location
data),
date,
time,
photo
library,
WiFi
connection
logs,
and
personal
interest
of
users
supplemented
with
name,
phone
number,
and
email
address?
All
combined,
this
set
of
information
has
a
huge
value
in
the
underground
market
of
personal
data.
This
data
is
enough
for
a
dubious
spouse
to
prove
that
the
partner
was
not
in
office
at
a
given
date
and
time?
Is
Apple
infringing
the
data
privacy
of
its
users?
As
a
precaution,
Apple
users
should
regularly
clean
the
browser’s
recent
searches
and
the
keyboard
cache.
Germany’s
justice
minister,
Sabine
Leutheusser-‐Schnarrenberger,
has
already
asked
Apple
to
tell
the
State
Data
Protection
Officials
about
the
kind
of
data
that
Apple
is
gathering
on
individual
iPhone
users
in
Germany.
Apple
is
also
asked
to
outline
the
purpose
of
collecting
this
data
and
how
long
the
data
will
be
stored
(Brien,
2010;
Seriot,
2010).
Although
there
are
popular
believes
that
only
computer
programs
can
get
infected
with
virus
software,
but
that
is
not
necessarily
true.
In
fact,
almost
any
electronic
device
that
runs
automatically
can
get
infected
with
malware
(virus,
worm,
etc.),
and
even
cell
phones
are
not
safe
from
cyber
crimes.
IKEE
is
the
first
known
iPhone
worm.
This
worm
changes
the
iPhone’s
wallpaper
and
displays
a
photograph
of
1980s
singer
Rick
Ashley
with
the
words
“IKEE
is
never
goanna
give
you
up.”
The
programmer
of
this
worm,
a
21-‐year
old
Australian
programmer,
was
10. Cybersecurity
10
|
P a g e
subsequently
hired
by
the
Australian
iPhone
development
company,
Mogeneration.
Typically,
iPhone
runs
software
in
its
standard
configuration
that
is
cryptographically
signed
only
by
Apple,
but
iPhone
hackers
found
ways
to
circumvent
this
limitation
by
creating
a
modified
version
of
iPhone
operating
system
(OS)
that
runs
other
software
codes.
Installing
such
a
firmware
is
called
“jailbreaking.”
It
is
estimated
that
about
6–8%
of
all
iPhone
are
“jailbroken”
and
hackers
can
steal
users’
data
now,
including
users’
privacy
and
sensitive
data,
from
jailbroken
iPhones
remotely
(Seriot,
2010).
Cybercrime,
such
as
identity
theft
electronically,
is
a
federal
crime
in
the
USA.
It
is
one
of
the
most
prevalent
nuisances
of
the
21st
century,
the
digital
revolution,
and
the
radical
transformation
of
world
for
its
widespread
Internet
use.
Not
only
has
this
revolution
changed
the
way
people
live
and
do
business,
it
has
also
expanded
the
spectrum
of
illegal
activities.
Cybercrime
has
many
faces
-‐
from
computer
hacking
and
online
piracy
of
copyrighted
content
to
spam,
spyware,
malware,
or
any
of
a
host
of
other
issues,
unimaginable
a
few
decades
ago.
It
is
not
yet
clear
how
the
law
is
faring
against
this
ever
elusive
opponent
(Demarco,
2009).
The
most
frequent
form
of
identity
theft
is
the
fraudulent
use
of
someone’s
name
and
identifying
data
to
obtain
credit,
merchandise,
and
services
(COPS,
2006).
The
Internet
has
made
it
easier
for
individuals
and
organizations
to
communicate
and
conduct
business
online;
hence,
e-‐commerce
is
growing.
According
to
eMarketer,
an
estimated
152
million
individuals
ages
14
and
above
shopped
online
in
2009.
With
the
growth
of
e-‐commerce,
identity
theft
problems
have
also
grown
in
many
parts
of
the
world.
Tremendous
efforts
have
been
made
in
11. Cybersecurity
11
|
P a g e
the
past
decade
by
governments
and
businesses
to
understand
these
issues
and
to
find-‐out
solutions
for
combating
these
problems
(Ji,
Smith-‐Chao,
&
Min,
2008).
The
growth
potential
of
e-‐commerce
has
its
own
vulnerabilities
also.
The
chance
of
security
failure,
including
disclosure
of
privacy
information,
is
high.
The
confidentiality,
integrity,
and
availability
(CIA)
are
at
stake.
Perhaps
the
most
important
reason
for
both
businesses
and
consumers
to
partially
refrain
from
establishing
and
participating
in
e-‐
commerce
is
the
potential
for
loss
of
privacy
data.
