Identifying Potential Malicious Attacks Essay

Submitted By jcoll0108
Words: 1197
Pages: 5
Open Document
Identifying Potential Malicious Attacks, Threats and Vulnerabilities
CIS 333

After performing a thorough review of the network and it’s topology it has been determined that several vectors exist that could open the network and the company up to potential malicious attacks. These vectors, if not resolved, could lead directly to loss of confidential data that could significantly impact day-to-day operations. I have briefly laid out each vulnerability and the potential impact on the organization.
Malicious attacks can happen at any time and it is important that organizations are aware of the dangers present within their own network topologies. Three of the threats that have been identified are FTP attack, Email Phishing and WAP exploitation. FTP or File Transfer Protocol is a network protocol commonly used to transfer files from one host to another. Natively, FTP is not secured and is vulnerable to brute force attacks, bounce attacks, packet sniffing, and spoof attacks (Allman & Ostermann, 1999). Phishing email messages are typically intended to steal the targets money. Attackers can do this by installing malicious software on your computer or utilizing social engineering to persuade you to install the software or abdicate personal information under deceitful pretenses (Microsoft, 2015). An example of wireless access point or WAP exploitation is creating rogue access points within your system and tricking your employees into using it vice the secure method. This can occur through the use of personal computers or through PDAs and smart-phones (Wright, 2007) .
As previously states, the impact of the three potential threats identified could be detrimental to the company’s assets. A compromised FTP server could grant an unauthorized user access to confidential corporate and personnel files. In 2012, Forensicon, a security firm, was able to browse to an FTP site at the Chicago Board of Elections. This breach granted him access to private voter files. These files included driver’s license numbers, cell phone numbers, emails, dates of birth and more (Policy Patrol, 2012). This is just one of many examples of how FTP not a secure ware to store and exchange confidential files since it offers no form of encryption.
Email Phishing is hard to predict because it has relies heavily on the intended target, an unsuspecting employee, clicking a link or responding to a fraudulent email. The purpose of the email is to get the target to access a compromised or spoofed website in order to install software that mines the target’s computer for sensitive information. This information, once received, could grant them further access into the files servers on the network. In a study performed by Professor Arun Vishwanath from the University of Buffalo, it was found that “an information-rich phishing message triggered a victimization rate of 68 percent among participants” (The American Bazaar Staff, 2015). Over the years, as more and more devices have become wireless, we have seen a steady rise in wireless access points. Companies have become installing them on their networks in an effort to make their employees more mobile. With this comes the added risk of wireless access pong exploitation. A common scenario used by attackers is to sniff out WAPs and utilizing the information found to create a false wireless access point. They then initiate a denial of service attack that renders the legitimate wireless access point inaccessible. When users attempt to connect they connect to the compromised wireless access point instead of their own. Once connected, the hijacker can intercept all traffic sent and received through the wireless access point and can steal credentials or infect hosts further. You can employ a few mitigations to protect yourself from the possibilities of attack via the methods spelled out above. FTP servers can be secured by utilizing FTP over Secure Shell (SSH) or Single Socket Layer (SSL) protocols. Those protocols
Show More

Related Documents: Identifying Potential Malicious Attacks Essay

Security and Experienced Malicious Organization Essays

malicious attacks and threats Potential malicious attacks and threats that may be carried out against the network include illegally using user accounts and privileges, Stealing hardware and software, Running code to damage systems, running code to damage and corrupt data, modifying stored data, stealing data, using data for financial gain or for industrial espionage, performing actions that prevent legitimate authorized users from accessing network services and resources, and/or performing actions…

Words 694 - Pages 3

Security Technologies And Methodologies

Security Technologies and Methodologies CMGT 582 Security Technologies & Methodologies In today’s computer based world there are several potential and devastating threats like hackers, viruses, worms, and Trojans etc. to our computers, networks, and confidential information. So as to protect any computers, networks, and confidential information the installation of security applications is vital and hardware systems to protect our confidential information, computers, and networks…

Words 906 - Pages 4

Nt1330 Unit 1 Assignment 1

considered to be much more accurate at identifying an intrusion attempt. 2. Ease of tracking down cause of alarm due to detailed log file. 3. Time is saved since administrators spend less time dealing with false positives 1.2 Demerits of Signature Based Detection 1. Signature based systems can only detect an intrusion attempt if it equivalent a structure that is in the directory, therefore causing directory to constantly be updated 2. Whenever a new virus or attack is identified it can take vendors…

Words 475 - Pages 2

prevention of malicious transactions in dbms Essay

Prevention of Malicious Transactions in Database Management Systems A thesis submitted in partial fulfillment of the requirements for the degree of Bachelor of Technology in Computer Science and Engineering by Himanshu Gahlaut Department of Computer Science and Engineering National Institute of Technology Rourkela May 2009 Prevention of Malicious Transactions in Database Management Systems A thesis submitted in partial fulfillment of the requirements for the degree…

Words 6516 - Pages 27

The History Of Biometrics

biometrics is currently at the forefront. A biometric system is essentially a pattern recognition system which recognizes a user by confirming the authenticity of a specific anatomical or behavior attribute of the user. The biometric system has the potential of being a far more secure method of authentication in comparison to traditional methods such as keycards and passwords. With computers now integrated into nearly every aspect of our lives, it is imperative that we protect data that is personal…

Words 1366 - Pages 6

Penetration Testing Essay

Internal, "authorized" users of a system also present a significant security exposure. According to a recent survey, [05] 75% of respondents cited that disgruntled employees are the most likely source of attacks. Employees or other trusted parties were those most likely to be responsible for vandalism, theft of information and sabotage of data. Hackers, both internal and external, identify targets through choice and opportunity. A "target of choice" is…

Words 3392 - Pages 14

White Paper C11 678658

Neighbor Discovery (ND), including stateless address autoconfiguration, suffers from the same lack of authentication as Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP) on IPv4 networks. On IPv6 networks, ND spoofing attacks are real. The latter is often seen in IPv6 networks due to a misconfigured IPv6 host. The mitigation techniques include: ● Using the network switches to block invalid ND packets (as done in IPv4 with DHCP snooping and dynamic ARP inspection). The…

Words 2256 - Pages 10

Nt1310 Unit 3 Assignment 1 Safeguard

Antivirus: This antivirus suit works round the clock with its advanced heuristic detection feature which ensures that all monitored devices are free from potential digital attacks in the form of viruses, malware, ransomware, and more. The software also ensures that the network is protected and safe from backdoor intruders. This way, micro teams, small businesses, and freelance professionals can safeguard their computers, smartphones, tablets, and even their smart home devices from being penetrated…

Words 938 - Pages 4

Information Security Essay

Smith American Military University Introduction to Network Security Since the development of computer networks there have been weaknesses and those seeking to exploit them. Initially the reasons make have been non malicious and academic in nature, but later became ways to steal valuable data in cyberspace. Those who break into networks aka hackers have many different reasons for their network breaches and could range from stealing corporate secrets and national security…

Words 4180 - Pages 17

research paper

consistent issues highlighted by the media continually reporting some sort of cyber-crime, a study indicating that about 90% of assaults happen on the inside [1] raising concerns of how easy it is to be working on the inside to be able to infiltrate attacks.. Has ethical hacking at last taken on the hero's role for tackling the issues or has it made new ones? 2. DISCUSSION A. Education And Training The issue of instructing learners (STUDENTS) to hack is still an intense issue that we confront today;…

Words 2526 - Pages 11