On-Line Security: Attacks and Solutions

In: Computers and Technology

Submitted By evren
Words 5692
Pages 23
EVREN KUCUKKAYA

E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA
Assignment: On-line security: attacks and solutions

2012

ISG – INTERNATIONAL MBA

Table of Context
1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ........................................................................................................................................ 7 2.8. Browser Hijacking ............................................................................................................................. 7 2.9. Dialers ............................................................................................................................................... 7 2.10 Rootkit…...

Similar Documents

Security Assessment for Aircraft Solutions

...Security Assessment for Aircraft Solutions Table of Contents Executive Summary 3 Company Overview 3 Security Vulnerabilities 4 Hardware Vulnerability – Absence of a Firewall 4 Policy Vulnerability – Lack of Timely Updates 5 Recommended Solutions 6 A Hardware Solution 6 Impact on Business Processes 9 A Policy Solution 9 Impact on Business Processes 10 Summary 10 References 12 Executive Summary This report will seek to evaluate and address security weaknesses with the Aircraft Solutions company. As security weaknesses are pointed out relating to hardware and policy weaknesses, recommendations will be made to Aircraft Solutions to be examined and hopefully implemented to improve IT security operations. Aircraft Solutions, located in Southern California, recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. In reviewing Aircraft Solutions and its operations, uncovered were security vulnerabilities. Two vulnerabilities that were evident were issues with a lack of firewalls and the current security policy in place that is reviewed only every two years. Recommendations have been made that made help to remedy these vulnerabilities through the use of virtualization and by changing the security policy to be evaluated semi-annually instead of every two...

Words: 2450 - Pages: 10

Security Issues and Solutions in E-Commerce Applications

...Security Issues and Solutions in Ecommerce Applications The rise in popularity of conducting business online via ecommerce sites has not gone unnoticed by hackers and other cyber-criminals. A rise in the number of transactions and an increase in businesses that have an online presence have provided hackers with increased opportunities to exploit security vulnerabilities in ecommerce applications for personal profit, at the expense of legitimate businesses and users. A successful attack can result in downtime, the theft of user financial and personal information, loss of revenue, and loss of customers. This paper will offer an overview of some common types of security vulnerabilities and attacks on ecommerce platforms as well as some common tactics to prevent such attacks. Additional suggestions for maximizing information security on an application level as well as within an origination will be made with the goal emphasizing the prevention of attacks. There are numerous tactics that exploiters use to gain access to user personal and financial information on ecommerce sites. One common attack is SQL injection, which is a tactic where a hacker inserts SQL query data into user input fields on a web site, with the goal of that query being executed by the database. With the strategic placement of apostrophes, dashes and semi-colons, the hacker can execute queries that bring a web site down, provide access to customer financial and other personal information, and even......

Words: 2158 - Pages: 9

On-Line Security: Attacks and Solutions

...EVREN KUCUKKAYA E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA Assignment: On-line security: attacks and solutions 2012 ISG – INTERNATIONAL MBA Table of Context 1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ....................................................................................................

Words: 5692 - Pages: 23

Airport Security Improvements Before and After the September 11, 2001 Terrorist Attack

...Running head: Airport Security Airport Security Improvements Before and After the September 11, 2001 Terrorist Attack Andrew Fuller South Carolina State University Abstract The purpose of this study is to research improvements that have been made since the September 11, 2001 terrorist attack and study airport security before September 11. According to ABC News 4 much has changed in our country over the last seven years including airport security. Air travel has been greatly affected by 9/11. Security measures have caused an increase in passengers to face many more steps before boarding flights. In November 2001 The Transportation Security Administration (TSA) was formed to secure airports both inside and out. Statement of the Problem or Objective Since the September 11 attacks security as a whole has undergone drastic changes in America. All aspects have been upgraded and reevaluated to take all the necessary precautions to either prevent another event as such or to be better prepared if it were to happen again. In the past airport security was pretty basic. You arrived at the airport got checked in and left. Now you have to carry everything in little bottles and take your shoes off and other accessories to pass through the metal detectors. According to Security Solutions the most improvements have been made on airplanes. Cockpits are bullet proof and pilots and their crews are secured from the rest......

