The Internet Security Has Been Completed Information Technology Essay

Introduction: In this undertaking show an IT company one-year cost. Entire Cost of Ownership is equal to the assets values times the exposure factors. Annualized Loss Expectancy is the estimated frequence with which peculiar menaces ‘ may happen each twelvemonth.

Calculate the TCO for their current system.

Hire a custom writer who has experience.
It's time for you to submit amazing papers!

order now

Hardware Cost – Web server 8 ten $ 15000 = $ 120,000.00

Data base waiter 2 ten $ 25000 = $ 50,000.00

Entire hardware cost for 5 old ages = $ 170,000.00

Annual Support Cost – Web server 8 ten $ 1500 = $ 12000.00

Data base waiter 2 x $ 2500 = $ 5000.00

Entire Annual Support Cost = $ 17,000.00

Annual Employee Cost – 40,000.00 ten 3 people

Entire employee cost per twelvemonth $ 120,000.00

TCO = $ 170,000.00 + ( $ 17,000.00 x 5 year ) + ( $ 120,000.00 x 5 year )

= $ 170,000.00 + $ 85,000.00 + $ 600,000.00

= $ 855,000.00

Calculate ALE for the system

Per Year turnover = $ 46,000,000.00

So, per hr turnover = $ 46,000,000.00 / 8760.00

= $ 5250.00

So, offline cost = $ 5250.00 x 10

= $ 52,500.00

Cost of each breach = 0.2 % of TCO ( $ 855,000.00 )

= $ 1710.00

So, ALE = $ 52,500.00+ ( $ 1710.00 x 3 )

=52500.00 + 5130.00

= $ 57,630.00 per twelvemonth

Normally employee plants in 5 official yearss

So in a twelvemonth working twenty-four hours is = ( 52 x 5 ) yearss

= 260 yearss

Security decision maker gets $ 40,000 per twelvemonth.

So per twenty-four hours wage is = $ 40,000.00 / 260days

= $ 153.85

Security decision maker works =52 hebdomad x 2day

=104 yearss ( per twelvemonth )

So the wage would be = $ 153.85 x 104 yearss ( per twelvemonth )

= $ 16000.00 ( about )

Annual economy of the company is = ALE- wage of security decision maker

= $ 57630.00 – $ 16000.00

= $ 41630.00

So the one-year economy of the company is $ 41630.00



Network architecture is a Design of a computing machine web aimed at leting different systems consisting of hardware, package, and protocols and devices to pass on with one another. Harmonizing to the assignment web architecture has to propose with a basic web diagram and account for the retail company.

Network architecture:

A web architecture is a design of the complete computing machine communicating web for the company, which provides a model and engineering foundation for planing, edifice and pull offing a communicating web.

Network Diagram:

The company should hold the undermentioned web diagram to make its web architecture for the web application platform.

Figure: Network architecture diagram.

This diagram should utilize eight web server and two database waiters with one router, a firewall and two switches. These switches should link with eight clients ‘ computing machines, web waiter and database waiter. Every web waiter usage apace waiter and database waiter usage My SQL waiter to pull off my waiter database.

For security intent of the online retail company website, there should include some constituents like web waiter, database waiter every bit good as firewall to protect the system.


By webs, the company can better their communicating with employees, clients, and providers, save clip, addition productiveness, and unfastened new waies to worldwide information resources.

Communication channels

This computing machine web is a aggregation of clients, waiters and devices connected by communicating channels that facilitates communications among users and allows users to portion resources with other users and from the informations base waiter. The suggested diagram is leading topologies web diagram. The web theoretical account is a database theoretical account conceived as a flexible manner of stand foring objects and their relationships.Node to node communicating like one node to another node is really foremost.

Apache waiter

This diagram has eight web waiters. Every web waiter usage Apache waiter package because Apache has includes assorted utile characteristics, and the execution of the latest protocols. Apache ‘s modular architecture allows constructing a waiter. Apache waiter and API beginning codifications are unfastened to public. Apache runs on a many runing systems, including UNIX, Windows 9x/NT, Mac OS and other Operating Systems.

