StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Two Vulnerabilities That Have Been Discovered in the Past Two Years (BlackBerry, Cisco IOS Software) - Essay Example

Cite this document
Summary
System vulnerability can be identified as the process which traverses owing to a flaw or system susceptibility through which the overall process of the system could be affected or the information could be spread over the network (Antón, 2003). …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER99% of users find it useful
Two Vulnerabilities That Have Been Discovered in the Past Two Years (BlackBerry, Cisco IOS Software)
Read Text Preview

Extract of sample "Two Vulnerabilities That Have Been Discovered in the Past Two Years (BlackBerry, Cisco IOS Software)"

? Discuss in Detail Two Deferent Vulnerabilities that have been Discovered in the Past Two Years Introduction The term ‘vulnerability’ can be referred as one of the rising issues in the computer security system. Vulnerability can be considered as a weakness which occurs due to the intersection of a system or threat through physically or by the network and it reduces the system’s capability of its information assurance. System vulnerability can be identified as the process which traverses owing to a flaw or system susceptibility through which the overall process of the system could be affected or the information could be spread over the network (Anton, 2003). Moreover, vulnerability within the system can also fabricate certain difficulties including lack of data or information assurance, system error along with other technical hitches during the process. In the context of present scenario, the aspect of vulnerability or system susceptibility is one of the concerned issues, which is faced by the global organisations (Research in Motion Limited, 2012). From the perspective of various systematic hitches, the discussion intends to highlight certain serious issues that can take place due to the occurrence of vulnerability within the system. Moreover, the discussion will be based upon the vulnerability issues that had taken place in the BlackBerry Enterprise Server and multiple vulnerabilities within the translation process of various protocols that were found in the network address translation of Cisco IOS Software. Selection of Vulnerability BlackBerry In keeping with the increasing pace in the technological advancement, the security risks are also simultaneously increasing the measure of uncertain and unethical issues within the system. With this concern, the security over the system is a considerable factor for the server enterprises. According to the present day context, the system susceptibility in the BlackBerry Enterprise Server (BES) is one of the major obstacles and an illustration of threat with regards to the issue of software vulnerability. The vulnerability causes security issue which has been recognized within the ‘BlackBerry Administration API component’ (Research in Motion Limited, 2012). Problem and Significance The vulnerability within the BES component could disclose all the information that is stored and moreover the issue is likely to create partial contradiction of the services provided by the BlackBerry. The vulnerability that is conducted within the BES component could allow the attackers to execute or develop external supplied draft or scripts. The system susceptibility could also allow the assailants to perform in any of the BlackBerry Web Desktop Manager tasks that the valid user could execute on a BlackBerry Smartphone at the executing time of the user on the BlackBerry Web Desktop Manager. The system susceptibility could also enable the attacker to reset the password of the device by making remote access and locking the user’s device. Moreover, the vulnerability also enables the attackers to disable the device along with activating the user’s account from another device through the wireless network (Beyond Security, 2012). The significance of vulnerability to the media or the community depicts an increasing security alert for the information technology (IT) industry in the real world. With this concern, the interest level regarding vulnerability assessment is an increasing issue for the cyber world. The importance of vulnerability judgment can be identified in various sectors, which is connected with the wireless network during their processes. Therefore, the vulnerability can be considered into several classes such as, Management Console Vulnerabilities, Management Server Vulnerabilities, Administrative VM and Guest VM Vulnerabilities along with Hypervisor Vulnerabilities and Hypervisor Escape Vulnerabilities (IBM Corporation, 2010). Network Address Translation Vulnerabilities in Cisco IOS Software The Cisco IOS Software Network Address Translation (NAT) attribute encloses certain Denial of Service (DoS) vulnerabilities within the translation process of certain protocols such as: H.323 protocol Session Initiation protocol (Multiple vulnerabilities) NetMeeting Directory (Lightweight Directory Access Protocol, LDAP) The products of Cisco can be identified as vulnerable, that are configured or supported with those protocols (Cisco, 2012). Problems and Significance The NAT vulnerabilities in the Cisco IOS Software may cause the device to be unresponsive or unexpected reload can take place during the process. Moreover, a successful utilization of the vulnerabilities may also cause memory leak which can lead to a DoS situation by continuation of the exploiting vulnerabilities (Cisco, 2012). The Network Address Translation vulnerability within the Cisco IOS software has been identified in the ‘NetMeeting Directory’ (LDAP), ‘SIP DoS’ and ‘H.323 Packets DoS’ vulnerability of Cisco IOS Software NAT (Cisco, 2012). Description of Vulnerability From the perspective of the vulnerability class, the issue regarding security concern for system susceptibility occurred both in the BES components of BlackBerry and in Cisco IOS Software in its network address translation vulnerabilities. This aspect can be classified as follows: Vulnerability Class Vulnerabilities can be characterized into two major flaws such as, intentional and unintentional flaws. Intentional flaws also can be classified into malicious and non-malicious flaws. Moreover, the vulnerability can also be categorised according to the model objective where the element belongs to. Furthermore, the vulnerabilities can also be identified by the Software Development Lifecycle (SDLC) segment (Meunier, n.d.). In the context of BlackBerry, the consumer devices are designed with certain features to utilize BlackBerry Internet Service (BIS) which is configured to execute under the BES. With this concern, the devices of Enterprise end-users, who are generally known as the other segment of BlackBerry consumers, are appropriately configured with certain amount of controlling power due to the enterprise and IT policies. In the similar context, BES deployment has comprehensive control than the BIS. Therefore, both the device and the server significantly bear certain risks regarding system security. Vulnerability Analysis The vulnerability within the API of BlackBerry Administration allows the attackers to develop or read files that include only printable characters on BES and unencrypted text related files. This vulnerability can operate without the user permission to the API components of BlackBerry Administration. Therefore, it can be stated that the successful utilization of this vulnerability could facilitate the attacker to disclose the information. Moreover, it could also be leveraged as an unfair Denial of Service (DoS) (Research in Motion Limited, 2012). In the context of the vulnerability classification of Cisco IOS Software, it can be stated that the vulnerability is generated by malformed transit LDAP traffic which requires NAT in its process for NetMeeting Directory. This system susceptibility is recognized in Cisco bug ID CSCtd10712 which is designed for the registered customers of Cisco and is allocated Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0946 (Cisco, 2012). Other Information The vulnerability in the BES component obtains a score of 4.8 in the Common Vulnerability Scoring System (CVSS) (Research in Motion Limited, 2012). In order to create resolution for the identified vulnerability in BES components, installation of the server is required to be made in a segmented network based configuration. There are certain required updates that have been released by Research In Motion (RIM) to resolve the vulnerability for the affected versions of BES such as: ‘BES Express Version 5.0.1, 5.0.2 and 5.0.3 for Microsoft Exchange’ ‘BES Express versions 5.0.2 and 5.0.3 for IBM Lotus Domino’ ‘BES versions 5.0.1, 5.0.2 and 5.0.3for Microsoft Exchange and IBM Lotus Domino’ ‘BES version 5.0.1 for Novel Group Wise’ (Research in Motion Limited, 2012) In relation to Cisco IOS software related vulnerability, it is probable to resolve the vulnerability through disabling the process of making translation of IP addresses that are embedded within the payload related to IP packets (Cisco, 2012). In order to resolve NAT vulnerability in the IOS of Cisco, the translation rule within the configuration will be required to be updated to incorporate a per-port rule which halts translation of TCP packets on affected ports. The various types of updates have been developed by the organisation to mitigate such vulnerable issues in the Cisco NAT IOS software. Those are such as: ‘NAT for SIP over TCP DoS Vulnerability Mitigation’ ‘NAT of Crafted SIP over UDP Packets DoS Vulnerability Mitigation’ ‘NAT for Crafted H.323 Packets DoS Vulnerability Mitigation’ Source: (Cisco, 2012). Conclusion From the perspective of steady growing scenario of accessing network through numbers of servers and personal or commercial devices, it can be observed that this process significantly brings about the risk of vulnerable issues on the system or networks. It can cause large financial loss and system damage. System vulnerability is an increasing threat in the modern technological era (Pfleeger & Pfleeger, 2011). Therefore, it can be stated that the IT organisations should be highly focused towards involving security related configurations during the process of developing software or any web based program and application. In keeping with the increasing pace of detecting vulnerabilities and developing software programs, there are certain numbers of system tools and static techniques available to increase the security level of the IT programs and applications. Moreover, it is one of the major activities for the IT organisations to involve sufficient security system for the software programs as the programs bear major credentials which may get affected due to the occurrence of vulnerable threats. References Anton, P. S. (2003). Finding and fixing vulnerabilities in information systems: the vulnerability assessment & mitigation methodology, Issue 1601. United States: Rand Corporation. Beyond Security. (2012). Vulnerability management. Retrieved from http://www.beyondsecurity.com/vulnerability-management.html Cisco. (2012). Cisco IOS Software network address translation vulnerabilities. Products and Services. IBM Corporation. (2010). Virtualization system security. Retrieved from http://blogs.iss.net/archive/papers/VirtualizationSecurity.pdf Meunier, P. (n.d.). Classes of vulnerabilities and attacks. Retrieved from http://homes.cerias.purdue.edu/~pmeunier/aboutme/classes_vulnerabilities.pdf Pfleeger, C. P., & Pfleeger, S. L. (2011). Analyzing computer security: a threat/vulnerability/countermeasure approach. United States: Prentice Hall Professional. Research in Motion Limited. (2012). Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service. BlackBerry Knowledge Base. . Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Two Vulnerabilities That Have Been Discovered in the Past Two Years Essay”, n.d.)
Two Vulnerabilities That Have Been Discovered in the Past Two Years Essay. Retrieved from https://studentshare.org/information-technology/1455651-two-vulnerabilities-that-have-been-discovered-in-the-past-two-years-blackberry-cisco-ios-software
(Two Vulnerabilities That Have Been Discovered in the Past Two Years Essay)
Two Vulnerabilities That Have Been Discovered in the Past Two Years Essay. https://studentshare.org/information-technology/1455651-two-vulnerabilities-that-have-been-discovered-in-the-past-two-years-blackberry-cisco-ios-software.
“Two Vulnerabilities That Have Been Discovered in the Past Two Years Essay”, n.d. https://studentshare.org/information-technology/1455651-two-vulnerabilities-that-have-been-discovered-in-the-past-two-years-blackberry-cisco-ios-software.
  • Cited: 0 times

