Protecting Information Systems Of Amazon.com: An Essay

Select an organisation. The organization must provide information systems services to the staff and customers. You have to write a report to answer the followings related to the selected organization:

1. One of the most common malwares in network information systems is ransomware. Discuss the working mechanism of ransomware and illustrate any three tools your organization can use to tackle the ransomware attack.
2. Network devices are highly vulnerable and can be exposed. Discuss three types of threats against network routers and switches of the selected organization. Illustrate how these devices are vulnerable to destruction and abuse.
3. Assume the organization used Windows server 2012 to host the organization web site. Discuss how the organization can ensure the reliability and availability of the web service.
4. Microsoft Exchange server is used by the organization to provide email services to the staff. Illustrate the ways the organization used to ensure confidentiality and integrity for the staff email (with justification and diagrams).
5. Discuss and prioritize the threats and the possible types of malware and security issues related to web mail and webserver of the selected organization.
6. One of the primary ways to ensure IT business continuity is to provide redundancy and fault tolerance. Propose two approaches your organization can use to improve the availability of email server. Justify your answer with the support of diagrams.
7. Discuss the impact of employee on information security of the selected organization. Provide risk management recommendation to reduce the risk of employee.
8. Illustrate how the logs records including security, access, and event can be help in monitoring and analyzing the web server and email serverproblems.
9. Discuss in detail how the audit log reports can be useful for performing auditing analysis, supporting the organization’s internal investigations, and indenting operational trends and log-term problems. In particular for the email and web server issues.
10. Propose with justification five types of network security devices can be used to control security and mitigate threats related to the web and email servers.

You may need to make some assumptions with the required justifications.

Background of Amazon.com

Amazon.com is one of the largest international corporation in the world. The organization deals with deals with an American commerce in electronic commerce and cloud computing. The company is situated at Seath, Washington and it was in the year 1994 by Jeff Bezos .

Currently Amazon is the second-largest private employer in the country, it has a stock worth US$1,944.30, and its subsidiaries are Zappos, Audible, Sough.com and Book Depository among others (Yang, 2018)

Amazon has been witnessing a lot of computer threats and vulnerability issues over the years, the attack ruin their computer systems. Ransomware and email attacks are the frequently reported to be the major issue in the company (Ferrante, Malek, Martinelli, Mercaldo & Milosevic, 2017).

Ransomware is a form of computer attack in which a rogue software cypher commendably holds personal computer hostage till a ransom remuneration is paid. Ransomware frequently infiltrates a personal computer Trojan or worm that will take advantage of an open network security vulnerabilities. The following are steps in which a ransomware attack a computer (Lee & Jeong, 2017).

1. The malicious virus enters the computer through a dangerous download or an attachments. The malware will then create a fault in the computer operating system which would run a harmful cipher code on the computer.
2. The ransomware will the hide private files of the computer user, jumping up the file content so that the user’s files would be unreadable.
3. The ransomware would then ask for a certain key that you would only acquire from it after payment of a certain fee through an unidentified online currency called a bitcoin, it is like venom only that users are recognized by the use of anonymous code known as the bitcoin address.

The following are the tools that the organization may applied in order to prevent ransomware attack (Hampton, Baig, Zeadally, 2018).

1. Installed antivirus to all of the organization computers – the antivirus should be installed ensure that it is updated regularly.
2. Establish computer security awareness- the organization should create awareness that emphasize on the avoidance of clicking carelessly on attachments and links in an email.
3. GPO restrictions- these is very easy and affordable tool for restricting ransomware and other computer malware. This involves adding certain rules that that would restrict clicking or downloading of files without authorise access. 

This threat is referred to as Border Gateway Protocol. This threat exchange unique identifiers called ASNS (Autonomous System Numbers) and routing information. The ASNs are is assigned by Internet Assigned Number Authority or by the Regional Internet Registries. When the information is passed across the ISP’s gateway, this gateway will determine the type of ISP each packet originate from by analysing the ASN at the header of the packet. Occasionally, disreputable individuals will advertise ASN’s they are aware to belong to different autonomous system (El, Soltani, Sagduyu, & Li, 2016).

A firewall is a defensive appliance to an organization network, threats in firewall occurs when an attacker obtain management access beyond this firewall. The attacker would then manipulate the firewall or even remove it to enable certain traffic, the outcome would be very disastrous (Lopez, Mihelich & Hepburn, 2016).

If the organization by any chance have employed Cisco infrastructure, it is not up to the required standard of vulnerabilities. If the organization does not get latest vulnerability issues it may fail to dedicate precise personnel for nursing of newly emerging patches or vulnerabilities. It is responsibility of any successful organization to build a strong firewall infrastructure and to keep up to date on the emerging vulnerabilities (Metalidou Marinagi, Trivellas, Eberhagen, Skourlas & Giannakopoulos, 2014)

Computer Threats and Vulnerabilities

1. Do regular backups ups- this is the process of backing up data, it involves copying the data into an archive file so that it may be used in case of data loss to obtain the original data. The primary purpose of doing backup is to recover loss data. Another purpose backup is to enable an organization recover data that exist initially. Backups would assist the company in the following ways: (Medhi, Bora & Bezboruah, 2017).

1. The company would be able to minimize threats and vulnerabilities
2. The company would prevent huge losses that that me associated with data loss
3. Customers would build trust in the company2.

2. Update systems regularly system updates would enable the organization installed more advance windows update from Microsoft corporation that has more security features

3. Set up a disaster recovery plan- This is a documented plan that has a set of measures that would help to protect and recover an organizations IT infrastructure in the incident of disaster. The plan is normally documented in a transcribed form, it outlines a procedure that an organization follow in case of a tragedy.  It is a comprehensive proclamation with a steady action adopted before, throughout and after the disaster.

Since most of the organizations now days are highly dependent on the use of Information technology to carry out operations, the plan will be necessary to ensure the organizations operations continuity by revering of information technology file data (Gottscho, Shoaib, Govindan, Sharma, Wang & Gupta, 2017)

It may be difficult for an organizations to avoid disasters but it may take careful measure on how this tragedy can be reduced. The following are the benefits that comes with setting a good recovery plan:

1. It gives an organization a sense of security
2. It help the business operations reduce risk of interruptions
3. It guarantees reliability of operations
4. Minimize the decision making when carrying out disaster recovery
5. It helps to minimize potential liabilities.

In networking, the term applies to many methods of aggregating (combining) a numerous computer network acquaintances in parallel so as to increase connection as opposed to what a single network could sustain and it would. The link Aggregation Group syndicates a sum of physical havens together to create a distinct high-bandwidth data route, so as to instrument a shared load traffic between the affiliate ports in a group and therefore connection reliability is enhanced.

Others terms used to describe this link aggregations are port trunking, NIC teaming, Ethernet bonding and others.

Fig 1 link aggregation between a switch and a server

This refers to errors that may occur in the process of reading, writing, and transmission, storage of data or processing which will give inadvertent changes of the original data. Computer, storage systems and transmission use several measures to give end-to-end data integrity or error free data. Window server 2012 provide means of fixing this data corruption errors. The windows would automatically scan and fix data corruption issues and thus will provide reliability (Berrocal, Bautista-Gomez, Lan, & Cappello, 2015).

Preventing Ransomware Attacks

This is a mechanism which restrict an access of computer file by permitting only a single user or activity to access it at a given time. With this the systems will implement a locking mechanism that will prevent interceding update set-up. Microsoft windows 2012 uses the following distinct measures to manage file access (Schumacher, 2014).

1. Utilizing share-access reins that would permit an application to sanction to stipulate  the whole-process sharing functions such as read write and delete
2. By utilizing the byte-range locks so as to adjudicate read and write admittance to regions located within a single file.

Data retention states the guidelines of persistent data and registry management for reaching business and legal data archival needs, this is sometimes interchangeable unlike data protection.