MY SQL Server

This diagram has two databases waiters. These waiters use MY SQL database waiter because Database MY SQL Server is a full-featured, easy embedded, client-servers, sassily manage, relational database direction system that provides Indexed Sequential Access Methods table-based and SQL-based informations entree.


This diagram usage two switch. A web switch is a computing machine networking device that connects web sections. Now a twenty-four hours, concern webs use switches to link computing machines, pressmans and waiters within a edifice. A switch is accountant, enabling networked devices to speak to each other expeditiously and efficaciously.


This diagram uses a router. A router is a device that interconnects two or more computing machine webs, and selectively interchanges packages of informations between them. Each information package contains address information that a routers can utilize to find if the beginning and finish are on the same web. A router is a networking device whose package and hardware are customized to the undertakings of routing and send oning information to another web.


Security firewalls have been introduced into the Internet design to protect parts of the web from outside onslaught. This diagram usage a firewall that is a dedicated contraption, or package running on a computing machine, which inspects web traffic go throughing through firewall, and permits transition based on a set of regulations.

There are several types of firewalls. Such as:

Packet firewall.

Application firewall

Round firewall.

Proxy waiter firewall.


An on-line retail company needs to pass on with their clients, staffs and concern spouses to keep the effectual communicating. So they need strong and secured web architectures which will spread out their concern web. There is a web diagram suggested above which may carry through their concern demands.

Undertaking 3


In this undertaking I have to compose a study on pes publishing an online retail company and related information of pes printing processs.

Footprints Network:

The Footprints Network is an confederation of e-commerce concerns and their clients who fund community undertakings from many little contributions collected with every on-line dealing. The other sides of the Network are the undertaking spouses who coordinate, manage and study on the undertakings.

The Footprints Network members believe the cyberspace provides huge chances to do a difference in the country of poorness relief. It requires some unfastened beginning public-service corporation tools for find out pes print web geographic expedition or security auditing and failing of web parts.

There are a figure of utile tools available to the web security decision makers, both commercially and from the Internet. Some of them can greatly help the security analyst in the designation of security exposures. Nmap ( Network Mapper ) is an first-class tool for look intoing the truth of the scan information for the company.


NMAP is an unfastened beginning public-service corporation for web geographic expedition or for security auditing. By utilizing Nmap, it allows the web decision maker to see what is running on the waiters in inquiry. It can be downloaded freely for the Internet. Nmap supports tonss of scanning techniques such as: UDP, TCP connect ( ) , TCP SYN ( half unfastened ) , ftp placeholder ( resile onslaught ) , Reverse-ident, ICMP ( ping expanse ) , FIN, ACK expanse, Xmas Tree, SYN expanse, IP Protocol, Null scan and so on.


There are many advantage of NMAP. Such as:

Flexible: Supports many of advanced techniques for mapping outer webs filled with IP filters, firewalls, routers, and other obstructions.

Powerful: NMAP usage to scan immense webs of literally 100s of 1000s of machines.

Portable: NMAP support most operating system. Such as Windows, Linux, MAC OS etc.

Easy and free: NMAP tools can pull off easy and unfastened beginning.

Well Documented: Significant attempt has been put into comprehensive and up-to-date adult male pages, whitepapers, and tutorials.


Online clients are smart and they care about the moralss and values of the companies from which they purchase.A NMAP usage to detect computing machines and services on a computing machine networks, this making a map of the web. Just like many simple ports scanners, NMAP is capable of detecting inactive services on a web despite the fact that such services are n’t publicizing themselves with a service find protocols.


Installation of can be done by traveling to “ http: // ” this reference and merely downloading the NMAP web tool.

After download has been completed, it should put in NMAP tool. Simply it should run the installer file and allow it walk through panels for taking an install way and put ining Win cap. Then, it should:

Uncompress the nothing file into the directory I want NAMP to shack in. For improve public presentation, use the NMAP Registry alterations discussed antecedently.

Instruction manuals for put to deathing compiled NMAP are given in the subdivision called “ Executing NMAP on Windows ” .

NMAP can supply farther information on marks, including contrary DNS names, runing system conjectures, device types, and MAC references.

