Web applications and servers are popular targets for hackers and attackers. Gamble Bet need to note that web servers are used in storing web applications. There is over 10 attacks which are web-server based. Most organization employ the use of a firewall as one of the prevention techniques but not so that effective. One of the most probable types of attacks that the organization could have experienced is URL interpretation attack. This is the type of attack widely known as URL poisoning where the attackers manipulate the organization URL. SQL injection is another type of attack that could have resulted in credit system fraud. In here the attackers use application code to access the organization database. It allows the attackers to read, alter, delete, and create data stored at the back-end database. Cross-site scripting is another form of attack which could have resulted to credit system fraud. In here the attacks inject a code to the organization web application thus able to manipulate client-side scripts of the organization web application. It also allows the attackers to execute scripts which are able to deface the web application and hijack user sessions. Cross-site request forgery (CSRF) is another form attack where the users are tricked into performing unintended actions. By doing so the attackers are able to request the organization web application that a certain user is already authenticated against their backs. In here the attacker is able to access functionality through the victims’ already authenticated browser. Targets of these types of attacks include gambling sites, online banking, social media, and email addresses.
Web-based applications usually accept user input where queries are constructed which ought to be based on dynamic inputs. If some of these inputs are not validated or not properly sanitized then they will open a re-way for an attacker to launch attacks like SQL injection, and directory traversal types of attacks. Parameter tampering is another form of attack where parameters are changed between the server and the client. This, in turn, leads to SQL injections types of attacks. If an attacker is able to modify the parameters it can lead to other forms of attacks on the web server (Gupta, 2015).
From the case study, it is evident that the organization systems must be vulnerable to directly traversal type of attack. This is a type of attack where a user is able to access a resource beyond the organization web root directory. In here the attacker is able to access the organization system files and even run operating system commands, and access the organization configuration information.
LDAP injection type of attack where an attacker is able to exploit the organization web application by constructing LDAP statements which are based on the user input. This results in the execution of arbitrary commands like granting permissions to various unauthorized queries. One can also modify credit numbers content. XML type on injection is another form of attack. In here the attackers use usually inject XML document into a web-application. SSI injection type of attack, the user injects data into web-application. A successful type of SSI injection allows a hacker to inject code into the organization HTML pages and even able to perform remote code execution (Halfond, 2016).
Local and remote file inclusion allows an attacker to include unauthorized files by exploiting dynamic file inclusion. Fingerprint web-server based attacks are form exploited by a hacker where there are able to get information about the organization servers by sending specific commands and afterward analyzing the output. Server-side request forgery attack could have been used by attacked to bypass the organization network controls. In here the hackers are able to influence organization network connection which is made by the application server and able to comprise the organization servers. This type of attack can result into the heart-bleed type of weakness which results to from unsuitable user inputs and the validation of the user inputs are missing thus able to tamper with the organization system without notice.
Security misconfiguration is another weakness which could have been utilized by the attackers. From the scenario described, no documentation of any maintenance practice that was carried out by the organization. This usually results in security misconfiguration as security patches are released on the basis. Security misconfiguration gives attackers access to private features and data and can result in an incomplete system comprise.
The impact of these attacks can range beyond comprise of the credit card numbers system. The attacks can also lead to web-application defacement. It can also lead to information theft and loss of sensitive information. Some of these attacks can lead to serious modification of the organization data which in turn can lead to the bad reputation of the organization. Due to SQL code injection and injection-related attacks, it can lead to Denial of service attacks which have very serious implications to the organization. This is a type of attack makes data or information unavailable to the users of the system. Other types of attacks such as SQL injection, can hinder the normal functioning of the organization web-application. Local and remote file inclusion attack is specifically designed to crash the organization web-application and the web-server. This means that without Gamble Bet Pty Ltd having the best security controls it will eventually lead to the collapse of the entire organization system. This attacks can also lead to a huge financial loss. Example, Verizon investigation report shows that the DoS attack led to 3.3 million US dollars. 2015 alone most of the banking institutions were faced with the type of attack which originated SQL injection.
