CIS5205 Management of Information Security System

CIS5205 Management of Information Security System

Executive Summary

Scope, Expectations and Outcomes of the proposed plan of work

The Internet has become a central point for information-sharing in today’s world. Online social networking has become one of the most popular activities on the web. An important concern is their privacy, because social networks usually contain personal information. Privacy is an important issue when one wants to make use of data that involves individuals’ sensitive information. This work plan describe that how data can be prevented. Social networks often contain some private attribute information about individuals as well as their sensitive relationships.

The main scope of this documentation is to provide information to the organization (peopleSharz) about the security concern and to secure their hacked data by providing security measures. In social sites there are many users activated and the site contains personal information about the user. Some information is kept private and user expects security from server but sometimes their expectations may get failed due to cyber-attack. Hackers hacked the sites and stolen the users’ data.

The expectation is to develop a security measure that can help PeopleSharz to resolve their problem at some extent. The outcome is that we have got succeeded to identify the problem and analyzed the threats and vulnerabilities. We have also provided a set of recommendations to protect the site from further cyber-attacks or hacking. The incident response plan and business proposal are the outcomes of this assignment.

Introduction

This assignment has been conducted in order to get the understanding of information security in big organizations. The two deliverables are to implement a response work plan being a Senior IT Security Consultant at hackStop Consulting and to prepare a presentation as a business proposal that is based on how information can be secured in future.

Background and problem analysis

In big organization, they always think that someone else was handling it and they have given all the important credentials to an unauthorized person in which all the important data is been saved. They always think that why would anyone want to hack me, and they don't use any security constraints for the website and the hackers find that type of website and hack it easily.

Access control and authentication and authorization

Simply put how the admin or the authorized person logs in. When we talk about login, I am talking about more than your website. These are some of the main areas that should be on mind while accessing the website control:

1. How the hosting panel has been accessed?
2. How the server has been accessed? (i.e., FTP, SFTP, SSH)
3. How the website has been accessed? (i.e., WordPress, Dreamweaver, Joomla!)
4. How you logged into your PC / Laptop?
5. How you access your social media websites?

The other aspect of getting been hacked is the security software, you might be using very old security software that might be easily hacked by the hacker. You must use good networking security devices like firewall that will encrypt all the credentials and will rusticate the unauthorized access to your website and all the important data will be saved on your website. But you have to give all the credentials to an authorized person.

Hosting by the third party and taking their services has become common these days  in the website ecosystem, and that is very beneficial for the vast and tangible content management system (CMS) like word press, Joomla. Conant management is very important for the website as that is the main thing that attracts the hackers to your website, and you should use a good security system and third party integration for the security. But there is a problem with it when we are using integration if the third party in that case the user or the admin is not permitted to do any changes to the data or to the website all the work done by the third party, and that is also one of the main constraint of security. But if we want that our data and the website to be safe then we have to compromise with them all.

We have to change all the credentials and should integrate or configure SSL in our network so that all the data and the credentials should remain safe. Create a unique password for all the logins, SSH, server, word press, user accounts and also create a new set of wp-config.php security keys. If you have SSL security certificate then use it on your website.

We have to use various tools like Google webmaster and Email alerts, it is famous for its email alerts whenever they detect any bad activity on the website, if you are he website owner then you will be notified by an email from the webmaster.

Threat analysis 

As there might be various free hacks set up, regardless of the fact that you're ready to discover and settle down vulnerability we prescribe keeping on hunting down others.

You'll require:

1. Shell/terminal director access to your website's servers - web, database, documents
2. Knowledge of shell/terminal charges
3. Understanding of code, (for example, PHP or JavaScript)
4. Ability to run two antivirus scanners

Next activities:

We'll cover a few regular ways a site can be traded off or hacked. Ideally, one of these vulnerabilities will either apply to your site or will reveal insight into extra conceivable outcomes.

It would be ideal if you know that weakness scanners vary from antivirus scanners. Helplessness scanners can be much more intrusive and can possibly bring about undesirable harm to your site. If it's not too much trouble take after all headings, for example, going down your site, before running the scanner.

Potential vulnerabilities to explore include:

1. Infection tainted admin PC

On a director's virus infected PC, the programmer may have introduced spyware to record the site administrator's keystrokes.

Check for viruses on director's frameworks. We prescribe running a few trustworthy antivirus scanners, or AV scanners, on each PC utilized by an overseer to sign into the site. Since new malware contaminations are always being intended to dodge scanners, this activity isn't an idiot proof strategy for infection location. Since AV scanners may report false positives, running a few scanners can give more information focuses to figuring out if a powerlessness exists. Likewise consider examining both your webserver and all devices used to upgrade or post to the website, as a sanity check.

If the AV scanner finds spyware, malware or virus, an infection, Trojan stallion, or any suspicious program, research the site's server logs to check for movement by the chairman who possesses the tainted PC.

Log documents may have been changed by the hacker. If not, corresponding the manager's username with suspicious orders in the log record is additional confirmation that an infection on an executive's framework brought on the site to be defenseless.

