Systems Programming - Essay Example

of the of the 25 October Introduction Network security is continuously evolving and becoming a challenging aspect for organizations maintaining highly sensitive and customer data. New technologies derive benefits as well as new risks that are not limited to logical threats, physical and human threats. Reports and surveys recorded by many organizations indicate a substantial rise in terms of security breaches year by year. Moreover, there are several reported cases in the year 2012 that are associated with information security breaches. Resultantly, organizations suffer massive revenue, reputation and customer confidence loss due to large amount of stolen credit card or personal data. In order to protect digital information, organizations are keen to implement technical controls such as firewalls, Intrusion Detection Systems, honeypots and Demilitarized zones. These controls are considered as logical and provide security on the logical layer. However, often the important aspect i.e. information security management is not addressed to the optimal level. A typical information security program is led by an information security manager who establishes a steering committee for discussing security aspects focusing not only the IT department but every department within the enterprise. Some of the management controls that are implemented by the information security manager are IT governance, Risk management, monitoring Key Process Indicators (KPI) and Key Goal Indicators (KGI). KPI demonstrates the current state of security within an organization and KGI demonstrates the level of security to be achieved. As per the current scenario, critical data must be protected by implementing Firewalls to secure the network from external logical threats and Virtual Private Network will be implemented for securing the data transmission on the Wide Area Network. The modern operating system introduced by Microsoft is named as Windows 7. This operating system contains advanced tools for network security from viruses, malware and spyware thus reducing the security breaches and risks. Another feature Windows 7 comprises is an enhanced backup solution for the important data. This will also provide more control via parental tool to protect family from possible risks. The Windows 7 also includes enhanced protection, safety and privacy characteristic for better internet experience. 2 What security is all about The Windows 7 incorporates a tool named as an Action Centre that allows the users to check firewall updates, software’s updates such as antivirus. Furthermore, this Action Centre will automatically turn on for all the latest available software updates. This Action Centre is located in Control Panel for easy access for the users. 2.1 Protect your data from theft, hackers and accidental loss Another new feature that is included in Windows7 is the BitLocker Drive Encryption. This allows your Windows to encode all the important data, passwords and other information stored in the hard disk. The data encodes automatically into the hard disk as soon as the BitLocker is activated. Similarly, firewall also plays a vital role in computer protection. The firewall is designed to block all the unsafe data or malicious soft wares that enter into computer. The firewall present in Windows 7 is made more flexible and easy to use to provide maximum protection against hackers. In Windows 7, the backup system is also enhanced and made user friendly. This helps to generates many copies of your important data and thus restores it when needed. In order to protect your computer from viruses, malware and other spyware you need to download “Microsoft Security Essential”. This application is available for Windows 7 and is free of cost. The Microsoft Security Essentials provides protection against worms, viruses, Trojans, spywares and other malwares. A detailed catalogue is available online for Microsoft Security Essential and how to use it. Moreover, Windows Defender is also included in Windows 7 that protects the users from unwanted software, pop-ups and other security threats that slows down the computers performance. 3 Information Security is a Process The Information Security process includes several products related to security, techniques, procedures and strategies for its better implementation. Moreover, these products can work better together, as no product can be used alone to solve any problem. A number of products and plans are needed to be implemented in organizations to provide best possible security. There are number of products in market such as, intrusion detection systems, firewalls and scanners, however, these products cannot work alone in providing information security. The work Information Security is defined as a process for providing system protection. The Security policies guidelines are all well organized and renowned. This guideline defines the management of organizations, protection of information and assets, decision making procedures and security of systems infrastructure. The procedures regarding Information Security clearly states the techniques of achieving certain tasks. For instance, Policy can specifically say that antivirus needs to be updates daily and the procedure / guidelines will show the steps of how to do it. 3.1 How do attackers exploit the absence of this control? The web-based and other application software has been a target for the attackers in every organization in modern days. The application software’s that are not able to check the user input and its size may become unsuccessful to sterilize the user input. Thus malicious components are entered into the system causing threats to the important data. After entering into the system, the hackers may inject several exploits to get access and control over the data. To name few of the exploits are: SQL injection attacks, Cross-site request forgery, buffer overflows, cross-site scripting and click-jacking (Vacca, n.d ). Moreover, by using SQL injection, the hackers could exploit over 1 million web servers and can turn their engines into infections for the users. These hackers force to make compromises from the government states and organizations by jamming thousands of browsers and misusing the important information. However, these types of attacks on web and non-wed organizations by the hackers are reported daily. In order to control such security breaches, the application soft wares of both inside and outside of every organization must be tested properly for possible security flaws. Moreover, for the application software outside the organization i.e. the third party must be verified in detail for security breaches. The testing procedures must be taken into practice within the organizations for any in-house threats or security lapses. 