StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Remote Access Attacks - Essay Example

Cite this document
Summary
From the paper "Remote Access Attacks" it is clear that as the company is currently vulnerable to outside attacks, it must work to eliminate the possibility of phishing.  As is the setup now, an attacker can get into the system and trick users into entering their authentication codes. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.8% of users find it useful
Remote Access Attacks
Read Text Preview

Extract of sample "Remote Access Attacks"

? Remote Access Attacks Remote Access Attacks As we know, remote access attacks can debilitate any company, but is particularly serious for the small to medium enterprise. This can be stated because they do not always have the budget to secure their network, yet they house confidential information that could be harmful to the operations of the company if stolen. Some of the assumptions that need to be made in this case include: terminated employees retaining remote access to the system via passwords that are not deleted, passwords not being changed on a regular basis, firewalls being non-existent being connected computers to the network, and no noticeable security protecting the various storage devices portrayed on the diagram. It is important to analyze the network diagram and the information provided in the case study to determine vulnerabilities that are existent in the current system. These three categories include threats from inside the organization, from users gaining access as a third party, and public access. This company appears to be at risk from users inside gaining access to private and privileged information. As the network diagram clearly shows, there are no built-in protection between computers inside the organization to keep users with legitimate passwords from gaining access to another computer within the facility, without the other individual user knowing about it. This is commonly referred to as an attack from an inside view, and it is a major concern for this company under its current structure. With a lack of password protocol in place, individual employees and contractors have access to the network and data house inside the network. This entails being able to look up payroll record, altering personnel information, and potentially even gaining access to client payment data. All of these are serious violations of professional conduct, yet would be relatively easy actions to accomplish by an employee with even the most rudimentary knowledge of gaining user access. To minimize the risks from inside users, procedures begin with eliminating potential abusive employees before they are even hired. Because the company deals with sensitive information, it would be useful to have a background check procedure in place. Any computer related crimes on an individuals record would be a red flag that they could pose a problem given the companies weak security to this point, and their reluctance to spend much money to provide significant upgrades. In addition, passwords company-wide should be changed on a regular basis, and immediately after an employee in terminated. Many companies only eliminate the password of the terminated employee from the system, but they fail to realize that the individual may have gained access to other passwords during their tenure at the organization. As currently structured, the Quick Finance Company is also vulnerable to an attack from the outside, gaining access from the inside. This can happen in the form of a current employee giving his password to a hacker on the outside, or unknowingly bringing a virus into the facility. Again, with inadequate firewall protections put into place, this company has little hope of blocking attempts from a dedicated hacker with a proper password. Once inside the system, gaining access to any of the nearly 100 computers in the system, a hack would be able to gains access to the System 1000 mainframe, at which time all company data would be accessible. In addition, as demonstrated in Quick Finance Companies network diagram, the VPN server is continuously uploading information to the cloud, yet the company has not implemented any security measures to safeguard that attack from outside users. In essence, user view vulnerability appears to be a major issue for the company, owing to many of the factors previously stated. With inadequate password security, and a regular rotation of changing log-in protocols, any password that falls into the hand of a potential hacker could go undetected for quite some time. Assuming that Quick Finance Company relies on the occasional off-site work being done, such as logging into the system from home to complete various time sensitive projects, blocking off-site access is not really a possibility. The company could, however, implement a request system for gaining access remotely. Without such approval, access would be denied. In addition, it would be more likely that any malicious activity would be uncovered; as such access would be easily tracked. In addition, the company will need to provide more protection to the VPN server in order to prevent users being able to view data that they do not have access to, thereby preventing the possible theft of sensitive data. In short, it certainly appears that this particular finance company has left itself vulnerable to many of the security challenges facing any company today that relies almost exclusive on information technology. This includes phishing, man-n-the-middle attacks, and the possible infection of malicious software (Hoogenboom & Steemers, 2000). Thankfully, there are certain measures that can be easily implemented, based upon the information contained in the case study and the presented network schematic, that can serve to help eliminate many of remote access attacks that the company has seen in recent months. This improvement can begin with a remote authentication scheme. Weigold, Thorsten, Kram, and Baentcsch (2008) write, “Any remote authentication method’s goal is to establish and secure an authenticated information channel by proving a user’s identity through an associated security channel” (p. 36). This can be done by first eliminating the use of static passwords. This is one of the oldest means of remote authentication, and also the one most easily hacked (Weigold, Thorsten, Kram, & Baentsch, 2008, p. 37). The company could, however, could consider the use of one-time codes in order to avoid repeat remote access. In addition, a scratch-list could be created that is used by clients in order to provide more security. By having such a list contain 40-100 codes, individual clients would not know which code was going to be used until the attempted to log-in, providing the Quick Finance Company with a simple, cost effective of enhancing security measures from the inside almost immediately. Another are of concern in terms of being vulnerable to continued remote access attacks are the types of client security devices currently in operation at the company. As noted by the network diagram, there are upwards of 100 personal computers in the network, each attached by Ethernet, and lacking adequate firewall protection. As has been noted, “The most common client hardware is a standard desktop PC, which is also an easy platform to attack” (Weigold, Thorsten, Kram, & Baentsch, 2008, p. 40). A recommendation, then, is to have a secondary security device that is required for user access, and one that must me validated before an individual can log onto the system. This can come in the form of a smart card, mobile phone, or smart memory stick. Finally, as the company is currently vulnerable to outside attacks, it must work to eliminate the possibility of phishing. As is the setup now, an attacker can get into the system and trick users into entering their authentication codes. An example of this would be their one time code. Once gaining access to the system, the hacker can wreak all kinds of havoc, or steal sensitive information. If this is not a repeat attacker, this type of access is often difficult to uncover who the culprit is. An easy fix to this is to use the scratch list, in combination with the one time code, to limit the time the phishers have to access the system. By using a scratch list, it becomes extremely difficult for the attacker to gain the one time code in time, and even if they did, they would not be able to access a particular channel of information (Schechter, 2005, p. 42). In short, these measures will begin to upgrade the network security of the Quick Finance Company, but in the long run, they will need to set aside a portion of the budget to make some serious upgrades to their existing firewall, and they will need to create a new organizational design that all employees follow in an effort to ensure the integrity of their data and entire system. References Hoogenboom, M., and Steemers, P. (2000). Security for remote access and mobile applications. Computers & Security, 19(2), 149-163. Schechter, S. E. (2005). Toward econometric models of the security risk from remote attacks. IEEE Security & Privacy Magazine, 3(1), 40-44. Weigold, T., Kramp, T., and Baentsch, M. (2008). Remote client authentication. IEEE Security & Privacy Magazine, 6(4), 36-43. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Case Study 4: Remote Access Attacks Essay Example | Topics and Well Written Essays - 1250 words”, n.d.)
Case Study 4: Remote Access Attacks Essay Example | Topics and Well Written Essays - 1250 words. Retrieved from https://studentshare.org/information-technology/1487558-case-study
(Case Study 4: Remote Access Attacks Essay Example | Topics and Well Written Essays - 1250 Words)
Case Study 4: Remote Access Attacks Essay Example | Topics and Well Written Essays - 1250 Words. https://studentshare.org/information-technology/1487558-case-study.
“Case Study 4: Remote Access Attacks Essay Example | Topics and Well Written Essays - 1250 Words”, n.d. https://studentshare.org/information-technology/1487558-case-study.
  • Cited: 0 times

