PRESP 5

Evaluate the most significant security threat problems associated with the web. In responding to your peers’ posts, discuss any potential threats that were not identified as well as the potential harm these threats could cause. BELOW ARE FIVE PEER POST TO REPOND TO.

 1. P) Nice post.  I like your explanations on the distributed denial of service.  Have you had the chance to look at mobile pay applications that are now on the rise and the issue most have with security and trust and privacy?  Many large retailers are creating mobile pay applications to help customers feel more secure when supplying payments for products. With mobile pay applications on the rise, it is important that application developers make sure that their applications are secure. Mobile payment is still a new concept, so hackers have not cornered the mobile payment application market yet. According to the Huffington Post (2016), there are 3 security concerns that developers of mobile pay apps should consider:

1.      The phone itself: Mobile phones are not that secure to begin with. If a user has a phone that is not password protected, a malicious user could simply unlock a phone and steal payment information (Are Mobile Payment Apps Safe? 2016).

2.      Various apps have different types of software: each app has their own version of software that is coupled with its own vulnerabilities (Are Mobile Payment Apps Safe? 2016).

3.      Unsecured wireless connections - some users may connect to public Wi-FiXZ connections that may have eavesdropping hackers nearby ready to steal sensitive information (Are Mobile Payment Apps Safe, 2016).

Can you share with us if you have ever attempted this mobile pay application or have heard of similar issues?

2.H)The World Wide Web is a great place to get information that you need as well as allow you to shop and pay bills without leaving your home.  Unfortunately it is filled with people trying to steal your information through various tactics.  A couple of security problems now a days are data breaches and ransomware. 

Data breaches occur at retailers and hotels but since 2016 medical records are being hacked and sold on the black market (Komando, 2016).  Hackers are going to focus on medical information because the black market is flooded with stolen financial and personal information.  A hacker is not getting a lot of money for stolen credit cards anymore but medical information is in shorter supply, so hackers can sell it for more.  There is no way a normal person can stop this from occurring.  We just have to be mindful of where we shop and know that more and more industries are going to be breached.  The toy industry was breached and more than 6 million children photos and personal information was stolen. 

Ransomware encrypts your files so you can't open them, and the only way to get them back is to pay a ransom. Even the FBI is advising victims to pay if they want their files back (Komando, 2016).  It can lock up files on a network, which means one infection can bring down an entire company.  You can avoind this security breach by following simple rules. Ransomware still needs your help to install it. If you avoid falling for phishing emails with malicious links or downloads, you can keep ransomware off your machine.  You can also take the precaution of backing up your computer files regularly. That way, if your files do get locked, you can wipe your drive and restore your files.

3. MA) The one of the most significant security problems is phishing attacks via email.  Phishing is trying to obtain sensitive information by disguising the electronic communication.  Google docs and Gmail accounts recently became victims of these attacks.  Google Docs users came across a new sophisticated type of phishing scam after many clicked a well-disguised link sent to Gmail accounts("Google Docs' Phishing Scam Spreads Across Web Through Disguised Emails, 2017).  With these phishing scams, fraudulent emails are sent from hackers pretending to be a known contact to try and steal money, valuable informaiton or someone’s identity.  With Google, hackers registered an app with Google under the name “Google Docs,” then made a very similar looking landing page ("Google Docs' Phishing Scam Spreads Across Web Through Disguised Emails, 2017).  It was found that the app was not registered under Google but to someone’s gmail account.  Emails like this, especially Spam emails, are the most common and significant security problems and threats associated with the web. 

Identifying this attack can help with understanding hackers and this type of threat.  Education is the most important thing with trying to stay ahead of hackers and understand.  Knowing this method or any threat can help the organization such as Google fight against these attacks.  This information can prevent the attackers from gaining access to personal information or save consumers from having their data taken.  With the creation of effective plans, knowing what the hackers will attack and how they’ll attack will be effective in stopping them.

 4. FOM) Since the emergence of e-commerce through technology in the 1970’s, most of our daily purchases, service and organizational tasks are conducted on the web. (Miva, 2011). Though the web offers a lot of benefits there is a critical disadvantage which is its security threats. Some of the significant threats associated with the web are:

Phishing- Once again technology has made it easier for websites to be created easily, we encounter a host of them when browsing the web. For this reason, Phishing has become one of the main ways for attackers to trap users. Phishing works by tricking a web user to believe that the user is transacting or receiving service with and from a legitimate website whiles actually it is not but rather a copy of the legitimate website. (GFI White Paper, n.d.)

Distributed Denial of Service (DDoS) - A DDoS is also one significant threat associated with the web. This threat whenever successful really cost companies and organizations a lot as it prevents genuine users from accessing a website. DDoS attacks the web by flooding or consuming resources of the particular website under attack, flooding and consuming here could be flooding the website with data packets, consuming bandwidth to cause jamming, consuming connection state tables and other resources within the website. (Arbor networks, n.d.)

Third party add-ons – A greater percentage of all websites deem the use of third party add-ons a necessity. Most notable ones used are Acrobat Reader and Adobe Flash player, these two add-ons really help a number of websites in displaying videos and pdf files. For this reason, attackers have made these two add-ons a target using them to divert users to a compromised website. (GFI White Paper, n.d.)

In identifying these treats, it is going to be possible to be able to know the likelihood of a threat occurring, also identification can put an organization in a position where it can know what was affected and the cost to fix it. Knowing all these will help in the mitigating of these threats.

Every user of the web can be affected by a web threat. Know solution can bring a total end to web threats, however, there are some process that can help fight web-based threats if followed. (GFI White Paper, n.d.)

5. RN) The security problem you do not know about or lack enough information to thwart a problem is the most significant security problem associated with the web.  First, the web aspects are like an old-style telephone book for a big city that contains thousands of phone number for business and users.  Today’s web sites are somewhat similar with private and commercial web sites.  The threats come from not knowing which web sites are legitimate and which will cause harm to your computer or network. 

            A user lacking proper information or unware of the problem web sites may cause with a simple download.  “The greatest threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant” (Christopher. B, 2003).  Web sites masquerading is where an entity pretends to be different entity” (Jacobs. S, 2011).  A bank, commercial retailer, and a business will ask a user several personal questions and acquire their identity and use it or sell it.  In addition, some web sites on just one visit may infiltrate your system with just one click with malware or a virus.

            The process of identifying potentials threats will assist in the creations of developing policies and procedures to prevent security threats associated with the web.  “It's well known that poorly written software creates security issues. The number of bugs that could create web security issues is directly proportional to the size and complexity of your web applications and web server. Basically, all complex programs either have bugs or at the very, least weaknesses. On top of that, web servers are inherently complex programs. Web sites are themselves complex and intentionally invite ever greater interaction with the public. And so the opportunities for security holes are many and growing” (Beyond Security, 2017).  If your organization is using web applications security for the servers and application is imperative to stop hackers and inside threats.

           One last point about the security problem associated with web.  During my research there is a Dark Net which receive very little attention.  “The Darknet (sometimes called the Dark Web) works on the Tor browser, free software that masks your location and activity. Originally designed by the Naval Research Lab, Tor receives 60 percent of its backing from the State Department and the Department of Defense to act as a secure network for government agencies as well as dissidents fighting oppressive regimes. It is a privacy tool that has been used for both good and evil. Over the past decade, Tor has empowered activists to spread news during the Arab Spring; it has helped domestic-violence victims hide from online stalkers; and it has allowed ordinary citizens to surf without advertisers tracking them. As an instrument for both activists and criminals, Tor presents an increasingly difficult problem for law enforcement to solve — exacerbating the hapless game of whack-a-mole facing those who try to bring law to the most lawless part of the Net. And the battle over the Darknet's future could decide the fate of online privacy in the U.S. and abroad” (Rolling. S, 2015).

PLEASE READ THIS.IT IS VERY IMPORTANT

Allow your discussion posts to be detailed and capable of sharing knowledge, ideas and points.  You must discuss the topic using your own words first.  Using your own words indicate you understand the topic of discussions.  Secondly, you must cite your sources in-text.  This is necessary to justify your points. Sources from several sources showed good research abilities.  Lastly, you must provide references at the bottom of your post.  A discussion post without justification with sources does not show proper research abilities. A terse and not detailed discussions represent post that would not provide enough sharing of knowledge or proper understanding of the topic. DO NOT just copy and paste a sentence from online with citation at the end as your own discussion. I have not asked for definitions, I asked for discussions and will not buy this.  You must show understanding of the discussion topic by using your own words to describe the topic and then justify that with sources.

www.citationmachine.net to format references into the APA style if necessary. Extremely important. Intext citations is very essential and highly needed as well.

use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA citation method (citation should be relevant and current). Page-length requirements: 2 PARAGRAPHS FOR EACH PROMPT ANSWER. Make sure you cite if you take a piece of someone’s work, very important and your reference should relate to your writing (don’t cite a reference because it relates to the course and not this very paper) at least 2 current and relevant academic references. No heavy paraphrasing of others work.