Information Security Assurance and the Role of Security Configuration Management: Substantive and Symbolic Perspectives

This paper explores whether IT and audit professionals have different perceptions of the substantive and symbolic perspectives of information security assurance and the role of security configuration management (SCM) using a mixture of qualitative and quantitative approaches. Importance performance analysis (IPA) is utilized to identify differences in perceived importance and perceived controllability from both substantive and symbolic perspectives between these two professional groups. Our results suggest that SCM plays a vital role in maintaining consistency between the IT and audit professionals by enhancing their confidence in controlling and managing information security control sets. IPA also helps determine an information security program's strengths and weaknesses and supports remedial strategic actions more efficiently. Implications for both research and practice are discussed.

IMPLEMENTASI VIRTUAL PRIVATE NETWORK (VPN) DI PERPUSTAKAAN UNIVERSITAS ISLAM MALANG

This study aims to explain to use a VPN in the UNISMA Library. The research method used is descriptive-qualitative and data was obtained through interviews with five informants, observation, and documentation. Data analysis techniques by collecting data, data reduction, data presentation and drawing conclusions. While the validity of the data was obtained through triangulation. The results showed that the use of VPN in the UNISMA Library to speed up internet connection and data privacy. UNISMA library uses a proxy server router operating system for VPN networks. To be able to make Mikrotik a VPN server, configuration is required which includes IP pool configuration, IP router configuration, PPP configuration, DHCP server configuration, NAT by pass firewall configuration and IP security configuration. The library selection of VPN products considers the aspects of strong authentication, encryption that is strong enough, meets standards, integration with other field network services.

SLR-SELinux: Enhancing the Security Footstone of SEAndroid with Security Label Randomization

The root privilege escalation attack is extremely destructive to the security of the Android system. SEAndroid implements mandatory access control to the system through the SELinux security policy at the kernel mode, making the general root privilege escalation attacks unenforceable. However, malicious attackers can exploit the Linux kernel vulnerability of privilege escalation to modify the SELinux security labels of the process arbitrarily to obtain the desired permissions and undermine system security. Therefore, investigating the protection method of the security labels in the SELinux kernel is urgent. And the impact on the existing security configuration of the system must also be reduced. This paper proposes an optimization scheme of the SELinux mechanism based on security label randomization to solve the aforementioned problem. At the system runtime, the system randomizes the mapping of the security labels inside and outside the kernel to protect the privileged security labels of the system from illegal obtainment and tampering by attackers. This method is transparent to users; therefore, users do not need to modify the existing system security configuration. A tamper-proof detection method of SELinux security label is also proposed to further improve the security of the method. It detects and corrects the malicious tampering behaviors of the security label in the critical process of the system timely. The above methods are implemented in the Linux system, and the effectiveness of security defense is proven through theoretical analysis and experimental verification. Numerous experiments show that the effect of this method on system performance is less than 1%, and the success probability of root privilege escalation attack is less than 10−9.

Teaching and Learning IoT Cybersecurity and Vulnerability Assessment with Shodan through Practical Use Cases

Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan.