Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Computer Vulnerabilities
Computer Security Vulnerabilities
The extent of the problem
This is not a small issue. The book "Analyzing Computer Security" lays out the following scenario: "First, 20 million U.S. smart phones stop working. Next follow outages in wireline telephone service, problems with air traffic control, disruptions to the New York Stock Exchange, and eventually severe loss of power on America's East Coast" (Pfleeger & Pfleeger, 2011, 3). The authors are talking about a situation in which the computer networks that control those devices and services are compromised. As has been seen in recent years, this lack of computer security is something that is not an apocalyptic myth, but an unfortunate reality. As soon as systems are designed to thwart attackers, they are broken and new security measures have to be put in place. It is a never-ending battle that requires a vigilant and resourceful security team to police. Unfortunately, these large breaches have only increased in recent years.
Vulnerabilities that caused major loss/damage
It does not matter whether it is an individual, company or government, computer vulnerability can cause endless problems such as identity theft, loss of customer data, or an event such as the one that occurred in Iran in 2010.
"Siemens equipment…called Industrial Control Systems or ICS, is the product targeted by Stuxnet, the sophisticated computer worm discovered last year to have crippled Iran's nuclear power program. Stuxnet reprogrammed the computer-controlled centrifuges used to enrich uranium so that they spun out of control and destroyed themselves" (Waterman, 2011).
This was an incident that could have caused even more serious damage if the hackers had been able to penetrate security even further.
Virus/Hacking statistics
The trend in viruses and computer hacking attacks has been escalating for many years. "As of June 2006, Symantec's Norton Antivirus software checked for over 72,000 known virus patterns" (Pfleeger & Pfleeger, 2011, 87). This statistic was current more than five years ago, which means that at the rate of growth of these types of attacks it can be assumed that that number could easily have exceeded 200,000. Hackers...
There are no real statistics regarding how many hackers exist and the exact figures of how much hacking has cost U.S. companies is also hard to determine. The reason is that "disclosures about monetary damages caused by hackers rarely were made public, and many companies do not bother calculating the total because they are too busy fending off hackers, or they are too embarrassed to report the incident to law enforcement" (Nowak, 2011).
Security standards
The government has tried to determine standards as computer technology has blossomed, but it is difficult keeping up with the changes that are constantly being made. The government organization that controls security standards is called the National Institute for Standards and Technology (NIST). Since the early 1970's, this organization has been attempting to write encryption standards. Originally this was done for the military, but eventually the need was for a common set for all entities that held information that could be considered a national security risk.
Direct causes of vulnerabilities
SQL Injection
The term SQL is actually an abbreviation of structured query language which is used in database management systems (Pfleeger & Pfleeger, 2011, 541). In this type of attack a hacker can use the language, from a browser, to tell the database to release information. This can be used to tell a banking website to release the names and account information of all of the people that they have on record if the user knows just a few simple commands.
Phishing
This is an interesting play on words that can be one of the most personally damaging vulnerabilities around. Hackers know that certain problems with an account can cause an individual to lose their vigilance and respond to a message in which they need to give personal information. Phishing occurs when an individual is asked to give personal information to clear a problem that looks legitimate. The problem is that the phisher has copied the website logo and other vital information so that an email message appears valid when it is not.
Cross-site hacking/forgery
This occurs in the code sent between a…
References
Jacobsen, D. (2011). Computer security education should not be limited to tech pros. Retrieved from http://searchsecurity.techtarget.com/magazineContent/Computer- security-education-shouldnt-be-limited-to-tech-pros
Nowack, Z. (2011). FBI memos reveal cost of hacker attacks. Retrieved from http://www.thenewnewinternet.com/2010/12/15/fbi-memos-reveal-cost-of-hacker- attacks/
Pfleeger, C.P., & Pfleeger, S.L. (2011). Analyzing computer security: A threat, vulnerability, countermeasure approach. Upper Saddle river, NJ: Pearson Education, Inc.
Waterman, S. (2011, August 15). Mediocre hackers can cause major damage: Researchers find vital infrastructure, factories at risk. Washington Times. Retrieved from http://www.washingtontimes.com/news/2011/aug/15/mediocre- hackers-can-cause-major-damage/print/
Computer Security: Corporate Security Documentation Suitable for a Large Corporation Item (I) in-Depth Defense Measures (II) Firewall Design (III) Intrusion Detection System (IV) Operating System Security (V) Database Security (VI) Corporate Contingency of Operation (VII) Corporate Disaster Recovery Plan (VIII) Team Members and Roles of Each (IX) Timeline with Goal Description (X) Data Schema (XI) Graphical Interface Design (XII) Testing Plan (XIII) Support Plan (XIV) Schematics Computer Security: Corporate Security Documentation Suitable for a Large Corporation (I) In-Depth Defense Measures Information Technology (IT) Acceptable Use Policy The intentions of
The public-key cryptography approach also creates a more efficient means of cryptographic security by ensuring RSA-compliant encryption and decryption throughout the secured network (Sarkar, Maitra, 2010). As a result the use of public-key cryptography hardens and makes more secure each connection and node on a network (Chevalier, Rusinowitch, 2010). C3. What will help you trust a public-key that belongs to an unfamiliar person or Web site, and why does it
This particular instance was significant as the attackers used a generic approach instead of a site specific or application specific exploitation by devising tools that used the web search engines to identify ASP applications that are vulnerable. SQL injection attack was used to propagate the malicious code that exploited zero day vulnerability in Microsoft Internet explorer last year. [Symantec, (2009 ) pg. (47)] the aim of the attackers employing
His study includes the following; The U.S. government through the executive to provide appropriate leadership to steer the country in the domain of cyber security. The state to conduct immediate risk assessment aimed at neutralizing all the vulnerabilities. The creation of an effective national security strategy as well as the creation of an elaborate national military strategy. Molander (1996) uses a qualitative research approach and methodology .The method used is constructive. The constructive
Even though there is always some form of a risk involved in the coding technique together with the deployment methods of a website, some technologies such as PHP and MySQL form some of the worst aggravators of online website security. The loopholes that exists in the use of these technologies results in some of the worst hack attacks and security breaches ever experienced in the field of web design. The
(Gartenberg, 2005) Like all other aspects of business today, security systems often prove to be highly complex and hard (even for the participants) to identify. The culture of an organization is like the culture of a family, a community, or a nation: Because it surrounds the people in it they often have a great deal of difficulty in recognizing to what extent policies and procedures arise from the constraints of culture