Research Paper on Cybersecurity: Servers, Workstation, and Website Threats

# Threat Description / Source / Likelihood of Occurrence / Impact / Severity / Controllability

1. Malicious Software

A software or program that has the capability of disrupting the operation of their server by performing malicious activities on the applications that it hosts LLP Company workers past actions of downloading and installing plug-ins, software, and programs from the internet. High-Likelihood of LLP having severe vulnerabilities such as inherent insecure internet protocols, shared computer networks, software bugs and weak defaults High- It has undercover, long lasting, severe and endless destruction. The visible incidence of malware in LLP is the slow connection. High- Proper installation of security software and firewall protection to safeguard LLPs server computers and prevent malware spread.

2. Open Relay Attack

A threat to companys email servers accruing from Open Relay vulnerability such that the server receives emails from unknown senders or Mail Transfer Agents (MTAs). Likelihood of LLP receiving SPAM or Unsolicited Commercial Email (ECU) which is the primary source of an open relay attack. Medium- Occurs when the company email servers use open relay configurations which occur when an individual does not follow Mail Transfer Agent (MTA) recommendation on closing open relays. High- breach of security and sensitive information. It can trigger Denial of Service (DoS. Network congestion. High- configuration of the Internet Mail Connector (IMC) which is a type of services installed on the server to allow the systems exchange server play the role of a simple mail transfer protocol (SMTP).

3. Unauthorised Server Access

Entails external individuals accessing the servers physically which is an internal threat or compromising the network externally through eavesdropping, wiretapping or sniffing. Physical access, eavesdropping, wiretapping or sniffing of the LLP servers. High- unauthorised access that insiders facilitate become hard to identify and control as they legitimate workers in the server rooms have exclusive rights to access the systems within. High- Breach of data security leading to loss of information, and other technology assets High-Computer-based access control for the protection of companys proprietary data against intentional and illegal access to servers for the aim of copying, erasing, modifying and disclosing IT resources

4. Server Brute Force Attack

A type of occurrence on the servers in which an intruder try to access the server illegally through guessing the probable passwords to the server systems Attackers attempting to connect t LLPs servers by running series of commands that make multiple guesses of login details in one second High-Highest likelihood of LLP workers using trivial passwords basing on the adjacent keyboard characters that attackers can easily speculate. High- Attackers with complete access to the servers have the capability of controlling all the IT resources within LLP. High-Strong passwords, regularly renaming the name of the administration user and application of standard brute force identification software which can alert server users whenever there are several multiple login trials.

5. Cache Poisoning Doman Name Systems (DNS) threat which entails the insertion of malicious data into DNS server. Attackers send malicious responses using their fake DNS with the objective of rerouting various domain names to new LLPs IP addresses. Medium-The success is entirely reliant on the vulnerabilities within the DNS software which define their exploitability. High- It poses serious threats entire company workstation by regenerating into serious attacks such as Denial-of-services (DoS) and man-in-the-middle (MITM). Medium- Ensuring that there are company DNS servers and external DNS servers have little or no overreliance on their trust relationships.

Workstation Threats

# Threat Description / Source / Likelihood of Occurrence / Impact / Severity / Controllability

1. Phishing Attack

The circulation of malicious emails and messages within the networked station to trick users into providing company information. Once the malicious message or email recipients click the links, they install some of the forms of malware which freezes the workstation systems hence revealing sensitive data to attackers. Test messages, instant messages, and emails and malicious links directing users to visit spoofed websites which appear trusted in which they use their credentials which fraudsters later use them for malicious purposes. High- LLPs workers are receiving pretentious messages, links. The prevalence of phishing attack is due to its appearance in the pharming form which leads to the modification of the DNS such that users are redirected malicious web pages.

High- Theft identity and infringement of confidential information leading to financial losses for the company.

Loss of business productivity.

Excessive consumption of corporate resource on employees due to saturation of email systems. High- Two-factor authentication (2FA), effective password management strategies, educating LLP workers about how to enforce security against phishing attacks such as restraining from clicking email links from unknown sources.

2. Man in the Middle (MITM) Attack

A perpetrator comes between information exchanges happening between two or more IT resources within a workstation. Attackers positions themselves as impersonators or eavesdroppers between the communication pathways between two computer systems to steal credit card information, login details, account details, login credentials and personal information. The third party becomes part of the information exchange Execution and perpetuation of MITM attack can occur in the form of decryption and interception. Decryption

SSL hijacking

SSL stripping

SSL BEAST

HTTPS spoofing.