Words: 1195 - Pages: 5

Security Solutions

...Security Solutions Jonathan E. La Rosa July 22, 2014 NTC/411 Randal C. Shirley Security Solutions Firewalls have been around for years. In that time, they have protected various different organizations and corporations from possible hacker attacks. They play a critical part in protecting the internal network and making sure that packets are screened and checked before being provided access. Although firewalls are extremely powerful, especially in today’s world, they cannot be the only source of protection that the network can have. Various other technologies need to be used in order to actually make sure that the data is secure and that information has not be tampered with. Intrusion Prevention Systems, or IPS’, as well as Intrusion Detection Systems, or IDS’ are great in making sure that the network is free of any attacker or unwanted individual. These different technologies working together can provide the best protection possible, although they do have to be monitored in order to make sure they are working in the best way possible. Firewall Protection Managing firewalls is a fundamental function in making sure a network is secure. Network security managers are the main individuals who have to make sure that the firewall is constantly working in the most effective and efficient way possible. The rules that are in place within this device can and will affect the network and how it responds. Firewalls need to be constantly upgraded and put with the latest...

Words: 948 - Pages: 4

Security Assessment and Recommendations for Aircraft Solutions

...Security Assessment and Recommendations for Aircraft Solutions Principles of Information Security and Privacy Keller Submitted: December 11, 2013 Executive Summary The purpose of this report is to investigate the vulnerabilities of Aircraft Solutions (AS) in the areas of hardware and policy. Furthermore, it provides recommended solutions to the security weaknesses mentioned in Phase 1. Aircraft Solutions is a well known leader in the design and production of component products and services for companies ranging from commercial industry to the aerospace industry. In addition, Aircraft Solutions maintains a large capacity plant filled with an extensive variety of equipment, which is mostly automated alongside skilled specialists in a range of fields to ensure they meet their customers’ needs. The weaknesses that are being addressed are hardware and policy. Company Overview Aircraft Solutions is a leader in the planning and production of component products and services for companies in the electronics, commercial, defense, and aerospace industry. The headquarters of Aircraft Solutions is located in San Diego, California. The goal of Aircraft Solutions is to use machined products and related services to supply customer success, and to achieve cost, quality, and schedule requisites. They have a Defense Division (DD) of Aircraft Solutions located in Orange County, California and a Commercial Division (CD) located in San Diego County, California. ......

Words: 1560 - Pages: 7

Security Recommendations to Prevent Social Engineering Attacks

...Security Recommendations To Prevent Social Engineering Attacks A social engineering attack is a non technical attack that attacks the mindset of the victim. An intruder prefers this attack, because the human mindset has more weaknesses than many systems do. There are several implementations that can be used to deter social engineering attacks. The following are list of security recommendations to thwart social engineering attacks that must be used by all company employees: · Do not click on any links in an e-mail instead scan the link with a virus scanner and type the link in the browser instead of clicking on the link. · Do not open any e-mail attachments without first during a virus scan on the e-mail or e-mail attachments can be blocked. · Do not talk about company business in front of anyone that is not a part of the company this includes family or friends. · Do not hold the door open to let anyone in the building instead have them go to the front desk to present their credentials. · Make sure that all paper company documents are burned in an incinerator. · Install mantraps where access cards must be used to enter in secure or employee only areas. · To obtain lost or forgotten passwords the user must come to the help desk with the proper identification and answer 2 security questions and the temporary password must be changed as soon as the account is accessed. · Internal e-mail addresses should only be given to employees with proper identification that......

Words: 362 - Pages: 2

Security Market Line

...Q.1 What is scurity Market Line The security market line (SML) equation is the Capital Asset Pricing Model. It is used to price risk, i.e., it is used to specify the risk/return relationship of a particular asset or portfolio, regardless of the level of diversification. The SML equation (provided with the CFP Board Exam) is: ri = rf + (rm - rf) βi The SML equation states that the return of a specific investment is equal to the risk-free rate plus a market risk premium multiplied by the investment’s beta (βi). By definition, the beta of the market is 1. Unlike the CML which uses standard deviation (σ) to measure risk, the SML uses beta (βi), i.e., systematic risk, to measure risk. Given a stock’s beta, the risk-free rate, and the market’s expected return, the SML equation will solve for the stock’s required rate of return. • Undervalued stocks will have an expected return greater than the SML’s required return; if a security plots over the SML it is undervalued and should be purchased. • Overvalued stocks will have an expected return less than the SML’s required return; if a security plots under the SML it is overvalued and should be sold or shorted. • A stock that plots on the SML has an expected return than is equal to the SML’s required return and can be bought or sold – the investor is indifferent. [pic] Which stock should be purchased, which should be sold? Stock plots over the SML therefore it is undervalued and should be......