CHECK THESE SAMPLES OF Remote Access Attacks

Denial-of-service Attacks

This essay "Denial-of-service attacks" aims to analyze the causes, effects, and reasons behind denial-of-service attacks.... Such attacks are, hence, widely discussed by researchers, and the debate relating to the causes, effects, and prevention of such attacks has been continuously given attention.... Denial-of-service attacks are not a new phenomenon in the technological industry.... These attacks are launched to slow down or affect the smooth running of a particular website....
6 Pages (1500 words) Essay

Denial of Service Issues and Solutions

In DoS attacks, attackers hold the data to modify or change it so that the data transfer time will be longer than usual to reach the intended websites or servers.... DoS attacks aim to hinder legitimate users from accessing the resources that they should be allowed to.... It has been argued that DoS attacks usually consume software bugs to crash a service.... The real intent of those attacks is to shut down a site and not to penetrate it....
19 Pages (4750 words) Dissertation

Denial of service attacks (DoS)

Denial of Service attacks (DoSs) By Student Date Table of Contents Introduction Denial of Service attack or simply DoS can be defined in many ways.... This paper presents an overview of DoS attacks.... This paper will discuss different types of DoS attacks.... Denial of Service attacks DoS attack (denial of service) can be defined as an event that prevents un-authorized access to the resources or make interruption in those operations that are critical with time factor....
5 Pages (1250 words) Essay

Network Issues That Led to Shamoon Incident at Aramco

In addition, Aramco's network allows its employees and expatriate employees to run information systems and then divulge such information that acts as leeway to cyber-attacks.... Sadly, the network system of Aramco allows multiple users to access both unclassified and classified information at the same time, which jeopardizes the security of the system as seen in the Shamoon attack.... Otherwise, the ease to access, lack of proper authorization, and use of ancient anti-hacking and firewall software, jeopardizes the security of Aramco's network system....
4 Pages (1000 words) Case Study

Network Security-Intrusion Detection System

The Intrusion Detection systems are developed in response to these major attacks on various sites and networks.... There has been a number of cases reported when major attacks on various sites, computer systems, and networks have encountered.... Some of the recent major attacks cases are attacks on the Pentagon, the White House, NATO, the U.... onsidering such attacks on computer systems and network, there is a need for a system which can safeguard computer systems and network from outside and inside attacks....
16 Pages (4000 words) Essay

Analysis of Hacking Attacks

The paper "Analysis of Hacking attacks" states that Stuxnet has been proved to be able to control communication between PLC and Siemens programming station.... To gain access to computers, these hackers put into practice programs that were developed by different individuals which they have less idea about how they function....
24 Pages (6000 words) Coursework

Stack and Buffer Attacks in Operating Systems

This essay "Stack and Buffer attacks in Operating Systems" states that administrators can avoid buffer overflows by taking their time in considering the buffer size and avoid buffer overflow.... Stack and buffer attacks occur when an application puts more data into a memory address such that it cannot handle.... The results of buffer attacks may cause corruption in the neighboring data on the stack.... Buffer overflow vulnerability gives an attacker the option to generate and run a code; the code then attacks the vulnerable application allowing the user to define the term of bias on the application giving an attacker the option to control a system (Crispin Cowan 1999)The first buffer attack was widely used by the Morris Worm in the year 1988....
5 Pages (1250 words) Essay

Denial of Service Attacks

The paper 'Denial of Service attacks' presents the billions of computers that exist globally are all connected through the internet.... The computer interconnectivity, which is dependent, on the global internet, however, makes its components an easy target for attackers who try to deplete their resources and launch denial of service attacks against them.... The DoS attacks can be described as a single group or person's spiteful attack to cause the site....
8 Pages (2000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us