Anda di halaman 1dari 6

Ghana Telecommunications University College (GTUC)

Graduate School

Program MTM

Course: Internet Technologies

Student’s Index# MTM030909004

Student’s Name: Isu Mustapha Dadzie


“Achieving web security is an illusion”
Discuss the various threats and counter measures to ensure internet security in your
organization.

Introduction
A system can be said to be secured only if its security has not been breached or
compromised. In the case of web security, the web is considered secured and protected
against malicious attacks only and only when there is no successful malicious attack.
The term “web” was coined to symbolize the topological structure of networked
computers on any large network, like the internet. When the physical topology is
projected and mapped on a sheet of paper it would be a complex mesh of network of
computers, taking the semblance of a spider’s web. Hence, the term web.
In this age of inter-net-worked computers, (internet), attaining a considerable web
security depends on combinations of policies, processes, and technologies aimed at
reducing their exposure to harmful acts by individuals within, and outside, and its
perimeter to an acceptable level.
All organizations are subject to risks, which are the potential for negative consequences
to their mission, resulting from vulnerabilities that are present in their operational
environment.

To mitigate the threat risk, the organization should employ a risk management process
that explicitly identifies these risks (e.g., risk assessment), evaluates cost-benefit tradeoffs
in selecting controls which mitigate the risk to an acceptable level (e.g., risk mitigation),
and periodically reviews to assure that any changes within the organization which
significantly change the organization's risk profile are accounted for in a timely and
efficient manner (e.g., evaluation and assessment). Risk management enables
organizations to implement control measures, within operational and organization
constraints, to mitigate the risks to an acceptable level usually through a combination of
prevention, deterrence, detection and response.

Threats of viruses, worms, and other malicious programs.


There a number of threats to the web that can be identified and the specific remedial
actions taken to mitigate the adverse effects they may have. Following is brief description
of the common threats of malware, viruses, Trojans, spyware, worms and bots.

Malware
This is the most general name for any malicious software designed for example to
infiltrate, spy on or damage a computer or other programmable device or system of
sufficient complexity, such as a home or office computer system, network, mobile phone,
PDA, automated device or robot.
Viruses
These are programs which are able to replicate their structure or effect by integrating
themselves or references to themselves, etc into existing files or structures on a
penetrated computer. They usually also have a malicious or humorous payload designed
to threaten or modify the actions or data of the host device or system without consent. For
example by deleting, corrupting or otherwise hiding information from its owner.

Trojans
(Trojan Horses) are programs which may pretend to do one thing, but in reality steal
information, alter it or cause other problems on a such as a computer or programmable
device / system.

Spyware
This includes programs that surreptitiously monitor keystrokes, or other activity on a
computer system and report that information to others without consent.

Worms
These are programs which are able to replicate themselves over a (possibly extensive)
computer network, and also perform malicious acts that may ultimately affect a whole
society / economy.

Bots
They are programs that take over and use the resources of a computer system over a
network without consent, and communicate those results to others who may control the
Bots.

Threats of Spoofing and phishing


One type of spoofing is "webpage spoofing," also known as phishing. In this attack, a
legitimate web page such as a bank's site is reproduced in "look and feel" on another
server under control of the attacker. The main intent is to fool the users into thinking that
they are connected to a trusted site, for instance to harvest user names and passwords.
This attack is often performed with the aid of URL spoofing, which exploits web browser
bugs in order to display incorrect URLs in the browsers location bar; or with DNS cache
poisoning in order to direct the user away from the legitimate site and to the fake one.
Once the user puts in their password, the attack-code reports a password error, then
redirects the user back to the legitimate site.

Denial Of Services (DoS)


This occurs when there is a barrage of request of unusually large amount of information
request to a web site. The intent of logging in to the site is to slow the flow of legitimate
traffic on the site’s server. Business can therefore grind to a halt. This is as a result of the
servers being overwhelmed by large amount of requests such that responding becomes
almost impossible.
When such attacks are from multiple computers, it is then called distributed denial of
services (DDoS).

Brute Force Attack.


A Brute-Force attempt is an attempt by an Internet user attempting to gain unauthorized
access to your server by way of connecting to it, and running a command which attempts
multiple logins per second, using a dictionary file of common passwords, trying different
combinations to see if they can gain access.

Countermeasures
Anti Virus
One way to protect against viruses is to use antivirus software, which is readily available
on the market from companies that specialize in developing this kind of software, such as
Symantec and McAfee. Subscribers can regularly update their software with code that
identifies and deletes or quarantines new viruses, or choose automatic updates, in which
virus definitions are updated.
If a new virus is designed in such a way that it mode of operation is not yet known, then
there a chance that, the antivirus software would not detect it.
Again software designers distribute security patches against viruses and worms. For
example Microsoft distribute patches to fix vulnerabilities that worms, spyware and
malware exploit. So it up to the security professionals and network administrators to
implement those patches as they become available.

