You work for an organization that is in the defense contracting field. As part o

Question

You work for an organization that is in the defense contracting field. As part of doing business with the federal government, your organization was audited and failed to meet the following requirements. Web traffic to and from the server is in the form of plain text. There are some sensitive emails also being sent outside of organizations that are not encrypted. You have been tasked by your manager to remedy the situation. Your assignment is to write a three- to five-page proposal that resolves the issues above. Your proposal should identify solutions, including costs, to remedy the failed requirements. How would you remedy or resolve these issues

Explanation / Answer

Q1)  As part of doing business with the federal government, your organization was audited and failed to meet the following requirements. Web traffic to and from the server is in the form of plain text

Threat #1 DOS Error & DDOS Error:- DOS, short form of Denial of Service and DDOS short form of Distributed Denial of Service are superior amongst all the threats as they are very difficult to get rid from. In addition they easily get launched and are cumbersome to track. It is very simple; just keep sending more and more requests to the system than that of it can handle all along. With the invention of the toolkit, it has become way easy to disturb any website’s availability. In DOS an attacker’s program will establish a connection on a service port, obviously counterfeiting the packet’s header details and then leaves the connection. Now if the host can handle 20 requests per second and attacker is sending 50 requests per second, then it may cause host server down due to mass fake requests. In this case, server cannot accept legitimate request as well due to fake requests and it shows unavailability of server to a legitimate user.

Security Solutions

Threat #2 Unauthorized Access - This is the most harmful threat as it leads to the loss of significant information and also to further attacks which could be worse than this. An attacker unknowingly gains access to your authorized section and steals sensitive resources. Suppose a host also playing the role of a web server has to provide web pages as per the request. But the host should not allow anybody to access the command shell without being sure about the identity of the user.

Security Solutions

Threat #3 Eavesdropping - Another greatest security threat in network. During eavesdropping, an intruder intercepts the packages of data transferred over HTTP (through monitoring software), modifies the data and misuses them in order to harm the network. It is really a dangerous threat as there are many tools named as Sniffers available and developed frequently to intercept the data packages.

Security Solutions

Threat #4 IP Spoofing - IP spoofing means presuming the IP of a network, creating an illusion of being a valid IP by creating Internet Protocol packets with disguised intentions of harming the actual owner of the IP address. By forging the headers in order to insert fallacious information in the e-mail headers to mislead the receiver from the original destination is also a type spoofing which is known as Spamming.

Security Solutions

Some good Practises to control other network related issues are:-

Please let me know in case of any clarifications required. Thanks!

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.