A
single
highly
publicized
security
breach
in
privacy
data
can
erode
confidence
in
the
business
and
can
not
only
damage
the
reputation
of
the
firm,
but
cause
widespread
repercussions
in
the
e-‐commerce
industry
(Farahmand
&
Navathe,
2005).
The
internet
has
presented
opportunities
for
companies
to
bombard
the
consumers
with
various
marketing
information,
especially
in
online
advertisements.
Some
of
these
techniques
infringe
data
privacy
and
leaves
consumers
with
security
issues.
Dobosz,
Green,
&
Sisler
(2006)
found
that
DoubleClick
collecting
PII
of
Internet
users
although
it
claims
that
it
does
not.
A
Federal
Trade
Commission
survey
conducted
in
2003
estimated
the
annual
number
of
victims
of
some
form
of
identity
theft
at
9.91
million
adults
or
about
4.6
percent
of
the
United
States
population.
Actual
dollar
losses
for
businesses
and
victims
in
the
United
States
are
estimated
roughly
at
$53
billion
for
2004.
These
figures
do
not
take
into
account
expenses
incurred
by
the
victims
to
recover
losses;
the
cost
to
the
criminal
justice
system
to
detect,
investigate,
and
prosecute
offenders;
or
the
expenditures
of
time
and
money
to
develop,
promulgate,
and
enforce
legislation
to
control
this
crime
(COPS,
2006).
The
total
one-‐year
12. Cybersecurity
12
|
P a g e
fraud
amount
for
2006
is
estimated
at
$55.7
billion,
and
the
average
number
of
hours
that
each
victim
devotes
to
resolving
fraudulent
transactions
and
negative
credit
reporting
issues
is
thought
to
be
40
hours
per
victim
(Fonte,
2008).
It
is
essential
to
reduce
the
opportunities
for
criminals’
misusing
the
data
that
they
steal
because
thieves
are
resourceful
and
security
systems
are
imperfect.
Strong
law
enforcement
is
necessary
to
punish
the
identity
thieves.
The
recent
increasing
sophistication
of
identity
thieves
meant
that
law
enforcement
agencies
at
all
levels
of
government
must
increase
the
resources
they
devote
for
investigating
identity
related
crimes
(Gonzales
&
Majoras,
2007).
According
to
the
U.S.
Federal
Trade
Commission
(FTC)
survey,
about
9.9
million
Americans
were
victims
of
identity
theft
in
2002.
Losses
from
such
crimes
totaled
$48
billion.
Consumers
reported
$5
billion
in
out-‐of-‐pocket
expenses
to
fix
the
problem
(Africa
news,
2003).
The
federal
trade
commission
(FTC)
publication
in
2008
–
“Take
Charge:
Fighting
Back
Against
Identity
Theft”
is
rich
in
contents
identifying
the
prevailing
risks,
such
as
tax
fraud,
banking
fraud,
and
credit
fraud
in
identity
theft
and
data
privacy
risks,
resolving
problems,
and
minimizing
recurrence
(FTC,
2008).
There
is
a
growing
awareness
among
e-‐commerce
customers
that
they
must
stay
ahead
of
the
risks,
because
risk
is
everywhere;
even
using
a
teller
machine
is
a
potential
risk
where
a
criminal
might
watch
the
personal
identification
number
(PIN)
over
the
shoulder
and
use
it
later
or
sell
it
to
others
for
their
financial
gains
(Bhakta,
2008).
6.
Cybersecurity
Tools
13. Cybersecurity
13
|
P a g e
Nowadays
many
commercial
and
some
DOD
or
DOE
installations
have
networks
which
include
various
supercomputer
models
incorporated
in
them.
It
would
be
interesting
to
know
if
products
cater
for
such
environments
too
along
with
the
associated
pricing
algorithm.
New
techniques
and
advances
in
the
field
of
“real-‐time”
auditing
in
the
area
of
IDS,
Intrusion
Detection
Systems,
now
look
for
signs
of
intrusions
or
variations
in
the
normal
operations
in
real
time.
Thus
bringing
auditing
of
ICT
network
systems
into
more
of
an
a
‘prior
system
than
previous
known.
Previous
ICT
auditing
systems
looked
more
like
the
classical
accounting
and
financial
auditing
tools
applied
to
computing.
There
is
still
that
element
present.
However;
today
the
computer
is
the
network
and
the
network
is
the
computer
and
it
is
a
dynamic
system
which
lends
itself
to
real-‐time
auditing.
This
is
a
dimension
beyond
yesterday’s
computer
auditing
functionality
(Clark,
2011).
