Administration Of An Online Retail Company Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

This is an Online Retail Company that has eight Web servers and two Database servers. The Company has two web administrator and an infrastructure administrator and a part time security administrator. Establish the server, security and maintenances company expend big amount of money the company expend as follow:-

A) Total Cost of Ownership (TCO): - TCO refers to the total monetary cost associated with purchasing, installing, and support IT hardware and software, calculate over a specific time.TCO accurately determine the overall monetary cost for a particular asset.

This is online retail company; in generally most attacks come to web server. The first Threat Company spend eight(8) hour to recover and same problem face another two (2)time, recover that suffered two(2) hour and company loss $8,000.00 per attacks, other attacks face web server in two(2) time per year and company loss $4,000.00 per year. The company ALE gives under below-

The company faces Web Server and Database Server attacks from hacker much time in five years and loss big amount of money. If company has the security administrator basically decrease the many kind's attacks from hackers and company save big amount of money. Ex. before appoint the security administrator annually web server attacks 6 times and per attacks company loss $8,000.00 and database server 3 times per year, per attacks loss $5,000.00.

After appoint the security administrator generally decrease attacks .Because he protect all kinds of threat rather than has some vulnerability. For this reason annually Web Server attacks only two time, per attacks loss $3000.00., and database Server attacks only one time, per attacks loss $2,000.00

Recommendations: -Appoint by the security administrator we can encompasses of the software and hardware threat of whole company. A security administrator protected most valuable data from hacker. We can ensure from up calculation a security administrator how can save company money and well known. So a security administrator is very essential if company want security apply properly and saving big amount of money

-The Company is an online retail outfit that must have an online presence 24 hour per day 7days per week. Investigate our country difference network infrastructure and network security process we earn a good knowledge and depend that knowledge we are offered this network diagram, give this under below-

Picture: - Network architecture

The network architecture is an online retail company, the company online retail outfit that must an online presence 24 hour per day 7 days per week. So the network diagram is must be stander and secured. I am selecting and drawing this diagram for the company. Give this description-

At first a Broadband connection come from ISP and connect it internet router. This router communicates outer of world. Then set a firewall it has access control list and different security feature that protect outer world threat. Then set a switch this switch area is DMZ because this switch connect to eight (8) web servers,

Web server a computer that delivers (serves up) Web pages . Every Web server has an IP address and possibly a domain name. For example, if you enter the URL Ex. in your browser, this sends a request to the server whose domain name is The server then fetches the page named index.html and sends it to your browser. Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet. There are many Web server software applications, including public domain software from NCSA and Apache, and commercial packages from Microsoft, Netscape and others.

The Web server store all web information like company offer, product, facility, payment & other information .and a good management system as user can easily find his or her require data. The network has 1 mail email server protect by 2firewall. Firewall restricts the network communication and many functions such as packet filtering, access control, blocking harmful side.

A mail server (also known as a mail transfer agent or MTA, a mail transport agent, a mail router or an Internet mailer) is an application that receives incoming e-mail from local users (people within the same domain) and remote senders and forwards outgoing e-mail for delivery. A computer dedicated to running such applications is also called a mail server. Microsoft Exchange, quail, Exam and send mail are among the more common mail.

Basically attacker attack web server and mail server. So it is DMZ area. DMZ is usually accomplished by implementing at least two separate firewalls -one facing internet and one facing internal network. Between firewall uses for protect the threat from outer network and inter network to Web and mail server. It allow outside world limited access .A router connect to firewall if company user increase to add different networks it is very essential device. Router is only one device to communicate other network. This router can use user permission access different nodes and side. This router connect two (2) switch .Layer 2 switch can provide VLAN communication and switch send signal only correct destination not other nodes and facilities . One switch connect two (2database server and IT admin server.

A database server is a computer program that provides database services to other computer programs or computers, as defined by the client-server model. The term may also refer to a computer dedicated to running such a program. Database management systems frequently provide database server functionality, and some DBMSs (e.g., MySQL) rely exclusively on the client-server model for database access.

Such a server is accessed either through a "front end" running on the user's computer which displays requested data or the back end which runs on the server and handles tasks such as data analysis and storage. Database server kips company all data and continue updated. Another switch connects a hub. Hub connects company all users and employee.