The major objectives in the data retention is the retention of mass surveillance of government data retention. The government analyses data retention to determine locations of individuals, an individual’s acquaintances and members of the group like political opponents, these deeds may either be lawful or unlawful contingent to the laws of a country (Syu, Call, Kang & Phan, 2018)

Reliability and availability of a web service depend on the mechanism that has been employed in setting up web service. Webs service trustworthiness (Cai, Luo, Haratsch, Mai & Mutlu, 2015)

In today’s business, there are high security threats and there is need to secure information from falling into wrong hands. The following are some of the suggestions that can help to ensure integrity and confidentiality of staff email (Kalra, Kollisch, MacDonald, Dickey, Rosner, & Venters, 2016).

Prober labelling: the company should initiate steps to treat the confidential email of the company. Legal protection would be lost if this would not be done. The label should be ‘’information is confidential’’ this would mean that no part of the information in the email may be clichéd.

1. Input no-disclosure provisions to the employment agreement- it would be a best practice for the company if employees sign an employment contract before they can handle confidential emails of the organization. The agreement should be clearly stated in the employment contract.
2. Limit access - the company should be very careful to reduce access to the companies’ confidential information in the staff email. To be on the safe side the information should only be passed to the concern departments.
3. Include confidentiality rule to the staff handbook- the handbook must contain the stated procedures of the confidentiality policy.
4. Conduct an exit Interview for every departing employee- during the exit exercise, the employees will be demanded to hand over all the confidential information of the company for example, should give out email passwords and be sign out. 
5. Use strong email passwords- the staff email should be very strong: a combination of special characters, lower and upper case and should have more than 10 characters.

Malware- increasingly, invaders takes advantage of email to send malicious data that may include warm, virus spyware or Trojan horses (Aziz, Uyeno,Manni, Amin, & Staniford, 2015).

Spam and phishing – this is an unsolicited email that is commonly called spam, the attackers sends a huge and bulky malicious emails to a target recipient. This messages will disrupt the organization productivity and utilize all the IT resources. If the company in any case responds to this email, it would be disclosing the company’s sensitive information. The compromised e-mail address would always receive spam email address (Tewari, 2018).

Unintentional activities initiated by authorised users- not all threats take place intentionally, authorised users may inadvertently submit proprietary or any other sensitive information through email which would expose the organization legal action or embarrassment.

Entities containing malicious intent- malicious gain access anywhere in the organization network through a successful spasm on the email sever. For instance, once the server has been compromised, the intruder would retrieve the mail password which he would use to gain access to various hosts on the company’s network.

Tools for Preventing Ransomware Attacks

TLS and SSL are very common. When they are used to send emails, both the email results are send securely protectively between the computer and the SMTP service. The SMTP must be properly encrypted using latest version of TLS between the TLS service and the recipient (Bhargavan, Delignat-Lavaud, Pironti, Langley& Ray, 2015) server. 

The use of antivirus would help protection of email. The user is required to input password to allow access, if the password would be verified by the server to ensure authentication. If the authentication is passed the user is granted access but if the opposite happens the user would be denied access.  The bit defender and Kaspersky anti-virus are recommended to be used in this case.  The diagram bellow shows the illustration (Kaur, Gupta & Singh, 2018).

Log files are frequently a company’s record of any suspicious activity. Permitting logging mechanism will allow the organization to utilize collected data to determine both successful and failed intrusions, pledge alert notifications when supplementary investigation is required.

Company need both tools and procedures to analyse, process log files and review alert notifications (Greiff, 2015).

Log files is post-intrusion threats detection applications that archives activities of the concern that is taking place inside a computer operating system. The archived messages are then used to measure the quantity of operations performed by the operating system.

For security reasons of the system, one thing that is mostly monitored in servers are is the intrusion of a network and computers system log files. Network detection of intrusion in this case is very important because it helps in detecting security threats that comes from log in triumphs due illegal too many attempts to achieve entrance or due to the cracking of passwords using brute force attack., accounts user log outs, failed unauthorised access to the secure files and the security log preventing, identifying and tempering this attacks is crucial (Vaarandi, Blumbergs & Kont, 2018).

References

Aziz, A., Uyeno, H., Manni, J., Amin, M., & Staniford, S. (2015). U.S. Patent No. 9,106,694. Washington, DC: U.S. Patent and Trademark Office.

