# TCO And Ale For The Required Company Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Introduction: In this task I have been asked to calculate the TCO and ALE for the required company. By using the provided data in this task which includes the current system way of performing the risk assessments and total expenditures for a certain period of time allocated.

a) The calculation for the TCO is shown below:

Cost for one web server is \$15000

The cost for eight web server is \$120000

The cost for one database server is \$25,000

The cost for two database servers is \$50000

There for the total cost is \$170000

Since the servers has a life span of five years there for the total TCO calculated for five years is(5*170000)=\$850000

b) The calculation for the ALE is given below:

8760 hrs the turnover is \$4600000000000 million per year.

So the cost in per hour is\$ 4600000000000/8760=\$525114155

ALE =0.2%of TCO*3+cost in per hour is

ALE= (1700*3) + \$525114155=\$525119255

Therefore ALE for =\$525119255

c) The salary for administrator for protecting the system from hacking is \$40,000 per year for each administrator.The total cost for one hour on hiring the system administrator is(8760 /\$40,000)=\$2.19 per hour. In two days per week the salary of the administrator will be \$105.12.In one month the salary of administrator will be (105.12)*(4) = \$420.48.In one year the salary will be \$5045.76

The total annual savings on hiring part time system administrator is (ALE-\$5045.76) =\$525114209 for savings.

Introduction: In this task I have been asked to suggest ideal network architecture for the company. I have been asked to provide a basic diagram and full explanation and justification.

Description: The system network architect is one of the major concerns for data security it is the main way to secure the transaction between clients internal use. The design of network architecture is based on data security issues towards hacking and understands the issues related to internal network and external network.

The figure includes:

This network design describes three kind of server is implemented which includes the web-server, database server and backup server. This explains that web-server is containing data which is necessary for web-hosting and domain hosting for the online retail shop. The database-server stores the permanent data of the retail shop which includes the secured and confidential information of the customer and the transaction information of the customer. The backup server keeps the data back up so that data loss is being minimized and could be regained in case of data loss.

DMZ is one of the secured ways for protecting the system DMZ is added for an additional layer of security towards organization's Local Area Network.

The switch is connected with two sort of firewall which includes software based firewall and hardware based fire wall.

The software based firewall is used so that it is able to block unauthorized access and permitting authorized communications as unauthorized access is prevented.

A software based firewall is connected with the switch so that it can be able to protect assets to ensure that the private does not go out and nothing malicious comes inside the system. This inspects network traffic passing through the firewall, and denies or permits passage based on a set of rules or criteria defined by the authority so that the system is secured.

The software base firewall is then connected with the router so that it routes and authorized person is allowed to get access and desired IP and MAC is given access to the system. The other end of router is connected with internal network by means of switch which has routing capability so that internal network is secured and unauthorized access is prevented.

The switch is then connected with the hub to increase the network communication and prevent more security towards the data security and data protection.

The users are able to view the system and they are connected by means of hub so that the users are unable to apply any unauthorized access in the system.

The hardware based firewall is connected with the hardware based internet router. The hardware firewallÂ is implemented because it uses packet filtering for examine the header of a packet in-order to determine the source and destination of the packet and this would provide secured data communication for retail shop network system. The fire wall is to be designed compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped. As the communication in the retail shop varies between internal communication and external communication. So the data packets for required communication is need to be defined for providing security towards communication.

The hardware based firewall is then connected with internet router is because the data communication which is taking place is to be ensured so that secured information of the retail shop is safe and it doesn't go to any undesired. For crucial for keeping large volumes of data from clogging the connections so that it makes sure that information does make it to the intended destination. Therefore more security is implemented on the system before making the communication with the users.

The hardware based firewall is then connected with internet cloud so that users are able to get connected with the retail shop and security is implemented and the users could provide and receive secure data. The communication is more secured and safe.

The system is designed for secured communication which describes that data is kept in secured way and backup data is kept so that customer's information is not lost from the system. In case of data loss from the main server that data could be regained from the backup server that stores the information for security.

Justification:

The structure of network is designed to that the communication taking place internally and externally is secured. The information which is used in internally includes the customer's personal information which the customer provides when a product is purchased that includes customer name address phone number and other customer related information which need to be secured so that the customer's information could be gained by any unauthorized person. The information that needed for internal purpose is the customer address order date time month and other related factors so that customer gets the products in very secured way. So the system is designed with this concept and security cancers Since, Security is one of the main concerns for customer security, hub, switch router; firewall is placed in such a way that the system is secured and data is safe and data loss is minimized.

Conclusion: This task enabled me to understand the concept of secured network design and help to understand the equipments needed for providing security towards secured communication. It also helped to understand about providing secured data protection activities and implementing hardware required for establishing network for online retail shop.

Introduction: In this task I have been asked to try and footprint an online retail shop without using any illegal tools. I have also been asked to include the sort of output expected from scanning the online retail shop. I have also been asked to discuss what sort of output is found and how should I deal with the information.

Foot printing is the easiest and safest way to find information about an organization. Information which is available to the public, such as phone numbers, addresses, etc. Performing whose requests, searching through DNS tables, and scanning certain IP addresses for open ports, are considered as the foot printing. Some of the tools used for foot printing includes NMAP, en.dnstools.ch, whois.com, www.blueinfy.com etc one of the most popular footprint tool is NMAP and en.dnstools.ch.

As two tools are frequently used and provides a good output for foot printing the information provided by the tools are very effective and accurate. So I have used these two tools for foot printing the www.onlineretailer.net which I have found more accurate and could be implemented for foot printing and could easily be identified the foot printing procedures.

The output of expected from the NMAP scan includes:

Fig: 1

This figure shows:

The scan result of ports opened for the retailer shop

This enables to investigate the 36 scripts loaded as the scripts are part of the domain that is scanned.

This shows the state regional time at which the site was scanned so that it becomes easier to understand that at which time the port is open and is ready to be hacked.

Fig: 2

This figure shows:

The highlighted of ports which is open and the services related to the ports this could help to understand the way this website could be hacked.

This also explains the ports which are closed.

It also describes the services, states versions related to the port.

Web Server used by this domain and its versions.

Fig: 3

This figure shows:

This explains the two sort of color associated with the ports which explain that the port that could be accessed easily and the ports which could be accessed in a difficult way.

This describes the hosts and ports related to the domain.

This figure also explains the protocols type that is opened by the web server at the certain time

Fig: 4

This figure shows:

The topologies used by the online retail shop.

This explains the graphical presentation of topologies used.

This also explains the sub domain and host used by the administrator which enables to understand the type of website which is foot printed.

The host viewer and fish eye viewer button enables to understand more about the website topologies used for building the network infrastructure of the website.

Fig: 5

This figure includes:

The description of internal system's information used by online retail shop.

This explains the total port open on the website and total ports closed on the website.

It also provides information about filtered ports along with the OS used by the system.

The output of http://en.dnstools.ch/port-scan.html scan result includes:

Fig: 1

This figures shows:

The port open and its uses are explained on the screen shot.

This explains that port 21 is open and it is used for FTP. This FTP is one of the port used for file transfer is commonly known as file transfer protocol.

Fig: 2

This figure shows:

The closed and open port information and its uses

This figure explains that port 80 is open and this port is used for HTTP.

The port 80 is one of the ports used for hyper text transfer this port is commonly known as hypertext transfer protocol.

Fig: 3

This figure shows:

The information about open ports which includes that two of the port is open.

This screen shot shows that port 443 and port 3389 is open.

Port 443 is used for HTTPS this is commonly known as hypertext transfer protocol over secured socket layer. This means that the HTTP request could be sent or received by means of secured socket layer.

Port 3389 is open which explains that the remote desktop port is open and that could be used for remote access to the system. The remote excess is used for controlling the desktop in a remote way.

Screen shots of foot printing explain that:

Above information shows that the ports of the desired site are open and that could be used for foot printing a web site. FTP software could be used for getting access to the internal part of the web server. Filezilla is one of the most famous FTP software used.

Above Screen shots includes information about the ports which is open and could be used for trespassing the web site. As the type of OS along with the type of web server used by the website administrator could be found with the required scanning tools so the facts of foot printing the website's server could easily be understood. The description of the ports is known by the scanning software and could be implemented for trespassing. On analyzing further could describe more about the foot printing attempts as shown in the above figures that the topologies of the web-server could be found and be visible to the users as this gives a clear idea about the network architectures used by the website. As a result network data breaching could be implemented which could damage the site or loose valuable necessary data.

The other way includes the use of SSH as it is one of the most commonly used to gain access to a remote shell. One such device is tunneling, the act of wrapping up one protocol in another, and most often point-to-point.

The primary reason here for tunneling is that both POP and HTTP GET and POST operations happen over plain-text protocols .This means when the log into their POP server to retrieve mail the username & password appears on the network with no encryption whatsoever. Similarly, when logging in using a form over the Web the username & password are on the wire for all to read.

Introduction: In this task I have been asked to discuss the security policy along with the password policy along with errors made by various staff which compromise the security and expose the weak passwords. I have also been asked to write a brief security policy along with password policy for the system and kind of information processes by the system.

Security policies of that could be implemented on the system includes:

Information security is all about mitigating risks. Essential to this tenet is protecting data, and specifically, protecting how data is stored, moved, and consumed. People, process, and technology are the three pillars of information security, and any two alone do not sufficiently ensure data protection. Information security threats come in many forms, and data can be compromised by a failure in any one of these three pillars. In terms of information security, the technology piece is the hardware, software, and operational knowledge used to protect data. This includes computers, operating systems, applications, routers, switches, hubs, firewalls and other related factors.

Cookie and tracking technology could be implemented. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customize the Site for visitors. Personal information cannot be collected via cookies and other tracking technology; this provides personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.

The company requires customer's personal information which includes customers, address, and email address. Phone number and age and other required personal information. So the data required is sensitive and has to be handled with security so tracking cookies by using 3rd party software or by using default options existing in operating system like windows could secure the website from hacking.

Password security policies that could be implemented include:

This means that the last three passwords cannot be reused.