There various points that Gamble Bet need to note when handling this issue. To carry out the process of audit, the organization need to first establish the security baseline policies. Without having a well-laid standards and policies it would be very hard for the organization to determine the level of risk. Security policy baseline will be used by the organization in measuring the effectiveness of the implemented IT security controls. First, the organization needs to review the security mechanism which is configured at the firewall point. By doing so Gamble Bet will be able to evaluate some of the possible exposures to any unauthorized network connections. Second, the IT team need to review logging and configuration procedures. By carrying out this activity the organization will be in a position to know where to comprise originated from. Third, the organization needs to do a very quick assessment which should not take more than 10 hours. In here the organization needs to not to shut down their computers or the organization network else important information may be lost, they just need to disconnect the organization web-server from the network and perform penetration tests. After this Gambling bet need to change or its user passwords. All the administrative passwords should be changed and even request their clients to change their user passwords. With this, the organization is able to isolate the system which have been compromised and revoke access privileges which could have be gained by the attacker.
Phase two is establishing the where the attack could have originated. In here a system which could have been affected ought to be investigated by performing a forensic audit. An Attacker could have left malware on the organization system during the time they had access to the web-server to carry out attacks in the near future. All the activity logs are identified and documented. They should also be preserved for forensic analysis which ought to be done later. These logs help in identifying where the attack originated from so as to block any future attempts. The third phase is notifying those account holders that have been affected. The organization should also notify the stakeholders. The better one can send out a notification, the better. The organization can send mass emails to their clients or even call out automated calls to warn their customers of carrying out any unauthorized activity or revealing their passwords to anyone. Sending out notices is very important for protecting the organization’s reputation after comprise. By doing so, demonstrates that the organization takes their customer’s data very seriously. This also helps in reducing the backlash which inevitably follows a major data security breach. The organization ought also to notify the authorities as soon as possible which can help in the investigation.
Phase four is restoring the organization assets back to normalcy. This can be done first wiping data which is stored in the web-servers and then re-installing backup systems. In carrying out these activities the organization needs to depend on their disaster recovery plan and their business continuity plan which they have set in place. When restoring the organization activities it is important to be sure to first catalog those assets which have been comprised and what is supposed to be on the organization network according to forensic report findings.
The last phase is preparing for the next attack or system comprising. It is important Gamble Bet organization prepare the next type of attack. If the organization has been hit, then there is a possibility that one will be attacked again by the same people. By Gamble Bet organization studying the attacks methods implemented by the hackers, the organization is able to identify some of the gaps which allowed the attack to take place. This will also help in preventing future forms of attacks. The organization also need to study their DR/BC plan which will help them in learning how to improve their plan for future use. The organization need to improve on their overall cyber-security posture
The audit team needs to first secure support from the senior management. The support of the senior management is very vital as it helps in gaining the resources required for the IT system audit process. Also, before carrying out any audit process, the team need to establish what they know about the company. This question can only be answered by Bob, the CEO. From the CEO the audit team need to establish both internal and external stakeholders. The CEO is also the one who can give the very recent press releases or any news relating to the company. The team also need to establish the architecture structure of the organization and how information follows from the CEO to the lowest level. It is important to make sure that the Organization CEO, Bob have a clear understanding of the aims of the IT system audit plan and some of the benefits which are expected from it. Second, the team needs to interview the banking manager. How did he realize that the organization system was already comprised? When was the first time he interacted with the system?
The audit team needs to prepare questionnaires, and interviews with the key staff. One of the key staff who needs to interview is the organization IT personnel. One of the questions that need to be answered by the IT personnel is how the organization keep up with the current IT industry standards. What are some of the technical standards that Gamble Bet subscribe to? The team need to have a look some of the standards through illustrations. Second, the IT personnel need to show some of the strongest points that the organization have put in place to protect the every IT resource used by both the employees and Gamble Bet clients. The team also need to establish from the IT personnel the type of OS running on the web-server. IS it Linux, Ubuntu, windows or any other OS? In addition, to the audit team need to establish if one finds a defect or a bug in the web application, do the organization fix for themselves or do their contact banking provider to fix or their IT service providers. Are they any documentation of any bug which have ever been detected? All this information, the audit team need to find out and document.
From the IT personnel, the audit team needs to know measurements taken by the bank and the Gamble Bet to protect where the web-application reside. The audit also needs to go through the organization recovery policy document to examine if they are any security weaknesses one can identify.
One of the tool required in their audit which ought to be provided by the company is 05 FTK manager. This is an audit tool which allows one to examine folders and files in the network drives and local hard drives. Using this tool will help the audit team in creating SHA1 or what is commonly known as MD5 hashes. The tool helps in identifying the clients’ accounts which have been already comprised. The IT team also need to check if there any signs of unwanted browser toolbars in the web-server and the redirected searches. Also, with frequent random popups in the web-server gives a clear indication that the web-server has already been comprised (Jaeger, 2008).
