OSN security is about protecting data and sensitive information from those with malicious intentions. New vulnerabilities are constantly being discovered and threats against corporate networks are getting increasingly sophisticated. That’s why we need to know about the principles of information systems security and to have an idea about the possible vulnerabilities and attacks that could threaten our privacy.
A. Fundamentals of information security
Most threats to information system come from people not from computers. So we need to know about the core principles on which the information security relies:
Confidentiality: is about making sensitive information reach right people and prevents wrong people from getting it.
Integrity: refers to
…show more content…
//here I will paste the content of the previous part that talks about OSNs and I will just talk there about the web applications vulnerabilities that’s all.
1. Facebook
Likejacking attacks The main idea is that attackers create interesting posts using social engineering tactics [10]. This technique is based on the use of intriguing posts that rely on rumors, celebrity news and even disasters. By clicking the link some malicious scripts would automatically re-post the image or video on their contacts’ walls and even in some groups that they joined. This attack could also make users like a Facebook page without their consent.
Rogue applications
Facebook allows anyone to develop an app and submit it on its open platform to make it accessible to the users. Cybercriminals use this opportunity to collect sensitive information about people including their email addresses, Facebook Ids and even their GPS coordinates and use them later in spamming and phishing attacks.
Chat Attacks
Cybercriminals use the chat feature for phishing attacks and even to launch denial-of-service attacks although they are not friends of the
…show more content…
The result of the scan with this limited capabilities trial version of Acunetix as presented in the figure 3 shows more than a 100 XSS injection and a breach attack with some other medium and low threats.
The “BREACH attack” threat in MySpace allows an attacker to leverage information leaked by compression to recover targeted parts of the plaintext. For the “Cross site scripting” threat here, it allows an attacker to inject malicious code to another user in order to steal the session cookie and take over the account.
The medium level risk or the “HTML form without CSRF protection” could be a false positive alert. But it allows an attacker to make the user execute actions of the attacker’s choice in order to compromise the users’ data.
The “Clickjacking: X-Frame-Options header missing” vulnerability means that the server didn’t return an X-Frame-Options which means that this web site could be at risk of a Clickjacking attack.
“File Upload” risk is about allowing users uploading files like pictures, documents and others to the web application without being safely checked which may be used by an attacker to upload a malicious
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Confidentiality: It is about protecting the information from accessing to unauthorized parties. The key component of protecting the information would be encryption. The encryption ensures that only the authorized people can access the information. The encryption is widespread in today’s world and can be found in almost every protocol in use. Good example will be SSL/TLS, security protocol for communications over the internet that has been used in conjunction
Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Boston, Mass: Thomson Course Technology.
Security is of the up most important portion of this system. All data must be safeguarded from outside influences.
Firstly, they should ensure that organizations comply with information technology regulations. Secondly, they should ensure that IT staff are well equipped with technical knowhow to ensure they can pinpoint any forms of threats and take appropriate actions in advance. Lastly, the government, private sector, and other stakeholders should share information concerning diverse forms of threats to facilitate in the establishment of effective measures for addressing any forms of security threats (Moore & Shenoi,
There are many impacts that identifies with human error and why these errors occur. The human factor is the major problem in the importance of information security. The human factor is also referred to as “the missing link” in the security world as it implies the proactive approach whether than the reactive approach. The major contributing components to security concerns concluded that the non-acquiescence to the cybersecurity policy and lack of training.
The Open Systems Interconnection Model is a conceptual model describing how any combination of devices can are connected for the purpose of network communication and troubleshooting (Panko & Panko, 2015). Comparing the OSI model’s layers to the levels of application security will shed light on application vulnerabilities.
After looking into each of the seven layers in the OSI model it is apparent that there are many ways to exploit a security flaw within a system. A good security analyst has to look at the overall picture to keep the entire system secure and not just one or two layers. Information technology security measures are not a one time fix; it is a continuous process that must occur to keep pace with ever changing protocols, applications, and the ingenuity of attackers.
Providing access to all or every piece of information of the Government and of public importance.
This, of course, begs the question - what does the word integrity actually mean? It is easy enough to look up the phrase in the dictionary, and Webster’s gives a serviceable definition: according to their site, integrity is “The quality of being honest and fair”(Websters). Yet this textbook definition does not captur...
Nowadays, the information is the most treasured asset in an organization, due to it along with the experience represents the input necessary to take appropriate decisions and consequently to have success in the business. Almost all the information and knowledge related with the processes business, goods and services offered by a company, is processed, managed and stored through technology and information systems, thus the security of information has become increasingly important and plays a critical role in the enterprise government.
In literature and research multiple definitions of ICT can be found in the fields of science and technology by looking at various fields of technological aspects. UNESCO Bangkok defines ICT as the representative of all forms of devices that can manipulate information with the use of electronic means (2007, 1). The manipulation of information concerns many vulnerabilities and threats. These threats can cause major damage in system functionality. The process of detecting and eliminating these threats or vulnerabilities to ensure the reliability and confidentiality of data in any ICT system are known as ICT security (Bakari 2007, 4-5).
Integrity has been defined as “Moral soundness; honesty; freedom from corrupting influence or motive” by a good friend of mine and college graduate. The dictionary describes it as “Unimpaired, unadulterated, or genuine state; entire correspondence with an original condition; purity.” I enjoy Peter’s definition more then the official definition, however, the “genuine state” part of the dictionary definition is also really good.
capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.