Pre-Attack Techniques - Coursework Example

Questions: Pre-Attack techniques (Section) Due) A. Pre-Attack techniques Most hacking attacks usually take advantage of the vulnerabilities that exist with an organization’s computer system or network to gain access to an unauthorized information and data. Hacking prevention techniques therefore, should be geared towards mitigating and minimizing possible vulnerabilities that maybe exploited by perpetrators (Scambray, 2009). The following are some of the pre-attach techniques that can salvage and protect an organization against hacking attacks. Security tightening and System hardening Organizations should harden and strengthen their system security through the installation and configuration of necessary software like antivirus programs that ensure enhanced security. Unnecessary software and daemons should be deactivated and disabled given that they are most vulnerable for attack. Patching system applications and software Constant patching to system application and software should be done in order to eliminate the gaps and security holes that exist. Installation of new updates and new versions of existing application will ensure heighten and improved security. Constant updates ensure that al the patches are fixed thus eliminating system vulnerabilities (Scambray, 2009). Firewall installation Both hardware and software application forms of firewall such Symantec-Axents Firewall/VPN 100 Appliance and Zone Alarm can be installed in an organization’s system and network. Firewall installation discriminate against access request from unknown and unauthorized sources that may be of potential threat to computer systems and network. Password Encryption Strong password encryptions should be made using high bit encryption methods that cannot be easily decoded by malicious hackers in case of hacking attack. Network security assessment Network security assessment is done in order to see and expose the vulnerability that exists within a network and a system. Port scanning an organizations network will reveal the exposed services. Running a vulnerability scanner against an organization’s servers ensures that all the vulnerabilities are exposed and necessary actions taken to eliminate them in order to secure servers. Most of these pre-attack techniques and method for preventing hack attack against an organization are controllable from an organizations perspective. It is up to an organization to put up measures and install the necessary application in order to ensure the security of its systems and information including the network. Apart from the patches and vulnerabilities that exist in applications, all the other techniques are entirely controllable from an organization’s side. Installation of patches and fixes in order to mitigate the vulnerabilities that exist within an application is partially controllable given that it is u to an organization to search and install the updates after they have been released by the software companies (Scambray, 2009). B. Encryption There are numerous types of encryption technologies including full disk encryption, virtual space encryption and folder encryption. A number of software and application exists which utilizes these three types of encryption to protect an organization’s data thus ensuring data security. PGP Whole Disk Encryption This technology provides a high performance and comprehensive full disk encryption for all the data including swap files, user files and hidden files that are located either on laptop computers, desktop or removable media. PGP whole Disk Encryption provides strong security for partner and customer data including intellectual property by eliminating unauthorized access to such files and sensitive information. The encryption technology offers a central management of the protected system through PGP Universal Server which in turn simplifies deployment reporting and policy creation and distribution. Besides the centralized management, PGP Whole Disk Encryption utilizes Hybrid Cryptographic Optimizer technology (HCO) to provide optimized, high performance and strong encryption. Moreover, it offers a dependable protection across servers and enterprise desktops. Check Point Full Disk Encryption Check Point Full Disk Encryption provides automatic encryption to all the information on the hard drive including erased files, user data, the operating system and temporary files for maximum data protection. It also provides boot protection to logical partitions in addition to sector-by-sector encryption. It has the ability to block attempts to copy individual file or to introduce malicious program such as malware. It provides a full time disk encryption even when the hard drive is removed and used as a slave in a different computer. Need for encryption Failure to encrypt data presents an organization with a lot of security risks and threat in the event of security breach. Unauthorized access of data through interception of unencrypted data could lead to exposure of critical and confidential information which can be used by a malicious hacker against the organization. Encryption on the other hand provides security to data given that it presents a hard time for a hacker to decrypt the encrypted information thus slowing down and limiting the use of such information in case it is compromised during transmission or any other way (Scambray, 2009). C. Value Business Continuity Plan constitutes an essential and indispensable part of an organization’s response planning given that it defines how the business organization will operate after an incident and ensures quick recovery post the incident. BCP is a process that adds value to the business given that it recognizes an organizations vulnerabilities and exposure to external and internal threats and provides effective mitigation methods for prevention and business recovery (Goh, 2004). Moreover, Business Continuity Plan aids in the maintenance of an organization’s competitive advantage and the integrity of the value system. Furthermore, Business Continuity Plan constitutes risk management which is vital for the continuity of any business given that it ensures smooth and normal operation of the business by planning for events that could affect its supply chain or lead to damage of critical infrastructure (Goh, 2004). Values of effective BCP An effective BCP ensures the continuity of operations and service delivery, aids in building costumer confidence besides the internal confidence within the organization itself. In addition tom the stated values BCP also ensures a competitive advantage besides providing compliance benefits. Business Continuity Plan aids in the preservation of brand value and organization’s reputation. It also helps to mitigate risk and financial exposure (Goh, 2004). D. Cloud Computing Benefits Cloud computing is one of the common solutions to support business continuity implementation. A number of benefits are associated with the adoption of cloud computing within an organization most of which includes the following. Decreased Cost: Cloud computing eliminate the costs associated with the investment, maintenance and installation of stand-alone servers and software. Scalability: Cloud computing provide unlimited storage space to an organizations data and information which can easily be accessed. The unlimited storage space allows for easy business expansion without the need to worry for storage space (Michael, 2012). Improve accessibility and flexibility: With cloud computing, an organization’s file and data can easily be accessed anytime from any part of the globe provide there is an internet connection and the right log in credentials. Reduced risk; Cloud computing services provide full time data protection with highly encrypted and protected servers that ensure that an organizations data and information are securely stored. Drawbacks Centralization: The centralization of cloud services such as data storage is a serious pitfall for cloud computing given that all clients are affected in the event that the servers and infrastructure of the cloud service provider goes down. Network dependency associated with cloud computing also presents another risk (Michael, 2012). Data security and integrity: cloud computing involves offsite data storage and the process of accessing the data through cloud services present a threat of data interception. Cloud computing is not a valid BCP; however, it is a highly effective disaster recovery service. References Top of Form Goh, M. H., & Leo, Y. N. (2004). Implementing your business continuity plan (Student ed.). Singapore: GMH Continuity Architects. Michael, M., & E, K. M. (2012, January 26). Using cloud computing and storage for business continuity. Network World. Retrieved December 12, 2012, from http://www.networkworld.com/newsletters/sec/2011/012411sec2.html?page=2 Scambray, J. (2009). Hacking Exposed, Sixth Edition: Network Security Secrets& Solutions. Indianapolis, IN: McGraw-Hill. Bottom of Form Read More