One, of the activities that the organization need to do, is to install antivirus software in its web-server. The organization also need to keep all its computer software patched. The anti-virus installed by the organization needs to always be active and must be configured for an update on a regular basis. The antivirus also needs to be configured to automatically scan downloaded and all email attachments. The organization also need to regularly contact its IT service providers for unrecognized activities on the organization system. In addition, to this, the organization need to keep its operating system updated on daily basis. Second, the organization need to use very strong passwords for every application and site they use. The system administrator need to choose a password which have at least ten characters which included special characters and upper/Lowercase. In addition, they need to use the password manager in all its websites. The organization need to have a different password for each of its web-application. Clients should also be encouraged to always change their password regularly. As indicated earlier some of the attacks would have originated from social engineering attempts. In here one is able to obtain unauthorized information thus able to assume identify of may be a client. To counter this, clients are supposed to be advised in keeping their credentials private. The organization also need to secure all its WiFi connections to avoid any unauthorized access of the organization network. To prevent the organization system from SQL injections or any injection-related attacks the organization need to always establish all the web-applications which are vulnerable. Since these is the most common type of attack which could have resulted in comprise of the system, the first step is not to trust anyone. Second, one should not use dynamic SQL in their web-applications. This can be done by constructing queries with user input. The third step is updating firewall and patch which hackers can exploit. Forth, the organization need to consider installing a web-application firewall. This will help in filtering out malicious data. In addition, the web application firewall will help in setting default rules and it usually make it easy to add new rules where necessary (Gallegos, 2016).
Fifth, the organization need to always use appropriate privileges. One should not connect the organization database using admin-level privileges unless compelled to do so. Using a limited access account is far much better as it limits what an attacker can do. Sixth, it is always important to keep the organization secrets secret. As it is possible that the organization web-application could have been compromised, one should accordingly by hashing or encrypting passwords and other organization confidential data which includes even the connection strings. The organization should also not diverge more information than need as attackers can learn more about database architecture from the displayed error messages. This means that the organization should always display minimal information. In fact, the organization should use remoteonly to display their verbose error messages on the organization native machine. Lastly, the organization needs to continually monitor SQL statements from all their database-connected applications. This, in turn, will help in identifying any rogue SQL weaknesses and SQL statements (Pawar, 2015)
To perform the above IT audit process, it needs dedicated individuals who are ready to carry out the tasks and activities effectively. The following outlines the team member and the activities they will carry out
|
IT team member |
Activities |
|
IT Audit team leader |
This person is responsible for leading the IT audit lead team. He is involved in co-coordinating of the team activities. He is the head of the team and mandated in presenting an audit security plan to the organization stakeholders. He also mandated in resolving any conflict which may arise among the team. They are also supposed to teach their team members on how to interact with the organization stakeholders when carrying out any form of an interview. |
|
System analyst |
This person is responsible for evaluating procedures and analyzing credit system related issues. He also mandated in testing and designing standards and solutions. |
|
Risk assessment officer |
This person is mandated in evaluating and examining the operational procedures of the organization. He is also mandated in establishing risk-related issues. There are also mandated in monitor business indicators which could have been compromised. In addition, there are required to develop a contingency plan to deal with any emergency that may arise. |
|
Security consultant |
This is a person responsible I drafting questionnaires to be distributed to the various stakeholders. They are also supposed to mitigation factors and analyze financial data |
|
System administrator |
This person is mandated in producing reports related to database integrity and the performance of the system. There are responsible for performing system tests to determine the source of attacks. |
References
Gallegos, F., 2016. Audit and control of information system by Frederick Gallegos. 2nd ed. Cincinnati: South-Western Pub.
Gupta, A. a. S. S., 2015. Information System Audit. A study for security and challenges in, 2(III), pp. 45-67.
Halfond, W. V. J. a. O. A., 2016. A classification of SQL-injection attacks and countermeasure. In Proceedings of the IEEE International Symposium on Secure Software Engineering, 1(II), pp. 13-15.
Jaeger, T., 2008. Operating system security by Trent Jaeger. 1st ed. Chicago: Morgan & Claypool Publishers.
Pawar, 2015. SQL Injection Attacks. KHOJ: Journal of Indian Management Research and Practices, 4(II), pp. 125-129.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download