Premium Essay

Web Security Issues

In: Business and Management

Submitted By samperera
Words 356
Pages 2
Web Security Issues/Concerns
Comparing to other online Apollo group organizations Riordan manufacturing has a few locations. No matter the size of the business but still the information and the database needs to be protected in any way. To overcome this the web up-time needs to be more effective and fast. In that case if a customer place an online order it can transmitted real fast to Riordan manufacturing to process the order. A weak point I found on Riordan manufacturing website is there is no option for customers for online entries. Also if they are willing to create a for customer information entry it should be protected by (DOS) Denial of Service to prevent online attacks and threats wise versa.
Current Riordan Manufacturing website specifications
As I went through the information each Riordan manufacturing facility has their own web server which runs internally, but with any firewall which is a huge risk. I found out that each web server is being installed and maintained by different vendors without any continuity plan or proper security measures. In case if a customer needs to contact Riordan manufacturing they has the option to send a text message describing their need. The email and phone numbers of Riordan are listed on the website as well.
Recommendations to secure the web security
I do suggest that if Riordan can setup one server on a location and connect all locations to it. It that case they can maintain and monitor their system easily and quickly before a potential threat or attack. They need to setup their web server as an external proxy server. Proxy server will control all in-coming web traffic. Proxy server cannot communicate back. So, it will be a one way communication which the information will be secured. Also Riordan manufacturing needs to create a secure customer database in SQL which they can access records faster. Another suggestion is…...

Similar Documents

Premium Essay

Web Application Security

...Assignment 7 You may search these terms from the web resource links available under Resources to expand on the terminology and/or usage. If you do so, you must provide the reference to the resource as well as cite in your answer with (author, year, and page or paragraph number(s). 1. Create a Word document and name it CS680-Assignment_7_FirstName_LastName.doc(x) (with your name substituted for first name and last name). 2. Part I: put questions in the above file with their respective question numbers and answers, for the following: • From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 • From the GREMB book -- Chapter 10, Review Questions 2 to 20 even pp. 275-277 3. Part II: visit the following three sites: • http://www.ieee.org • http://www.PMI.org • http://www.webappsec.org For Each of the three sides find three societies or special interest groups that deal with security, application security, or Web application security. Write a synopsis of what the organization does, and how the society or special interest group can help you become more successful Web developer when it comes to implementing security into your software design. This question must be answered with at least 60 words each part with proper citations, proper references, and formatting. Combine the answers into the same above file. From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 2. _____________ is concerned with what an identity is allowed to......

Words: 2041 - Pages: 9

Premium Essay

Security Issues

...|[pic] |Syllabus | | |College of Information Systems & Technology | | |CMGT/582 | | |Security & Ethics | Copyright © 2010, 2009 by University of Phoenix. All rights reserved. Course Description The ethical issues examined in the course include information privacy, accessibility, and ownership from an organizational perspective. Information laws, regulations, and compliance requirements are examined in this course as well as the considerations for creating a safe digital environment within the organization. Policies Faculty and students or learners will be held responsible for understanding and adhering to all policies contained within this syllabus and the following two additional documents: University policies: You must be logged into the student website to view this document. Instructor policies: This document is posted in the Course Materials forum. University policies are subject to change. Be sure to read the policies at the beginning of each class.......

Words: 2637 - Pages: 11

Premium Essay

Web Security

...| Contact Number | (M) 9722266247 | Date of Birth | 12/01/1991 | Gender | Male | Hobby | Playing cricket , To make Dj Remix Songs, Djing, Social Networking. | E-mail | princeikhanna@yahoo.co.in coolprinceahmedabad@gmail.com | Known Languages | Gujarati , Hindi , English , Punjabi | | | SKILL | Languages | C, C++, Java,Visual Basic.NET | Web Technologies | ------------------------ | RDBMS | SQL Oracle, MS Access | Software Packages | MS Office, Rational Rose, Visual Studio, MS Visio. | Technologies Known | ASP.NET,ADO.NET | Operating Systems | MS-DOS, XP, WINDOWS – VISTA, WONDOWS – 7, WINDOWS - 8 | Project Work | 1. E – Booking System: This is Web Based Application .Those Who Want to Book a Particular Air Flight or Want to See the Status of an Air Flight Or if Any Body Wants To See The Status Of the Air Flight then He\She Can do all the above things within a single website…!!!. Front End : Visual Basic.NET, Ado.net Back End : Microsoft SQL Database Semester : Third Year B.C.A. Institute : Shri Chimanbhai Patel Institute of Computer Applications. STARARE AREA OF INTEREST | RENGTHS S Web-Site and Software Development, System Analyst. STRENGTHS | * Adaptation to various working environments. * Sincere, flexible, Teamwork, Hard Working, Honest. I hereby declare that all the details mentioned above are true . Khanna Prince .I. ...

