This sample will let you know about:
- Discuss about the various type of vulnerabilities.
- Discuss about the ways to secure the different kinds of breach or attacks.
Security is a term that commonly refer to the process and technique involves with keeping confidential and assuring the data integrity, which prevent through unauthorised the attackers from enter into system. The report is based on the diagnosis of different component that mainly used in system for processing. It may involve Operating system, internal software and Application directories. It will investigate about their overall functionality where how they can perform task within system. through finding, it has determined the possible vulnerabilities and threats that directly affects on the overall system activities. Furthermore, it will understand about the ethical implication that supports entire system from against attackers.
Organized the diagnostic to determine system components such as API directories, operating system and software. Investigate about finding and identify possible vulnerabilities.
The innovation of technology is an advancement which provide the better view for handling to find out solution. However, even with the advancement which may include attacks that would be increasing in day to day (Cai, Huang and Huang, 2019). In real time processing, it has diagnosed the system component of operating system, software and directories. It can be determined the various type of possible vulnerabilities.
Operating system vulnerabilities- OS is complex piece of software that usage for environment challenges on system and causes to undiscover defects that directly affects on the functionality. It can be determined the several type of vulnerabilities such as buffer overflow, Validation errors, Side-channel attack, failure of user interface etc.
API directories Vulnerabilities- It is based on the application that help for developer to maintain a large amount data or information in the system. it is beneficial for categorised to help aid application discovery. It can be identified the vulnerabilities such as exploit validation and webserver (ShakdheAgrawal and Yang, 2019). These are most common threat in the web server, Attackers might exploit the overall functionality of system. As a result, System failure which allows attacker to gain more information after vulnerability exploitation.
Software Vulnerabilities- In software, it can be identified the bugs which are exits in the form of coding that cause overall system to make unwanted actions. All type of software has bugs from one to other. Sometimes, it increases the situation of system failure, loss of connectivity. Software based vulnerabilities can be divided into different ways: malicious network traffic, remote exploitation, buffer overflow in web server (Farahmandi, Huang and Mishra, 2020). Ask for Assignment help UK from our experts!
As per investigation, it has found that vulnerabilities in system components which affects directly and indirectly overall system processing.
Discuss about the penetration testing on the system and used within system on the basis of identified vulnerability.
Penetration testing is defined as a process that simulated with cyber-attack against the system to identify the vulnerability exploitation. In terms of web application, this type of testing is the most common that attempted for eliminating the breaches within system (Zhang, Song and Yan2016). it can be used the application protocol interface to uncover vulnerabilities. For Example- The type of unsanitized input which are susceptible to code the injection attack.
In context of operating system, It can implement the penetration testing approach by using standards tool or platform. In this way, Pentest tool has automatically check if there is malicious code exist within software. That’s why, it will be increased the potential security breaches within OS, Software (Horawal vithana and Iamnitchi, 2019). So as decided to conduct the penetration testing on the allocated victim system and find out the vulnerability at some point. There are various stages for performing the penetration testing against system vulnerability.
- First of all, it will collect the information of security weakness within system and then target for single point.
- Afterwards, Tester to launch the attack by using identified entry point in the software system, OS and Application directories.
Identify the finding if attack failed and successfully done, determine the ethical implication in terms of information or access gained.
As per finding, it has concluded that attack must be failed due to high security aspects which may protect or secure overall system in proper manner. The security system is a type of property which always reflects on the system ability to protect itself from deliberate external hackers. If attack failed, Hacker must try to check another option and find out the weakness of system. Afterwards, it only targets towards single point where it become easier to gain information about the system. The attacker might be used the most common and well documented technique to access information (Humayun and et.al., 2020). It is known as Malware, which may include Trojen horses, viruses and worms. In this way, it has maximum possibilities of data breach within the system. So, as it should be considered the ethical implication that come with the data or information. Generally, implication refers to consequence of proposed action. It would be better for decision making in system protection and security.
- The community has established the rules and regulation for protecting through unauthorised access in the system (Iskandar, Virma and Ahmar, 2019).
- It should be protecting the population of vulnerable, who are trying to harmed professional activities.
- The organization provide training program in regards of security so that employee aware about the causes and implement concept in their daily activities.
- It must ensure that preserving privacy in such way, user can free to enter personal data without hesitation.
At highest level, Ethical principle and implication include in such manner to maintain the responsibility, honesty, fairness, transparency, robustness, trustworthiness, integrity and objectivity. In business perspectives, it must ensure that overall system become secured and also increased the performance or efficiency.
