Friday, December 6, 2019

Management of Information Technology; A Case Study Approach

Question: Describe about the Management of Information Technology for A Case Study Approach. Answer: Introduction Background and analysis A web server is an application that is responsible for the collection and servicing web pages upon the request of a client, and they are stored in computer hard drives. Notably, the main objective of security on a network is to keep off strangers not allowed to access the servers, hence a web server configured poorly damages a firewall that is properly designed. In an internet environment, the web server is properly configured to authenticate and recognize various users and with distinct privileges of access such as PeopleSharz company. Web servers are usually possible targets for(hackers) hence the need for security as a tool for administration of intranet and internet connected servers.it is possible that the hackers accessed information from the website of PeopleSharz through the common gateway interface(CGI) script that operate 24 hours in web servers. These scripts handle different user inputs from numerous browsers of the web, return information to clients and have access to databases, making it more vulnerable to attacks.it presents loopholes in sec[1]urity as it shows information from the host that assists attackers with mechanisms of breaking through the servers to access data of PeopleSharz Company. Additionally, it present challenges as its commands are easily executable and harm the unwanted machine causing complete damage. Another point of potential loophole is on the access control that explains on people granted viewing rights on the web server of peoplesharz.it also determines who to execute the elements in the CGI scripts, while integrity and privacy is an important issue of consideration in preventing data theft and corruption of content. There are also threats arising from data transmission through TCP/IP protocol as it was not designed to maintain the highest levels of security, giving room for unauthorized access of data. Therefore an eavesdropper may listen to the transfer of confidential online documents from one server t another or during transmission of end-user information that is private. There is a high probability of denial of service attacks where the attacker aims at shutting down network servers, therefore resulting in restriction on accessibility of data. Its associated negative impacts include the alteration of information and network components and the consumption of limited and non-renewable resources. Additionally, the features offered by complex servers include execution of CGI scripts, processing, and handling of errors in scripts plus on the fly directory listings.it is also important in getting the server rights and permissions to facilitate the safeguarding of information that are sensitive n nature and CGI scripts, since there are two file system roots in operation. Conclusively, the above explained security concerns show extensively the nature to which the servers of PeopleSharz company as corrupted and confidential information retrieved.it is important to block these loopholes in a bid to ensure and enhance the safety of necessary information on the project of PeopleSharz and protecting their passwords on their sites to prevent intruder access as presented in the case study. Analysis Of Threats The matters for consideration in the investigation concerning breach of protocol of servers of PeopleSharz Company include the hosting provider, HotHost1, and technical support manager in the Hotel. It is also important to investigate the type of attack initiated by the hacker to help in the swift and efficient solving of problems presented by the network server breach. Additionally, the potential risks and associated outcomes of hacking into the system of PeopleSharz is also an important matter for investigation as it will help in the successful gauging of the impact of the system. It is important to note that hacking activities in organizations systems have adverse potential effects to the operations and reputation of the company. Investigation of associated risks According to the excerpt, PeopleSharz Companys objective is to establish itself as a financially stable and self-sufficient company upon hitting their reported target of 50M users of their application. They have also incorporated production mechanisms into their advertising of the revenue model they are developing and hope to have better-enhanced results financially. The partners of the company, Mark Bukerrzberg and peter Tweet have managed to publicize the brand of the internet organization globally and they hope to make it a player in the social media place. Furthermore, the company is updating itself and continually responding and innovating requirement if users, trends in industries and competitive challenges. They have also established a development workshop in Sydney of 20 personnel called technology Hub which proves to be a busy environment. Therefore, considering the achievements of PeopleSharz company over the past one year, the associated risk comes in form of Social and economic losses. The investments made by the co-owners of the company is wasted as the confidential information of their working over the years is revealed to the whole world and published in newspapers. Subsequently, the number of personnel employed by the company will lose their jobs due to the liquidation and loss of resources by the company. It can also lead to shutting down of its branches established such as the one in Sydney and this would prove costly to the operations of the internet company. The attacks on a web