Quality Web Design
Quality Web Design (QWD) Security Weaknesses Steve Gelin Submitted to: Jack Sibrizzi SE571: Principles of Information Security and Privacy Keller Graduate School of Management Submitted: 8/25/2012 Table of Contents Executive Summary3 Company Overview3 Security Vulnerabilities3 Software Vulnerabilities4 Hardware Vulnerabilities4 Recommended Solutions5 A Hardware Example Solution5 A Software Example Solution5
Impact on Business Processes5 Summary5 References6 Executive Summary My paper focuses on a security assessment of Quality Web Design (QWD), which is a very successful company that is well-known for its magnificent and appealing websites; they work on trying to get your company or business in the top 10 search engine results so that searchers find you on the first page of the search results.
They have a competitive pricing scheme going on, they offer many different options for their website construction, and they start by offering the customer a selection of pre-designed websites that they themselves can customize with their individual logos, text, images, themes or just a whole different template and any other information that would be helpful in catching the eye of potential customers.Company Overview
Quality Web Design (QWD) is a business that specifies and focuses on Web site, Web development, content design, programming, graphic design, photo editing and logo design for all types of businesses.QWD is a web graphic design and development company based out of Orlando, Fl.
QWD cater to a huge and diverse clientele that spans across USA, UK and Canada. Security Vulnerabilities: Software Vulnerabilities Listed further down are two security vulnerabilities: software and hardware.
These security vulnerabilities were identified through the initial verification of the QWD software usage for their web design company. A majority of QWD personnel require out of office access when working on projects for the company, so the use of Virtual Private Networks called (VPN’s), Outlook Web email, Microsoft SQL 2008 Server and Microsoft Exchange 2007 email servers which utilize the corporate intranet resources.
Remotely utilizing these programs or software out of the company will cause QWD to be exposed to attacks from the internet. But not only that, employees put the utilization of corporate equipment such as desktops, laptops & mobile devices (iPhones and Windows Mobile 6) in very harmful situations that the company will pay for dearly later as time progress. Having these equipment listed it is possible to incur outside attacks from the internet while utilizing the company intranet resource on a remote computer that is not protected.
As I’ve read the different equipment listed within the QWD company it seems that there employee laptops, & mobile devices are being used unprotected over the internet which could lead to situations such as Trojan horses and email worms. For example Microsoft Exchange 2007 email servers has a well-known vulnerability that could allow remote code execution, this vulnerability can allow an attacker to take control of your affected system with Exchange Server service account privileges or the attacker could just disable your services within Microsoft Exchange completely.
Hardware Vulnerabilities The same can be said for the companies hardware systems listed such as their iPhones and Windows Mobile 6, these hardware devices that employees of QWD are devices that can easily be hacked by an outside user for example the iPhone 4 has a vulnerability that allows an intruder to be able to act silently and retrieve e-mail messages, SMS messages, calendar appointments, contact information, photos, music files, videos, along with any other data recorded by iPhone apps.
The same can be said for their Windows Mobile 6 devices, there’s a well know issue with the Bluetooth function in all Windows Mobile 6 devices. This issue allows an individual to read or write any file that’s on your mobile device, even the Internet Explorer on Windows Mobile 6 and Windows Mobile 2003 for Smartphones allows attackers to cause a denial of service; which the attacker then uses to infiltrate your device to retrieve e-mail messages, SMS messages, and calendar appointments, contact information etc.
From my research the only workaround provided for this vulnerability is not to accept pairing nor connection requests from unknown sources. So it would be better if the individuals who are using devices with Windows Mobile 6 as their operating system should be very mindful and careful of the things that they allow their devices to connect to. Recommended Solutions:
For QWD the installation of anti-malware to protect against malicious applications, spyware, infected SD cards and malware-based attacks against their mobile or hardware devices such as iPhones, laptops etc. Strongly enforce security policies, such as mandating the use of strong PINs/Passcodes, use SSL VPN clients to effortlessly protect data in transit and ensure appropriate network authentication and access rights finally centralize locate and remote lock, wipe, backup and restore facilities for lost and stolen devices.
As for software vulnerabilities the use of firewalls, on both laptops and desktops, anti-malware and spyware programs that will protect against malicious activities, updated software patches with the latest updates to security threats, the use of strong passwords and pass keys, when sending information over the internet whether classified or unclassified he use of an encryption tool to keep that information from being intercepted. Impact on Business Processes:
As we all know as IT professional, there can be a lot of different impacts that can affect work progress within a company such as password update reminders, the cost that will be needed to implement these new changes, what would be the privacy, rules and regulations for these devices. Not only will these new changes cause confusion for the first few months of the change up, they may also cause employee’s to feel paranoid of the thought that their system could be compromised and that there being asked to constantly update things within their system.
Summary: In summary this paper focuses on the vulnerabilities of QWD as a Web Design and development company, the software and hardware vulnerabilities of their system and the needed recommended solutions for all devices such as their iPhones and Windows Mobile 6 usable devices. These devices left unchecked can cause major issues to the company if such items were attacked and used to an attackers benefit. QWD as an organization must assess the situation with their software and hardware vulnerabilities and commence the proper and needed steps to counter these problems within QWD.
References: Degerstrom, J. (2011). Browser Security and Quality Web Design. Retrieved from http://www. jimdegerstrom. com/blog/2011/05/browser-security-and-quality-web-design. html Lowe, S. (2009). Patch these critical vulnerabilities in Exchange Server. Retrieved from http://www. techrepublic. om/blog/datacenter/patch-these-critical-vulnerabilities-in-exchange-server/611 Hamell, D. (2010). Malicious Mobile Threats Report. Retrieved from http://juniper. mwnewsroom. com/manual-releases/2011/At-Risk–Global-Mobile-Threat-Study-Finds-Security Norman, G. (2009). Windows Mobile 6. 0 Users Beware of Bluetooth Vulnerability. Retrieved from http://www. findmysoft. com/news/Windows-Mobile-6-0-and-6-1-Users-Beware-of-Bluetooth-Vulnerability/ Greenberg, A. (2011). iPhone Security Bug. Retrieved from