This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

UpGuard Vulnerability Scanning

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

UpGuard Vulnerability Scanning

UpGuard web scan results URL: https://www.upguard.com/webscan?c=https%3A%2F%2Fwww.symantec.com%2F

Target website name: Symantec

Target website URL: https://www.symantec.com/

Symantec is a software solutions provider company which is headquartered in Arizona, United States. The company is mainly known to focus on providing security services as well as information management. The company being multinational has several subsidiaries and divisions, with the most popular one being Norton which is based in California. This division is well known for providing systems security solutions in terms of its Norton products base. Where the product line includes Norton family, Norton security, Norton online backup, Norton computer tune-up, and Norton mobile security. Being a security solutions provider, the company is expected to have a reliable, well configured and secure network and computer infrastructure.

In inspecting the companies, official website for malware, detecting potential vulnerabilities which may be exploited by a malicious attacker and blacklist monitoring, UpGuard web scan services are used (Kerner, 2017).

On the overall, the security status of the website is well above average scoring an impressive 744/950 cybersecurity ratings. Brand protection, Phishing and Malware are some of the well-configured and secured checks which the site was able to pass entirely. This data indicates that the company has heavily invested and implemented advanced security features to help in protecting their digital assets against phishing and malware risks. However, despite the high ratings from the website, there were several vulnerabilities which were identified in website risks checks, email security checks, and network security checks.

The website risks identified in the check include the use of insecure SSL versions and certificates. This can prove to be very catastrophic once manipulated by a malicious attacker since the SSL is often considered as the backbone of a company’s secure internet. Without it being adequately configured can lead to data breaches, for it is used in protecting sensitive information. Furthermore, the HTTP Only cookies are not used, and the HTTP-HSTS is not enforced. As for the network security check, the DNSSEC was identified not to be enabled. Therefore, it is unable to perform its role of preventing forging of company records by malicious and third-party users.

Don't use plagiarised sources.Get your custom essay just from $11/page

Security Methods and Network Security Protections

One of the greatest threats faced by businesses is the loss of or exposure of data and information resulting from a data breach or a cyber-attack. Which is commonly identified as a cybersecurity risk? For any cybersecurity expert who has the impression as if they are a rabbit in the headlights, this should not be a cause for alarm, for they are not alone. Recent research has noted that even though a majority of businesses are very much aware of the various cybersecurity and technology risks which they face, very few are good at managing them (Sivaraman, Gharakheili, Vishwanath, Boreli, & Mehani, 2015). Hence the reason as to why more organizations are adopting the culture of hiring a white hat hacker to aid them in improving their security posture.

The white-hat hacker performs similar penetration testing strategies, scanning processes and attack methodologies which are used by the black hats/ malicious attackers. However, their intent is always positive and with authorization from the business management officials. This practice helps in identifying possible risks, developing mitigation measures against the risks, as well as creating awareness. These attacks, threats and risks can be a hindrance to the businesses ability to deliver their goods and services to their customers since cybersecurity is considered as the most significant perceived risk to organizations.

The more rapid new technologies continue to emerge, becoming critical to the overall success of the business, this, in turn, results in more complex IT infrastructures and thus increasing their attack surface. Some of the most common threats faced by organizations include Spoofing attacks, worms, Denial-of-service attacks, and cryptography (Moore, Shannon, Brown, Voelker, & Savage, 2006). With these challenges increasing the pressure on cybersecurity experts, several critical questions arise. How does a business protect itself against such threats? Which mitigation and risk identification process to be used?

Spoofing attacks, malware and worms are some of the most commonly used attack vectors to gaining access to an organizations network and computer infrastructure. Spoofing is often achieved when attackers, in this case, the white hat, impersonates either a user or a device on a given network to launch a malware, worm or other types of attacks against a network hosts or bypass access controls. There are several different types of spoofing attacks which white hats can employ to use in accomplishing their tasks. They include DNS server spoofing attacks, ARP spoofing attacks and IP address spoofing attacks.

The Denial-of-service attacks often rely on the use of IP address spoofing as a means of overloading the network devices and infrastructure with numerous packets which in most cases appear to be from a legitimate source. Denial of service attacks, cryptography-based attacks and spoofing are used in describing the ultimate goal of a class of cyber-attacks which are used explicitly in rendering a network or service inaccessible. For example, when a website is identified to suffer from a DoS attack to the average user, this may appear as if the site has stopped displaying its contents.

There are several recommended network protection protocols which can be used in protecting the organization’s network against spoofing, malware, denial of service attacks and worms (Touch, 2007). The most recommended approach involves both the organization and its users avoiding trust relationships. Organizations should put in place policies which clearly explains and makes awareness of the different kinds of data or links which users should avoid at all costs while connected to the company network. This is mainly because certain links are used to mask these attacks.

Packet filtering is another standard measure which organizations can adopt for spoofing, worm and DoS attack prevention. The packet filters are specifically designed to inspect packets transmitted across a network. The use of packet filtering is very useful in preventing IP address spoofing, and as a result, thwarting DoS attacks also. This is because they have the feature of blocking and filtering out packets which have a conflicting source address information (Microsoft, 2011).

Also, spoofing detection software’s and network security software’s such as firewalls should always be implemented, with the cybersecurity team being held responsible for their proper configuration. There exists a wide range of programs and software solutions which are made available for use by an organization to help in detecting vulnerabilities, risks and attacks such as spoofing attacks. The UpGuard cloud solutions applied above is an excellent example of such software’s. At the same time, with specific regards to spoofing attacks, businesses are recommended to adopt the use of the ARP spoofing program. All these programs should be enabled to work together in certifying and inspecting data and information in a network before there are transmitted while blocking any data which appears to be spoofed or suspicious.

 

 

 

 

 

 

 

 

 

 

References

Kerner, S. M. (2017). UpGuard Reports Accenture Data Exposure, Debuts Risk Detection Service. EWeek.

Microsoft. (2011). IP PACKET FILTERING.

Moore, D., Shannon, C., Brown, D. J., Voelker, G. M., & Savage, S. (2006). Inferring internet denial-of-service activity. ACM Transactions on Computer Systems. https://doi.org/10.1145/1132026.1132027

Sivaraman, V., Gharakheili, H. H., Vishwanath, A., Boreli, R., & Mehani, O. (2015). Network-level security and privacy control for smart-home IoT devices. In 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2015. https://doi.org/10.1109/WiMOB.2015.7347956

Touch, J. D. (2007). Defending TCP Against Spoofing Attacks. RFC-Editor. https://doi.org/10.17487/rfc4953

 

 

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask