Overview The second instalment of lab exercise for the MIS 515, Information Security in Private and Public Sector involved a general fact finding about a selected target. It was intended to get us familiar with the various tools we could use to in assessment of networks and websites. We were asked to follow some steps given to us in the assignment narrative and see what we could find on our own. My target for this lab was a company in the Czech Republic. In fact, it is the very first company I worked for at the age of 16 and it’s located in my home town. Many of my friends and family members depend on the company for an employment. The name of the company is Tatra and their website I selected as my target is located at www.tatra.cz. Tatra is a major manufacturer of heavy commercial trucks used for civilian, as well as military purposes and is active internationally. The company is located in Koprivnice, Czech Republic, with internationally located assembly plants and dealer network. …show more content…
Findings The first search using the http://whois.domaintools.com resource revealed the IP Address associated with the domain as 80.250.24.138. It also noted that 257 other sites are hosted on that server. It looks like the company is using third party hosting services. Of the the other top level domains, only .biz was registered to the same company as a “TATRA Dealer Portal”, Using the https://networking.ringofsaturn.com/Tools/dig.php resource, I was able to find DNS and MX records as follows: Mail services MX record: tatra.cz -t
Using proxy software Burp Suite it was discovered that the shopping site contained a hidden form field that could be manipulated.
Companies should develop a control that requires that routine vulnerability assessment of their customer facing web sites, network infrastructure, and associated systems (such as database systems). Vulnerability assessment can help identify potential weaknesses to systems and also provide a sort of feedback to the organization’s IT department on their current operational policy and security posture. The cost of performing a routine vulnerability assessment is considerably less than that of an actual data breach.
On September 24, 2010, a laptop was stolen from an unlocked Urology office at the Henry Ford Health Systems hospital. The laptop did contain password protection software; however, it may not have been enough to permit access if the thief had advanced knowledge in computers. Additionally, the information stored on the laptop did not include social security or health insurance information, but instead held “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). It is unknown how many records were contained on the laptop, but all records were related to prostate services that were provided during an eleven year span.
The penetration tools provided in this document allow us to review our network from a security standpoint. This paper focused predominantly on phase two of a penetration test, the exploitation phase; however, a successful penetration test typically starts with the reconnaissance phase. In this phase, the tester attempts to gain as much information about the target company and its network as possible. He or she will test the physical infrastructure (how do people gain access to the building?) and other organizational aspects of the company to find a weakness and a way to get in. Also during this portion of the test, the penetration tester will use tools such as NMAP, whois.com, and other resources to obtain information regarding the network
Q2: When you enter to AAU library system for search book titles about ' internet technology' as shown in the figure:
Computer security is the security applied to the computers and their networks including the internet. Physical security and information security are the two types of computer securities which prevent theft of equipment and data. (Man, 2015).
This article brings us into a world of an Information Security Analyst. The analyst must stay ahead of the different methods of hacking and also
Assessments are used to determine if sufficient security is being utilized to protect federal data. These requirements are put in place to identify vulnerabilities within the information security infrastructure. It rates potential weak points that may be caused if vulnerability was found and a plan of action must be developed and executed to elevate found vulnerabilities to meet desire security standards. System administrators are obligated to assist their higher levels with found assessment and suggestions on how to improve the information system infrastructure. Scanning the system infrastructure is one of many modes used to assess the strength of information security. Several software, such as QualysGuard, have been designed to scan system architecture. QualysGuard is an automated suite that simplifies information security measures by rendering critical security intelligence. The suite offers full protection of all information security systems, auditing, and compliance assessments. Accrediting and
Dougherty, C., Householder, A., & Houle, K. (2002). Computer attack trends challenge Internet security. Computer, 35(4), 0005-7.
My paper focuses on a security assessment of Quality Web Design (QWD), which is a very successful company that is well-known for its magnificent and appealing websites; they work
In 1997 the National Security Agency (NSA) tested the Pentagon’s cyber security in an exercise named “Eligible Receiver”. Within two days of the exercise, the NSA team had penetrated the classified command network and was in complete control of network. Two years later, the United States Air Force experienced a computer breach in which huge amounts of data were being exfiltrated from research files located on airbases. “Gigantic amounts of data were being shipped out from a lot of computers in the Defense Network and from many data systems in the national nuclear laboratories of the Energy Department.” (Clarke, p. 111) File case named “Moonlight Maze”, by the FBI day-lighted two important aspects of information security. Computer specialist
This report contains an overview of the testing process and issues that were found, details of the testing process, results found, the risks associated with the vulnerability and recommendations for rectifying the vulnerability. The results of the test can be of assistance to Ernst & Young when making decisions regarding information security.
Governments, organizations and companies co-operate to secure cyber space. In fact, the prevention of cyber criminal activities is the most critical aspect in the fight against cyber crime. It’s mainly based on the concepts of awareness and information sharing. A proper security posture is the best defence against cyber crime (Paganini, Perluigi, 2014)
Identify and describe the six components of an information system. Which are most directly affected by the study of computer security? Which are most commonly associated with its study?
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.