This website uses cookies to ensure you have the best experience. Learn more

Cyber Vulnerabilities Essay

1387 words - 6 pages

INTRODUCTION
With cyber-attacks on the continuous rise, organizations public and private must address computer security vulnerabilities. SANS Institute has revealed “unpatched client-side software applications” as the top priority vulnerability for organizations globally. In conjunction with unpatched client software, vulnerable “Internet-facing web sites” can result in an organizations infrastructure to be compromised. In this study I will address the issue of unpatched client software, the impact to an organizations infrastructure, and patch management as a vital mitigation solution. (http://www.sans.org)
BODY
CLIENT SIDE “UNPATCHED” SOFTWARE APPLICATIONS VULNERABILITIES
Newly ...view middle of the document...

Email is a trending tool to exploit client side vulnerabilities. Email is a tool for spear phishing. Spear phishing exploits client-side vulnerabilities by using deceptive impersonations of applications. The email may contain a link to a trusted website, where the victim discloses personal information. Typically, the ultimate goal of the attacker is to steal data from the targeted organization and also to install back doors access so attacker can return for further exploitation. Do not open any junk mail, open email messages in plain text preferably HTML or RTF, lower administrative rights while access web browsers and no opening attachment until properly scanned (www.sans.org)
Office solutions software applications are used as an exploit tool for spear phishing attacks using email. When a user opens the malicious document the exploits vulnerabilities in the office software begin. An attacker hosts a malicious document on a web server or shared folder, and entices a user to browse to the web page or the shared folder. Note that, in most situations, Internet Explorer automatically opens Microsoft Office documents. Hence, browsing the malicious web page or folder is sufficient for vulnerability exploitation in many cases (www.sans.org)
Navigating vulnerable unpatched client-side workstations through the Internet super highway can lead to computer security threats. Web browsers, email, and office software are the platform where the client workstation vulnerability and cyber-attack exploits come together to the organizations demise. Cypher X employee Tim is playing a sports game through a web browser (e.g. Internet Explorer) or downloaded from an email to his desktop from an unknown server (EX. UMUC Module 2). Several of Tim’s desk top applications (e.g. Quicktime, Photoshop) are outdated and “unpatched”. By downloading from an unknown source or accessing a website that may be malicious, his workstation is vulnerable to cyber-security threats and the session hijack begins. A client side exploit typically begins when the attacker has created an exploitation code for unpatched client-side software. The attacker posts the exploit code on a trusted third party web site (e.g. Facebook). A user surfs the Internet and logs on to Facebook from and workstation that is running unpatched outdated plug-ins on office software (e.g. Quicktime). The attackers exploit code recognizes the vulnerable unpatched software application and begins hijack and install programs to the workstation using the password and username of the user who is logged on the unpatched workstation. The attacker now uses shell access to grant the users account full system privileges on the unpatched workstation. Once the attacker has full system access he dumps the pass-the-hash attack gaining access to all user id’s and password information and migrates to another computer in the organizations network. The pass-the-hash attack allows him to move any workstation of his choosing. At this...

Other Essays Like Cyber Vulnerabilities

How To Protect Your Network From Cybersecurity

2362 words - 10 pages * Unsecured dissemination of information through portals via open networks * The trend of greater transparency in board interactions and communications Without proper safeguards, executive boards are attractive targets for cyber criminals looking to exploit digital vulnerabilities to gain access to sensitive corporate data and intellectual property. To defend against this, boards must examine how their own usage practices may be contributing to

Information Technology White Paper

1186 words - 5 pages Tan Pham CSIA 303 Information Security White Paper Professor Gupta Information Security White Paper The internet and its technology have brought many advantages and disadvantages for information system of businesses, whether public or private. There is no denying that the business world will move further and further into the cyber world, where information are available just by a

Network Security

1161 words - 5 pages The internet and its technology have brought many advantages and disadvantages for information system of businesses, whether public or private. There is no denying that the business world will move further and further into the cyber world, where information are available just by a click of a finger. No matter how large of a scale a business is, private restaurant or large Banking Corporation, the truth is every single one of these business is at

Cmgt441 Week 3 Cyber-Attacks Individual Paper

836 words - 4 pages Cyber-attacks are a major problem to businesses as well as home users, it is in every nook, and cranny in the world of computers and prevention is a major concern to all. Many websites have contracted viruses or denial of service attacks and some host malware. Unsuspecting visitors visit these sites and contracted the spyware, malware, or viruses to their own home computer. What can we do for this? Well, there are preventive measures that one