Below
are
named
few
tools
and
a
very
brief
functionality
used
to
secure
the
network:
•
N-‐map
Security
Scanner
is
a
free
and
open
source
utility
for
network
exploration
or
security
auditing.
•
Nessus
is
the
best
free
network
vulnerability
scanner
available.
•
Wire
shark
or
Ethereal
is
an
open
source
network
protocol
analyzer
for
UNIX
and
Windows.
•
Snort
is
light-‐weight
network
intrusion
detection
and
prevention
system
excels
at
traffic
analysis
and
packet
Logging
on
IP
networks.
•
Net
Cat
is
a
simple
utility
that
reads
and
writes
data
across
TCP
or
UDP
network
connections.
•
Kismet
is
a
powerful
wireless
sniffer.
6. Cybersecurity
Measures:
14. Cybersecurity
14
|
P a g e
(Marin,
2005)
defined
the
core
practical
networking
aspects
of
security
including
computer
intrusion
detection,
traffic
analysis,
and
network
monitoring
aspects
of
network
security.
(Flauzac,
2009)
has
presented
a
new
approach
for
the
implementation
of
distributed
security
solution
in
a
controlled
collaborative
manner,
called
grid
of
security,
in
which
community
of
devices
ensures
that
a
device
is
trustworthy
and
communications
between
devices
can
be
performed
under
control
of
the
system
policies.
(Wu
Kehe,
2009)
has
defined
information
security
in
three
parts
-‐
data
security,
network
system
security
and
network
business
security,
and
the
network
business
security
model.
A
theoretical
basis
for
security
defense
for
enterprise
automatic
production
system
has
also
been
established.
A
Public
Key
Infrastructure
(PKI)-‐based
security
framework
for
wireless
network
has
been
defined
by
(Wuzheng
2009).
In
this
paper
various
tools
and
treatment
related
to
cryptography
and
network
security
has
been
defined.
The
latest
issues
related
to
network
security
technology
and
their
practical
applications
like
Advance
Encryption
Standard
(AES),
CMAC
mode
for
authentication
and
the
CCM
mode
for
authenticated
encryption
standards
are
also
discussed
in
a
very
elaborative
way.
In
addition,
various
hacking
attempts
and
their
detection,
remedial
are
also
discussed
in
a
very
efficient
way.
Nowadays,
transfer
of
information
in
a
safer
and
secure
way
over
a
network
has
become
a
major
challenge
for
the
industry.
The
attacks
and
the
network
security
measures
define
that
how
using
the
network
security
tools,
a
better,
healthy
and
safe
network
can
be
designed
and
maintained
for
an
organization/industry.
This
paper
focuses
on
the
issues
through
which
Cybersecurity
can
be
managed
and
maintained
more
efficiently
in
an
organization.
Following
measures
are
to
be
taken
to
secure
the
network
15. Cybersecurity
15
|
P a g e
•
A
strong
firewall
and
proxy
to
be
used
to
keep
unwanted
traffic
out.
•
A
strong
Antivirus
software
package
and
Internet
Security
Software
package
should
be
installed.
•
For
authentication,
use
strong
passwords
and
change
every
30
days
basis.
•
When
using
a
wireless
connection,
use
a
robust
password.
•
Employees
should
be
cautious
about
physical
security.
•
Prepare
a
network
analyzer
or
network
monitor
and
use
it
when
needed.
•
Implementation
of
physical
security
measures
like
closed
circuit
television
for
entry
areas
and
restricted
zones.
•
Security
barriers
to
restrict
the
organization's
perimeter.
•
Fire
asphyxiators
can
be
used
for
fire-‐sensitive
areas
like
server
rooms
and
security
rooms.
7. Cybersecurity
Method
According
to
one
of
my
UMUC
professor
that
Security
is
on
one
hand
a
race
of
imagination,
trying
to
outthink
the
bad
guys,
but
it
is
also
a
very
regimented,
details
oriented,
carefully
thought
out
pattern
of
activity.
The
imagination
and
the
cybersecuity
method
are
expressed
regarding
the
cybersecurity
war
(Samid,
2009).
In
a
never-‐ending
loop,
cybersecurity
experts
develop
new
ways
to
prevent
continually
emerging
threats,
and
hackers
develop
more
sophisticated
technology
to
circumvent
information
security
systems.
Below
are
named
a
few
methods
and
a
brief
discussed.
A. Cryptography
Today’s
information
systems
and
the
information
that
they
contain
are
considered
to
be
major
assets
that
require
protection.