Ways to secure the system from different kinds of breach or attacks
Security of the network is one of the most important things which is required to be focused on by the organizations in order to secure their system from various kinds of threats or attacks (Xiong, Gülsever and Lagerström, 2019). A system is vulnerable to various kinds of breaches or attacks such as: validation errors, side channel attack, user interface failure, exploitation of functionalities by an attacker, malicious network traffic, remote control of system by hackers and many more. It is important for organizations to completely understand their system and to what kind of issues is their system vulnerable to so that they can take required measures to overcome them (Koopman, 2019). Some of the most common type of security breaches that can be faced by any organization are: viruses, malware, Impersonationof an organization, denial of service attack etc. Some of the most common ways that can be used by organizations to secure their system from various kinds of attacks or breaches are as follows:
- Ensure physical security of data or other system or network items: In order to secure systems for different kinds of breeches first step is to secure systems physically (Iskandar, Virma and Ahmar, 2019). Organizations should use strong passwords for their system and sensitive data or information should not be open for everyone i.e. only few people should have access to that information. Not only this sensitive information should not be stored within system directly in fact such kind of information should be stored in encrypted manner.
- All kind of sensitive data or personal identity information that are of no use should be security deleted and one must ensure that it is completely deleted from the system and there is no way to recover it (ShakdheAgrawal and Yang, 2019). Any kind of carelessness can lead to increase in risk of data theft or hackers attack on the system.
- Operating system should be continuously updated with updated security system as any kind of flaw or missing patch within the system can lead to increase in chances of malicious activities on the system. Only solution to this is to continuously update systems and all kinds of software or applications used by the organizations (Zhang, Song and Yan, 2016). In order to identify missing patches within the system can be identified by regularly conducting IT audits. These audits will help the organization to know flaws or issues within their current system so that they can work on it.
Many times, improper network configurations increase chances of attacks on the system and not having updated anti-virus or network security increases changes of malicious attacks on the system and can also lead to DDoS attacks as well (Wolf and Serpanos, 2020). So, it is extremely important for the organization to install and update a proper anti-virus used by them and continuously update their security system so that there is no chances that attackers can bypass security system. So in order to resolve this network configuration issue, network trouble shoot should be done so that issues in current network configurations can be identified in a timely manner.
Scan the website
After scanning, It can be identified the vulnerabilies in the website and expoosed the affected appliucation to risk of authorised access to damage confidential information. It has found that denial of service attack occurs. An attacker is mainly search for exploit for these type of vulnerabilities for system attack.
It can be identified that secure flag is not properly set up cookies so that browser will only send unencrypted data from source to destination. At that time, attacker will easily intercept the text communication and also access the data by steal cookies.
The communication can be done between server and web browser with the help of HTTP protocol. It will be transmitted the unencrypted data in the network. At that time, it has more chances to damage data where attacker will try to intercept communication.
Recommendation that how to record patches and fixes as per requirement.
In context of vulnerabilities and threat, it will not consider the single solution because the security aspects depend on the complexity of threats and how they will affect on entire processing of system. When addressed the patches in system, which required for measuring the downtime to deploy critical patches (Piantadosi, Scalabrino and Oliveto, 2019). In most of cases, it has generated the unexpected the down time which become serious causes of system functionality. As a result, it will require the essential patch validation that will implement in the system. In this way, it easily identified the issues and then recommended the practices for managing security, privacy. Need Assignment Samples?Talk to our Experts!
- It has recommended that implement configuration program which should protect and maintain current functionality of system. it should be containing various type of deployed software version that basically used in Information system (ShakdheAgrawal and Yang, 2019). This type of configuration program will support to control and prevent unauthorised access while changing the operational codes.
- It should be including the various procedures and policies which are related to configuration plan. It helps for updating, reviewing and protecting.
- It has suggested that can use the configuration control board to control changes, monitor and authorise overall configuration system effectively (Richardson and et.al., 2019).
Apart from that it should be fixed the patches while considered the management plan to check vulnerabilities through personal knowledge of entire system. The management review should be examined the vulnerability, threat and identified exploitation (Farahmandi, Huang and Mishra, 2020). At that time, it applied the prevention action when it has been discovered the weak cyber security. The personal knowledge related system helps for identifying activities of patches and try to fix them by using management configuration plan.
Another way, its assets that owner should try to maintain back up archive. In this way, it will create and update the prior patching activities. It provides the better way to understand functional as well as production system. It has recommendations for applying the backup verification process to check availability of threats within system (ShakdheAgrawal and Yang, 2019). On the other hand, it will use the concept of patch testing because this process will be dedicated towards the simulation hardware. so, as it become easier to create testing environment and closely associated with operational environment. it allows for checking the computability of software by using patch testing (Farahmandi, Huang and Mishra, 2020). The planning of test should be organised that verify patch fixes issues determined by supporting community or organization. In this way, Test should be conducted to validate the patch and they are not causes coexisting application and conflicts.
From above discussion, it concluded that security is an important term that help for protecting entire system through different attackers. it has summarised about the diagnosis of different component that mainly used in system. It may involve Operating system, internal software and Application directories. It can be measured the overall functionality where how they can perform task within system. through finding, it has determined the possible vulnerabilities and threats that directly affects on the overall system activities. Furthermore, it also considered the ethical implication within system which may protect or secure the entire system from malicious