Monday, March 11, 2019

Common Information Security Threats Essay

The internet is approximately 40 years quondam(a) and is continuing to start at a rapid pace. This rapid developing and use of the internet for practically everything you can do in animateness has in any case cause a major increase in threats. Cyber- outlaws be often breaking into guarantor on many major web points and making the tidings. training protective covering is turning into an important part in cling to a businesss teaching. amazon.com website went online in 1995 (Byers, 2006). amazon offers there serve and products through the website amazon.com to many countries around the world, which includes United States, Canada, France, Spain, Japan, Italy, Germany, United Kingdom, and China ( amazon, 2012). virago has been around for approximately 17 years and continuous to be a successful business. One of the reason for this is because Amazon investing time in Information Security. Amazon has a massive amount of nurture on servers around the globe contain sensitive information, non only information for Amazon but similarly for Amazons customers.Some examples of the information Amazon states on the servers they own product information, wargonhouse information, call revolve about information, customer service information, service information, customer account information, bank information, besmirch computing information, digital media download information, and reviews of customers for product information (Amazon, 2012). There bequeath always be some kind of the potential risks to the information retained by any business or person because new vulnerabilities are found every day. Just recently, on August 7, 2012, a equip magazine reporters information stored on his Google account, Twitter account, MacBook, iPad, and iPhone where erased without the exploiter wanting this done. A hacker that goes by the name of Phobia comprised the reporters Amazon account with a security exploit. The security exploit allowed Phobia to entrance the repor ters Amazon account by calling and resetting the passwords everyplace the phone with the reporters compromised AppleCare ID and Amazon ID (Kerr, 2012).Amazon responded with the following, We get investigated the reported exploit, and can assure the exploit has been closed as of yesterday afternoon (Kerr, 2012). Anformer(a) major breach in security for Amazon occurred on the Zappos.com, which Amazon also owns. 24million accounts where compromised, which included the following account information names, shipping addresses, billing addresses, phone numbers, and email addresses (Vilches, 2012). Zappos CEO Tony Hsieh wrote in an email that the hackers gained entrance to the internal network of Zappos allowing the hackers entryway to the server that was in Kentucky. On October 28, 2011 a researcher uncovered a massive security flaw in the Amazon Cloud service that is provided by Amazon (Hickey, 2011). A team of German researchers found a way that hackers would be able to ingress us er accounts and data. The methods of attack the security researchers found that the Amazon Cloud service was vulnerable to where signature wrapping and cross site scripting. XML signature wrapping attacks were developed that could completely take over a user account with administrator permissions for the Amazon Cloud accounts.The AWS interface could also be manipulated to run an executable code and create cross-site scripting attacks. The researchers said that they had access to all the customer data, including authentication data, tokens, and passwords (Hickey, 2011). There are many other vulnerabilities for Amazon that may exist but are not known. Intruders (hackers) are a major threat for Amazon as proven from the previously listed examples. When the attack is done by a small group or just one person the threat will fall into the ambiguous category (Conklin, White, Williams, Davis, & Cothren, 2012). Threats caused by attacks by hackers that are in a criminal group are known to fall into the structured category (Conklin, White, Williams, Davis, & Cothren, 2012). sensual security is important to remember because if a hacker can bump into the internal network and infrastructure, it can be much easier to gain unofficial access to the network.Information Security risk analysis is used to access the vulnerabilities, threats, and how to set controls for an organization (Whitman, 2011). List of what can be vulnerable electronic network Servers, Computer Servers, Routers, Client, Databases, Firewalls, Software, Power, and Transmission. List of threats Denial of Service Attacks, Spoofing and Masquerading, Malicious Code/Virus, gentlemans gentleman Errors, Insider Attacks, Intrusion, Spamming, and Physical Damage to Hardware. List of costs Trade Secrets, Client Secrets, Trust, befuddled Sales, Clean up Costs, Information, Hardware, Software, Services, and Communication. List of controls to be used Firewalls, IDS, Single Sign-on, DMZ, Security policy, EmployeeT raining, Configuration of Architecture, and Hardening of Environment. All of these lists can be put into a chart to help form a risk analysis and frame-up controls to be used for Amazon (Conklin, White, Williams, Davis, & Cothren, 2012).The legal, ethical, and regulatory requirements for protecting data contain to be thought about when it comes to Information Security. Statutory laws, administrative laws, and third estate laws currently exist and are involved in computer security. youthful cyber laws are being defined by the courts, but none of these laws have been used yet (Conklin, White, Williams, Davis, & Cothren, 2012). In 1986, the Computer Fraud and Abuse routine (CFAA) was established to make it a crime to access computer systems when not authorized.Amazon has been around for 17 years and has a good running record for catching security risks and patching them quickly. With the internet continuing to grow at such a rapid pace, Amazon and everyone wanting to maintain thei r data integrity needs to tight down on their Information Security protocols. Information Security is turning into an important part in protect a businesss information.ReferencesAmazon. (2012). Amazon. Retrieved from http//www.amazon.com Byers, A. (2006). Jeff Bezos the founder of Amazon.com. New York, NY The Rosen create Group. Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security CompTIA Security+ and Beyond (Exam SY0-301) (3rd ed.). New York, NY McGraw-Hill Company. Hickey, A. R. (2011, October 28). Researchers Uncover massive Security Flaws In Amazon Cloud. Retrieved from http//www.crn.com/news/cloud/23190911/researchers-unconver-massive-security-flaws-in-amazon-cloud.htm Kerr, D. (2012, August 7). Amazon addresses security exploit after journalist hack. Retrieved from http//news.cnet.com/8301-1009_3-57488759-83/amazon-addresses-security-exploit-after-journalist-hack/ Vilches, J. (2012, January 16). Amazon owned Zappos hacked. R etrieved from http//www.techspot.com/news/47060-amazon-owned-zappos-hacked-24-million-accounts-compromised.html Whitman, M. E. (2011). Readings and Cases in Information Security Law and Ethics. New York, NY Cengage Learning.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.