Cryptography
relies
on
ciphers
(after
encrypted
plaintext),
16. Cybersecurity
16
|
P a g e
which
is
nothing
but
mathematical
functions
used
for
encryption
and
decryption
of
a
message.
To
ensure
the
security
of
information
in
increasingly
prevalent
e-‐commerce,
e-‐business,
and
to
protect
private
data
from
hackers
and
saboteurs,
among
the
others,
cryptography
is
one
of
the
key
techniques
that
ensure
confidentiality
and
integrity
of
information.
The
information
used
by
government
and
business
is
contained
in
computer
systems
consisting
of
groups
of
interconnected
computers
that
make
use
of
shared
networks,
often
referred
to
as
the
Internet
or
Cyberspace.
Since
the
Cyberspace
is
shared
by
diverse
and
often
competing
organizations
and
individuals,
information
systems
should
protect
themselves
and
the
information
that
they
contain
from
unauthorized
disclosure,
modification
and
use.
Cryptography
is
often
used
to
protect
information
from
unauthorized
disclosure,
to
detect
modification,
and
to
authenticate
the
identities
of
system
users.
Cryptography
is
particularly
useful
when
data
transmission
or
authentication
occurs
over
communications
networks
for
which
physical
means
of
protection
are
often
cost-‐prohibitive
or
even
impossible
to
implement.
Thus,
cryptography
is
widely
used
when
business
is
conducted
or
when
sensitive
information
is
transmitted
over
the
Cyberspace.
Cryptography
also
provides
a
layer
of
protection
for
stored
data
(in
addition
to
physical
and
computer
security
access
controls)
against
insiders
who
may
have
physical
and
possibly
logical
(e.g.,
system
administrator)
access
to,
but
not
the
authorization
to
know
or
modify,
the
information
Cryptographic
techniques
(Pandey,
2011).
B. Firewall
Firewalls
are
devices
or
programs
that
control
the
flow
of
network
traffic
between
networks
or
hosts
that
employ
differing
security
postures.
At
one
time,
most
firewalls
were
deployed
at
network
perimeters.
This
provided
some
measure
of
protection
for
internal
hosts,
but
it
could
17. Cybersecurity
17
|
P a g e
not
recognize
all
instances
and
forms
of
attack,
and
attacks
sent
from
one
internal
host
to
another
often
do
not
pass
through
network
firewalls.
Because
of
these
and
other
factors,
network
designers
now
often
include
firewall
functionality
at
places
other
than
the
network
perimeter
to
provide
an
additional
layer
of
security,
as
well
as
to
protect
mobile
devices
that
are
placed
directly
onto
external
networks.
Threats
have
gradually
moved
from
being
most
prevalent
in
lower
layers
of
network
traffic
to
the
application
layer,
which
has
reduced
the
general
effectiveness
of
firewalls
in
stopping
threats
carried
through
network
communications.
However,
firewalls
are
still
needed
to
stop
the
significant
threats
that
continue
to
work
at
lower
layers
of
network
traffic.
Firewalls
can
also
provide
some
protection
at
the
application
layer,
supplementing
the
capabilities
of
other
network
security
technologies.
There
are
several
types
of
firewalls,
each
with
varying
capabilities
to
analyze
network
traffic
and
allow
or
block
specific
instances
by
comparing
traffic
characteristics
to
existing
policies.
Understanding
the
capabilities
of
each
type
of
firewall,
and
designing
firewall
policies
and
acquiring
firewall
technologies
that
effectively
address
an
organization’s
needs,
are
critical
to
achieving
protection
for
network
traffic
flows.
C. Application
gateway
This
is
the
first
firewall
and
is
sometimes
also
known
as
proxy
gateways
as
shown
in
figure
1.
These
are
made
up
of
bastion
hosts
so
they
do
act
as
a
proxy
server.
This
software
runs
at
the
Application
Layer
of
the
ISO/OSI
Reference
Model.
Clients
behind
the
firewall
must
be
categorized
&
prioritized
in
order
to
avail
the
Internet
services.
This
is
been
the
most
secure,
18. Cybersecurity
18
|
P a g e
because
it
doesn't
allow
anything
to
pass
by
default,
but
it
also
need
to
have
the
programs
written
and
turned
on
in
order
to
start
the
traffic
passing.
Figure
1:
A
sample
application
gateway
(Pandra,
2010)
D. Pocket
Filtering
Packet
filtering
is
a
technique
whereby
routers
have
ACLs
(Access
Control
Lists)
turned
on.
By
default,
a
router
will
pass
all
traffic
sent
through
it,
without
any
restrictions
as
shown
in
figure
2.
