Potential malicious Attacks to a Modern Day OrganisationIn today’s environment, data is a valuable resource that needs to be accessible, reliable and at the same time be able to be protected from threats. With everyone using a network infrastructure to run their business it is imperative that the network is available and secure. This therefore raises the question as to what are the Potential malicious Attacks to a Modern Day Organisation?
Potential risks
- The most common threats are Browser-based , followed by SQL injections and remote procedure calls.(Xiaobo Chen, 2013).
- Another concern is the emerging market of developing kits that allow inexperienced scammers to join in on exploit networks.
- The use of mobile devices connecting on the network and the lack of security that they bring.
With that being said we will need to make sure we have the right devices in place to protect from these Potential Malicious Attacks to a Modern Day Organisation. Since browser-based threats are the most common and continue to plague the network we need to make sure all the hosts on the network are protected. We also need to make sure we have something in place to help locate and detect SQL injection attacks on the network. Last we will need to make sure that any mobile devices that connect on the network are updated and protected or not used at all.
Impact of Potential malicious Attacks to a Modern Day Organisation
- Browser based threats were number one among attacks on the network. Some of the common applications that are targeted are JAVA, Adobe, Windows and Internet explorer. If you take a look at those applications they are very common and are used by billions of devices. In 2012 there were 1,595,587,670 browser-based attacks. Once your system is infected there can be the potential for viruses or Trojan to severely affect the performance of an individual computer or cause the network to fail. If a system gets infected it could mean data loss of critical files or overloading the network with DDoS attacks.
- SQL injection is another threat and is one of the many web attacks used by people to steal data from organizations. With this style of attack it takes advantage of improper coding of the web applications that allow outsiders to inject SQL commands that allow access to the company’s databases.
- The last major threat that has become very common in recent years is mobile networking in the corporate environment. Mobile devices can get infected just the same as a PC workstation at work and if a mobile device is infected and connected to a computer at work now 2 systems have been infected.
a) How to prevent browser based threats
- Put in place 2 – firewalls, 1- Web/ FTP server, 1- Exchange Email Server, 1- NIDS, 2- Windows 2008 Active Directory Domain Controllers, 3- File servers, 1- Wireless access point ( WAP), 100- Desktop/laptop computers and VoIP telephone system
- After putting the above in place, we need to add Host Intrusion Detection System and all devices to complement the NIDS.
- change the wireless access point to have better encryption and protection to keep people from accessing the network that do not need to be on there
- change from a WAP to WPA2 with encryption like PSK or enterprise on the wireless access point.
b) How to prevent a SQL injection attack
- Analyze the present state of security present by performing a thorough audit of your website and web applications for SQL Injection and other hacking vulnerabilities.
- Making sure that you use coding best practice sanitizing your web applications and all other components of your IT infrastructure.
- Regularly performing a web security audit after each change and addition to your web components. (Acunetix, 2013).
c) How to prevent risk of mobile devices
- make sure all mobile electronic devices are updated and have virus protection on them. They will also not connect to other devices that are on the network until the mobile device has been scanned and verified clean.
- Avoid installation of applications that are not from licensed app stores as they may contain unwanted malware or software.
With these tips and With annual training, the network should have the ability to adjust to new threats against the network and always remember to update and patch all updates to keep vulnerabilities at bay. Stay safe qnd free from these Potential Malicious Attacks to a Modern Day Organisation.