Words: 331 - Pages: 2

Varying Network Security Methodologies and Their Effect on Attack Frequency

...Network Security Methodologies and Their Effect on Attack Frequency John D Prather College of Southern Nevada Abstract This paper will examine the efficacy of the current methods to assess network security intrusions, and their associated losses. The only true security in an ever-more interconnected world is complete anonymity … the more robust one’s network security is, the bigger the target for unintended use. While unintended use can be benign, it can also be malicious. Years ago, if a computer network was compromised as part of a criminal act, it was often tertiary to the crime itself. Today, the data is the target, and the network intrusion the crime. Billions of dollars have been invested in security products such as firewalls, strong authentication, intrusion detection, and encryption over the past decades. However, system penetration attempts continue to occur. As a consequence financial losses continue to skyrocket for organizations. According to the 2012 CSI Computer Crime and Security Survey, average losses per respondent topped $2,500,000 for the year, with some intrusions causing losses topping $25,000,000!! (Richardson, 2012) It is not that security countermeasures are ineffective for companies that employ them correctly … it is that the pool of perpetrators, from basement teens to nation-states, is so large and the chance of being punished so absurdly small, that the cost-benefit-analysis to the criminal mind swings heavily in the direction of......

Words: 842 - Pages: 4

Ntc 411 Week 5 Individual Security Solutions

...NTC 411 Week 5 Individual Security Solutions Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser http://hwguiders.com/downloads/ntc-411-week-5-individual-security-solutions/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel Free to Search your Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Resources: SkillSoft (2012). CompTIA Network+ 2012: Network Security Part 3. Complete the Security Solutions Model module in Skillport. Attach a copy (screen shot) of the final test page to your assignment below. Scenario: Your boss wants to know how to detect an intrusion into or an attack on the ecommerce network. Your boss also wants to know what hardware or software should be procured for intrusion detection. Write a 2- to 3-page business report describing the hardware and/or software you believe should be considered for implementation. Include your reasoning for why the described hardware and/or software should be procured and implemented. Address the following questions raised by your boss: Does a properly installed and maintained firewall provide adequate defense against intrusion? What is an IPS and do we need one in an ecommerce network? Do we need a group of network personnel to monitor the ecommerce network for intrusions 24/7? Will any of this hardware or software facilitate a real-time response to an intrusion? Format your business report consistent......

Words: 5062 - Pages: 21

Security Attack

...Information Systems Security By: Jessica Burnheimer, Kathleen Cline, Brian Weiss Outline for Group paper I. Introduction II. Issues concerning Information Systems Security A. Define IS security B. Why IS security is necessary? C. History and Back round of IS security D. Current issues concerning IS security 1.) Spamming 2.) Hacking 3.) Jamming 4.) Malicious software 5.) Sniffing 6.) Spoofing 7.) Identity Theft III. Solutions to contemporary IS security issues A. Solutions for “Spamming” B. Solutions for “Hacking” C. Solutions for “Jamming” D. Solutions for “Malicious Software” E. Solutions for “Sniffing” F. Solutions for “Spoofing” G. Solutions for “Identity Theft” IV. The Future of Information Systems Security A. New technologies and techniques effecting the future of Information Systems Security B. Tips and information regarding maintaining a Secure Information System C. How security issues will continue to shape Information Systems Management V. Conclusion Abstract The purpose of this paper is to discuss the pressing issues pertaining to Information Systems security. We will be covering the history of Information Systems Security, the current security issues, and why it is important to be knowledgeable in Information Systems security. Also, we will cover some solutions to the issues......

