Internet activists are often times a section of people whom meet in the cyber world and collectively deny customers from accessing corporate web sites. The intention of these internet activists is often denial of service. While the intentions of ”traditional” hackers are not just denial of service but stealing valuable insider information and data, internet activists only try to disrupt service.
Organizations these days should guard against cyber-attacks on their web sites by having a very structured security policy. It is not just enough to have a secure infrastructure setup as a one-time effort but continuous monitoring is necessary to ensure no security breach takes place. A well ...view middle of the document...
The traffic pattern analysis would help find any specific patterns in incoming traffic. The security countermeasures load balancing; throttling or dropping requests could further be tweaked based on the traffic pattern analysis results. Using packet trace-back one could attempt to trace back to the original source of the attack. Monitoring the origin of these packets would help filter them out in the event of unusually large volumes of traffic which attempts to bring the servers down. Event logs could be used for further analysis of the attack with a chronological account and an audit trail of all the events that occurred during the attack.
There is an inherent risk in outsourcing the implementation of an online system when military personnel would be the beneficiaries of it. As the government would have to ensure the safety and security of each and every military personal, the consulting firm would have to safeguard the privacy and hence the identities of its users from being compromised. Medical records contain sensitive personal data which needs to be protected at all costs. The mere fact that the system is accessible anywhere from the world is a security threat of such a system. Consultants if not provided with strict access control restrictions to live data could cause insurmountable losses by stealing sensitive data. While consultants are working on a military facility it gets harder to track their web browsing habits which would end up rendering the inside network exposed to other threats that include viruses, malware or suspicious email attachments not being filtered out.
Vulnerabilities of an online patient care system would be numerous if the system is proactively not built with security in mind. Like any online application, potential vulnerabilities would include security misconfigurations on the web or application servers, database servers and firewall. Most of this hardware when procured comes with default settings that would need to be re-configured so that it does not give the attacker a chance to hack into one of these systems without little to any effort. Other potential vulnerabilities include unencrypted transmission of data between systems. When dealing with patient records sensitive information like SSN numbers, credit card numbers, authentication credentials etc. could get transmitted without strong encryption algorithms being applied. An outsider could try to sniff this data using a tool and could thereby steal valuable information which could later lead to identity theft.
It is important to have the system thoroughly verified before it is deemed fit to move live. A third party audit of the system is a great way to uncover any hidden vulnerabilities. Penetration testing by an independent authority is another way of verifying how secure the underlying infrastructure really is and if it required any...