Words: 315 - Pages: 2

Premium Essay

Riordan Manufacturing Internet Security Issues and Web Concerns

...Riordan Manufacturing Internet security issues and web concerns The biggest, and probably the most insidious threat facing Riordan comes not from aging servers, poor physical security, or antiquated workstations, but from their own employees; many of which may become unwitting pawns of social engineering, phishing, and malware. In recent surveys conducted across the industry, “More than 50% of businesses consider their own employees to be the greatest IT security threat, with 54% of respondents believe that insiders are the biggest threat, compared to 27% who fear criminals the most, 12% state-sponsored cyber-attacks and 8% competitors (Swabey, 2013).” With a growing trend across the industry, to include even the Department of Defense, to allow employees access to social media sites like Facebook, Twitter and LinkedIn, this comes as no small wonder. “Don't be too proud of this technological terror you've constructed (Lucas, 1976).” On the surface, all four of Riordan’s plants have firewalls at the border of their network, and to many novice system administrators and misguided information technology specialists this should be more than enough to secure the network from internet based attacks. Chances are these firewalls are inadequately configured; explicit deny means nothing if your letting social media sites into your internal network. “Social networks are about connecting people, and a convincing-looking profile of a person followed by a friend or connection request......

Words: 921 - Pages: 4

Free Essay

A Study of Captcha for Web Security

...A Study of CAPTCHA for Web Security Abstract— As the increase of Internet usage in term of available services provided, user gains more convenience but also face a challenge. Online services such as Email, search engine, social networking may be abused by the automated program or web bots. To ensure the service is used by human, most of them use Completely Automated Public Turing test to tell Computers and Human Apart (CAPTCHA) methods to securing their web services. This paper will discuss the various types of CAPTCHAs and issues in designing the good CAPTCHA in term of security and usability. Keywords: CAPTCHA, TEXT-Based, GRAPHIC-Based, AUDIOBased, Robustness, Usability Online Polls: Result of any online poll can only be trusted if the poll system ensures that only humans can vote. Preventing Dictionary Attacks: CAPTCHAs can also be used to prevent dictionary attacks in password systems. Search Engine Bots: Configuring the website as nonindexed page is important to prevent others from finding them easily. This is why CAPTCHA is important Worms and Spam: CAPTCHAs also offer a reasonable solution against email worms and spam which only accept if the sender is a human [2].   I. INTRODUCTION  A CAPTCHA which is stand for Completely Automated Public Turing test to tell Computers and Human Apart is a challenge response test which gives a challenge to the users. It is one of Human Interaction Proofs. When the user gives accurate answer he is considered......

Words: 2733 - Pages: 11

Premium Essay

Security Issues

...Front office and guest safety and security Security Issues ---------------------- Security encompasses areas such as security of the property itself, company assets, employees' and customers' personal belongings and valuables, life security, personal security etc.    In all workplaces management stipulates that it is not responsible for valuables and employees personal belongings (their handbags, items kept in the personal lockers, etc.).  Yet management must take all possible measures to prevent theft among employees and of employee belongings through its hiring practices and through the implementation of effective management, human resources and operational policies, such as:   • Background checks of selected applicants • Policies related to employees' entry to, and exit from, the workplace • Spot checks of locker rooms and lockers • Effective supervision and control during the work cycle • Policies related to the discovery of criminal records and wrongdoing among, and by,  employees • Control of people entering and exiting the workplace With regard to guest valuables, management informs guests that the hotel is not responsible for valuables left in the room, advising them to secure these in safety deposit boxes provided by the hotel.  Besides taking care of security issues related to the people they employ (as outlined above), management must undertake some necessary measures, among which: • Providing "secure" (safety) deposit......

Words: 4569 - Pages: 19

Premium Essay

Web Security

...Web security Web sites are unfortunately prone to security risks. And so are any networks to which web servers are connected. Web servers by design open a window between a network and the world. The care taken with server maintenance, web application updates and a web site coding will define the size of that window, limit the kind of information that can pass through it and thus establish the degree of web security. "Web security" is relative and has two components, one internal and one public. Relative security is high if it has few network resources of financial value, the company and site aren't controversial in any way, the network is set up with tight permissions, web server is patched up to date with all settings done correctly, applications on the web server are all patched and updated, and web site code is done to high standards. Web security is relatively lower if the related company has financial assets like credit card or identity information, if web site content is controversial; servers, applications and site code are complex or old and are maintained by an underfunded or outsourced IT department. Web site undoubtedly provides some means of communication with its visitors. In every place that interaction is possible that have a potential web security vulnerability. Web sites often invite visitors to: • Load a new page containing dynamic content • Search for a product or location • Fill out a contact form • Search the site content ......

Words: 827 - Pages: 4

Premium Essay

Security Issues

...Onboard Systems Security Issues Embry-Riddle Aeronautical University On-board Systems There are many benefits and there are also some security concerns that need to be addressed when talking about common networks that are used on board an airplane or in this case a passenger plane. These systems can be affected in many different ways which could really cause some problems for the airline and even for the passengers themselves. However, if all of the necessary safeguards are put into place, then nobody should have to worry about whether their network is safe or if it is at risk. The benefits for using a common network are pretty straightforward when you look at it. All of the passengers are able to connect to one solitary network therefore reducing the need for more networks and having connectivity issues while in the air. However, if you have the air traffic controllers and the pilots using the same network as the passengers to maintain the aircraft, then you potentially have a lot of issues if not handled the correct way. According to Kim Zetter, there was an incident that Boeing was involved in and they had a special condition given to them by the FAA that allowed a Boeing 787 to “connect a passenger internet network with networks that control the plane's navigation and maintenance systems (Zetter 2008).” I cannot even begin to describe how dangerous that is regardless of whether you have the correct safeguards in place that do not allow passengers to have......

Words: 516 - Pages: 3

Premium Essay

Handling Security and Ethical Issues

...Handling Security and Ethical Issues at TBWI Course: IT560-01 Handling Security and Ethical Issues at TBWI A growing concern, especially with the recent information leak at Target, is the issue of security. Outlined are security concerns for TBWI and how best to handle them. In addition to handling security issues, there may be complicated ethical issues that may occur. To best handle these situations, those ethical issues are addressed, with recommendations for how best to handle them. Security Concerns In 2013, B2B International and Kaspersky Lab conducted a Global Corporate IT Security Risks survey and the results were quite startling. In a conservative estimate, “The average damage suffered by large companies from a single serious incident was $649,000. For small and medium-sized companies, the average damage was $50,000” ("Global corporate it," 2013). These damages can be the result of fines, lawsuits, as well as lost revenue from customers, who no longer have faith in the security of the company. It takes many years for a business, such as TBWI, to build a reputation, but it can all be lost in a matter of seconds. Because of this, the following security concerns need to be recognized, with a plan in place for prevention. External threats External threats are those that occur from people not involved with TBWI. These could be competitors or random hackers or thieves. These types of threats can occur at the software and......

Words: 1640 - Pages: 7

Premium Essay

Web Security Life Cycle

...drives and files on those drives. Equally as important it incorporates the business reason for applying certain permissions to those users who require access. 2. Security Operations and Administration This domain covers the security of an organization as a whole, dealing with the best practices and end results, of to how security is accomplished. It incorporates the documentation required to present the steps that will ensure the C-I-A of an organizations network. 3. Monitoring and Analysis This domain deals with activities that are accountable for collecting information. This covers sifting through the log files, and auditing the system looking for events, or possible attack paths. It also covers auditing internal use to ensure that the users are following best practices and adhering to the AUP. 4. Risk, Response, and Recovery This area covers the entire real of risk management. This includes identifying risk and ways to mitigate it, protocol to responding to various incidents, and business continuity planning. 5. Cryptography This domain covers the protection of information, primarily done by altering the data to ensure its integrity. . It also deals with the key management of digital signatures. 6. Networks and Communications This domain applied to the network infrastructure and the measures of security taken to ensure the integrity of its data. It protects the data transmitted in both the private and public communication networks. 7. Malicious Code and......

Words: 478 - Pages: 2

Premium Essay

Web Security

...Web Security World Wide Web When the internet hit popularity, many people were not aware what the first three letters meant in the url of a Website. It meant World Wide Web, but now that has been taken to a new level. The initial implication was that anything in the world could be accessed through a computer. The information was accessed by typing a word or phrase in the filed box. World Wide Web has taken on a new meaning and it has made people very angry, cautious and mistrusting. What has been happening is the people that are well versed in the subject of technology are using their knowledge maliciously. The problem is not only worldwide; it is beginning to increase by leaps and bounds. Website developers now have to implement security measures to protect user’s personal information. An article (Neville-Neil, 2007), explains that there are three “…main problems that people are trying to solve by building secure Web applications:” * The first problem most people encounter is authentication. How does the application know who is accessing it and what they are allowed to access? * Problem two is the ability of an attacker to trick users, once they have authenticated, into doing work on the attacker’s behalf. I call this problem request forgery. * The last problem is the risk involved in hosting UGC (user-generated content) on a Web site. The problems listed above are now prompting Web developers to build secure Websites. Of course, developers......