ACL’s
is
a
method
to
define
what
sorts
of
access
is
allowed
for
the
outside
world
to
have
to
access
internal
network,
and
vice
versa.
This
is
less
complex
than
an
application
gateway,
because
the
feature
of
access
control
is
performed
at
a
lower
ISO/OSI
layer.
Due
to
low
complexity
and
the
fact
that
packet
filtering
is
done
with
routers,
which
are
specialized
computers
optimized
for
tasks
related
to
networking,
a
packet
filtering
gateway
is
often
much
faster
than
its
application
layer
cousins.
Working
at
a
lower
level,
supporting
new
applications
either
comes
automatically,
or
is
a
simple
matter
of
allowing
a
specific
packet
type
to
pass
through
the
gateway.
There
are
problems
with
this
method;
thought
TCP/IP
has
absolutely
no
19. Cybersecurity
19
|
P a g e
means
of
guaranteeing
that
the
source
address
is
really
what
it
claims
to
be.
As
a
result,
use
layers
of
packet
filters
are
must
in
order
to
localize
the
traffic.
Figure
2:
A
sample
packet
filtering
gateway
(Pandra,
2010)
It
can
differentiate
between
a
packet
that
came
from
the
Internet
and
one
that
came
from
our
internal
network.
Also
It
can
be
identified
which
network
the
packet
came
from
with
certainty,
but
it
can't
get
more
specific
than
that.
E. Hybrid
System
In
an
attempt
to
combine
the
security
feature
of
the
application
layer
gateways
with
the
flexibility
and
speed
of
packet
filtering,
some
developers
have
created
systems
that
use
the
principles
of
both.
In
some
of
these
systems,
new
connections
must
be
authenticated
and
approved
at
the
application
layer.
Once
this
has
been
done,
the
remainder
of
the
connection
is
passed
down
to
the
session
layer,
where
packet
filters
watch
the
connection
to
ensure
that
only
packets
that
are
part
of
an
ongoing
(already
authenticated
and
approved)
conversation
are
being
passed.
Uses
of
packet
filtering
and
application
layer
proxies
are
the
other
possible
ways.
20. Cybersecurity
20
|
P a g e
The
benefits
here
include
providing
a
measure
of
protection
against
your
machines
that
provide
services
to
the
Internet
(such
as
a
public
web
server),
as
well
as
provide
the
security
of
an
application
layer
gateway
to
the
internal
network.
Additionally,
using
this
method,
an
attacker,
in
order
to
get
to
services
on
the
internal
network,
will
have
to
break
through
the
access
router,
the
bastion
host,
and
the
choke
router.
8. Security
Management
Issues
a)
Ensuring
the
security
strength
of
the
organization
is
a
big
challenge
nowadays.
Organizations
have
some
pre-‐defined
security
policies
and
procedures
but
they
are
not
implementing
it
accordingly.
Through
the
use
of
technology,
we
should
impose
these
policies
on
people
and
process.
b)
Building
and
affirming
high-‐quality
resources
for
deployment
and
efficient
management
of
network
security
infrastructure.
Adopting
technologies
that
are
easy
and
cost
effective
to
deploy
and
manage
day-‐to–day
network
security
operations
and
troubleshoots
in
the
long
run.
c)
Ensuring
a
fully
secure
networking
environment
without
degradation
in
the
performance
of
business
applications.
d)
On
a
day-‐to-‐day
basis,
enterprises
face
the
challenge
of
having
to
scale
up
their
infrastructure
to
a
rapidly
increasing
user
group,
both
from
within
and
outside
of
the
organizations.
At
the
same
time,
they
also
have
to
ensure
that
performance
is
not
compromised.
e)
Organizations
sometimes
have
to
deal
with
a
number
of
point
products
in
the
network.
Securing
all
of
them
totally
while
ensuring
seamless
functionality
is
one
of
the
biggest
challenges
they
face
while
planning
and
implementing
a
security
blueprint.
21. Cybersecurity
21
|
P a g e
f)
The
implementation
and
conceptualization
of
security
blueprint
is
a
challenge.
Security
is
a
combination
of
people,
processes,
and
technology;
while
IT
managers
are
traditionally
tuned
to
address
only
the
technology
controls.
9.
Recommendation
of
Network
security
controls
a)
Organization
should
be
prepared
to
cope
with
the
growth
of
the
organization,
which
in
turn
would
entail
new
enhancements
in
the
network
both
in
terms
of
applications
and
size.
They
should
plan
security
according
to
the
changing
requirements,
which
may
grow
to
include
various
factors
like
remote
and
third-‐party
access.
b)
Threats
are
no
longer
focused
on
network
layer;
application
layer
is
the
new
playground
of
hackers.