CHECK THESE SAMPLES OF Two Vulnerabilities That Have Been Discovered in the Past Two Years (BlackBerry, Cisco IOS Software)

Strategic Position of BlackBerry

It has enjoyed a large market share and a large number of loyal customers over the past few years.... The product lines of award-winning and innovative BlackBerry includes smartphones and software for both small businesses and enterprises.... Research In Motion (RIM) is a Canadian hardware and software company located in Waterloo, Ontario.... % share, followed by ios of Apple at 21%, BlackBerry stands at 3.... The aim of this study is to highlight the current strategic position of blackberry as well as technological issues, which the company encountered last year....
8 Pages (2000 words) Case Study

Challenges of Blackberry

blackberry Executive Summary The report highlights the challenges faced by blackberry and various contributing factors which have led to the downfall of the company.... These suggestions will help blackberry to retain its position as the market leader provided if the plans are executed properly.... Table of Contents Table of Contents 3 Discussion & Analysis 9 Managerial Decision Making 9 Conclusion 19 Recommendations 21 References 28 Introduction blackberry is a popular handset device manufactured by the Research in Motion (RIM) headquartered in Waterloo....
12 Pages (3000 words) Essay

Public Relations Plan of Blackberry

For the past two months, close to 50 million new Android and iOS users have registered to exploit the company's messaging service, BBM.... It has seen some widespread service outages in the previous… throwing its reliability into doubt; third-party application developers, the backbone of successful mobile platforms, are making exodus from blackberry like a burning house (Tench & Yeomans, 2014).... blackberry maker has experienced its stock price drop more than 70 per cent in Moreover, the ailing complementary PlayBook tablet....
10 Pages (2500 words) Essay

The BlackBerry Limited: Business Organizational Challenge

Apart from creating integrated software as well as hardware, it generates solutions for the flawless access of facets.... A paper "The blackberry Limited: Business Organizational Challenge " reports that the blackberry Corporation's technology also allows for manufacturers as well as third-party developers to improve their goods and services by using wireless connectivity to third-party support schemes.... hellip; The blackberry Limited, which was previously referred to as 'Research In Motion Limited', is a designer, marketer, and designer of wireless solutions for the international mobile communications market....
9 Pages (2250 words) Term Paper

The Research in Motion Entity, Drawing from Its Mission, Vision, Objectives, and Structure

This kind of structure is regarded as the basic reason why Blackberry sale went down in the past few years because it intently affect the “span of control” and “decision-making control”, which related to management approach in course material (Bissonette, 2012).... There have been considerable changes in the management too.... And as it mentioned, we have been through five stages, as in “forming, storming, norming, performing and adjourning”....
2 Pages (500 words) Essay

Voice over Internet Protocol: Security, Vulnerabilities and Recommendations

VoIP systems are not immune to these, and it is essential that software and social security measures be taken.... software controls include VoIP specific measures listed as well as general Internet security software.... nbsp; … In particular, as DoS attacks are an emerging threat, anti-DoS software should be used.... Important VoIP communications should be encrypted Besides software, social control measures have also been discussed, which are just as important as deploying software controls due to human vulnerabilities....
8 Pages (2000 words) Research Paper

Challenges and Opportunities of Blackberry

The researcher of this essay aims to analyze blackberry.... Secondly, the company should also seek ways through which it can expand the current make-up of the blackberry 10 (BB10) model.... bout a decade ago, blackberry was not only the leading company that was offering technology for smartphones but also the only company during that time to offer what was referred to as a smartphone.... With time, blackberry found itself in bad situations when it started losing ground to smartphone technology....
12 Pages (3000 words) Coursework

BlackBerry: Key Information Management Concepts

An essay "BlackBerry: Key Information Management Concepts" outlines that BlackBerry today is a provider of wireless tools consisting of smartphones, wireless services, and mobile security software.... Incorporated in 2003, BlackBerry today is a provider of wireless tools consisting of smartphones, wireless services, and mobile security software (BlackBerry).... The CIO cannot solely depend on the efficiency or performance of the device or software when attempting to strengthen the company's competitive advantage, reduce firm costs, create value, and add value....
2 Pages (500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us