Words: 575 - Pages: 3

Free Essay

Web Application Security

...Web Server Application Attacks Brooks Gunn Professor Nyeanchi CIS 502 July 10, 2013 Web Server Application Attacks Many organizations have begun to use web applications instead of client/server or distributed applications. These applications has provided organizations with better network performance, lower cost of ownership, thinner clients, and a way for any user to access the application. We applications significantly reduce the number of software programs that must be installed and maintained in end user workstations (Gregory 2010). Web applications are becoming a primary target for cyber criminals and hackers. They have become major targets because of the enormous amounts of data being shared through these applications and they are so often used to manage valuable information. Some criminals simply just want vandalize and cause harm to operations. There are several different types of web application attacks. Directory traversal, buffer overflows, and SQL injections are three of the more common attacks. One of the most common attacks on web based applications is directory traversal. This attack’s main purpose is the have an application access a computer file that is not intended to be accessible. It is a form of HTTP exploit in which the hacker will use the software on a Web server to access data in a directory other than the server’s root directory. The hacker could possibly execute......

Words: 1620 - Pages: 7

Free Essay

Security for Web Applications

...RECENT CYBER ATTACKS SANDEEP VEMULAPALLI 12917417 IA-606 ST.CLOUD STATE UNIVERSITY SEP4, 2015 Cyber Attack: The attempt of breaching the security layers of an organization or a system by disrupting the network and there by accessing, stealing, modifying or destroying the valuable data and using the data for fraudulent purposes, causing a loss to the organization is called a Cyber Attack Origin: The idea of cyber attacks began at the earlier development of World Wide Web (www) in this stage there was not much harm to the organization but as there was advancement in technology the number of hackers increased day by day and also the effectiveness of the hacking technology has increased a lot which results a severe damage to the organization In more recent times many organizations like manufacturing companies, IT companies, banks and health care providers have been prone to the cyber theft and they lost huge volume of information which incurred huge losses to the companies. Some of the examples include the attack on Target, Primera Blue Cross, E-Bay, JP Morgan Chase bank Sony PSN and many other. These attacks have happened because of poor security measures and the loopholes in the system by which hackers gained access and made the companies to compromise a huge volume of information. Cyber Attack on Primera Blue Cross: Primera blue cross is one of the leading insurance company in Washington .It has undergone a cyber attack on May 5th and the......

Words: 1000 - Pages: 4

Premium Essay

Web Server Security and Database Server Security

...Web Server Security and Database Server Security Databases involve distributed updates and queries, while supporting confidentiality, integrity, availability, and privacy (Goodrich, & Tamassia, 2011). This entails robust access control as well as tools for detection and recovering from errors (2011). When database information is masked, there is still a possibility of an attacker garnishing sensitive data from additional database information that is available, this can be achieved and called an inference attack (2011). For databases, strategies have been designed to mitigate against inference attacks. Cell suppression is a technique used to combat an inference attack, by removing various cells in a database, and are left blank for published versions (2011). The objective is to suppress the critical cells that have relatively important information in them from being obtained in an attack (2011). Another strategy is called Generalization, and this involves replacing published versions of database information with general values (2011). Such as stating a specific date of birth with a range of years, thus a person born in 1990 could be generalized as a range 1985-1992. The critical values are intertwined with the actual values, so they are less discernable in an inference attack (2011). A Noise Addition technique can also be utilized. This requires adding randomized values to real values in a published database (2011). This provides “noise” for all the records of the...

Words: 2494 - Pages: 10

Free Essay

Riordan Manufacturing Web Security

...Riordan Manufacturing Web Security CMGT441 May 28, 2012   Riordan Manufacturing is a “Fortune 1000 enterprise with revenues in excess of $1 billion” with “projected annual earnings of $46 million” (Apollo Group, Inc., 2012). Their mission statement focus is to be “industry leaders in using polymer materials to provide solutions to our customers challenges” and “identifying industry trends” (Apollo Group, Inc., 2012). Yet, they are severely lacking in their physical and technical web security. Before any technical measures can be taken, physical measures should be considered. A big concern is where machines are located. The servers at San Jose and China are data centers and therefore need to be well protected. They should be in a locked fireproof room with authorized access only. Also, have a fire suppression and temperature controlled system. The servers at Albany and Pontiac should have the care, but at least be in a locked room away from the public to avoid accidents. All computers should be in an office or room that can be locked. Laptops should have cable locked or locked in a drawer when not in use. Printers should also be in a lockable room. Any research and design machines need to be in a separate part of San Jose building with special access and the servers need to have their own room. All the cyber security in the world could not stop someone from walking up to a machine and downloading the data. Next, to have a digital system the proper hardware needs to be in...

Words: 644 - Pages: 3