Ipremier Case Study

680 words - 3 pages . Bob Turley should have pulled the plug much sooner. He had been working at iPremier for nearly three months and should have been aware of the company’s limited hacker defense capabilities. That awareness would have meant that iPremier was very vulnerable to anything beyond the most basic cyber-attacks. There was suspicion that the hackers could be stealing credit card information, yet he left the system up and running. The plug was only pulled

Negative Effects Of Social Networking

1236 words - 5 pages captured and used by attackers (Labushagne, Veerasamy, 2013). For attacking the websites, the cyber criminals locate vulnerabilities which are not properly fixed ad protected, and infect its database. Some attackers take advantage of the trust exhibited by the users when visiting the networking sites or harm through the use of fake identities. Besides these many attackers take advantage of webmasters who neglect the basic security regulations and

Domestic Terrorism

1663 words - 7 pages to numerous businesses as well as stores and local radio stations. Even though they have security measures in place they are still vulnerable to acts of domestic terrorism. The Empire State Building’s vulnerabilities are from employees and visitors being allowed to access the building without their bags being checked. Their computer network is vulnerable to cyber-attacks because they only implement the minimal security measures to protect the

Nothing Yet

5774 words - 24 pages management awareness of security issues or to test intrusion detection and response capabilities. It also helps in assisting the higher management in decision-making processes. The management of an organization might not want to address all the vulnerabilities that are found in a vulnerability assessment but might want to address its system weaknesses that are found through a penetration test. This can happen as addressing all the weaknesses that

Position Paper Summary

4036 words - 17 pages . (1) Normalize laws and standards on cyber perpetration and ICT intelligence use and supply. (2) Promote a comprehensive collaboration framework based on critical regional cyber security organizations. (3) Elaborate common terms and definitions and exchange national views on the use of ICTs in conflict for the sake of confidence-building. Australia Australian government calls for international collaboration to cope with information

Computer Crime

714 words - 3 pages "Hackers and Cyber Criminal Organizations" Please respond to the following: From the first and second e-Activities, explain the hacker ethic and hacker manifesto. Give your opinion fas to why hackers do not consider themselves to be criminals. Include one (1) example of such types of hackers to support your response. Hackers look at their abilities as a culture; they share in the same beliefs and the same need to constantly learn and

Protecting Against Internet Activists

1498 words - 6 pages Internet activists are often times a section of people whom meet in the cyber world and collectively deny customers from accessing corporate web sites. The intention of these internet activists is often denial of service. While the intentions of ”traditional” hackers are not just denial of service but stealing valuable insider information and data, internet activists only try to disrupt service. Organizations these days should guard against

Related Papers

Computers In Homeland Security Essay

971 words - 4 pages reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, as well as coordinating incident response activities. The locations of US-CERT are in Arlington, Virginia and Pittsburg, Pennsylvania. ?It relates to the Department of Homeland Security because it was established to serve as the federal government?s cornerstone for cyber security coordination and preparedness, including implementation of the National Strategy

Cyber Terrorism Essay

1587 words - 7 pages , politically, motivated attack against noncombatant targets by subnational groups or clandestine agents” (Cyber-Terrorism 1). These cyber-attacks have great reason to cause unease. Internet security professionals have expressed their increasing concern of the frequency of the attacks against the Internet. This is a very troubling trend as the terrorists learn and adapt from every attack what works and what doesn’t, what vulnerabilities they

On The Offensive Essay

1043 words - 5 pages in the using of the internet and all that comes with it. Is our government doing anything to protect us? It seems they only deal with major cyber-attacks and are not worried about the private sectors. The Pentagon’s new strategy involves the protection of the military contractors, saying they are trying to move from only defending major cyber-attacks to deterring cyber-attacks by showing their enemies that they are “willing to retaliate

Identifying Potential Malicious Attacks Essay

1095 words - 5 pages attacks. For example, an administrator maybe working on some task and might leave something open in a firewall where attackers can enter through. Some firewalls have the vulnerability that enables attackers and be defeated. By identifying the network components, you can evaluate their vulnerabilities. These vulnerabilities can have flaws in the technology, configuration, or security policy. Vulnerabilities can be fixed different ways, applying