NMAP is helpful tools for a web decision maker.They can happen server failing, IP reference, unfastened port figure, and topology and host inside informations.

Online retail merchant company website IP reference is “ “ . I am utilizing legal tools named NMAP tools. Enter this reference “ ” bid box so scan button chink.

This reference “ ” scan consequence is show:

Report inside informations:

Get downing NMAP 5.00 ( hypertext transfer protocol: // ) at 2010-08-01 04:42 Central Asia Standard Time:

NSE: Loaded 30 books for scanning

Originating Pinging Scan at 04:42

Scaning192.150.150.1 [ 1 port ]

Completed ARP Pinging Scan at 04:42, .0.11 elapsed ( 1 entire hosts )

Originating parallel DNS declaration of 1 host. at 04.42

Completed parallel DNS declaration of 1 host. at 04.42, 2.92s elapsed Initiating SYN Stealth Scan at 04:42

Scaning [ 1000 ports ]

Discover unfastened port 21/tcp on

Discover unfastened port 23/tcp on

Discover unfastened port 80/tcp on

Discover unfastened port 1720/tcp on

Discover unfastened port 8291/tcp on

Discover unfastened port 3986/tcp on

Discover unfastened port 2000/tcp on

Complete SYN Stealth Scan at 04:42, 1.53s elapsed ( 1000 sum ports )

Originating Service scan at 04:42

Scaning 8 service on

Here is the Ports/Hosts detail shown in the above figure.

Here is the topology item shown in the above figure.

Here is the Hosts detail shown in the above figure.


NMAP can be used by both administers and aggressors. Now the company should believe how to forestall an aggressor by utilizing NMAP. In world, some tools, such as Scanlogd, Courtney and Shadow exist. However, the most of import point here is the cognition of a web administer. Scanners are tools to assist administers to do program, they are precursor to an onslaught. By utilizing NMAP to supervise their web sites, the decision makers can detect a possible interloper.

Undertaking 4


A security policy is a papers that outlines the regulations, Torahs and patterns for online computing machine web entree of a retail company. This papers regulates how the organisations staffs will pull off, protect and administer its sensitive information like both corporate and client information and lays the model for the on-line security of the organisation. To keep a strong security policy a retail company should hold a strong watchword policy.

Security policy

In on-line retail concern, a security policy states a written papers that mentioned how the company plans to protect its engineering, system and information assets. This security policy is continuously updated as engineering and employee demands alteration. This policy may include an acceptable watchword policy that describes how the company ‘s staffs will procure the company.


The primary intent of a security policy is to inform users, staffs, and directors about the indispensable demands for protecting assorted assets including people, hardware, and package resources and related informations.


The end of the security policy is to interpret, clear up and pass on direction ‘s place on security of the whole company. The security policies act as a span between these direction aims and specific security demands.

Security policy in General

Security policies define the overall security and hazard control objectives that an organisation supports. The security policies should hold the undermentioned features:

They must be implementable through system disposal processs, publication of acceptable usage guidelines, or other appropriate methods.

They must be enforceable with security tools, where appropriate, and with countenances, where existent bar is non technically executable.

They must clearly specify the countries of duty for the users, decision makers, and direction.

They must be documented, distributed, and communicated.

Password Policy

Password policy is an of import facet of security policy. It is the basic line of protection for the company accounts. A ailing chosen watchword may ensue in the via media of Companies full corporate web.


The intent of this policy is to set up a criterion for creative activity of strong watchwords, the protection of those watchwords, and the frequence of alteration.


The range of this policy includes all forces who have or are responsible for an history or any signifier of entree that supports or requires a watchword of the company system.

Password Policy in General

aˆ? All system-level watchwords must be changed on at least a quarterly footing. Such as root, enable, NT admin, application disposal accounts watchwords and so on.

aˆ? All system-level watchwords must be portion of the InfoSec administered planetary watchword direction database.

aˆ? All user-level watchwords such as electronic mail, web, desktop computing machine, etc. must be changed at least every six months.

aˆ? User histories that have system-level privileges granted through group ranks or plans such as “ sudo ” must hold a alone watchword from all other histories held by that user.

aˆ? Passwords must non be inserted into email messages or other signifiers of electronic communicating.

aˆ? Where Simple Network Management Protocol ( SNMP ) is used, the community strings must be defined as something other than the standard defaults of “ public, ” “ private ” and “ system ” and must be different from the watchwords used to log in interactively.