server have varying effects according to the type of attack launched by the hacker and the target audience, which in this case are the users of the applications of the company. Investigations on the type of hacking attack on the server Networks and data are vulnerable to the following types of attacks if there are no security measures in place to protect them. Eavesdropping Generally, a number of communications on networks occur in insecure formats allowing the attacker gain access to paths of data through listening and reading the traffic. In the event of an attacker eavesdropping on communications, it is called sniffing and it is the biggest problem of security facing enterprise administration. It is possible that the hacker obtained confidential information on the company through means of eavesdropping in communications between the cofounders of the company. Attacks on passwords This is the most probable type of attack on the internet company as it is stated that the passwords if important applications were exposed to users in the social media. Most networks are operated on an access of applications through passwords which involves the use of usernames and identity factors and this allows attackers gain access to the server. Attackers gain access to servers by posting as authorized users, making him acquire administrative rights, and after entry into the system, it is possible that they do the following. Obtaining lists of names of computers, valid users and information on networks Modifying the network and server configurations such as routing tables and control of access Rerouting, deleting and modifying the data of the PeopleSharz internet company. Denial of service attack As explained earlier, denial of service attack prevents utilization of networks and computers by authorized users, and the attacker is capable of doing the following on access of the network to PeopleSharz Internet Company. Sending data that is not valid for network services such as the moment when data was sent to other social Medias showing the password of the organization. Blocking traffic to result in loss of network access Flooding of an entire computer system leading to shutdown of the network Sniffer attack This enables the attacker to monitor, read and capture data from a network when there is communication in packets of information. It enables the sniffer to analyze network and have access to information to finally corrupt a network and read relevant communication between the partners of the internet company. Man in the middle attack This breach in protocol occurs where there is a listener during communication between two people who actively monitors, controls and captures information. The man the middle assumes identity of a person in order to read the message and has same effects as the applications layer attack which include; Disabling security measures to facilitate future attacks Termination of operating systems and data applications Reading and deleting of data in a network. Issues to be looked for and tested It is prudent to look for and test the many ways with which website servers are exploited, and they include; The malware that reveal the credentials of the administrator which are used to access resources of PeopleSharz Company. It is important to look for and test the operating systems server vulnerabilities which provide access to attackers. A keener looks into databases containing personal and financial information which are usable by hackers in fraudulent activities The Denial of Service attacks should be tested and looked into to avoid stoppage of businesses of the internet company and web services disruption. Methodologies Used In Investigations The methodologies used in investigation of the risks and major issues of concern affecting the breach of protocol of PeopleSharz Internet Company include; The use of forensic analysis Hiring of specialized computers specialists Analysis of data transfer and involvement of law enforcement agencies when fraudulent activities are involved. Conclusively, the above explained investigative procedures and matters for consideration serve in helping in the identification of possible problems associated with the hacking activity. It further assists in the determination of the appropriate prompt course of action to be taken to help in remedying the situation at hand and preventing further attacks on the internet company servers. Dependencies And Success Factors For The Job For the successful coordination of activities of the investigation into the breach of web servers of the internet company, it is important to have the necessary support needed to solve the problem. These range from business stakeholders to developers of most network servers and experts on the field of computing and programming of schedules. The board of directors The board of directors of the company is in charge of providing the necessary human and financial resources to facilitate investigative procedures, therefore Mark Buckerberger and Peter Tweet are to provide finances. Stakeholders of the PeopleSharz Company Stakeholders of the PeopleSharz Company are to provide any relevant information related to the breach of protocol and access to information lot. They are to help in the tracing of who sent the message and at what time they received the passwords of the company. The roles of designers The roles of designers are undoubtedly noticed as they are in charge of developing safer and enhance web servers with a priority on security measures taking center stage in its formation. This helps in the reducing the chance if risks of attacks by the hackers and therefore guaranteeing to a larger extent its safety and use by