2.  Don’t use weak or reused passwords

Breaking a feeble password can be comparatively simple for hackers, and it gives them guide access to your server. Solid passwords have a mix of letters and numbers, accentuation, no words or slang that may be found in a lexicon. Passwords ought to just be utilized for one application, not reused all through the web. At the point when passwords are reused, it just takes one security break on one application for a programmer to discover the login-and-secret key then endeavor to reuse it somewhere else.

In the server log, check for undesirable movement, for example, various login endeavors for an executive or a manager making surprising charges. Make note of when the suspicious action happened on the grounds that understanding when the hack first occurred figures out what reinforcements may in any case be spotless.

3. Outdated programming software

Watch that your server(s) have introduced the most recent variant of the working framework, content administration framework, blogging stage, applications, modules, and so forth.

Research all introduced programming to figure out whether your software contains security counseling. Assuming this is the case, the likelihood that obsolete programming brought on your site to be powerless is very likely.

As a best practice, dependably expect to stay up with the latest, paying little respect to whether obsolete programming brought about weakness issues this time.

4. Tolerant coding practices, for example, open sidetracks and SQL infusions

Open diverts

Open sidetracks are coded with the goal for the URL structure to permit the expansion of another URL so clients can achieve a valuable record or website page on the webpage. For instance:

Hackers can mishandle open diverts by including their spammy or malware page to the site's open divert, like this:

If your site is mishandled by open sidetracks, you likely saw the message in Search Console gave case URLs that included open sidetracks to an undesirable goal.

To avert open diverts later on, check if "permit open sidetracks" is turned on as a matter of course in your product, whether your code can deny off-area diverts, or on the off chance that you can sign the divert so that lone those with appropriately hashed URLs and the cryptographic mark can be diverted.

SQL query injection in the code

SQL infusions happen when a programmer can add maverick orders to client enter fields executed by your database. SQL infusions overhaul records in your database with undesirable spam or malware substance, or they dump profitable information to yield for the programmer. In the event that your site utilizes a database, and particularly on the off chance that you were contaminated with the malware sort SQL infusion, it's conceivable that your site was traded off by a SQL infusion.

Login to the database server and search for suspicious substance in the database, for example, generally consistent content fields that now demonstrate iframes or scripts.

For suspicious qualities, watch that the client information is accepted and legitimately gotten away or maybe specifically so they can't be executed as code. On the off chance that client information isn't checked before database preparing, SQL infusion might be underlying driver powerlessness on your site.

Dependencies and critical success factors to the job

After facing disaster like hacking of the website, the company PeopleSharz’s faces lots of trouble. So to improve the IT security system of the company I realize this will only happen by the help of whole team. As an IT consultant I focus onto the Dependencies factors as well as critical success factors.

Dependencies

To improve the security system and monitor throughout the entire company’s information sharing and to keep tracking on the devices which connected for any purpose, I have specifies some dependencies because I not enough to maintain the security of the entire information flow, database, sensitive data and confidential data etc. so I have to be dependent on some important member which needed to be hire from the company or from different IT sectors. Key stakeholders in this security breach - people to be interviewed or whose involvement in that phase of work is required are as:

Computer or information Research Scientist-These is those people who analyze which and what type of information needed protection.

Computer and IS Manager-Computer and IS Manager is responsible to plan, coordinate and all computer related activities.

Computer Network Architect-The computer network architect is responsible to design and implement data communication networks for the PeopleSharz’s Company including the LAN and WAN.

Computer programmer-Basically Computer programmer, software engineer, developer, coder or simply programmer is a person who specializes in field of writing codes for different purposes. So the computer programmer in this company will write codes to protect computers, database etc.

Computer Support Specialist-The computer support specialist have to provide a Help desk support to the users within company, they will have to provide help and advice about software of computers and other related equipment.

Database administrator-They will keep watching and monitor every time the performance and security of the database and only DBA has permission to access the entire part of database.

Network or computer system Administrator-The network or computer system administrator will organize, install updates and new software and other supported system including LAN, WAN, intranet etc. within the system.

Software Developer-The Software developer will develop the database and other application with advanced login feature to facilitate the company with enhanced security system.

Web Developer-The web developer develop web application advanced security panel for this company to access the user, employee and their targeted audience.

Critical Success factors

A critical success factor is a management term by which the company can achieve their mission. So the success factors for the PeopleSharz’s company are as follows

a. Network monitoring at certain time interval and perform investigation.
b. Firewall and data encryption techniques to protect sensitive data or files.
c. Prepare report on system security weekly and specially mention the area from where damage may arise.
d. Penetration testing to test the hacking attacks possibilities and chances.
e. Always perform research operation to know about latest security trend.
f.Help desk support to resolve any types of query of the employee.
g. Increase standard of security.
h. Automatic backup support.

Set of recommendations for improving PeopleSharz’s current security practices

After reviewing the case study of the PeopleSharz’s I have made some recommendation to changes the current security system because in earlier days IT security of the PeopleSharz’s hacked resulting that company down for a period of time, requires costing in repairs and in maintenance. So here I have created more than 20 recommendations to set recommendations for improving PeopleSharz’s current security practices and this company should have to place the IT security at the forefront point.