Anti Phishing
A popular approach to fighting phishing is to maintain a list of known phishing sites and
to check websites against the list. Microsoft's IE7 browser, Mozilla Firefox 2.0, Safari
3.2, and Opera all contain this type of anti-phishing measure Firefox 2 used Google anti-
phishing software. Opera 9.1 uses live blacklists from Phish Tank and GeoTrust, as well
as live whitelists from GeoTrust. Some implementations of this approach send the visited
URLs to a central service to be checked, which has raised concerns about privacy.
According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective
than Internet Explorer7 at detecting fraudulent sites in a study by an independent
software testing company.
So the choice of browser is also paramount in ensuring that phishing activities are
minimized.

An approach introduced in mid-2006 involves switching to a special DNS service that


filters out known phishing domains: this will work with any browser, and is similar in
principle to using a hosts file to block web adverts.
To mitigate the problem of phishing sites impersonating a victim site by embedding its
images (such as logos), several site owners have altered the images to send a message to
the visitor that a site may be fraudulent. The image may be moved to a new filename and
the original permanently replaced, or a server can detect that the image was not requested
as part of normal browsing, and instead send a warning image.
Authentication and Encryption
Authentication is the process of ensuring that the person who sends a message to or
receives a message from you is indeed that person. It is accomplished when senders and
receivers exchange codes only known to them. Once authentication is established,
keeping the message secret can be accomplished by transforming it into a form that
cannot be read by anyone who intercepts it. Coding a message into a form unreadable to
an interceptor is called encryption. A 128-bit key mechanism is employed by most
browsers these days. It has proven to be very robust and secure.
A protocol called Transport Layer security TSL is used for transactions on the web. TSL
is part of virtually all web browsers. Current versions of browsers use TSL with 128-bit
key. TLS uses a combination of public key and symmetric key encryption.
HTTPS is the secured version of the HTTP. So it advisable not to transfer any
confidential information through the web when https:// and the closed padlock do not
appear in the address bar.

Firewalls and Proxy Servers.


A very reputable defense against unauthorized access to systems over the web is a
firewall, which is hardware and software that blocks access to computing resources. It is
important to note that while firewalls are used to keep unauthorized user out, they are
also used to keep unauthorized software or instruction away, such as computer virus and
other rogue software. The firewall controls communication between a trusted network
and the untrusted internet.
The proxy server represent another server for all information requests from resources
inside the trusted network.
Automated programs can attempt many logins per second. A sustained attack can cause a
server to perform slower due to the load on it, or become completely unresponsive.
However, any time an attacker attempts to gain unauthorized access by way of Brute
Force, they will inevitably leave a footprint of their originating IP address, which you can
use to deny them any further access to the server whatsoever, and cease the attacks. Also,
the offending IP address can be used to trace the attacker's Internet Service Provider and
report the abusive activity.
This is done by using the built-in IP Security Policy in Windows Server, which is a fully
customizable software firewall solution.

Honeytoken and Honeypots


To combat hackers organizations use honeytokens. A honeytoken is a bogus record in a
networked database that neither employees nor business partners would ever access for
legitimate purposes. When the intruder copies the database or the part of the database that
contains that record, a simple program alerts security personnel, who can start an
investigation.
A honeypot is a server that contains a mirrored copy of a production database or one with
a invalid records. It is set up to make intruders think they have accessed a production
database. The traces they leave educate information security officers of vulnerable points
in the configuration of servers that perform valid work.

Use of Multiple sign ins and Strong Passwords


It is encouraged to have multiple logins of security access, with the use of combination
alphanumeric characters to make usernames and passwords not easily cracked.
One should create and use passwords with a combination of upper and lower case letters
and numbers and also avoid using the same password for multiple logins

Precautions and Policies


There are precautions that can be incorporated into policies to ensure that risk posed by
the web is minimized.
Web users should be very careful when providing personal information on any website.
Users must ensure the web site is genuine and authentic. This can be avoided be ignoring
links in email masquerading to be from your bank, business partner, or any company with
which you transact business.
One should directly type in the uniform resource locator (URL) of the company directly
in to the address bar. Avoid any suspicious emails from any unrecognizable entity.

Conclusion
Software-dominated solutions to today's increasingly pervasive computer assaults have
been woefully inadequate. Computer infractions continue to increase, even as new
software applications, web-services, e-commerce transactions, and computer users
become part of cyberspace. The failure to act decisively is costing corporations,
governments and their citizens billions of dollars. The IT industry must be open to and
actively search for creative solutions that can effectively impede the myriad forms of
computer attacks and crime.

Reference:
Management Information Systems, Fifth edition by Effy Oz
Ch. 14

Cyber Security and Global Information Assurance: Threat Analysis and Response
Solutions, (Kenneth J. Knapp)

http://en.wikipedia.org/wiki/Phishing

http://en.wikipedia.org/wiki/Internet_security

http://www.serverintellect.com/support/windowsserversecurity/brute-force-attempt.aspx

http://www.knowledgeleader.com/KnowledgeLeader

Anda mungkin juga menyukai