In this task I have been asked to calculate the TCO and ALE for the required company. By using the provided data in this task which includes the current system way of performing the risk assessments and total expenditures for a certain period of time allocated.
The company has been attacked 3time in a year and the company delayed working for 10 hour due to the attack took place on the company which lead them to a loss.The total loss took place in per hour is 10/8760=0.0011416 times per hour which the company so the ALE for the company is ALE=SLE*ARO therefore the ALE could be calculated as by using the formula could be ALE=3*0.0011416 which is $0.004248.
c)The salary for administrator for protecting the system from hacking is $40,000 per year for each administrator.According to the provided information the total estimated cost 0.2% of TCO is required for for each breach due to reconfiguration and that could be calcuted is (1050000*0.2)/100=2100.So the loss occurred in per year is (1050000-2100=$1047900).The total loss occurred in each month is 1047900/12=$87325 per month. the loss occurred in each week is (87325/7)=$12475.
The salary for keeping each administrator in each hour is ($40,000/8760hrs=$4.57 per hour) in two days the salary would be $4.57*48=$219.36 per week.So the salary for keeping the partime administrator per month would be ($219.36*4=$877.44).In per year the salary for a partime administrator would be($877.44*12=$10529.28 per year).The total loss savings for keeping the per time administrator per year would be($1047900-10529.28=$1037370.72)
The figure includes:
Regardless of the number of DBMS in their environment there should always have a single enterprise DBMS serving as a central database. This DBMS will provide a complete view of the environment status.
Any files that are accessed by the DBMS Server must be configured on the Linux file system EXT3 (Third Extended File system) or another non-journal file system.
Increase of computer requirements as necessary for the enterprise DBMS when the DBMS is integrating information for multiple Computer Associates products.
Putting a router in between your PC and the cable modem will block all Broadcast request
Hardware firewalls are devices that are used for building network between all computers and the Internet. These firewalls are very diverse, and offer a myriad of configurations. Though more complicated than traditional software firewalls, it is generally understood that hardware firewalls afford a greater level of protection.
an email server missing a patch, easily exploitable via one of the numerous hacking tools, such as Metasploit, provides the attacker a command prompt and direct access to the attached storage systems or even other internal network systems.
A storage management server that happens to be running Windows Terminal Services that can be easily brute-force attacked using a tool, such as TSGrinder, provides direct access into the storage environment.
Software quality assurance network attached to the storage back end running an unsecured wireless network provides "free" wireless to the surrounding buildings and passersby allowing anyone to hop onto the network and do basically anything they want to servers and storage systems.
A root kit-infected storage server that provides complete remote control to an attacker and facilitates unauthorized access to all connected storage systems.
Foot printing is the easiest and safest way to find information about an organization. Information which is available to the public, such as phone numbers, addresses, etc. Performing whose requests, searching through DNS tables, and scanning certain IP addresses for open ports, are considered as the foot printing.
The output of expected from the NMAP scan includes:
This figure shows:
The scan result of ports opened for the retailer shop
This enables to investigate the 36 scripts loaded as the scripts are part of the domain that is scanned.
This shows the state regional time at which the site was scanned so that it becomes easier to understand that at which time the port is open and is ready to be hacked.
This figure shows:
The highlighted of ports which is open and the services related to the ports this could help to understand the way this website could be hacked.
This also explains the ports which are closed.
It also describes the services, states versions related to the port.
Web Server used by this domain and its versions.
This figure shows:
This explains the two sort of color associated with the ports which explain that the port that could be accessed easily and the ports which could be accessed in a difficult way.
This describes the hosts and ports related to the domain.
This figure also explains the protocols type that is opened by the web server at the certain time
The output of http://en.dnstools.ch/port-scan.html scan result includes:
Process of trespassing attempts could be suggested as:
Above information shows that the ports of the desired site are open and that could be used for foot printing a web site. FTP software could be used for getting access to the internal part of the web server. Filezilla is one of the most famous FTP software used.
Above Screen shots includes information about the ports which is open and could be used for trespassing the web site. As the type of OS along with the type of web server used by the website administrator could be found with the required scanning tools so the facts of foot printing the website's server could easily be understood. The description of the ports is known by the scanning software and could be implemented for trespassing. On analyzing further could describe more about the foot printing attempts as shown in the above figures that the topologies of the web-server could be found and be visible to the users as this gives a clear idea about the network architectures used by the website. As a result network data breaching could be implemented which could damage the site or loose valuable necessary data.
The other way includes the use of SSH as it is one of the most commonly used to gain access to a remote shell. One such device is tunneling, the act of wrapping up one protocol in another, and most often point-to-point.
The primary reason here for tunneling is that both POP and HTTP GET and POST operations happen over plain-text protocols (APOP mitigates this issue but is relatively infrequently seen or offered by ISPs). This means when the log into there POP server to retrieve mail the username & password appears on the network with no encryption whatsoever. Similarly, when logging in using a form over the Web the username & password are on the wire for all to read.