Identify network-PeopleSharz’s have to identify all the devices which have to connect on their network. They have to record network addresses, name of the machines, responsible person and the purpose of device. Should have to maintain encrypted list of the devices which is authorized to run the company’s network. Schedule a periodic cross check to test the device identification tool and detect the unauthorized devices.

Testing and verification-I have recommend that the company have to document and test all the security settings before connecting the devices.  I also suggest checking the system setting once in a month.

Suspicious- I suggest the PeopleSharz’s to set an audit logs to maintain the records along with time, source and destination of each single devices. Company has to deploy firewall in against of common web attacks.

Follow strict security policy and train staffs-The Company have to train their staffs to maintain security of the system strictly and seriously and have to avoid any type of security information leakage.

Secured with reliable software-The PeopleSharz’s company have to use good and reliable security software that provides many features like monitoring of malware on the basis of real time, scanning of email attachment and many more. To get the best result the company should have to configure it in automatic mode.

Strong passwords-I recommend that the company have to use the strict passwords policy because short password only contains letters or number which can be easily cracked by the hackers using few password hacking tools and techniques. So the company have to maintain the policy for harder password because the longer the passwords, the harder to crack it. The company should enforce the staffs to create password in alphanumeric manner because the passwords which is created using this technique by using more than ten character then it is impossible to crack it in whole life of human.

Protection-The Company has to identify the devices and laptops/computers in which need special protection. Also they have to know about all important repository of information, sensitive data storage which needs special access permission.

Backup plan- Even after proper caring of PeopleSharz Company’s IT security system the chance of security breach is as it is means the security breach will always be there. So the company has to always create a backup support of all type of data/information on local system as well as on server. And after having a backup plan the company PeopleSharz’s can avoid security disaster and successfully capable to overcome from lots of trouble later on. Keep crosschecking of the backup system and their security on the regular basis.

Set confidential Data Priorities- The major problem with this company is as they don’t have any idea about protection of confidential information. So after categorization of information or data or files by value and sensitivity, the company PeopleSharz can secure their data. The data which needs to primary priority are customer information system and employee record system. The social security numbers, account numbers, credit card information and other similar types of many different area which need to be protected.

Security and protection of sensitive and confidential data of the entire company is long term journey not just an event. It basically requires a systematic process to identify confidential and sensitive files and information or data. Understanding of the current work process, access, policies should be maintains in proper structured flow.

The Company PeopleSharz’s can get help by knowing about latest information of computer virus, spyware, malware and vulnerabilities from news, email and from social media. In earlier three or four year the data theft is increases more than approx. 600% by just leakage of financial information and nonpublic information so the Company PeopleSharz’s has to follow the recommendation to avoid trouble at the time of such kind of disasters.

A journal

In this task we were three members and the task is divided in such a manner that can be done with the great efficiency and within the timeframe specified. In my team there is one analyst who analysis that what will be the reason that the information is stolen, another team member works as a problem identifier and designing the solution, third team member worked as an implementer who worked on questions like what are the remedies, how the designed solution be applied to get the maximum benefit, control measures to secure information and so on. So all three of us has the knowledge of the assignment but the task division did not mean the respective member has a knowledge of his assigned task only, we have completed the assignment as a team having knowledge of the assignment as a whole. If we talk about PPT, we have divided 4 slides to each of us and then integrated after completion.

Conclusion

In the end all I want to conclude is that I have researched online, went through the links and sources and have written this conducted study as per my knowledge. I have also got to learn about the security breaches, its fundamentals, how to avoid it and how to minimize it when occur. I have also discussed threats associated with the online data or information and how the organization has to deal with it.

References

Bradbury, D. (2015). How to tell if you've been hacked. [online] the Guardian. Available at: https://www.theguardian.com/technology/2015/mar/23/how-to-tell-if-youve-been-hacked [Accessed 17 Oct. 2016].

My website has been hacked, w. (2016). My website has been hacked, what do i do next?. [online] Security.stackexchange.com. Available at: http://security.stackexchange.com/questions/30584/my-website-has-been-hacked-what-do-i-do-next\ [Accessed 17 Oct. 2016].

ManageWP. (2012). How to Identify and Fix a Hacked WordPress Website - ManageWP. [online] Available at: https://managewp.com/how-to-identify-and-fix-a-hacked-wordpress-website [Accessed 17 Oct. 2016].

Peopleshare.com. (2016). PeopleShare. [online] Available at: http://peopleshare.com/ [Accessed 17 Oct. 2016].

Its.ucsc.edu. (2016). Security Breach Examples and Practices to Avoid Them. [online] Available at: http://its.ucsc.edu/security/breaches.html [Accessed 17 Oct. 2016].

Brodkin, J. (2016). The top 10 reasons Web sites get hacked. [online] Network World. Available at: http://www.networkworld.com/article/2286560/lan-wan/the-top-10-reasons-web-sites-get-hacked.html [Accessed 18 Oct. 2016].