Attack
protection
solutions
must
protect
network,
services
and
applications;
provide
secure
office
connection,
secure
remote
employee
access,
resilient
network
availability,
and
controllable
Internet
access.
c)
The
ideal
solution
for
internal
security
challenges
is
not
only
a
conventional
security
product
but
it
must
contain
the
threats
(like
worms),
divide
the
network,
and
protect
the
desktop,
server
and
the
data
center.
d)
About
70
percent
of
new
attacks
target
Web-‐enabled
applications
and
their
number
is
growing.
Enterprises
should,
therefore,
deploy
Web
security
solutions
that
provide
secure
Web
access
as
well
as
protect
Web
servers
and
applications.
The
security
solutions
must
be
easy
to
deploy,
and
they
should
also
provide
integrated
access
control
(Pandey,
2011).
10.
Wireless
While
wireless
provides
productivity
and
benefit,
their
explosive
growth
they
also
pose
risks
to
end
users
and
organizations
22. Cybersecurity
22
|
P a g e
Threats
to
wireless
local
area
networks
(WLANs)
are
numerous
and
potentially
devastating.
Security
issues
ranging
from
misconfigured
wireless
access
points
(WAPs)
to
session
hijacking
to
Denial
of
Service
(DoS)
can
plague
a
WLAN.
Wireless
networks
are
not
only
susceptible
to
TCP/IP-‐based
attacks
native
to
wired
networks,
they
are
also
subject
to
a
wide
array
of
802.11-‐
specific
threats.
To
aid
in
the
defense
and
detection
of
these
potential
threats,
WLANs
should
employ
a
security
solutions.
Wireless
access
points
are
increasingly
serving
as
entry
points
to
the
Internet,
increasing
connectivity
options
and
security
concerns.
Particularly
significant
are
public
access
points,
commonly
known
as
hotspots,
which
are
often
located
in
heavily
populated
areas
such
as
airports,
coffee
shops,
and
hotels,
appealing
to
both
business
and
casual
users,
but
offering
little
or
no
security.
The
number
of
worldwide
commercial
hotspots
reached
143,700
in
2006,
with
an
estimated
675,000
additional
access
points
shipped
during
the
year
specifically
for
use
in
public
hot
spots
(Chenoweth,
Minch
&
Tabor,
2010).
The
growth
in
hotspots
is
expected
to
continue
because
they
are
inexpensive,
new
applications
(such
as
voice
over
Wi-‐Fi)
are
emerging,
and
the
public
is
becoming
accustomed
to
the
mobility
and
ubiquitous
Internet
access
they
provide.
At
the
same
time
that
wireless
usage
is
increasing,
computer
and
network
security
is
consuming
an
increasing
amount
of
time
and
resources
for
individuals
and
organizations.
The
spiraling
number
of
viruses
and
outsider
attacks
has
driven
this
increase
and
has
shortened
the
timeframe
between
vulnerability
announcements
and
the
appearance
of
global
exploits.
Despite
the
increased
risk,
most
wireless
networks
have
little
or
no
network
security
implemented.
Surveys
have
determined
that
approximately
60%
of
all
wireless
23. Cybersecurity
23
|
P a g e
networks
use
no
form
of
encryption,
and
that
even
when
encryptions
enabled,
approximately
75%
are
using
wired
equivalent
privacy
(WEP),
which
has
several
well-‐documented
security
deficiencies
(Chenoweth,
Minch
&
Tabor,
2010).
The
problem
is
even
more
acute
with
public
hotspots
because
their
users
are
more
interested
in
ease
of
use
than
the
level
of
security.
11. Security
Technology
Leading
security
vendors
offer
end-‐to-‐end
solutions
that
claim
to
take
care
of
all
aspects
of
Cybersecurity.
End-‐to-‐end
solutions
usually
offer
a
combination
of
hardware
and
software
platforms
including
a
security
management
solution
that
performs
multiple
functions
and
takes
care
of
the
entire
gamut
of
security
on
a
network.
An
integrated
solution
is
one
that
encompasses
not
only
a
point-‐security
problem
(like
worms/intrusion)
but
one
that
also
handles
a
variety
of
network
and
application
layer
security
challenges.
Available
products
can
be
categorized
in
the
following
streams.
A. SSL-‐VPN
According
to
NIST
SSL-‐VPN
guidelines
that
the
protection
of
sensitive
information
that
is
transmitted
across
interconnected
networks
is
critical
to
the
overall
security
of
an
organization’s
information
and
information
systems.