It must be at least eight characters in length. (Longer is generally better.) Since 8 character contains an estimated of 30 bits of entropy which provides much security. According to the security policy makers the users often have trouble memorizing security code to the code has to be presided and easy to memorize that's why it is estimated that password should contain 8 characters.

It must contain at least one alphabetic and one numeric character. This repetitive word could easily be found by the hackers and could easily be guessed since the password must be strong so it should contain one alphabetic and one numeric character.

It must be significantly different from previous passwords. This is because the if the previous password is reused then it could be found easily by the user as a result the password could be hacked so the password used once in the system should not be used again.

Do not let anyone else know or use their password; this is a violation towards the password security policy and it could be hacked by anyone who knows the password.

For optimum security, password should not be written down on any paper or document. The password should not include the name of the system or the associated User ID with the password.

If there is a suspecting person that someone else may know there current password, change the password immediately with a secured password and with a longer bit should be there in the password.

Change the password periodically, even if it hasn't been compromised. So that the password is kept secret and providing less time for the hackers to hack the password since the password changing policy is too implemented on the system for security.

The password should not be typed while anyone is watching as it provides less security towards password protection. Since it brings less security on the system if a person watches the password being given on the system then that person will get access to the system which brings less security towards the system and provides hackers to get access in the system in a very easy way.

The password policy should be implemented on the online retail shop and customer should know the policy of password for protecting their information being hacked. The information provided by customer is very sensitive so it should be handled with care and should have a clear idea about the way of providing the password while they register on the online retail shop and enable them to get services in a much secured way.

Conclusion: This task enabled me to understand the concept of providing security policy along with providing the password policy that has to be implemented on the system. This also made me understand the reason and facts about providing password in the system and way of putting password in the system.

Current data security techniques include the following: Strong Password

this is one of the first step for email security. One has to be very careful for choosing a password for the email account. Avoid easily guessable no secure passwords like birth date, phone number, initials, or any other similar personal details could easily be hacked. A certain length of character like 8 character containing alpha-numeric password should be implemented for protecting the email account to be hacked. It should also be kept in mind that one should never write down password in diary, or in any other common places. One should memorize the username and password so that it's not revealed to others or could easy be found by hackers.

Spam Filter

activate a spam filter, without active the spam filter will undoubtedly end up receiving a minimum of 10 spam emails a day, which includes false offers example:

asking if one want to lose 20 pounds in 2 weeks

two offering a high paying work at home job,

three congratulating on winning a million dollar jackpot, and

Four prescribing some password one should use the symbols for password. It may be of interest to that such spam mail constitutes nearly 65 percent of all worldwide email traffic.

Opening such spam emails and clicking on any of the links that they contain will only invite trouble The best way to alienate from such spam messages is to activate email account's spam folder or spam filter. It will, in most cases, divert all such potentially dangerous emails to a spam folder from where one can delete them safely.

Attachments

Most internet and email viruses are sent in the form of attachments which are named in such a way, that the user inadvertently ends up clicking the attachment. One should be very careful while opening emails that contain attachments. Make it a point to study the subject of the email and the validity of the sender before one open any attachment.

Anti-Virus:

Although many email providers these days have a system where in an email or an attachment is scanned for viruses by default, one should make it a point to install some good and effective anti-virus software on one computer which has built-in email scanning features, as it could come in handy any time.

The encrypting of attached documents could be a great benefit towards the security of sending email. This provides a crucial mechanism of ensure the data originated from a trusted source the data has remained confidential while in transit and the data has maintained its integrity when it reaches its destination.

Encryption:

Many cryptanalytic attacks pose threats to today's encryption systems. Understanding these attacks should help encryption developers and system administrators develop and implement the strongest possible algorithms. So understanding the different sort of encryption and implementing the security software could help to secure the email and its attachment files to be secured and enable users to understand the benefit of it, regarding the security issues towards sending and receiving emails. The software could be impleted for email encryption and provide a good protection towards email security some of the best known software includes:

Centurion Mail: Centurion Mail is a part of Centurion Soft this provides security and email encryption software including PGP compatible Centurion Mail it also provides Soft-Clan e-crypto, Safe-Disk options along with the software and this could provide a good benefit for email security.

Cryptainer LE: Creates an encrypted container (vault) to store any type of data.

This contains 128 bit strong encryption along with drag and drop operations containing an Easy and simple way to be used by anyone, the encryption is very strong and it's impossible to break. So it has more security and data protection methods. This software also works on all 32 bit as well as 64 bit versions of Windows as a result it has windows compatibility towards sending email attachments in very secured way so that the information is secured and could not be decrypt easily by any unauthorized person. It encrypts email attachments and encrypts any sort of data in very easier way this software is used by many security authorities and provides good advantage towards data security.

Data encryption software: This Encryption software enables to add encryption and decryption profiles.Â  These files can be used in encryption or decryption tasks. This Encryption process enables to encrypt files or an entire folder along with its subfolders.Â Â Decryption process enables to decrypt files or an entire folder along with its subfolders.Â Email Notification for all process based existing code. This software could enable users for email security and email attachments for protection.

Conclusion: