Premium Essay

Web Security Issues

In: Business and Management

Submitted By samperera
Words 356
Pages 2
Web Security Issues/Concerns
Comparing to other online Apollo group organizations Riordan manufacturing has a few locations. No matter the size of the business but still the information and the database needs to be protected in any way. To overcome this the web up-time needs to be more effective and fast. In that case if a customer place an online order it can transmitted real fast to Riordan manufacturing to process the order. A weak point I found on Riordan manufacturing website is there is no option for customers for online entries. Also if they are willing to create a for customer information entry it should be protected by (DOS) Denial of Service to prevent online attacks and threats wise versa.
Current Riordan Manufacturing website specifications
As I went through the information each Riordan manufacturing facility has their own web server which runs internally, but with any firewall which is a huge risk. I found out that each web server is being installed and maintained by different vendors without any continuity plan or proper security measures. In case if a customer needs to contact Riordan manufacturing they has the option to send a text message describing their need. The email and phone numbers of Riordan are listed on the website as well.
Recommendations to secure the web security
I do suggest that if Riordan can setup one server on a location and connect all locations to it. It that case they can maintain and monitor their system easily and quickly before a potential threat or attack. They need to setup their web server as an external proxy server. Proxy server will control all in-coming web traffic. Proxy server cannot communicate back. So, it will be a one way communication which the information will be secured. Also Riordan manufacturing needs to create a secure customer database in SQL which they can access records faster. Another suggestion is…...

Similar Documents

Premium Essay

Riordan Manufacturing Internet Security Issues and Web Concerns

...Riordan Manufacturing Internet security issues and web concerns The biggest, and probably the most insidious threat facing Riordan comes not from aging servers, poor physical security, or antiquated workstations, but from their own employees; many of which may become unwitting pawns of social engineering, phishing, and malware. In recent surveys conducted across the industry, “More than 50% of businesses consider their own employees to be the greatest IT security threat, with 54% of respondents believe that insiders are the biggest threat, compared to 27% who fear criminals the most, 12% state-sponsored cyber-attacks and 8% competitors (Swabey, 2013).” With a growing trend across the industry, to include even the Department of Defense, to allow employees access to social media sites like Facebook, Twitter and LinkedIn, this comes as no small wonder. “Don't be too proud of this technological terror you've constructed (Lucas, 1976).” On the surface, all four of Riordan’s plants have firewalls at the border of their network, and to many novice system administrators and misguided information technology specialists this should be more than enough to secure the network from internet based attacks. Chances are these firewalls are inadequately configured; explicit deny means nothing if your letting social media sites into your internal network. “Social networks are about connecting people, and a convincing-looking profile of a person followed by a friend or connection request......

Words: 921 - Pages: 4

Premium Essay

Pdf, Docx

...Nt1110 Lab 10 Research Project E-Commerce Security E-Commerce (Electronic commerce or EC) is the buying and selling of goods and services ort he the transmitting of funds or data, over an electronic network , primarily the internet. These business transactions occur either business to business ,business to consumer ,consumer to consumer or consumer to business. The terms e-commerce and e-business are often used interchangeably. The term e- tail is also sometimes used in reference to transactional processes around online retail. E-commerce is conducted using a variety of applications, such as email, fax, online catalogs and shopping carts , Electronic Data Interchange (EDI),File Transfer Protocol, and Web services. Security is an essential part of any transaction that take place over the internet .Customer will loose his/her faith in E-commerce if its security is compromised. Following are the essentials requirements for safe e-payments/transactions. Confidential-Information should not be accessible to unauthorized person. It should not be intercepted during transmission. Integrity-Information should not be altered during its transmission over the network. Availability-Information should be available wherever and whenever requirement within time limit specified. Authenticity-There should be mechanism to authenticate user before giving him/her access to require information. Non-Repudiability-It is protection against denial of order denial of payment. Once a......

Words: 813 - Pages: 4

Premium Essay

Nt 1110

...Nt1110 Lab 10 Research Project E-Commerce Security E-Commerce (Electronic commerce or EC) is the buying and selling of goods and services ort he the transmitting of funds or data, over an electronic network , primarily the internet. These business transactions occur either business to business ,business to consumer ,consumer to consumer or consumer to business. The terms e-commerce and e-business are often used interchangeably. The term e- tail is also sometimes used in reference to transactional processes around online retail. E-commerce is conducted using a variety of applications, such as email, fax, online catalogs and shopping carts , Electronic Data Interchange (EDI),File Transfer Protocol, and Web services. Security is an essential part of any transaction that take place over the internet .Customer will loose his/her faith in E-commerce if its security is compromised. Following are the essentials requirements for safe e-payments/transactions. Confidential-Information should not be accessible to unauthorized person. It should not be intercepted during transmission. Integrity-Information should not be altered during its transmission over the network. Availability-Information should be available wherever and whenever requirement within time limit specified. Authenticity-There should be mechanism to authenticate user before giving him/her access to require information. Non-Repudiability-It is protection against denial of order denial of payment. Once a......

Words: 813 - Pages: 4

Premium Essay

E-Business

...are two types of environments, open insecure, and secure. The web site will be one or the other. It either has security or it has no security at all. After searching the internet I was unable to divulge any web sites that provided information as to the benefits of an open environment. This leads me to believe that there are no benefits to it at all. After thinking about it the only benefit I could even conceive would be faster access within the web site from page to page. I feel that most people would trade this for the security of a secure site. Even home computers have security, such as firewalls, and virus protection on their computers. The consequences of having an open environment are important ones. Viruses can be placed on the system which can cause the entire computer system to crash. Hackers can get into the system and obtain personal information from the site that can lead to identity thief. Hackers can obtain email lists from the site and send spam mail which would appear to come from the web site. Hackers can also place viruses on the web site, or steal banking information for customers. The web site could not be accessed if hackers were to place a virus that caused a “denial of service”. An overly secure web site can have benefits if the site is only open for a select group of people. The Department of Defense for example has an overly secure web site. They have information on the web site, much of which is private, which has to be protected from......

Words: 905 - Pages: 4

Premium Essay

Directions for Web and E-Commerce Application Security

...National Instituate of Technology,Rourkela Department of Computer Science and Engineering Term Paper on Directions for Web and E-Commerce Applications Security SupervisorProf.P.M. Khilar Submitted byDinesh Shende Roll No-212CS2102 M.Tech(1st year) Directions for Web and E-Commerce Applications Security Abstract: This paper provides directions for web and e-commerce applications security. In particular, access control policies, workflow security, XML security and federated database security issues pertaining to the web and e-commerce applications are discussed. These security measures must be implemented so that they do not inhibit or dissuade the intended e-commerce operation. This paper will discuss pertinent network and computer security issues and will present some of the threats to e-commerce and customer privacy. These threats originate from both hackers as well as the e-commerce site itself. Another threat may originate at ostensibly friendly companies such as DoubleClick, MemberWorks and similar firms that collect customer information and route it to other firms. Much of this transaction information is able to be associated with a specific person making these seemingly friendly actions potential threats to consumer privacy. Many of the issues and countermeasure discussed here come from experiences derived with consulting with clients on how to maintain secure e-commerce facilities. These methods and techniques can be useful in a variety of client and......

Words: 3283 - Pages: 14

Premium Essay

Cis 500 Case Study - Cloud Computer

...services. This paper discusses the Amazon Web Services (AWS) and evaluates the scalability, dependability, manageability, and adaptability of Amazon Elastic Compute Cloud, Amazon Simple Storage Service, and RightScale. Moreover, this paper examines the security concerns for cloud-based services and assesses scalability, reliability, and cost issues. Assess how Ericsson benefitted from Amazon Web Service (AWS) in terms of cost reduction, automated software updates, remote access, and on-demand availability Ericsson is one of the world’s leading providers of technology and services to telecom operators. There are reasons how Ericsson success like that. According to the Amazon Web Services (AWS) Case study, Ericsson uses AWS such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and RightScale for provisioning and auto-scale functionality. AWS give many benefits to Ericsson. For example, Ericsson saves money to invest to build on-premises infrastructure by using AWS. Ericsson also saves the time to build and install the infrastructure. Some of the technical benefits of cloud computing include automation and auto-scaling. AWS had the ability to deploy new applications and automated software updates instantly. AWS are able to scale up and down as demand changed and drive more efficiency. With Amazon S3, Ericsson can add any amount of content and access anywhere. AWS provides on-demand access to scalable web and application servers,......

Words: 1257 - Pages: 6

Premium Essay

Riordan Security Plan

...Riordan Security Plan CMGT/441 October 14, 2013 University of Phoenix Executive Summary: Riordan Manufacturing is a global corporation and has been performing both research and development activities and manufacturing plastics products for a number of uses since 1992. Riordan’s R&D efforts supply the company with new products to break into new markets, most recently the health care market. Riordan has grown and now has three United States locations and one location in China. Each location has a recently upgraded its information technology infrastructure including their network hardware and software. Riordan has also kept up with quality standards for its management and manufacturing operations, including following Six Sigma and ISO 9000 quality standards. The Sarbanes-Oxley Act of 2002 requires Riordan to implement some changes to their security processes to ensure compliance with the new law. The Sarbanes-Oxley Act is focused on to the regulation of corporate governance and financial practice, maintaining the security of all financial data and ensuring the systems that access or store financial data and information must be secure to maintain compliance and pass an audit. Team B responded to the service request SR-rm-013 by performing an analysis of Riordan’s current network, data, and web security issues. Team B’s analysis focused on the security of information to ensure Riordan will be able to pass a security audit as a result of the Sarbanes-Oxley Act....

Words: 2934 - Pages: 12

Premium Essay

Sr-Rm-013: Network, Data, and Web Security

...SR-rm-013: Network, Data, and Web Security CMGT/441 June 18, 2012 Abstract Riordan Manufacturing conducts an information systems security review over IT security issues that exist in different plants to prepare for an upcoming audit in accordance to the Sarbanes-Oxley Act. Several elements of the organization's information systems require revisions and updates to optimize physical and network security, data security, and Web security. SR-rm-013: Network, Data, and Web Security The Sarbanes-Oxley Act (SOX), passed in July 2002, requires publicly traded companies to submit accurate and reliable financial information. Securing private information is not included in its requirements; however, establishing security controls for confidentiality, availability, and integrity of the reporting are (Kim & Solomon, 2012). Riordan Manufacturing is preparing for an audit in compliance with SOX and is conducting an information systems security review over its physical and network security, data security, and Web security. Physical and Network Security Riordan Manufacturing performs an information systems security analysis over its physical and network security. Several elements of the IT system require revisions, such as restrictions to physical access to vital IT systems and upgrades to outdated systems within the network. Physical Security After analyzing the headquarters and Riordan’s other sites it was found that they were not designed nor equipped in the same......

Words: 2582 - Pages: 11

Premium Essay

Unit 4 Discussion

...The Apache Software Foundation (ASF) is a reputable open source foundation that has a history of developing and maintaining many open source products, including the Apache Web Server. In April 2010, the ASF discovered that their server hosting issue-tracking software was “hacked.” You can read a report on the incident on the following Web link: * https://blogs.apache.org/infra/entry/apache_org_04_09_2010 This report documents how a vulnerability was exploited, which solutions worked, which didn't work, and the measures planned by the Apache Infrastructure Team to mitigate future risks. Security is a layered process. Although the hackers took advantage of a vulnerable third-party Web application to gain root access to ASF’s Linux infrastructure, you need to focus on the layers of security that worked and failed on the Linux infrastructure, and how this vulnerability could have been avoided with a more secure Linux server. Discuss how the hackers took advantage of the JIRA daemon. What role did Pluggable Authentication Modules (PAM) play in this process? What are the security measures that you would recommend to mitigate such risks in the future? Participate in this discussion by engaging in a meaningful debate regarding the role of the JIRA daemon and PAM in the system breach and suggest security measures. You must defend your choices with a valid rationale. At the end of the discussion, write a summary of your learning from the discussion and submit it to your......

Words: 1568 - Pages: 7

Premium Essay

Course Discription

...& Brown, L. (2008). Computer security principles and practice. Pearson Education, Inc. Software Microsoft® Project 2010 (Virtual Desktop) Microsoft® Visio® 2010 (Virtual Desktop) Microsoft® Excel® 2010 (Virtual Desktop) Microsoft® Word 2010 (Virtual Desktop) All electronic materials are available on the student website. Supplemental Resource Microsoft. (2012). Microsoft Office Project 2010. Hoboken, NJ: Wiley. Article References Barr, J. G. (2012). Business continuity for web sites. Faulkner Information Services, 1-9. Barr, J. G. (2012). Identity management market trends. Faulkner Information Services, 1-10. Barr, J. G. (2013). Common criteria overview. Faulkner Information Services, 1-10. Barr, J. G. (2013). Biometrics market trends. Faulkner Information Services, 1-7. Week One: IT Security Overview Details Due Points Objectives 1.1 Recognize the importance of IT security implementation. 1.2 Identify major security issues associated with physical and operating system security. 1.3 Describe basic advantages and disadvantages among the various security implementations. Course Preparation Read the course description and objectives. Review the Learning Team Toolkit. NOTE: TestOut LabSims are available for this course. See Week One, Course Materials Page. Reading Read Ch. 1, “Overview,” of Computer Security Principles and Practice. Reading Read Ch. 2, “Cryptographic Tools,” of Computer Security Principles and......

Words: 949 - Pages: 4

Premium Essay

Web Solution

...Web-Based Solution Overview of Business & Web-Based Solution In this paper, TNV Bank selects for this paper that is the imagined banks. This bank is established in the US and providing their banking products and services in the US and others countries. TNV related to the banking industry and it generates revenues through different ways such as interest, transaction charges, services fees and provides financial advice. The main method of generate revenue is charging interest on the capital and lending activities. This bank provides different types of the financial products and services of the customers including saving account, current accounts, personal loans, home loans, foreign exchange services, credit and debit cards, online and NRI Services, cash management, treasury services, insurance and investment options. The company's strategic vision is becoming largest banks of the US in terms of numbers of customers and generates revenues through reach and connects with the more people. The main stakeholders of TNV bank are board of directors, management, employees, shareholders, customers and government. TVN banks established its offices in the all major cities of the US to distribute its financial products and services of the customers. The company operations strategy is using latest technology to provide best services of the customers at the right place with less time. American Express, Ally Financial, Regions Financial, RBS Citizen Financial Group, BMO Financial......