Recommendations: -We are suggesting this network diagram. Because an online company it has most valuable data, Web server, Database server so security infrastructure must be strong. This network architecture provides a top level security.

Task 3

Foot printing:-

Foot printing is defined as the process of creating a blueprint or map of an organization's network and systems. Information gathering is also known as foot printing an organization. Foot printing begins by determining the target system, application, or physical location of the target. Once this information is known, specific information about the organization is gathered using nonintrusive methods. For example, the organization's own web page may provide a personnel directory or a list of employee bios, which may prove useful if the hacker needs to use a social engineering attack to reach the objective.

Some of the common sources used for information gathering include the following:-

Domain name lookup



Sam Spade

I am select whois tools for gathering information about company network information. By whois tolls we can easily find out company background network infrastructure. Amazon is an online retail company I am discover foot information this company .Under give this information-

Foot printing figure: -

Current Registrar:


IP Address: (ARIN & RIPE IP search)

Record Type:

Domain Name

Server Type:


Lock Status:


WebSite Status:



Hostmaster, Amazon Legal Dept.

Amazon Technologies, Inc.

P.O. Box 8102

Reno NV 89507


[email protected] +1.2062664064 Fax: +1.2062667010

Domain Name:

Registrar Name:

Registrar Whois:

Registrar Homepage:

Name Server: -

Name Server: NS-1.AMAZON.COM

Name Server: NS-2.AMAZON.COM

Name Server: NS-3.AMAZON.COM

Administrative Contact:

Hostmaster, Amazon Legal Dept.

Amazon Technologies, Inc.

P.O. Box 8102

Reno NV 89507


[email protected] +1.2062664064 Fax: +1.2062667010

Technical Contact, Zone Contact:

Hostmaster, Amazon Legal Dept.

Amazon Technologies, Inc.

P.O. Box 8102

Reno NV 89507


[email protected] +1.2062664064 Fax: +1.2062667010

Domain Management: -

MarkMonitor Brand Protectionâ„¢

AntiFraud Solutions

Corporate Consulting Services

How to attacks: -

Finding the Address Range of the Network: -

Every ethical hacker needs to understand how to find the network range and subnet mask of the target system. IP addresses are used to locate, scan, and connect to target systems. You can find IP addresses in Internet registries such as ARIN or the Internet Assigned Numbers Authority

Trace route is Used in Foot printing: -

Trace route is a packet-tracking tool that is available for most operating systems. It operates by sending an Internet Control Message Protocol (ICMP) echo to each hop (router or gateway) along the path, until the destination address is reached. When ICMP messages are sent back from the router, the time to live (TTL) is decremented by one for each router along the path. This allows a hacker to determine how many hops a router is from the sender.

Different kinds of way to attacks the web server, database server I am selecting social engineering attacks for attacking: - Under give this description-

Social engineering Attacks are passive threat that seeks to bypass a variety of security controls, like badge reader, user ID, and password, to tricks an employ into divulging sensitive information. The attackers pretend to be a company employ. Using personal information gleaned from a web site or other public information, the attacker call the technical support department, human resource or another department impersonates a company employee and gains sensitive information though a misleading conversation.

Recommendations: -By using Foot printing figure we learn different kinds of web information about a company. We use this information to learn about hacking and how to protect.

Task 4

Security and password policy: - It is one line retail company so security and password policy must be standard. Security policies should balance access and security. Security policies should minimize risk while not imposing undue access restrictions on those who need access to resources. Security policies should balance access and security. Security policies should minimize risk while not imposing undue access restrictions on those who need access to resources. Passwords are used for various purposes. Some of the more common uses include sues as user level accounts, web accounts, email accounts, screen saver protection, voicemail password etc. Everyone should be aware of how to select strong passwords. Passwords are an important aspect of computer security.

Online retail company always security compromise b y staff. Give under below-

Staff: - Staff has a user account and password his or her work is sell entry and payment entry. By compromise password, if another one knows user account and password he does any malicious activities. It is very danger for account department .so all sell and payment entry will be encrypted.

