The fact that an attacker can strike remotely makes a Web server an appealing target. Understanding threats to a Web server and being able to identify appropriate countermeasures permits us to anticipate many attacks and prevent the ever-growing numbers of attackers. The main threats to a Web server are: * Profiling * Denial of service * Unauthorized access * Arbitrary code execution * Elevation of privileges * Viruses, worms, and Trojan horses 1) Profiling: Profiling, or host enumeration, is an exploratory process used to gather information about the Web site. An attacker uses this information to attack known weak points. Vulnerabilities: • Unnecessary protocols • Open ports •Web servers providing configuration information in banners Attacks: • Port scans • Ping sweeps • NetBIOS and server message block (SMB) enumeration Countermeasures: Include blocking all unnecessary ports, blocking Internet Control Message Protocol (ICMP) traffic, and disabling unnecessary protocols such as NetBIOS and SMB.
• Imagine you are a CISO of a publically traded company and concerned about security when sending any message traffic over the Internet to your remote sites. Determine the security measures you would consider implementing to mitigate security risks when sending message traffic over the Internet. Explain your reasoning. Teardrop – a mangled packet sent in fragments via overlapping or overloading payloads which could cause the systems as it has in the past with older OS versions. Sequence number – hijacked or interrupted TCP/IP sessions via injected packets that disguises its origination from one of the two computers in a session.
Other types of risks that BUGusa, Inc. can potentially face without property protection and poor management are: loss in customer trust, penalties for law violations, compliance risk, availability risk, access risk, and more. (Priviti, 2008) B. Discuss in detail what types(s), if any, of civil liability Steve and/or WIRETIME may face if caught. a. BUGusa is facing the issues of their work being stolen and internet hacking. Not to mention WIRETIME is unethical in their actions.
Unit 9 Assignment 1: List Phases of a Computer Attack In this assignment I am a hacker who needs to protect my organization from a computer attack. I will list general phases of a computer attack. We have an organization that we need to protect from outside attacks by foreign parties. I am an ethical hackers who needs to take preventative measures in order to adequately secure the network against these attacks. Many attackers follow a general set of steps in order to gain the permissions necessary to break into a system.
They are: “it singles out specific persons or groups as responsible for threats to the public interest, the accusation of the whislteblower, moreover concerns a present or an imminent threat and a concrete risk must be at issue rather than a vague foreboding or a somber prediction” (p. 330). In The Insider, Dr. Jeffrey Wignand meets both the definition and the necessary conditions of whistleblowing detailed above. Dr. Wignand who, after
Companies such as this are required not only legally, but ethically to protect the customers’ private information or be held accountable by law. It is also bad practice to allow this sensitive information to be disseminated and stolen by cyber criminals. Since this kind of data must be protected at all costs, certain regulations were put in place so that standards for information security could be monitored. One of these standards is that all personal information is to be encrypted when being sent over the internet and also on the servers. This will make it much harder for the hacker to access the information easily.
The first thing I want to address consists on the multiple dangers that computer networks are exposed to are in majority done by perpetrators that get access to the servers of Windows and Linux to expose their vulnerabilities. For that reason, the CIO should reinforce that thread, which can be used in favor of hackers and their malicious codes. The use of Malicious codes or malware in the form of viruses, worms, time bombs or any peculiar name that they are given by hackers are a major concern to the protection of confidential data. Information that is so sensitive that their majority is compose of identity, credit and property information so well collected and compiler, that is plenty for the creation of a clone of a company or a person. The CIO should possess a compendium of way’s to defend his network and a rapid decision capability to take decisions in a short time period.
Malicious code can be executed from an email when received and downloaded to a computer via an e-mail program like Outlook or Thunderbird. Hence it is a good idea to have these types of auto run turned off in order to lessen the chance of running this malicious code. Along with this we should also look at attachments that come with said emails these attachments are also a place where an attacker will try to hide this malicious code so that when the attachment is open the code runs and infects the system or runs the commands that the attacker wants run on the infected host. In the same root as malicious code a hoax email will be sent by an attack in hopes that the user on the receiving end will follow the commands given in the email. For example a user may receive an email stating that their user account will be locked unless they verify the username and password in a reply email.
This threat is suspected due to the existing vulnerabilities that allow the unauthorized access of sensitive information across the existing network design. To thwart this effort and further secure Lafleur’s sensitive information the implementation of Access Control’s should occur. Access controls are used to authorize or limit object access to users, groups, and systems on the network or connected systems. Access control list consist of many areas that maintain a relationship with each other to provide an overall secure environment. The relationships that must be considered are: • Objects – This can be files, printers, computers, and other resources.
Ping sweeps and port scans has been a notorious and yet a useful tool for hackers and system administrators. Ping sweeps and port scans at times can be a nuisance to system administrators. Ping sweeps and port scans work together and can be dangerous but it also can be prevented. A ping sweep, also known as an Internet Control Message Protocol sweep (ICMP) is a basic