Words: 2392 - Pages: 10

Premium Essay

Security Assessment

...Security Assessment Methodology and Tools for Conducting Security Assessment Footprinting and scanning an organization involves gathering information about the organization in both the passive and active forms. Active footprinting involves assessing the required information about the company through the website, while the passive footprinting is where one would find out the information directly with the organization through the customer care or from an employee of the organization. Security assessment of organizations is carried to identify the security issues such as the risks that the company is exposed to through the information is available from the company’s website or the customer care desk. For most organizations, important information about the company is stored in the company’s database through cloud computing of the website (Gupta, 2013). The existence of high risks in an organization requires the need for an intensive security assessment. In conducting the security assessment, the following tools and methodologies are used; Web Application Security Scanner The web application security scanner is a tool that is used by organizations in speeding up the process of identifying the web applications vulnerabilities. Company websites, for instance, are vulnerable to various risks that lead to loss or lack of privacy of the information saved in the company’s database. The tool thus, assists in identifying the vulnerabilities in the shortest time possible....

Words: 652 - Pages: 3

Free Essay

Cloud Computing

...and services to mobile and fixed network operators all over the globe” (Ericsson n.d.). Amazon initiated their web service (AWS) in 2006, by offering IT infrastructure services to businesses in the form of web services referred to as cloud computing. One of the key benefits of cloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable costs that scale with your business (Amazon 2014). Ericsson benefits of AWS Amazon Web Services provided Ericsson with a highly integrated public cloud with hosting centers in practically every region in the country. This benefit would be a big plus due to the universal impact that Ericsson makes in the telecommunication industry where they provide services to more than one billion consumers. Cost savings was a significant benefit for Ericsson due to not having to expend the capital to build a comparable IT infrastructure internally. Arpit Joshipura, Ericsson Vice President of Silicon Valley (2014) states that, “With cloud computing services, operators can combine the user experience with professional services and will be able to handle a range of issues, such as protection of personal information, confidentiality of sensitive business data, data protection, IT governance, legal questions, unclear regulation, non-standardization, customer support and billing. Additionally, Amazon Web Services provided a proven track record for offering a better quality of service with solid management and a......

Words: 1184 - Pages: 5

Free Essay

Af 302 Essay on Web 2.0 Technologies

...Introduction Web 2.0 refers to a variety of websites and applications that allow people to create, share, collaborate and communicate. Web 2.0 unlike from other types of websites as it does not require any web design or publishing skills to participate, making it easy for people to create and publish or communicate their work to the world. The nature of this technology makes it easy and popular way to communicate information to a much wider audience. There are number of different types of web 2.0 applications including wikis, blogs, social networking, folksonomies, podcasting & content hosting service, YouTube, Facebook, MySpace, and Flickr (Thomson, 2008). However, despite it greater advantageous to our world today, there are some threats involved on the other hand. In this essay, I will discuss some number of privacy and ethical issues associated with the use of this type of technologies. As well some threats such technologies pose for small Pacific Island communities. Lastly, I will discuss the reasons why a privacy bill should or should not be adopted in the Pacific. Ethical and privacy issues related with the use of web 2.0 technologies? Copyright is one of a major issue related with the use of web 2.0 technologies. This ethical issue is referring to copy of others information illegally, by means without the permission of the copyright holder. Using of web 2.0 technologies like Facebook, you tube and other applications nowadays are rapidly growth all over the world...

Words: 774 - Pages: 4

Free Essay

Financial Reporting Timeline

...little progress. In 1938, the Securities and Exchange Commission issued Accounting Series Release No. 4 which asserted that any financial statements prepared in accordance with principles that had no substantial authoritative support would be considered inaccurate. This prompted the CAP to expand from 7 members to 21 members and increased its activity. b. Structure – The Committee on Accounting Procedures was committee formed by the American Institute of Accountants after the SEC delegated to it the responsibility of issuing pronouncements on accounting principles without government council. Initially, the CAP wanted to create guidance for solving accounting problems, but did not believe they had enough time. Instead, they began attacking specific problems and recommended accounting methods. c. Strengths – Although the CAP did not produce an accounting framework, they set the stage for how accounting policies would be made, in the private sector. They also had more power than was granted to any committee prior to their existence. d. Weaknesses - The committee did not have the best approach to solving accounting issues. Instead of creating a framework for financial reporting, they tended to release documents with multiple suggested solutions thus not solving the original issue. e. Reason for creation/demise – The Committee on Accounting Procedures was formed back in 1933 because of the lack of authority over accounting issues at the time.......

Words: 3361 - Pages: 14