Interception

IP spoofing ARP spoofing DNS spoofing

Other sources

Suboptimal SSL/TLS executions

malicious Wi-Fi hotspots

Medium- It is because the threat has numerous entry strategies into valid sessions within a work station such as when there are weak encryption and insecure HTTPS and TLS protocols. It is also common because most data transfer and HTTP protocols mostly ASCII-based. High-MITM have high impact severity because of the attacks capacity to interfere with the business continuity of an organisation because the intruder can gain access to companys sensitive credentials which are useful for attackers in conducting an unauthorised change of passwords, unapproved funds transfer and identity theft. High controllability through strong encryption and workstation ethics such as

Workstation employees to avoid Wi-Fi connections that do not have passwords

Ignore pop-up messages suggesting that browsers are unsecured.

Immediately logging out of a secure application when its not in use.

Avoid the use of public networks whose coverage reach the workstation.

Log out of secure applications immediately after use

3. Packet Sniffing Attack

Hackers are acquiring LLP sensitive data by sniffing into the network within a work station transmitting across different computers to obtain sensitive unencrypted data like usernames and passwords. Packet sniffer carrying malicious programs that hackers launch to eavesdrop, spy and snoop of the data traffic exchanged between in a networked workstation. High to very high- LLP might not be having switch-based networks. High- users information, passwords and usernames that allow them to control the networked workstation, identity theft and data loss. High- switch-based networking and strong encryption to prevent the readability of the data except for computers in the destination address. Another one is the use of applications with encrypted communications such as HTTPS.

4. Scareware

A social engineering attack involving the frightening computer users that their computer systems have a malware and they should purchase and install rogue software. Attackers send pop-up messages appearing as solutions to a non-existing problem in LLP workstation. They look like legitimate antivirus programs, but their internal coding is malicious software that aims at fetching computer users credentials.

High- Many dumpster divers are utilising the strategy to trick workers hence LLP employees might be victims. High: It can lead to a user installing malware that can occur after other users in a networked LLP workstation. High-Training LLP workers the need for using products from legitimate sites and use appropriate antivirus products. Downloading antivirus programs from legitimate websites.

5. Pretexting

A form of social engineering threat in which an outsider physically contact LLPs workers or call to lure them into providing sensitive information. Pretexting in advanced form occurs when an attacker manipulates users by tricking them to perform actions that will make the company security controls vulnerable to external attacks. Originate from hackers might be contacting LLP workers physically, through emails and phone calls. Medium-Hackers masquerading as LLP employees. It depends on the size of the organisation. Hugh-Loss of LLP Companys sensitive information that can lead to hacking, and control of the workstation. Other adverse impacts of pretexting are financial losses for the organisation which can affect productivity. And business continuity. High-Penetration testing and scanning the vulnerability of the workstation, worker training. The other countermeasures are alerting workstation occupants not to share personal data with other people through the internet or phone calls unless they are sure about the person requesting the information and the motive.

Website Threats

# Threat Description Source Likelihood of Occurrence Impact Severity Controllability

1. Cross-Site Request Forgery (CSRF)

Attack It is a type of website attack that deceits end-users into executing a malicious and unwanted request or action in their authenticated web application. CSRF attacks originated from malicious browser applications and embedded malicious JavaScript and HTML codes Medium-Only target state-changing requests as the success of the attack are reliant on the users attempt to click the links. High- CSRF leads to full system takeover hence can launch perilous unwanted actions on LLP website. High- Use of synchronizer tokens, double cookie protection and the use of encrypted token patterns.

2. Buffer Overflow Attack

An attacker overloads a buffer overwriting memories neighbouring to newly created buffers leading to the corruption of the execution stack. Conventional web application server products and codes that perform dynamic and static functions on the site. High: LLPs programming languages like C++ and C apparently lack built-in protection features. High: Instability and crashing of programs within LLPs web application environment High: virtual and stack memory randomization, programming languages that have built-in protection like Perl, Java and C#, and website scanning

3. Denial of Service (DoS) Attack

Denial of accessing resources such as website and associated applications. It occurs when an attacker bombards a website server with numerous requests at ago. Extortionists, cyber vandal and hacktivists who exploit LLP sites through HTTP and DNS query and HTTP floods with the aim of championing a certain cause. High- LLP using the Internet in performing business transactions hence the attackers are interested in high-profile organisations for distortion. High- Delay or loss of LLPs resources and revenues through spending money to offset hackers demands. High-installation of firewalls for block any incoming traffic. Router configuration.

4. Session Hijacking Attack

An attacker uses cookies in active hijacking session and later dis...