When the unneeded applications are installed configured with the default setting, security misconfiguration occurs.
When the organization fails to implement patch management, the system might experience Unpatched applications. The applications help the server to prevent hackers from using the weaknesses within the system to attack it.
Lack of physical security prevents hackers from obtaining physical access to the server. The organization should locate the server in a well secret environment, and only authorized personnel should be allowed to access the place
Potential Data Loss
Potential data loss is a server threat especially if the then organization has not put in place proper data backup. In a case, if any damage to the server, retrieving information from the system back up is easier.
Insufficient Network Redundancy
INR causes a threat to the availability of data, and it is advisable that there should be system redundancy to provide fault tolerance.
Work Station Threats
If the workstation is infected a by malicious software such as Trojans, the workstation might end up infecting more computers on the same network.
Sometimes the workers are not trained on the issue of workstation security and are not good at management of password, and this poses a threat at the workstation. (Chang & Ramachandran, 2016).
Allows software to be installed and some of this softwares can be used by attackers to access the system.
The workstation needs to be protected to prevent unauthorized individuals from getting access to confidential information
Authentication process should be used to allow user to access computers
Injection occurs when an application sends unauthorized data to the user, and as a result, the attacker can take advantage of injection to cause damage.
If cross-scripting is not properly encrypted, attackers can get access to sensitive information. Cross-scripting happens when XXS flaws include input from the user which is sent to the browser without confirmation.
Exposure of Sensitive Data
If proper encryption is not implemented, hackers can easily get access to the sensitive information as they can easily use password cracking program
Cross-Site Request Forgery
It occurs when the system lacks unpredictable CSRF as attackers can quickly come up with a malicious program that allows them to predict the consequences of a particular action through.
Denial of Service
An attacker, in this case, knows that they cannot access the website hence carry out a denial of service attack to prevent the audience from accessing the company's system.
Likelihood of Threats
Security Misconfiguration and Unpatched Applications
Lack of proper management of the organizational system, for example, lack of virus scanning software of workstation and the performance of the server leaves the system vulnerable to attacks.
Some of the signs of malware include deterioration in performance of the workstation and the server. Furthermore, there are random pop ups even when an internet connection is off.
Lack of Staff Training
When the staffs are untrained, there is a likelihood of threats as users cannot carry out simple activities such as software installation. Inexperienced users are also not able to detect "dont" and" dos" over the network of the organization.
To enable the effectiveness of password security, individuals should be allowed to change their password after a period. If this is no implemented well, the system is vulnerable to attacks and hacking as attacks can easily get access to the system.
Lack input authentication procedures on their respective websites, and this leaves them vulnerable to attacks (McClure et al...2005)
In the network system, there some physical devices and end user devices that need to be protected at all cost. The most crucial component is LAN and additional LAN components such as domain control, router and firewall do increase the security of the entire system. Furthermore, if patch and AUP within any given system are managed properly, enhances the safety of the network and protects it. Another method that can be implemented is to take care of user authentication through the controlling of the domain with Active Directory which ensures tighter access.
How to improve the companys security system
The organization should consider upgrading its operating system and use the latest one.
All applications that had already been installed in the organization system need to be scanned to check for malware before updating them with latest security patches.
Internal and Employee Negligence
The user is not supposed to install any application without proper involvement of the administrator. Notably, the installation of anti-virus programs in all machines will be essential as users will be able to scan their computer on a regular basis and report any malicious activity.
Input Validation and Authentication
The organization can also consider isolating the Webserver from the rest of the server so that to reduce the threat posed by the whole network Chen & Zhao, 2012).
The best security against their is to use private SSL encryption
Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on Services Computing, 9(1), 138-151.
Chen, D., & Zhao, H. (2012). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
McClure, S., Scambray, J., Kurtz, G., & Kurtz. (2005). Hacking exposed: network security secrets and solutions (Vol. 6). New York: McGraw-Hill/Osborne.
Cite this page
Security Misconfiguration - Computer Science Essay Sample. (2019, Dec 02). Retrieved from https://speedypaper.net/essays/security-misconfiguration
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:
- Free Essay Sample on the Internet of Things Security
- Essay Example. Horizontal Well Profiles
- Essay Example on Computer-generated Information
- Cybersecurity Essay Sample: Account Creation Policy
- Free Essay on Protecting Personal Information (PPI)
- Cyber Security Essay Sample: Dealing With the Insider Threat
- Free Essay Sample: Homeland Security and Emergency Management