Berrocal, E., Bautista-Gomez, L., Di, S., Lan, Z., & Cappello, F. (2015, June). Lightweight silent data corruption detection based on runtime data analysis for HPC applications. In Proceedings of the 24th International Symposium on High-Performance Parallel and Distributed Computing (pp. 275-278). ACM.

Bhargavan, K., Delignat-Lavaud, A., Pironti, A., Langley, A., & Ray, M. (2015). Transport Layer Security (TLS) session hash and extended master secret extension (No. RFC 7627).

Other Threats to Information Systems

Cai, Y., Luo, Y., Haratsch, E. F., Mai, K., & Mutlu, O. (2015, February). Data retention in MLC NAND flash memory: Characterization, optimization, and recovery. In High Performance Computer Architecture (HPCA), 2015 IEEE 21st International Symposium on (pp. 551-563). IEEE.

El Jamous, Z., Soltani, S., Sagduyu, Y., & Li, J. (2016, May). RADAR: An automated system for near real-time detection and diversion of malicious network traffic. In Technologies for Homeland Security (HST), 2016 IEEE Symposium on (pp. 1-6). IEEE.

Greiff, S. (2015). Computer-generated log files and their potential for educational large-scale assessments. The example of PISA 2012 problem solving data.

Gottscho, M., Shoaib, M., Govindan, S., Sharma, B., Wang, D., & Gupta, P. (2017). Measuring the impact of memory errors on application performance. IEEE Computer Architecture Letters, 16(1), 51-55.

Kalra, R., Kollisch, S. G., MacDonald, R., Dickey, N., Rosner, Z., & Venters, H. (2016). Staff satisfaction, ethical concerns, and burnout in the New York City jail health system. Journal of Correctional Health Care, 22(4), 383-392.

Kaur, K., Gupta, I., & Singh, A. K. (2018). Data Leakage Prevention: E-Mail Protection via Gateway. In Journal of Physics: Conference Series (Vol. 933, No. 1, p. 012013). IOP Publishing.

Medhi, S., Bora, A., & Bezboruah, T. (2017). Investigations on some aspects of reliability of content based routing SOAP based windows communication foundation services. International Journal of Information Retrieval Research (IJIRR), 7(1), 17-31.

Hampton, N., Baig, Z., & Zeadally, S. (2018). Ransomware behavioural analysis on windows platforms. Journal of information security and applications, 40, 44-51.

Ferrante, A., Malek, M., Martinelli, F., Mercaldo, F., & Milosevic, J. (2017, October). Extinguishing Ransomware-a Hybrid Approach to Android Ransomware Detection. In International Symposium on Foundations and Practice of Security (pp. 242-258). Springer, Cham.

Lee, J. H., & Jeong, J. (2017). Increase of Awareness of the Importance of Information Security Using Simulation Experiment Technique Model as Ransomware. Advanced Science Letters, 23(10), 10246-10249.

Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., & Giannakopoulos, G. (2014). The human factor of information security: Unintentional damage perspective. Procedia-Social and Behavioral Sciences, 147, 424-428.

Lopez, E., Mihelich, J., & Hepburn, M. F. (2016). U.S. Patent No. 9,270,639. Washington, DC: U.S. Patent and Trademark Office.

Schumacher, M. K. (2014). U.S. Patent No. 8,819,639. Washington, DC: U.S. Patent and Trademark Office.

Syu, M. M. L., Call, M., Kang, H. F., & Phan, L. D. (2018). U.S. Patent No. 9,875,025. Washington, DC: U.S. Patent and Trademark Office.

Tewari, A. (2018). Detection and Classification of Spam and Phishing Emails.

Vaarandi, R., Blumbergs, B., & Kont, M. (2018, April). An unsupervised framework for detecting anomalous messages from syslog log files. In NOMS 2018-2018 IEEE/IFIP Network Operations and Management Symposium (pp. 1-6). IEEE.

Yang, D. (2018). Has the arrival of Amazon altered the market structure for consumer electronic goods in Australia?.