3.2 Procedures and Tools to Implement and Automate this Control The application software can be secured with help of these techniques: Source code testing tools Object code testing tools Web application security scanning tools Furthermore, testing manually for the in-depth security with the help of application penetration testing professional must be accomplished in organization. In order to identify the vulnerabilities, the Common Weakness Enumeration (CWE) technique is used along with these above mentioned tools. In fact, the CWE is also able to detect the type of weakness and how to resolve the identified problem. The MITRE’s Common Attack Pattern Enumeration and Classification can be used to test for the software’s efficiency and to record its effectiveness for security threats. 4 What OS services are of interest and are they good? The Windows 7 is designed to be least disturbing and easy for the users to run their computers at home rather that at work as professionals. The User Account Control is included in Windows Vista that notified the users before making any changes on your PC or downloading any new program. This feature is more enhanced in Windows 7. Thus it will provide the users more security and interrupting messages. 4.1 Help protect your family The Windows 7 includes new and enhanced parental control options as compared to Windows Vista. They are easy and simple to uses. Now by using parental control on Windows 7 you can stop your child from prohibited games, programs and also limit their use on computer. Another amazing feature Windows 7 includes is to block the objectionable TV shows and movies by using Windows Media Centre i.e. available in Windows 7 Home Premium. The procedure of data protection, privacy and truthfulness of the information is called as Information Security. The term information has been cherished by the man kind since the birth of our planet earth. Mankind was eager to know about how to produce food and shelter. However, as soon as the computer access is increased by the users, the information security has become very important. In fact, previously the assets of any organizations are in physical such as buildings, factories and raw material etc. but, in modern world these assets are referred as stored information such as formulas, sale-purchase information, financial data and customer’s information. In addition, there are many organizations whose information is mostly based on IS data and their financial data is stored in bits in several computers. 4.1.1 How to Implement, Automate, and Measure the Effectiveness of this Control 4.2 Quick wins The WAFs .e. web application firewalls are implemented in order to protect web applications that are followed by all the traffic for general attacks. The access of these attacks is not limited to cross-scripting, command injection, directory traversal and SQL injection attacks. There are significant firewalls application are available for non-web based applications. The device used to control these attacks must be able to decrypt traffic before any analysis or must be adjust behind the encrypted traffic. If these options are not available then the host-based web application is implemented to guard against security threats. 4.3 Visibility/Attribution For all the inputs, obvious error monitoring should be completed. The size and kind of the source code must be identified after implementation of any variable. The input should be verifies for the specific size and type of data to be stored in memory. The input must not exceed the limit of the data memory Both the web applications i.e. in-house-developed and third-party-procured must be scanned for general security faults. This can be done before implementation of application by using an automated web applicant scanner. The organizations should test the application every now and then to rescue from possible cyber-attacks in future The systems error messages should not be displayed to the end-users/ output filter Production and non-production departments should be separated. The software developers should not be left unmonitored especially with the access to production 4.4 Configuration/Hygiene Before implementation of in-house developed or third-party developed application it should be scanned for the errors, malware insertions and infections including backdoor. This can be achieved by using automated static code analysis software. Unfortunately, if the source code is unavailable, than the organizations can check for the complied code using binary analysis tool. In general, the application soft wares must be studied and tested cautiously for all software including input validation and output encoding routines. A configuration review is conducted for all the applications that are based on database. The reviews conducted between the operating system housing database and the software database. The purpose of this review is to check and test all the settings for the database system using standard hardening templates. In fact, the systems that are related to important business procedures must be tested in organization. Training sessions must be provided to all the software developers to enhance their skills regarding secure code writing for particular software application. All the excessive codes such as, compilers, libraries, components and sample scripts that are not in-use by the application must be deleted or uninstalled from the system. 5 Conclusion & Recommendation The new operating system in the market is Windows 7 and Windows 8 has just arrived. In my opinion, Windows 7 is user friendly and possesses a rich graphical user interface. Moreover, it also incorporates an intelligent virtualization engine that provides multi-tasking for each core. For instance, if the processor has 4 cores, each cores works as a separate processor and contributes to the performance of the operating system. Likewise, the operating system has a mechanism to intelligently utilize all the four cores. I would recommend that it is time for windows to be integrated with the cloud computing phenomena that will assist programmers for a programming environment available in the cloud as well as on the physical machine. Work Cited Vacca, J. R. Computer and Information Security Handbook. Elsevier Science, 2012. Print. Read More