only allowed people. Computer experts are expected to assist in the development of strong firewall mechanisms since the development of a working site accommodating large numbers of people is demanding. When each and every member of an organization, by association either directly or indirectly, plays his roles in the operation of finding hackers, it will facilitate quick investigations. Comparatively, all these factors withstanding, PeopleSharz Company will effectively find the perpetrators of the violence which will lead to their arrest and prevention of future attacks on the company. Recommendations There is the need for expertise and sufficient resources in successfully fending off highly sophisticated and systematic attack on web servers of PeopleSharz Company. Consequently, the following recommendations are applicable in ensuring there is a minimization of current and future planned attacks on the web server systems of any other company experiencing the same challenge. They include; For prevention, the following measure should be undertaken in creating needs and specification defining management of the web server systems. The definition of guidelines on pa[3]tch policy which demands the use of most invented and recent updates on the security of web servers. This should be in connection with available systems externally and applies to the operating systems applied. There should be an adoption of maximum restrictions on access to databases through applications on the websites such as HTTP requests. HTTP request is restricted through the use of Apache and other relevant firewalls so that limited requests such as get and post are allowed. There should be a development of a two staged concept that has its own web service interfaces to increase the security of databases. There should be enhanced and clear guidelines on a security of accessing the services of the websites. There should be the restriction on administrative interfaces access in a way that its availability is not possible through the whole internet. The administrative interfaces should be outsourced and made available internally within PeopleSharz Company. There should be continual auditing by specialists. There should be checking of applications of the website through reviews of codes. In case there is no possibility of increasing the security of the application itself, there is room for use of application firewalls and hardware appliances. These will help in the increment of security levels but will not replace the set guidelines. It is suggested that critical systems are subjected to security auditing by specialists before they are used. For purposes of increasing security levels of the components of web management system, the following solutions are recommended; The apache web server security is to be increased through the application of mod security. The passwords saved in databases should be encrypted. The applications should be capable of assisting the users to select passwords that are of higher security levels, for example where minimum characters are needed. One should pay attention to concepts of security soft wares. There should be consideration of issues of security in a technology of databases. There should be regular checks on messages sent to address the problem of unmonitored messages as hacker groups send warnings before they commit an attack. Monitoring public declarations by hacker groups in the event of planning attacks through twitter and other social sites. For the purposes of limitations on damages in the event of attacks, the following should be taken into considerations as possible solutions. Looking into politically motivated attacks since the presence of intrusion detection systems give prior warnings of impending attacks. There are vulnerabilities in the installation of exploit kits on servers which result in malware infections. The following tips on communication channels are also admissible; Partitioning and stoppage of infected systems to help in the prevention of more unwanted transmission of data. Preservation of the existing infection status. This include: Analysis of the contents of the web and files of the operating systems. Analysis of database and firewall access logs The creation of clear analysis of data copied illegally with a view of obtaining attack dimensions. Conclusion In conclusion, it is evident from the case study analysis of PeopleSharz Company on the importance of ensuring there is a proper application that is well protected. From the explanations given, this helps in protecting customers and employees from experiencing problems in finance and private information security. It is also prudent for the government and industries to develop and implement rules and regulations that govern against hacking attacks. The nature of hacking activities impacts on organizations such as damage of reputations calls for the urgent need for companies to adopt better mechanisms to help in the safeguarding of their interests. Therefore it is important in having a modern and well-designed web server that takes into account the important details of security measures. Bibliography Kannan, Karthik, Mohammad S. Rahman, and Mohit Tawarmalani. "Economic and policy implications of restricted patch distribution."Management Science(2016). Patel, Savan K., V. R? Rathod, and Jigna B. Prajapati. "Comparative analysis of web security in open source content management system." InIntelligent Systems and Signal Processing (ISSP), 2013 International Conference on, pp. 344-349. IEEE, 2013. Shema, Mike.Hacking web apps: detecting and preventing web application security problems. Newnes, 2012.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.