Security Misconfiguration - Computer Science Essay Sample

When the unneeded applications are installed configured with the default setting, security misconfiguration occurs.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Unpatched Applications

When the organization fails to implement patch management, the system might experience Unpatched applications. The applications help the server to prevent hackers from using the weaknesses within the system to attack it.

Physical Security

Lack of physical security prevents hackers from obtaining physical access to the server. The organization should locate the server in a well secret environment, and only authorized personnel should be allowed to access the place

Potential Data Loss

Potential data loss is a server threat especially if the then organization has not put in place proper data backup. In a case, if any damage to the server, retrieving information from the system back up is easier.

Insufficient Network Redundancy

INR causes a threat to the availability of data, and it is advisable that there should be system redundancy to provide fault tolerance.

Work Station Threats

Malicious Software

If the workstation is infected a by malicious software such as Trojans, the workstation might end up infecting more computers on the same network.

Untrained Staffs

Sometimes the workers are not trained on the issue of workstation security and are not good at management of password, and this poses a threat at the workstation. (Chang & Ramachandran, 2016).

OS Vulnerabilities

Allows software to be installed and some of this softwares can be used by attackers to access the system.

Physical Access

The workstation needs to be protected to prevent unauthorized individuals from getting access to confidential information

Password Management

Authentication process should be used to allow user to access computers

Website threats

Injection

Injection occurs when an application sends unauthorized data to the user, and as a result, the attacker can take advantage of injection to cause damage.

Cross-Scripting

If cross-scripting is not properly encrypted, attackers can get access to sensitive information. Cross-scripting happens when XXS flaws include input from the user which is sent to the browser without confirmation.

Exposure of Sensitive Data

If proper encryption is not implemented, hackers can easily get access to the sensitive information as they can easily use password cracking program

Cross-Site Request Forgery

It occurs when the system lacks unpredictable CSRF as attackers can quickly come up with a malicious program that allows them to predict the consequences of a particular action through.

Denial of Service

An attacker, in this case, knows that they cannot access the website hence carry out a denial of service attack to prevent the audience from accessing the company's system.

Likelihood of Threats

Security Misconfiguration and Unpatched Applications

Lack of proper management of the organizational system, for example, lack of virus scanning software of workstation and the performance of the server leaves the system vulnerable to attacks.

Malware

Some of the signs of malware include deterioration in performance of the workstation and the server. Furthermore, there are random pop ups even when an internet connection is off.

Lack of Staff Training

When the staffs are untrained, there is a likelihood of threats as users cannot carry out simple activities such as software installation. Inexperienced users are also not able to detect "dont" and" dos" over the network of the organization.

Password Management

To enable the effectiveness of password security, individuals should be allowed to change their password after a period. If this is no implemented well, the system is vulnerable to attacks and hacking as attacks can easily get access to the system.

Input Validation

Lack input authentication procedures on their respective websites, and this leaves them vulnerable to attacks (McClure et al...2005)

Security Control

In the network system, there some physical devices and end user devices that need to be protected at all cost. The most crucial component is LAN and additional LAN components such as domain control, router and firewall do increase the security of the entire system. Furthermore, if patch and AUP within any given system are managed properly, enhances the safety of the network and protects it. Another method that can be implemented is to take care of user authentication through the controlling of the domain with Active Directory which ensures tighter access.

How to improve the companys security system

Upgrading OS

The organization should consider upgrading its operating system and use the latest one.

Application Bugs

All applications that had already been installed in the organization system need to be scanned to check for malware before updating them with latest security patches.

Internal and Employee Negligence

The user is not supposed to install any application without proper involvement of the administrator. Notably, the installation of anti-virus programs in all machines will be essential as users will be able to scan their computer on a regular basis and report any malicious activity.

Input Validation and Authentication

The organization can also consider isolating the Webserver from the rest of the server so that to reduce the threat posed by the whole network Chen & Zhao, 2012).

Spoofing

The best security against their is to use private SSL encryption

References

Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on Services Computing, 9(1), 138-151.

Chen, D., & Zhao, H. (2012). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.

McClure, S., Scambray, J., Kurtz, G., & Kurtz. (2005). Hacking exposed: network security secrets and solutions (Vol. 6). New York: McGraw-Hill/Osborne.