Words: 4780 - Pages: 20

Data Security Solutions

...Data Security Solutions Bitdefender Total Security 2015 combines impeccable protection with a strong range of features, including new profile settings to optimize your PC's resources. These days, a good security suite does a lot more than just detect and defend against malware. That's the idea behind Bitdefender Total Security 2015 ($70 for one PC, $90 for three PCs), which, in addition to top-notch protection, offers a collection of centralized PC tune-up and optimization tools to make computer maintenance as easy as possible. You'll also get one year of antivirus security for up to three PCs, and a protected browser for safe online shopping. Overall, Bitdefender Total Security remains our top pick. How I tested I installed Bitdefender Total Security 2015 on an Acer Aspire E5 laptop running Windows 8.1 with an Intel i5 processor, 4 GB of RAM and an 64-bit operating system. This is far from the most powerful machine on the market; I chose it so that any performance impact Bitdefender had on the computer could be detected. I also evaluated Bitdefender based on its setup and interface, security protection, and features and tools. Setup Bitdefender Total Security 2015 for PC is compatible with Windows XP and Vista, 7, 8 and 8.1. That's good news for people who still have yet to upgrade from Windows XP. After I downloaded the Bitdefender Total Security 2015 installer from Bitdefender's website, the product started an initial scan of our Acer E5, then proceeded to......

Words: 1889 - Pages: 8

Denial of Service Attacks in Network Security

...Denial of service attacks in Network security introduction and short history of DoS attacks: Denial of service attacks are one of the major threat to the modern computer networks.It has been said that first DDoS attack was launched in 1999 against the IRC server of university of minnesota which affected 227 systems and server was down for several days.Another DoS attack was documented in the week of feb 7 2000.A 15 year old canadian hacker named “mafiaboy” performed a series of DoS attack against some sites like ebay and amazon.Companies suffered from 1.7 billion of damage.After that it became the best way of hacking among cybercriminals. People used to perform these attacks for profits.Hackers will follow the procedures like mafiaboy and ask for the money.In 2005 ,it became more easy to implement those attacks ,a boy of 18-yr old named Farid Essabar developed a worm called MyTob which used to open a backdoor in Ms windows hosts and connect to the remote IRC server.The computer then used to wait for the commands from the servers.Farid was arrested for distributing the worm.This was surely not the last case.DDoS attacks were used to attack and money extortion. As name suggests Denial of Service aka DoS, it’s main objective is to make the system to deny the legitimate service requests. Basically DoS attacks are performed by exhausting the resources of the computer like processing power,network bandwidth,TCP connection and service buffers,CPU cycles and so on.Hackers......

Words: 2218 - Pages: 9

Security Aircraft Solution

...Security weaknesses within an organizations system put the organizations assets at risk. After reading and viewing the infrastructure and architecture of AS, there are a few vulnerabilities that are very noticeable that would put their system at risk. The two evident areas are the vulnerabilities with the policy and the hardware. The first vulnerability apparent is the policy on updating the firewall and router rule sets. The security policy of AS, require that all firewalls and router rule sets are to be evaluated every two years. This is a lengthy amount of time to go without evaluating the rule sets. The intervals in the evaluation of the rule sets would put the organization at great risk for potential threats. The second vulnerability that is noticeable is that the backups are stored at the server location. This would put the company at great risk if there were ever some kind of disaster to occur. The security weaknesses mentioned above can be decreased with proper security controls. Vulnerabilities Hardware Vulnerabilities The hardware infrastructure of the AS Headquarters in San Diego, California had been identified during our recent security assessment as being a potential security weakness to the company's overall information systems security infrastructure. The system hardware infrastructure comprises of Five (5) Individual Servers One (1) Switch Two (2) Routers One (1) Firewall The hardware area of concern was the lack of Firewalls being used to......

Words: 2393 - Pages: 10

Security Weakness for Aircraft Solutions

...Security Weakness for Aircraft Solutions Michelle Harris SE 571 Principles of Information Security and Privacy Keller School of Graduate Course Project – Phase 1 January 22, 2012 Introduction In this report I will provide a security assessment of Aircraft Solutions (AS), a well known and respected equipment and component fabrication company located in Southern California. In the assessment I will identify and evaluate potential weaknesses, possible threats, the likelihood of the threat occurring and the threat if exposed in three key potential areas. AS has a dedicated, trained workforce and maintains a large capacity plant and extensive equipment to meet customer requirements. AS provides full spectrum design and implementation solutions to multiple industries, including the electronics, aerospace, commercial, and defense sectors. Aircraft Solutions employs a range of highly qualified professionals and houses an immense production plant, with an overall goal of providing high-quality solutions to accommodate specifications from a wide range of customer demands. I will primarily focus on the assessment that will identify the existence of vulnerabilities present within the context of AS operations as it pertains to their hardware and software. Lastly, recognition of the consequences resulting from the unfolding of potential threats will be given due attention. Security Weakness In the three areas targeted for potential threats, hardware,......

Words: 782 - Pages: 4