This website uses cookies to ensure you have the best experience. Learn more

Sec571 Security Concerns Regarding Essay

1697 words - 7 pages

Security Concerns Regarding
Quality Web Design

Submitted to:
SE571 Principles of Information Security and Privacy
Keller Graduate School of Management
Submitted: April 20, 2014

Table of Contents

Executive Summary 1
Company Overview 1
Security Vulnerabilities 3
Threats Through Using VPN Tunnels 3
SQL Injections 4
Recommended Solutions 5
Threats Through Using VPN Tunnels 6
SQL Injections 8
Impact on Business Processes 9
Budget 10
Summary 11
References 12

Company Overview

Quality Web Design (QWD) is a web development organization that creates client side web application that distributes web content to a user in order to improve an existing web site. They have a basic ...view middle of the document...

The other side of the equation is bringing awareness to the fact that terminals or phones and other mobile devises that are left logged in and unsupervised are the number one way that people gain access to resources. In a newsletter put out by Dell, “VPNs will likely continue to be the weakest link in an organization's security infrastructure for some time to come.” (Drew, 2004)

The second threat lays with the potential for SQL Injections into their web application. With any type of site that is hosted and connected to a database, there is a threat of dropping extra text into textboxes debilitating the entire database.

SQL Injections work by a user of the software putting in a terminating string inside a text box, then running their own query after that. This can be done to gain usernames and passwords as well as to drop tables all together.

Recommended Solutions

As for recommended solutions for securing a VPN Tunnel, it is to utilize only company granted equipment to access the VPN. The current model has the employees being able to log in from their own workstations and phones leaving them vulnerable. By limiting the type of machine as well as the software on the machine itself, we can eliminate the possibility of an attack from a virus or malware.

The second solution is to add in the policy the limitation where users are not allowed to access the network from public Wi-Fi access points. This will eliminate some of the risk of leaving the connection open as well as other people browsing into company resources.

When it comes to blocking against SQL injections, we are going to have to add two parameters into the software to prevent this. The first involves adding some check parameters in the code before a query is run. This is done at the variable level to check for key signatures of SQL.

As for the Impact of these changes on to the business model, the impact would be minimal. We could see blow back from users that want to use their own PC’s but as with any change, it would just take time to get used to it. The software changes that need to be made only have to be done once and then the software is secured.

Budget

In regards to actual Monetary budget considerations, the changes made require no extra money. The software should be done by the developers already being paid and the machine changes could be done as needed throughout machine upgrades.

Summary

Through securing their software and others accessing their network, QWD stands the chance of bettering their foot hold in the software world. SQL Injections are easy to prevent with minor code tweaks, and VPN breaches are controlled through disallowing unauthorized machines. These simple changes can be made quickly and inexpensively.

Solutions – SQL Injections

In this section I will explore the solutions involved with preventing a SQL Injection attack. We need to identify exactly what someone would look for before doing such an attack before we can prevent inevitable attack.

One...

Other Papers Like Sec571 Security Concerns Regarding

Security Policy Essay

2866 words - 12 pages outsourcing their work through the easily and widely connected network. But at the same time it initiates new threats and vulnerabilities. As Information Security is rapidly emerging as one of the most critical legal and public relations issues facing companies today, concerns regarding corporate governance, individual privacy, accountability for financial information, the authenticity and integrity of transaction data, and the security of

Transportation Security Administration Essay

3155 words - 13 pages . Their major task is to ensure security at the airports and they conduct security checks of the passengers with the help of various procedures. The security officers cannot afford to make mistake during the process because it can have negative consequences for them. The chance of any terrorist activity increases due to security lapse. However, there are some issues that have ethical concerns regarding the security check from TSA officers. Over the

Net280-Wk1-Case Study

524 words - 3 pages In reference to recent concerns over issues with ping sweeps and port scans. There are several diagnostic test called network probes that are run by Network Administrators to check servers regarding a particular service or updates needed for workstations within the company. In order to guard against nefarious computer activity, special security measures are needed to keep out intruders. Here is a brief assessment in more detail of how ping

A Hierarchical Frameworkmodel of Mobile Security

3701 words - 15 pages paper is structured as follows. In Section II, some background information related to the framework construction of mobile security is introduced. The description of mobile security framework is presented in Section III. Section IV mainly discusses the key research issues in each of the three layers composing the framework. Finally, we summarize the paper by conclusions in Section V. II. BACKGROUND OF SECURITY TARGETS Regarding the term of

Hipaa Act of 1996

2160 words - 9 pages provider, health plan or clearinghouse. Regarding EHRs, the HIPAA Privacy Rule provides privacy on the federal level while pre- serving the stricter state laws. The rule encompasses CEs and expects these entities to put security standards and provisions into practice.   The impact of information technology on privacy and security has led people to become in- creasingly aware of the potential dangers it brings. Despite the benefits of widespread

“Economics of It Security Management”

2775 words - 12 pages choose to restrict data flow based on generalized security concerns; leading to increased costs in every-day business transactions. As many ways as I have mulled over offering a more accurate estimate of the true cost of security breaches the more I come to the conclusion that methods that seek to capture the most accurate reflection of the true cost of security breaches are all going to suffer from the same problems: when trying to calculate

Unix Vs. Windows Server

2110 words - 9 pages attacks. Because Pace Glass Company has multiple locations, there are increased security concerns to consider. Support Unix/Linux is open source and therefore does have the advantage of being lower cost. However, open source sometimes equates to a substantial reduction in technical support. Since there is not a designated group to fix the issues as there is with Microsoft Windows any bugs could remain an issue longer. Therefore, Pace Glass Company

Internet Security

3557 words - 15 pages ABSTRACT The paper discusses the topics regarding, 1) Internet Frauds ;2) to analyze user’s satisfaction on internet security by using Secure Socket Layer (SSL); and 3) to make people aware of internet fraudsters. Six research questions were utilized in this study. This study examines whether secure socket layer and its certificate would protect online users from fraudsters while they browse websites. The six research questions are as follows

Iran Economic Swot

1804 words - 8 pages maintain consistent and predictable economic environment . PWC survey, 2010 14 Country risk – Political risk  Security (political) concerns   Revolution, Civil war, Clan wars, Takeover Terrorism, Hostage Psychology of the leaders Economy (debt, commercial balance ..), boycott Financial crisis, changes in international regulations and laws Increasing taxes Contracts cancellation Frauds & corruption (Transparency) Racket Prevention or

Internet Access

674 words - 3 pages their freedoms, this act helps parents that want to monitor what their children see and hear have a sense of security when their children use computers in public places. While parents have concerns over what their children are accessing, there is a greater concern on what some websites are collecting regarding these children online. To protect children’s privacy, the Children’s Online Privacy Protection Act (COPPA), 2000 was created

The Immigrations And Customs Enforcement (Ice)

801 words - 4 pages Section 287 (g) Tasha Bundy ENGL106-1201B-216: English Composition I Abstract The Immigrations and Customs Enforcement (ICE) is a division of the United States Department of Homeland Security (DHS). The department identifies, investigates, and dismantles weaknesses in the nation’s border, transportation, and security. The division is then broken down into smaller components to include: Homeland Security Investigations and Enforcement

Related Essays

Sec571 Course Project Essay

4163 words - 17 pages Aircraft Solution (AS) Company Ali Hassan Submitted to: John Michalek SEC571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: April 21, 2013 Table of Contents Company Overview ……………………………………………1 Company Assets ………………………………………………..1 Vulnerabilities ………………………………………………….2 Hardware Vulnerability………………………………….......2 Policy Vulnerability …………………………..……………..3 Recommended

Core Competency Essay

710 words - 3 pages KEY AREA OF RESPONSIBILITY | CORE COMPETENCY | INDICATORS | BEHAVIORAL INDICATORS | COLLABORATION AND TEAMWORK | CORE COMPETENCY 1:Establishes collaborative relationship with colleagues and other members of the health team | 1. Contributes to decision making regarding patients’ needs and concerns. 2. Participates actively in patients’ care management including audit. 3. Recommends appropriate intervention to improve patient care. 4

Handling Security And Ethical Issues Essay

1677 words - 7 pages Handling Security and Ethical Issues at TBWI Course: IT560-01 Handling Security and Ethical Issues at TBWI A growing concern, especially with the recent information leak at Target, is the issue of security. Outlined are security concerns for TBWI and how best to handle them. In addition to handling security issues, there may be complicated ethical issues that may occur. To best handle these situations, those

Weaknesses Assignment Phase Ii Security Assessment And Recommendations

1723 words - 7 pages paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year. Brief overview of the Vulnerabilities in AS After a thorough investigation of the IT architecture and