Week 12

Over the past twelve weeks I have learned how to properly identify threats and vulnerabilities within a system and provide recommendations as to how to minimize them.  I also learned how to assess the risks associated with those threats and vulnerabilities and prioritize them based on the affect they will have on the system if exposed or exploited.  During the course I learned how to create action plans on how to minimize the vulnerabilities and threats.  The most difficult part of this course was creating a process model.  There were so many things that need to be covered in a process model such as the physical security of the building and the network itself.  Dependent upon the type of business you have to consider the legal aspect of things as well.  A process model was to be well thought out and planned.  Other than that the course was pretty straight forward.

Week 10

This weeks assignment of creating an action plan for the Harry & Mae's Case Study was a little challenging in that there are no specific guidelines for creating one.  With that said it was also hard trying to figure out what needed to be included in the action plan.  There are a lot of resources and references located on the Internet for action plans.  Many of them range from a few pages to several pages dependent upon their use.  My concept of an action plan was to simply just list the vulnerabilities and threats associated with the case study and provide a recommendation or fix action for fixing the vulnerability or threat.  Other than that I think the assignment was pretty easy assuming that I completed it correctly. 

Week 9- Passwords

When it comes to creating passwords for social networks, e-mail accounts, and other sites to include online banking we should be mindful of the passwords we choose.  Passwords are important in that they are the only thing that keep our accounts from unauthorized access.  Especially when most sites require the use of e-mail address for the username.  Our e-mail address can easy be obtained giving a hacker 50% of the puzzle.  Using passwords such as iloveyou, 123abc, 12345678, bigdaddy, peaches, princes,Eagles, or something similar are easy to guess and are amongst the most common used passwords list.  When creating passwords don't use dictionary words and try to use special characters, upper and lower case letters and numbers.  Doing so builds stong passwords.  Another pointer is to never use the same passwords for all your accounts.  For those who do you put yourself and others at risk of identity theft.  It is also a good practice to change your passwords at least every three months.  Changing them more often is even better. 

Week 8 Post

For this weeks posting I found an article that listed the top 10 security breaches of 2012.  While reading the article I began to realize that thieves are not just targeting banks but they seem to be targeting hospitals, hotels, insurance companies, department of revenue, transaction processors, yahoo, apple, shoe and clothing retailers, and the government.  Things lets us know that any business that deals with payments, social security numbers, passwords,and other personal identifiable information are targets.  Any website can be a potential target for thieves.  As users of these sites it's up to use to monitor our accounts and change our passwords often.  Hacker gaining access to our e-mail accounts can be dangerous in that most people receive e-statements for their bills.  Many websites also force customers to use their e-mail address as their username in which I think is a security risk in itself.  If a hacker knows the username he can easily guess or obtain the password especially since most people use easy guessable passwords.  The article can be found at:  http://www.crn.com/slide-shows/security/240144596/the-top-10-security-breaches-of-2012.htm?pgno=1

Week 7- My Insights

The assignment this week was pretty straight forward.  For this assignment most of my current security threats and vulnerabilities were gathered from Verizon's 2012 Breach report in which can be found at:  http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf  It seems that most of the vulnerabilities and threats discovered in the Harry & Mae's Case Study were current security trends found in the Verizon report.  It amazing how something as simple as failure to change default settings on a device can lead to a huge loss for business if exploited.  A company like Harry & Mae's that handles customers credit card numbers can't afford to be careless with this information.  They can lose there privileges to process credit card payments and be forced to pay huge fines.  This is a risk that as a business owner I would not want to accept.  Listed below are a few of my findings from the Harry and Mae's case study that I think are important yet simple fixes. 
Findings Summary

·        Default settings are currently being used throughout the network on various devices making it easy for hackers to break into network devices and capture information such as customer data, usernames and passwords.  It also makes it easy for hackers to establish user accounts and create privileges for themselves that allow them to have full access to the network or that particular device. 

·        Company wireless network is not password protected making it easy for hackers to compromise network and capture information being shared across network.  This includes the capturing of usernames and passwords.

·        Firewalls are not enabled making it easy for hackers to obtain reported information from malicious software that may be installed on the network without sending an alarm or alert.  Traffic is allowed to flow in both directions.    

·        Signature files are not being updated to filter e-mails.  Virus firewall will only capture e-mail according to old files and any new threats will not be captured.  This opens the network up to malicious software and viruses. 

·        No password restrictions.  This allows users to create easy and simple passwords that can easily be cracked by brute force or that can be easily guessed.  Uses are also writing passwords down making it easy for other employees, janitors, or visitors to login and compromised the system.

·        Virus software not currently being used on virtual servers. 

·        Access card data is being stored on the server that’s not protected.  If server was compromised hackers can create fake access card accounts to gain access to the building.  This in return will create a physical breach which could not only case harm to data but employees as well. 

·        Public IP address being used on servers making them accessible to those outside the network.

·        FTP server being used by employees to transfer files from outside and inside the company.  This makes it easy for employees to steal files from work or bring in malicious software or viruses to be distributed across the network. 

Week 6

In my week 2 blog I posted a list of sources that I felt were credible and reliable sources for obtaining information on potential threats and vulnerabilities.  The sites listed were good sources for security news and issues.  After reviewing my blog posts from previous weeks these are actually the sources that I have been using regularly.  Last week I used one sources that was outside my list and that was www.cio.com.  I think this may be a good sources to add to the list in that it contains information on the best products to include apps and tablets.  It keeps you up on what's going on with companies such as Microsoft and Apple. 

Week 5- Harry & Mae’s Assumptions

There are many assumptions to be made about Harry & Mae’s incorporated when it comes to security.  Security is something that they lack and I think they should consider developing some type of procedures, policies, and standards in order to protect the company’s assets.  There is also nothing in place that deals with privacy in the work place and therefore employees can’t be held liable for their actions.  There should be something in place to make employees for their actions in the workplace.  Harry & Mae’s should also be thinking about protecting their reputation as well.  An open network can compromise the integrity of the data being stored and retrieved.  They should also consider disgruntle employees in that they are known to cause major damage to the company.  The article listed below provides a few myths in the workplace that all employees should consider while on the job.  These should also be considered for Harry & Mae’s.  The article can be found at:  http://www.securityweek.com/three-privacy-myths-workplace