Guidelines for watchword policy:

All user-level and system-level watchwords must conform to the guidelines described below:

A. Password Construction Guidelines:

Passwords are used for assorted intents at on-line retail company. Some of the more common utilizations include: user degree histories, web histories, electronic mail histories, screen rescuer protection, voice mail watchword, and local router logins. So the company should be cognizant of how to choose strong watchwords.

Poor, weak watchwords have the undermentioned features:

aˆ? The watchword contains less than 15 characters

aˆ? The watchword is a word found in a dictionary

aˆ? The watchword is a common use word such as:

Name callings of household, pets, friends, colleagues, fantasy characters, etc.

Computer footings and names, bids, sites, companies, hardware, package.

The words “ & lt ; Company Name & gt ; ” , “ retail store ” , “ retail shop ” or any derivation.

Word or figure forms like aaabbb, qwerty, zyxwvuts, 123321, etc.

Strong watchwords have the undermentioned features:

aˆ? Contain both upper and lower instance characters ( e.g. , a-z, A-Z )

aˆ? Have figures and punctuation characters and letters ( e.g. , 0-9, ! @ # $ % ^ & A ; * ( ) _+|~-

=` { } [ ] : ” ; ‘ & lt ; & gt ; ? , ./ )

aˆ? Are at least 15 alphameric characters long and is a passphrase ( Ohmy1stubbedmyt0e ) .

aˆ? Are non a word in any linguistic communication, slang, idiom, slang, etc.

aˆ? Are non based on personal information, names of household, etc.

aˆ? Passwords should ne’er be written down or stored on-line.

B. Password Protection Standards:

Not to utilize the same watchword for Company accounts as for other non-Company entree such as personal ISP history.

Not to portion Company ‘s watchwords with anyone, including administrative helpers or secretaries.

Not to uncover a watchword over the phone or via electronic mail.

Not to hive away watchwords in a file on any computing machine system without encoding.

C. Application Development Standards:

Application developers must guarantee their plans contain the undermentioned security safeguards that applications:

aˆ? should back up hallmark of single users, non groups.

aˆ? should non hive away watchwords in clear text or in any easy reversible signifier.

aˆ? should supply for some kind of function direction, such that one user can take over the maps of another without holding to cognize the other ‘s watchword.

D. Use of Passwords and Passphrases for Remote Access Users:

Entree to the Company ‘s Networks via distant entree is to be controlled utilizing either a erstwhile watchword hallmark or a public/private key system with a strong passphrase.

E. Passphrases:

Passphrases are by and large used for public/private cardinal hallmark. A public/private key system defines a mathematical relationship between the public key that is known by all, and the private key, that is known merely to the user. Without the passphrase to “ unlock ” the private key, the user can non derive entree. An illustration of a good passphrase:

“ The* ? # & gt ; * @ TrafficOnThe101Was* & A ; # ! # ThisMorning ”


Harmonizing to the scenario of the assignment, the most recent breach was made by assorted staff that compromised the security and exposed weak watchwords. The retail company contains all critical information of their clients ‘ privateness like name, contact figure, reference, and recognition card information and so on and besides the company ‘s private information. So they should keep the above policies to procure the company ‘s overall concern.

Undertaking 5


The company sends their valuable information by electronic mail to its internal staffs, external concern spouses and clients. To procure this communicating the company needs an email security protection. Harmonizing to the assignment a email security solution and recommendation is required.

Email Security:

Email communicating is perfectly indispensable for most companies and persons particularly for the on-line retail concern. The job is that electronic mail system is progressively used as a method of onslaught by foreigners and a beginning of information loss through Spam Viruses Phishing Spyware. So for the protection of the company ‘s of import messages, email security is indispensable.