Security policies of that could be implemented on the system includes:
Information security is all about mitigating risks. Essential to this tenet is protecting data, and specifically, protecting how data is stored, moved, and consumed. People, process, and technology are the three pillars of information security, and any two alone do not sufficiently ensure data protection. Information security threats come in many forms, and data can be compromised by a failure in any one of these three pillars. In terms of information security, the technology piece is the hardware, software, and operational knowledge used to protect data. This includes computers, operating systems, applications, routers, switches, hubs, firewalls, and so on.
Cookie and tracking technology could be implemented. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customize the Site for visitors. Personal information cannot be collected via cookies and other tracking technology; this provides personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.
Password security policies that could be implemented include:
This means that the last three passwords cannot be reused.
It must be at least eight characters in length. (Longer is generally better.)
It must contain at least one alphabetic and one numeric character.
It must be significantly different from previous passwords.
It cannot be the same as the user ID.
It cannot start or end with the initials of the person issued the user ID.
It cannot include the first, middle, or last name of the person issued the user ID.
Certain special characters may be used as indicated at. However, note that some applications might not accept special characters;
It should not be information easily obtainable about the. This includes license plate, social security, telephone numbers, or street address.
Do not let anyone else know or use their password; this is a violation of University policy.
For optimum security, don't write there password down. If they must write it down, keep it somewhere private such as in a locked drawer or in there wallet. Don't post it on the computer or anywhere around there desk. Don't include the name of the system or the associated User ID with the password.
If the suspect that someone else may know there current password, change their password immediately.
Change their password periodically, even if it hasn't been compromised.
Don't type there password while anyone is watching.
Current data security techniques include the following: Strong Password
this is one of the first step for email security. one have to be very careful for choosing a password for the email account. Avoid easily guessable no secure passwords like birth date, phone number, initials, or any other similar personal details could easily be hacked. A certain length of character like 8 character containing alpha-numeric password should be implemented for protecting the email account to be hacked. It should also be kept in mind that one should never write down password in diary, or in any other common places. One should memorize the username and password so that it's not revealed to others or could easy be found by hackers.
activate a spam filter, without active the spam filter will undoubtedly end up receiving a minimum of 10 spam emails a day, which includes false offers example:
asking if one want to lose 20 pounds in 2 weeks
two offering a high paying work at home job,
three congratulating on winning a million dollar jackpot, and
four prescribing some magic pills to increase the size of your @%&?*. It may be of interest to that such spam mail constitutes nearly 65 percent of all worldwide email traffic.
Opening such spam emails and clicking on any of the links that they contain will only invite trouble The best way to alienate from such spam messages is to activate email account's spam folder or spam filter. It will, in most cases, divert all such potentially dangerous emails to a spam folder from where one can delete them safely.
A common example of a phishing attack is a fraudulent email sent to by an internet fraudster, posing as an executive associate of bank, requesting to reply back with certain personal details or bank account information, failing which account will be penalized with a heavy fine. Innocent users often fall prey to such frauds and internet hoaxes and end up being conned. Another potential threat of giving out personal details is landing up in a messy case of identity theft. Phishing attacks are presently on the rise, therefore, always remain alert and verify the authenticity of the sender before reveal any personal details or bank account information. Read more on internet business scams.
most internet and email viruses are sent in the form of attachments which are named in such a way, that the user inadvertently ends up clicking the attachment. One should be very careful while opening emails that contain attachments. Make it a point to study the subject of the email and the validity of the sender before you open any attachment.
although many email providers these days have a system where in an email or an attachment is scanned for viruses by default, you should make it a point to install some good and effective anti-virus software on your computer which has built-in email scanning features, as it could come in handy any time.
The encrypting of attached documents could be a great benefit towards the security of sending email. This provides a crucial mechanism of ensure the data originated from a trusted source the data has remained confidential while in transit and the data has maintained its integrity when it reaches its destination. The process includes:
Produce cipher text through transposition or substitution. Transposition changes the original data whereas substitution replaces the data altogether.
Block and chippers break plaintext into blocks before processing them into cipher text. Stream ciphers encrypt the data as it is fed into the algorithm.
Symmetric encryption uses the same key for both the encryption and decryption processes.
Asymmetric encryption uses two keys, one key to encrypt and the plaintext and the other to decrypt.
Have algorithms take a variable plaintext input and produce a fixed length output. The algorithm is designed to ensure that the input can be encrypted but not decrypted.
PKI is designed to manage the keys necessary to perform public-key encryption.PKI consists of digital certificates, a certified authority(CA), a registration authority(RA),certificate directory and a key backup and recovery server.
Many cryptanalytic attacks pose threats to today's encryption systems. Understanding these attacks should help encryption developers and system administrators develop and implement the strongest possible algorithms. So understanding the different sort of encryption and implementing the security software could help to secure the email and its attachment files to be secured and enable users to understand the benefit of it, regarding the security issues towards sending and receiving emails.