SSL
VPNs
provide
secure
remote
access
to
an
organization’s
resources.
A
VPN
is
a
virtual
network,
built
on
top
of
existing
physical
networks,
which
can
provide
a
secure
communications
mechanism
for
data
and
other
information
transmitted
between
two
endpoints.
Because
a
VPN
can
be
used
over
existing
networks
such
as
the
Internet,
it
can
facilitate
the
secure
transfer
of
sensitive
data
across
public
networks.
An
SSL
VPN
consists
of
one
or
more
VPN
devices
to
which
users
connect
using
their
24. Cybersecurity
24
|
P a g e
Web
browsers.
The
traffic
between
the
Web
browser
and
the
SSL
VPN
device
is
encrypted
with
the
SSL
protocol
or
its
successor,
the
Transport
Layer
Security
(TLS)
protocol
(Frankel
2010).
A. Intrusion
Detection
Prevention
Systems
An
IPS
combines
the
best
features
of
firewalls
and
intrusion
detection
system
to
provide
a
tool
that
changes
the
configurations
of
network
access
control
points
according
to
the
rapidly
changing
threat
profile
of
a
network.
This
introduces
the
element
of
intelligence
in
network
security
by
adapting
to
new
attacks
and
intrusion
attempts.
Intrusion
prevention
has
received
a
lot
of
interest
in
the
user
community.
Most
organization
evolves
in
their
use
of
intrusion
prevention
technology.
Some
will
adopt
blocking
in
weeks
and
rapidly
expand
their
blocking
as
they
see
the
benefits
of
accurate
attack
blocking.
Others
will
start
slowly
and
expand
slowly.
The
key
is
to
reliably
detect
and
stop
both
known
and
unknown
attacks
real
time.
Traffic
monitoring
in
wired
networks
is
usually
performed
at
switches,
routers
and
gateways,
but
an
ad
hoc
network
does
not
have
these
types
of
network
elements
where
the
IDS
can
collect
audit
data
for
the
entire
network.
Network
traffic
can
be
monitored
on
a
wired
network
segment,
but
ad
hoc
nodes
or
sensors
can
only
monitor
network
traffic
within
its
observable
radio
transmission
range.
25. Cybersecurity
25
|
P a g e
12.
Conclusion
The
cybersecurity
problem
is
unlike
any
other
security
problem
the
nation
has
faced
before.
It
is
epiphenomenal,
a
consequence
of
the
computer
and
Internet
revolution.
This
beguiling
device
is
now
a
part
of
twenty-‐first-‐century
life—a
tool
for
cataloguing
recipes,
and
essential
for
launching
cruise
missiles,
flying
airplanes,
and
operating
nuclear
power
plants.
The
ubiquity
of
the
computer
and
the
Internet,
which
links
one
computer
to
another,
offers
tremendous
efficiency
and
customizable
convenience.
However,
this
efficiency
and
convenience
come
at
a
significant
price.
The
cornerstone
of
America’s
cyberspace
security
strategy
is
and
will
remain
a
public–private
partnership.
The
public–private
partnerships
that
formed
in
response
to
the
President’s
call
have
developed
their
own
strategies
to
protect
the
parts
of
cyberspace
on
which
they
rely.
This
unique
partnership
and
process
was
and
will
continue
to
be
necessary
because
the
majority
of
the
country’s
cyber
resources
are
controlled
by
entities
outside
of
government.
(NSSC
2003,1,
54).
The
security
measures
should
be
designed
and
provided,
first
organization
should
know
its
need
of
security
on
the
different
levels
of
the
organization
and
then
it
should
be
implemented
for
different
levels.
Security
policies
should
be
designed
first
before
its
implementation
in
such
a
way,
so
that
future
alteration
and
adoption
can
be
acceptable
and
easily
manageable.
The
Security
system
must
be
tight
but
must
be
flexible
for
the
end-‐user
to
make
him
comfortable,
he
should
not
feel
that
security
system
is
moving
around
him.
Users
who
find
security
policies
and
systems
too
restrictive
will
find
ways
around
them.
26. Cybersecurity
26
|
P a g e
12. Bibliography:
Brooks,
T.N.
(2003).
A
thematic
content
analysis
of
identity
theft:
What
it
is
and
how
to
avoid
it.
The
University
of
Texas
at
Arlington.
UMI
Microform
No.
1416811
Bhakta,
P.
(2008).
Identity
theft:
Examining
the
challenges.
California
State
University.
Retrieved
from
http://proquest.umi.com.ezproxy.umuc.edu/pqdweb?index=2&did=1548707731&Srch
Mode=2&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=12624
67011&clientId=8724.
Obama,
B.
(2009).
Speech
of
the
U.S.
President
to
the
National
Security
Council.
White
House.
Retrieved
from
http://www.whitehouse.gov/administration/eop/nsc/cybersecurity
Chenweth,
t.,
Minch,
R.,
&
Tobor,
S.
(February,
2010).
Wireless
Insecurity:
Examining
user
security
behavior
on
public
networks.
Vol.
53
Issue
2,
p134-‐138,
5p,
4.
Retrieved
from
ACM
database
Curtin,
M.
(March,
1997).
Introduction
to
Network
Security.
Retrieved
from
http://www.cs.cornell.edu/Courses/cs519/2003sp/slides/15_securitybasics.pdf
DeZabala,
T.
&
Baich,
R.
(2010).Cybercrime:
A
clear
and
present
danger
–
Combating
the
fastest
growing
cyber
security
Threat.
Deloitte.
Retrieved
from
http://www.deloitte.com/assets/Dcom-‐
UnitedStates/Local%20Assets/Documents/AERS/us_aers_Deloitte%20Cyber%20Crime%
20POV%20Jan252010.pdf
Flauzac,
R.,
Nolot,
F.,
Rabat,
C.,
&
Steffencel,
L,
A.
(2009).
Grid
of
Security:
A
New
Approach
of
the
Network
Security.
International
Conference
on
Network
and
System
Security.
PP.
67-‐72.
Retrieved
from
ACM
database.
Fonte,
E.
(2008,
February).
Who
will
pay
the
price
for
identity
theft?
The
Computer
&
Internet
Lawyer,
25(2).
Gonzales,
R.A.
&
Majoras,
P.D.
(2007).
Identity
Theft
-‐
A
Strategic
Plan,
The
President’s
Identity
Theft
Task
Force,
Federal
Trade
Commission
Publications
O’Brien,
K.
J.
(2010).
Germany
asks
Apple
about
iPhone
data-‐gathering.
Retrieved
from
http://www.pogowasright.org/?p=11907
27. Cybersecurity
27
|
P a g e
Pandey,
S.
(2011).
Modern
Network
Issue
and
Challenges.
International
Journal
of
Engineering
Science
&
Technology,
2011,
Vol.
3
Issue
5,
p4351-‐357,
7p.
Retrieved
form
Academic
Search
Complete.
Ji,
S.,
Smith-‐Chao,
S.,
&
Min,
Q.
(2008).
Systems
Plan
for
Combating
Identity
Theft
-‐
A
Theoretical
Framework.
Journal
of
Service
Science
and
Management,
1(2),
143-‐
152.
doi:
1788212021
Khan,
M,
A.,
Shah,
G,
A.,
&
Sher,
M,
(August
2011).
Challenges
for
Security
in
Wireless
sensor
Networks
(WSNs).
World
Academy
of
Science,
Engineering
&
Technology,
Aug2011,
Vol.
80,
p390-‐396,
7p.
Retrieved
from
EBSCO
database.
Kelhe,
W.,
Tong,
Z.,
Wei,
L.,
&
Gang,
M.
(2009).
Security
Model
Based
on
Network
Business
Security,
In
Proc.
Of
Int.
Conf.
on
Computer
Technology
and
Development.
ICCTD,
Val.
1,
pp.577-‐580.
Retrieved
from
ACM
database
McDowell,
M.
&
Lytle,
M.
(2008).
Cybersecurity
for
electronic
devices.
U.S.
Department
of
Homeland
Security.
Retrieved
from
http://www.us-‐cert.gov/cas/tips/ST05-‐017.html
Marin,
G,
A.
(2005).
“Network
Security
Basics”,
In
security
&
privacy,
IEEE,
Issue
6,
Vol
3,
pp.
68-‐72.
Retrieved
from
ACM
database.
Stevenson,
E.H.
(2000).
Identity
theft.
The
University
of
Houston
Clear
Lake.
A
Master
Thesis.
Retrieved
from
http://proquest.umi.com.ezproxy.umuc.edu/pqdweb?index=11&did=729227861&Srch
Mode=1&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=12630
89712&clientId.
Samid,
G.
(2009).
The
unending
Cyber
war.
Publisher:
DGS,
Vitco,
Mclean,
VA.
P.
V
Wilschen,
G.
(
2005).
Information
Security:
Emerging
Cybersecurity
Issues
Threaten
Federal
Information
Systems:
GAO
Report.
P1,
79p.
Retrieved
from
MasterFile
Premier.