Email Security Challenges:

It is a ambitious issue to balance of entree and control of electronic mail system. The company must keep indispensable concern communicating, such as – Customers, Sellers, Partners Policy and regulative conformity, pull offing information leaks, maintaining current updates to security engineering, every bit good as mensurating the effectivity of solutions and be aftering for the hereafter development of the company.

Emerging Menaces for Email Security:

There are different types of menaces that can happen by electronic mail system. Such as:

Eavesdropping: It is really easy for person to entree to the computing machines or webs through which email information is going. By utilizing close way of electronic mail takes through the Internet hacker can potentially read and copy the messages.

Identity Larceny: If person can obtain the username and watchword that company uses to entree the electronic mail waiters, they can read the electronic mail and direct false electronic mail messages as the company send.

Message Alteration: Anyone who has system administrator permission on any of the SMTP Servers that the company messages visits, can non merely read the message, but they can cancel or alter the message before it continues on to its finish.

False Messages: It is really easy to build messages that appear to be sent by person else. Many viruses take advantage of this state of affairs to propagate them.

Message Replay: Merely as a message can be modified, messages can be saved, modified, and re-sent subsequently! The company could have a valid original message, but so have subsequent faked messages that appear to be valid.

Unprotected Backups: Messages are stored in field text on all SMTP Servers. Thus, backups of these waiters ‘ discs contain apparent text transcripts of the messages.

Repudiation: Because normal email messages can be forged, there is no manner for the company to turn out that person sent the peculiar message. This has deductions with respects to utilizing electronic mail for contracts, concern communications, electronic commercialism, etc.

Email Protection:

The company can make the undermentioned things to protect the electronic mails:

Send an Encrypted Message: To direct a secure message to person, the company should code it with their public key. Merely the intended receiver who has the fiting private key will be able to decode and read the message.

Prove the company Sent A Message: To turn out to person that the company sent a message, they can code the message or merely a piece of it with their private key. Then, anyone can decode it with their public key and read the contents.

Sign a Message: A message signature proves that who sent the message AND allows the receiver to find if the message was altered in theodolite. This is done by utilizing the private key to code a digest of a message at the clip of directing. The receiver can decode this digest and compare it to a digest of the standard message. If they match, so the message is unchanged and was sent by the company.

Encrypted, Signed Messages: The most unafraid signifier of communicating is to first add a signature to the message and so to code the message plus signature with the receiver ‘s public key.


SSL: It is simple and easy to utilize SSL to procure the communications between the company ‘s computing machines and the electronic mail service supplier ‘s computing machines. This works no affair who their receivers are. SSL improves security in these ways:

It establishes that the company is reaching their service supplier ‘s computing machines and non person else ‘s

It encrypts the username and watchword that the company uses to login to the waiters. This mitigates individuality larceny and other issues.

It protects the message from eavesdroppers between the computing machine and the SMTP waiters.

Anonymity: If the company has entree to an Anonymous SMTP waiter, they have an easy manner to increase their Internet privateness. Anonymous SMTP provides:

IP reference privateness so that message receivers can non find the computing machine ‘s Internet reference and the location.

Email client privateness so that the receivers of the electronic mail messages can non find what type of email client they are utilizing.

A means to deprive out any other non-standard “ email heading ” informations that may be skulking in the outbound messages.

PGP and S/MIME: PGP and S/MIME keys use asymmetric cardinal encoding to protect the contents of the messages throughout their complete journeys. They provide:

Protection against eavesdropping and unwanted backups

Message Digests to observe whether messages have been altered in theodolite

Signatures to turn out transmitter genuineness


I extremely recommend the usage of SSL for electronic mail communications. Unfortunately, PGP and S/MIME are non being used every bit extensively as they should be. In my experience, more and more companies are utilizing SSL to code communications with their electronic mail waiters, but few are utilizing PGP or S/MIME for encoding. It is observed that the attempt needed to setup, to implement use, and to develop receivers is seen as much larger or costlier than the benefit of usage. So the company should take the enterprises to protect their electronic mail system.

Story number 1: 450 Words: Story Fiction<< >>What role did the personal relationship between

About the author : admin

Leave a Reply

Your email address will not be published.