Inventory staff:- Inventory staff work maintains records of quantity, type, and value of material, equipment, Counts material, equipment, or supplies in stock and posts totals to inventory records using computer. If inventory incorrectly control any record company face many problem in management process .example-Today total cell $2,000.00 a product sell 50 item if inventory staff record total cell $1,000.00 and product sell 60 item. Inventory staff account and password is must not be compromise other staff of other person. If inventory staff security compromise with other person company loss most sensitive information.

An on-line retail company has different kinds of sensitive information that are transfer the networks or store the company secured storage. If attackers or other person can know that information that is very harmful for a company .

Online retail company sensitive information gives under below-

Stock of particular product

Most demandable product information

Product wise offer

Payment will be encrypt

Product purchase information

Marketing policy

Product wise revenue

3) Management Staff: - Management staff is responsible for the retrieval, analysis, interpretation about sells, purchase, and presentation of health data and information, to a high standard. Management staff, might companies go about providing the best possible training for their staff without having to compromise the integrity of their security operations. Management staff control company overall sells, marketing, and purchase information if this information know other person company may loss her good well. This is an online retail company so it has much sensitive information that information may risk.

IT department provide overall security solution of the networks. Protect the different kinds of threat and mange, purchasing installing protecting many different works. Under give IT different work-

IT department wok -

Installation latest patches and update

Install latest antivirus and update

Stop all unnecessary port

Disable all unnecessary application

Department wise password provide

After a correct date or 90 days password must be change

Regularly Security training provide all employee keep protect workstation

Firewall provide to protect most sensitive data

V Lan and access control list

Declare demilitarize zone(DMZ)

Compromise security policy by the staff and use weak password policy the security policy may vulnerable. Under give a security solution for one line retail company-

Password Policy:-

Password ,at minimum ,must be six characters long

Password must contain at least one of each of the following :letter, number, and punctuation

Password cannot contain the user ID as part of the password

Password at a minimum must be changed every 90 days

Password histories at a minimum must be set to track five iterations.

All system-level passwords must be changed on at least a quarterly basis.

All production system-level passwords must be part of the Info Sec administered global password Management database.

€ All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at least every 90 days.

€ User accounts that have system-level privileges granted through group memberships or programs.

Contain both upper and lower case characters (e.g., a-z, A-Z)

Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)

Are at least fifteen alphanumeric characters long and is a passphrase (Ohmy1stubbedmyt0e).

€ Are not a word in any language, slang, dialect, jargon, etc.

€ Are not based on personal information, names of family, etc.

Over all Security Solution: - To protect the company valuable information the company must make an over all security policy. Security policies organize the company employee, customer, vendor and other management staff. Under give a security policy-

Over all security policy provided

Install latest patches


Use port scanner to close unnecessary port number

Firewall protected of al sensitive information.

Regular workstation provided

Task 5

Secure Email: -

In on line Retail Company Varity of email will be transmitted for communication. Product and purchase related information will be transmitted by email. Attacker main target hacking email information .Generally by three kinds of information transmitted the on-line company. Under give this-

Internal staff

Business partner

Customer info

Internal staff: -

Product wise inventory level will known

Overall sells information

Price of product information

Update product price

Seasonal offer

Marketing strategy

Business partner

Order quantity

Product price information

Product quality information

Product marketing information

Agreement information

Customer: -

New offer information

Product purchase information

Payment status

Discount information If she or he regular customer

Email threat: -

The threat of email viruses and Trojans

The threat of information leaks

The threat of emails containing malicious or offensive content

Methods used to attack your email system

Attachments with malicious content

Blocking Denial of Service attacks

Prevent Directory Harvest Attacks

Protection: - to protect the email threat we used different software and maintain email secure law .

Mail screen: -Email Attack Protection is designed to secure the business network from the growing volume of directory harvest attacks. Mail screen services act as a "proxy," filtering messages in-line as they are delivered to the customer. This technology is more secure and risk-free than services that employ the store-and forward method of email filtering.

Virus warning: -Email containing warnings about virus or malware. The overwhelming majority of these emails turn out to be a hoax and contain bogus information usually intent only on frightening or misleading users.

Unauthorized Disclosure: -The intentional or unintentional revealing of restricted information to people, both inside and outside, who do not have a need to know that information.

Monitoring: - Employees shall have no expectation of privacy in anything they store, send or receive on the company's email system .

Use Pretty Good Privacy (PGP): - PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis.