Protecting, Registration, Systems, Statistical, Property, Commercial, Agency
Discuss one of the most important things you will take from this course. You do not have to document your sources for this question. It is an opinion question.
Students are required to post one original response for each discussion question, as well as a response to one classmate. Original responses should not be a word for word rehashing of what is stated in the readings, but rather an integration of the concepts and additional insights, either from real world experience or additional sources.
It should be a 250-word response to my question each week by 11 p.m. on Wednesday evening.
Your primary posting may end with a tag-line or a related question of your own. Between 1 a.m. on Thursday and 11 p.m. on Saturday, you should have done your secondary posting. Your secondary posting is a response to one classmate’s post. Each answer/response should be supported with research unless the question is opinion oriented.
Responses to classmates should not be “I agree” or “I like the way you stated that.” These responses should again be insightful, offering an opinion or facts based on your research and experiences. The response to one classmate should be a minimum of 125 words. See APA criteria for citing resources.
From this course, we have accelerated the study information on how the protection of registration systems involves protecting the statistical property of a commercial company or agency.
And the way in which the security of data structures works and the way in which the packages in this professional field are in the undergraduate and postgraduate ranges and can lead to an expansion of the work options (Amundsen, C., & Wilson, M. (2012)).
By crowning the glory of this route, we gained experience on how information systems protection experts paint with computers and security applications and, in addition, specific devices to ensure that the vital records of a company or organisation are kept comfortable.
Data structure security experts test, execute, maintain and restore the programming and the device used to guarantee statistics. Protection supervisors within the field coordinate security professional agencies and can facilitate the framework of large sports to build safety.
Similarly, some tactics that the agency can update to live away from statistics destroy how to instruct people, destroy information rather than destroy, they are cautious with downloading facts by email and telephone, relaxed remote convention when we consider that He is the most defenceless against attacks.
The Campbellsville online library, online articles, article inquiries, books and records were used. The terrible modernized dangers of lead can influence each connection and affiliation in general. Consequently, the security aces of information structures are many.
This specialisation in information structure security will enable we to build capacities to design the security frameworks and traditions of an organisation (Turabian, K. L. (2013)).
Amundsen, C., & Wilson, M. (2012). Are we asking the right questions? A conceptual review of the educational development literature in higher education. Review of educational research, 82(1), 90-126.
Turabian, K. L. (2013). A manual for writers of research papers, theses, and dissertations: Chicago style for students and researchers. University of Chicago Press.
One of the easiest ways to protect an organisation’s network is to use vulnerability and scanning tools. Vulnerability management includes making sure that software used on an organisation’s systems is up to date and not vulnerable to attack. These tools will help find security holes in a network and give the analyst a chance to patch their network. Penetration testing is by far the most efficient way to see what attackers may use to infiltrate your network.
Attackers perform vulnerability analysis to identify security loopholes in an organisation’s network, communication infrastructure, and end systems.
The identified vulnerabilities are used by the attackers to perform further exploitation of the network. On the other hand, vulnerability assessment plays a major role in providing security to any organisation’s resources and infrastructure from various internal and external threats.
To secure a network, an administrator needs to perform patch management, install proper antivirus software, check configurations, solve known issues in third-party applications, and troubleshoot hardware with default configurations. All these activities together constitute vulnerability assessment.
In a network, there are generally two main causes for systems being vulnerable: software/hardware that is mis-configured or poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organisational resources. This section gives an overview of vulnerability assessment, classification, types of vulnerability assessments and vulnerability assessment phases.
Vulnerability research is the process of discovering vulnerabilities and design flaws that will open an operating system and its applications to attack or misuse. An administrator needs vulnerability research to:
An ethical hacker needs to keep up with the most recently discovered vulnerabilities and exploits in order to stay one step ahead of attackers through vulnerability research. Vulnerability research includes:
A system’s or network’s vulnerabilities fall under the following categories:
Attackers can easily detect these mis-configurations using scanning tools and then exploit the back-end systems. It is important for the administrators to change the default configuration of devices and optimise the security of the devices.
Default installations are usually kept user-friendly especially when the device is being used for the first time, as the primary concern is the usability of the device rather than the device’s security.
