StudyDaddy Computer Science A Software Engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications.   Take on the role of Software Engineer for the organizatio

A Software Engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications.   Take on the role of Software Engineer for the organizatio










Michelle Smith Security, Threats, and Vulnerability assessment University of Phoenix

Table of Contents

Introduction 2

Assessment scope 2

System model 3

Existing countermeasures 4

Threat agents and possible attacks 6

Exploitable vulnerabilities 7

References 8







Introduction

This is a security threats, attacks, and vulnerability assessment paper for an organization known as Brainhub. Brainhub is an organization that is located in Europe, Poland and it deals with software development. The organization only deals with one programming language, JavaScript. Brainhub has it’s headquarter in Gliwice, Poland. It also has got two other offices in Poland, one in Bielsko-Biala and another one in Krakow.

According to Ahmed Z (2014) JavaScript is a “computer language which is used in most of the web browsers like Chrome, Firefox, Netscape, Safari and it is mainly used for establishing interactions via interfaces”.

Assessment scope

Our assessment scope will include virtualization, cloud, database, network, mobile devices and software

Virtualization

This will involve virtual storage devices, desktop virtualization etc.

Cloud

This will include cloud computing services that are offered to users such as cloud databases

Network devices

This will include network cables, patch panels, cabinets, routers, switches, gateways, modems, wireless access points, firewalls and proxy servers

Servers

This will include mail servers, web servers, application server, telnet server and database servers

Mobile devices will include mobile phones and tablets that are used for organizational purposes

Information system

This will include the Operating System, utilities system such as antivirus, commercial applications such as photo editing software e.g. Photoshop, database management system among other softwares.

System model

A Software Engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications.   Take on the role of Software Engineer for the organizatio 1

From the diagram we can see that we have network architecture that interlinks the three Brainhub offices and has routers, switches, computers, mobile devices, and various servers such as database server, web server, email server etc.

Router – router is a networking device that forwards packets between networks

Switch – switch is a network device that connects devices together in a network

Firewall – firewall is software or hardware put on the network and it prevents forbidden communication

Server – server is a computer or computer program that manages access to a centralized resource in a network

Mobile devices – these are mobile devices that are used for organizational purposes and they can access the network. They include tablets, and smart phones

Existing countermeasures

Let us first define countermeasure, vulnerabilities and threats

According to Pfleeger C et al (2015) countermeasure is seen as control.

According to Pfleeger C et al (2015) vulnerability is a “weakness in the system that can exploited to cause loss or harm”.

According to Pfleeger C et al (2015) a threat to a computing system is a “set of circumstances that has the potential to cause loss or harm”.

The countermeasure in place is that Brainhub has got security policies in place and they are adhered to. Examples include:

Password policies

Passwords needs to be changed every fortnight

Password should not be less than 10 characters and should contain letters, numbers and special characters such @

Users should not leave their passwords in plain sight

The system should log out a user who has tried to input password thrice without succeeding

Network devices and infrastructure

Network devices such as routers should only be accessed by the network administrator

The network administrator should access the network devices such as switches over a Secure Shell (SSH)

The network devices should have an encrypted password

Antivirus policy

All computers and mobile devices should be installed with an up to date antivirus

Always scan devices attached to the computer before using them

Scan online attachments before opening them

Don’t download files from unknown sources. For example, don’t download apps on Android devices that do not originate from Google play store

Threat agents and possible attacks

  1. Advanced persistent threat – this is whereby a group of elite team of hackers target users so as to steal information over a specific period of time using techniques such as phishing etc.

  2. Malvertising attack – an attacker can put a malicious code in an online advert and when a user clicks on the advert then the code infects the system

  3. Phishing attack – this is whereby an attacker sends emails or sets up a website asking a user to enter personal details such as bank details leading to identity theft.

  4. An employee can decide to steal laptop from the office leading to physical attack

  5. Scan attacks – an attacker can come up with a code that looks at opened ports on a system and exploiting that vulnerability

  6. An attacker can perform SQL injection – this is whereby an attacker enters SQL commands on an input text box resulting in manipulating the data on the database

  7. Malware attacks – an attacker can set up a website that has kits to find vulnerabilities in a system and when a user visits that website, malware is forced into their system.

  8. Worm attacks – an attacker can attach a worm to an email and when unsuspecting user opens that attachment, then the worm starts infecting his/her system as it propagates through the network.

  9. Denial of services attack- this is whereby an attacker overwhelms the server with traffic leading the server to crash

  10. Brute force attack – an attacker with time on his hand can keep on guessing the network passwords through trial and errors and eventually gaining access of the system.

  11. Software such as an antivirus can lack the latest security patches leading to attacks on a system

  12. Cross site scripting – a user can attack a website server through inputting data on a website input text box.

Exploitable vulnerabilities

The following are the vulnerabilities that can be exploited:

  1. Lack of proper design in programming of software using JavaScript

  2. Lack of having well thought and implemented passwords

  3. Lack of having an antivirus that is up to date with the latest security patches

  4. Lack of closing unused ports

  5. Having unprotected communication lines

  6. Having poorly designed network architecture

  7. Lack of performing adequate recruiting process of personnel

References

Ahmed, Z (2014). Which one is better – JavaScript or jQuery. Retrieved from https://www.ijcsmc.com/docs/papers/June2014/V3I6201456.pdf

Pfleeger, C., Pfleeger, S., & Margulies, J. (2015). Security in computing. Retrieved from https://ahsanghazi.files.wordpress.com/2017/03/263973122-security-in-computing-5-e-charles-p-pfleeger-pdf1.pdf

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!