Cyber Security and Cloud Computing
ISCG – 8047
Cyber Security and Web Applications
ASSIGNMENT 1
Submitted To: Submitted By:
Prof. Bahman Sarrafpour Sojan Chandy Therakom: 1468736 Contents
Introduction 2
Why is it important 2
Cyber war 3
Major Threats 3
Viruses: 3
Worms: 3
Spyware/Adware: 3
Trojans: 3
Rootkit 3
Botnet 4
Hoaxes and Urban Legends: 4
Denial-of-service (DoS): 4
Various Security Standards 4
Spoofing identity: 4
Tampering with data. 4
Repudiation. 5
Information disclosure. 5
Denial of service. 5
Elevation of privilege. 5
(ISO/IEC 27001) 5
CPE: 5
CWE 5
CVE 5
CAPEC: 5
CCE: 5
Security Tools 6
Honeypots 6
Classification of honeypots 7
Honeypot Implementation 7
Honeyed 7
Service-specific honey pots 8
Web Application Firewall 8
ModSecurity for Web Applications 8
ModSecurity for IIS 9
Conclusion 11
Cyber Security and Web Applications
Introduction
Almost all kind of large and small organizations might face increasing number of attacks into their network or intellectual property. This may lead to data disclosure, data destruction, and damage of organization’s reputation. There are numerous threats in the cyber space which might be capable of stealing, destroying or making use of out sensitive data for financial and non-financial gains. As the amount of computer, mobile and internet users increases, so does the number of exploiters.
Cybersecurity is the form of technologies, procedures and
The proficiency and efficacy of the cyberspace in its application in accounting, finance, system designs, manufacturing etc., cannot be denied nor neglected. The reality of the twenty-first century is simple; no organization can survive without the adoption and implementation of the mechanism of information technology to their area of business. On the contrary perspective, there are several challenges that are associated with the cyberspace, among which is majorly cyber security. Recently the hackers’ activity has really skyrocketed and has become a major concern for organizations, states and federal governments and even international organizations. Several regulatory schemes are put in place to mitigate the activities of hackers across the globe.
Cyber security is a major concern for every department, business, and citizen of the United States because technology impacts every aspect of our daily lives. The more we use technology the more complacent, we get with the information that is stored within our cyber networks. The more complacent, we get, the more vulnerable we become to cyber-attacks because we fail to update the mechanisms that safeguard our information. Breaches to security networks are detrimental to personal, economic, and national security information. Many countries, like Russia, China, Israel, France, and the United Kingdom, now have the abilities and technology to launch cyber-attacks on the United States. In the last five years there have been several attacks on cyber systems to gain access to information maintained by major businesses and the United States Government. Cyber-attacks cause serious harm to the United States’ economy, community, and the safety, so we need to build stronger cyber security mechanisms. Based on my theoretical analysis, I recommend the following:
In the previous five years, cybersecurity has turned into the most looked for after calling around the world. More than 90 percent of respondents to an overview directed by the Ponemon Institute (2011) detailed being a casualty to cyberattacks amid the most recent year, costing all things considered more than $2 million for each association. This number keeps on ascending as the two programmers and security devices progress. As indicated by PwC, roughly 33% of all U.S. organizations are as of now utilizing digital protection (Lindros and Tittel, 2016).
Most nations today fear terror attacks that include bombing use of reinforcements like machines guns and other firearms. This is because terror attacks most of the times leave many people dead and others disabled while others are left without families. However, there is another attack today in many nations that can be destructive like a terror attack and this is the cyber-attack and threats. Cyber-attacks can be responsible for large mass destructions by making all systems connected to cyber networks fail to work (Rhodes 20). An example is the Morris worm that affected the world cyber infrastructures and caused them to slow down to a position of being impractical. Therefore, as a result of these cyber-attacks resources are being established and designed to help counter the attacks.
In today’s world technology has evolved to the point where a large amount of information is stored in cyberspace. It is because of this type of storage people around the world have an easier time at accessing information than ever before. The time before the late 20th century gathering information was long and tedious to get a book that the library did not own would take at least a couple of weeks depending on the time period or it may not have been possible to obtain that book. But now people can access a vast amount of information in a matter of minutes. Example, in modern times if someone wanted to know about a different culture they could simple look up the information on a computer or any device that had access to
Businesses, be it small-scale or large-scale, use cloud computing for the storage of data since it is cheaper than buying hardware and software separately.
Over the past several years the term cloud computing has become common in homes and organizations alike. Cloud computing can be defined as a pooled set of computing resources that are furnished via the internet. There are three types of cloud services typically available, these services are Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS). Organizations can benefit greatly from cloud services because they eliminate the need to buy and manage physical resources. Although such an action cuts cost it leaves organization victim to the vulnerabilities and threats that exist in cloud computing. Throughout this paper I will discuss the vulnerabilities and threats that come
The internet is a medium that is becoming progressively important as it makes information available in a quick and easy manner. It has transformed communications and acts as a global network that allows people to communicate and interact without being limited by time, boarders and distance. However, the infrastructure is vulnerable to hackers who use the system to commit cyber crime. To accomplish this, they make use of innovative stealth techniques for their malicious purposes in the internet.
According to the U.S. Department of Homeland Security in the article Cyber Threats to Mobile Phones, phones are now sharing hardware and software similar to a PC and becoming each time more like a PC. Therefore, the risks of being hacked are increasing, allowing hackers to attack mobile devices the same way as if they were doing it with a regular PC. Personal and professional information are more often stored on mobile devices therefore it is imperative to have our data secure. Security solutions for mobile devices are not as broad or high-tech as those for PCs. The majority of mobile security relies on the proper use and smart choices that the user makes on a daily basis to be protected against cyber attacks. Even the most careful person can be attacked but the possibilities of that happening are less when you are proactive.
Usage of remote servers via internet to store, manage and process data instead of using a personal computer is known as Cloud computing. It’s a set of Information Technology services with the ability to scale up or down their service requirements. Most of the cloud services are provided by a third party service provider. In cloud computing, organizations can utilize IT services without in advance investment. Despite its benefits obtained from the cloud computing, the organizations are slow in accepting it due to security issues and challenges. Security is one of the major problems which hinder the growth of cloud. It’s not wise to handing over the important data to another company; such that clients need to be vigilant in understanding the risks of data infringement in this new environment. This paper discusses a detailed analysis of the cloud computing security issues and challenges. (Ayoleke)
This project is going to discuss about the Cloud Computing and its application in business. To briefly describe what cloud
It is important to note that whether an attack is perpetrated by a hacker group, other corporations or individuals, organizations must always prepare adequately through intrusion detection and prevention systems in place. Data breaches can have very devastating business and social impact to large businesses and their customers – the users. For instance, were Cloudflare attacked by a competing company, their trade secrets could have given the opponents ammunition to take them out of the field. In addition, lost data could influence criminal activity if for instance particular client information, for
Cyber Security also called computer security and IT security, is the assurance of data from theft or any harm to the gadget, the product and information stored on hardware. It incorporates controlling physical access to the equipment and additionally ensuring against code or data injection or via network access.
The Merriam-Webster’s Dictionary defines cyber security measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Most people think that hackers are just people that want to mess up your computer, but real hackers break into systems because they want to see what they can do, then they might leave a message on the victims computer, but that’s it. So, the computer security people protect from those other hackers that want to mess up peoples computers. The means we take can as individual to protect ourselves in the cyber world is be anyomous on websites, don’t post your personal information ,have virus protection install on your computer, get spy
The traditional model of software distribution, in which software is purchased for and installed on personal computers, is