In some cases, infected devices may not contain any valuable information, but they are connected to networks or systems that have confidential information that would result in a data breach. Not changing the default settings while deploying the software or hardware allows the attacker to guess the settings in order to break into the systems.
Buffer overflows are common software vulnerabilities that happen due to coding errors; these errors allow attackers to get access to the target system. In a buffer overflow attack, attackers undermine the functioning of programs and try to take control of the system by writing content beyond the allocated size of the buffer.
Insufficient bounds checking is the root cause of this because the buffer is not able to handle data beyond its limit, causing data to flow into adjacent memory locations, overwriting their data values. Systems often crash, become unstable, or show erratic program behaviour when a buffer overflow occurs.
Servers are an essential component of the infrastructure of any organisation. There are several cases where organisations run un-patched and mis-configured servers, compromising the security and integrity of the data in the system. Hackers pay particular attention to these vulnerabilities.
As these un-patched servers are a hub for the attackers, they serve as an entry point into the network. This can lead to exposure of private data, financial loss, discontinuation of operations, etc. Updating software regularly and maintaining systems properly by patching and fixing bugs can help in mitigating vulnerabilities caused due to un-patched servers.
Vulnerabilities that are caused due to design flaws are universal to all operating devices and systems. Design vulnerabilities, such as incorrect encryption or poor validation of data, refer to logical flaws in the functionality of the system that are exploited by attackers to bypass detection mechanisms.
Due to vulnerabilities in operating systems, applications such as Trojans, worms, and viruses pose threats. These attacks are performed by using malicious code, script, or unwanted software, which result in the loss of sensitive information as well as control over computer operations. Timely patching of OS, installing minimum software applications, and limiting the use of applications with firewall capabilities are essential steps that an administrator should take to protect OS from any attack.
Application flaws are vulnerabilities in applications that are exploited by the attackers. Applications should be secured using validation and authorisation of the user.
If the applications are not secured, sensitive information may be lost or corrupted. Therefore, it is important for developers to understand the anatomy of common security vulnerabilities and develop highly secure applications by providing proper user validation and authorisation.
Open ports and services may lead to loss of data, DoS attacks and allow attackers to perform further attacks on other connected devices. Administrators need to continuously check for unnecessary or insecure ports and services to reduce the risk on the network.
Manufacturers provide default passwords to the users to access the device during initial set-up, and users need to change the passwords for future use.
However, users forget to update the passwords and continue using the default passwords making devices and systems vulnerable to various attacks such as brute-force, dictionary attack, etc. Attackers exploit this vulnerability to obtain access to the system. Protect all passwords. Failure to keep passwords confidential can lead to system compromise.
Design, operating system, and application flaws can create vulnerabilities in networks. Should engineers work to recreate the original applications to remove the flaws or should patches be the solution to reducing vulnerabilities? Explain and support your answer.
For your citation, you might use articles that show examples these flaws defined. Explore options organisations have for protecting themselves from being victims of these flaws.
Institution Writing Guidelines 300-400 LVL
Purpose: The Institution Writing Guidelines (IWG) exist to simplify student writing requirements and instructor grading, clarify and standardise writing expectations, focus instructor grading and student effort on content, and gradually introduce students to more complex and restrictive writing guidelines over time.
Below you will find the detailed information for your 300 and 400 level courses:
-Date of submission or writing
-Title of the paper
-The serial comma is expected (example: word, word, word, and word)
-Double-spacing after sentences is discouraged
* The Author, Year, page number (for quotes) format. Ex: (Doe, 2016, pp. 23-25)
* Sentence punctuation follows the in-text citation
* Example 1: Martinez, A. (2016). The way things should be. Harper.
* Example 2: Martinez. (2016). The way things should be. Retrieved, March 4, 2018, from https://worldswisdom.com
* References are not to be graded on punctuation, italics, inclusion of initials, date format, etc. Grading for references will focus on the required basic elements not the presentation of the elements.
* Rubrics will be followed and the focus remains on content, not style
Plagiarism is not acceptable. Instructors should follow the academic policy on plagiarism. Egregious examples of plagiarism or repetitive plagiarism will be referred to the student’s dean for additional evaluation.
Revised: Final (15 June 2018)