Cyber Security Threats and Vulnerabilities at Dell
Assessment Details and Submission Guidelines for the Cyber Security Principles course in Trimester T3, 2018.
7 Pages3352 Words419 Views
Added on 2023-04-21
About This Document
This paper discusses the different types of cyber security threats and vulnerabilities faced by Dell, one of the largest IT companies in the world. It explores the potential risks and mitigation techniques, the role of security standards, and the implementation of the CISCO SAFE model for risk management.
Cyber Security Threats and Vulnerabilities at Dell
Assessment Details and Submission Guidelines for the Cyber Security Principles course in Trimester T3, 2018.
Added on 2023-04-21
ShareRelated Documents
Assignment 1 – Cyber Security Threats and Vulnerabilities
Author Name
ABSTRACT:
The prime determination of the paper is to focus on
the different types of cyber security threats and
vulnerabilities. The paper will be focussing on an
information technology organization Dell which has
different types of structured and unstructured data in
their business environments. The vulnerabilities
associated with a specific unit of the production unit
will be discussed in this paper in a professional
format. There are different kinds of threats that exist
in the organizations regarding data and information
security. Some of these risks include corruption of
data by the employees themselves, hacking of
information by the hackers form the outside world,
data corruption as well as other security related
concerns. There are different data protection
techniques such as installing antivirus software’s on all
systems, configuring network firewalls such as
network address translation (NAT) etc. The following
report will highlight the different aspects of network
security for Dell, which is one of the largest IT
Company in the world today. There are different
threat mitigation techniques. The CISCO safe model
will also be discussed. The possible vulnerabilities that
can exist in the organization will also be discussed
along with their possible mitigation techniques. By the
end of the report, the reader will have a clear idea
about a security policy that might exist in Dell in order
to ensure that all its data and other information are
secured.
INTRODUCTION:
Cybercrime is one of the growing threats for
most of the organizations in today’s world. There are
different kinds of issues such as unethical hacking by
the hackers form the outside world such as financial
manipulations, tax frauds as well as defamation of
brand image for the organizations. These issues can
often cause the large organizations to pay hefty fines
as well as facing ethical dilemmas. In the following
report such data privacy and safety concerns that are
faced by Dell, which is one of the largest IT company
in the world today, will be discuss in details. By the
end of the report, the reader will have a clear idea on
the data security related concerns and
recommendations will be provided in order to prevent
such issues within the organization. The CISCO safe
model will also be discussed and the important data
within Dell that needs maximum protection will be
discussed in the following paragraphs.
LITERATURE REVIEW:
Company background and threats faced by the
company:
Dell is one of the most renowned Information
technology company in the world. It has multiple data
centres and branches all across the world that are
connected through the internet and there are
different kinds of threats and vulnerabilities that exist
for the organizational network that has to be secured.
Dell is headquartered in Round rock, Texas, in the
United States. Recently Dell had faced multiple
threats in the customer’s information that it stores in
its databases for its customers. Dell has recently
detected some unauthorized activities in its internal
network, which has tried to extract confidential
customer information from Dell.com. Important
information such as customer names, their email
addresses as well as hashed passwords and other
extremely important information were compromised.
Author Name
ABSTRACT:
The prime determination of the paper is to focus on
the different types of cyber security threats and
vulnerabilities. The paper will be focussing on an
information technology organization Dell which has
different types of structured and unstructured data in
their business environments. The vulnerabilities
associated with a specific unit of the production unit
will be discussed in this paper in a professional
format. There are different kinds of threats that exist
in the organizations regarding data and information
security. Some of these risks include corruption of
data by the employees themselves, hacking of
information by the hackers form the outside world,
data corruption as well as other security related
concerns. There are different data protection
techniques such as installing antivirus software’s on all
systems, configuring network firewalls such as
network address translation (NAT) etc. The following
report will highlight the different aspects of network
security for Dell, which is one of the largest IT
Company in the world today. There are different
threat mitigation techniques. The CISCO safe model
will also be discussed. The possible vulnerabilities that
can exist in the organization will also be discussed
along with their possible mitigation techniques. By the
end of the report, the reader will have a clear idea
about a security policy that might exist in Dell in order
to ensure that all its data and other information are
secured.
INTRODUCTION:
Cybercrime is one of the growing threats for
most of the organizations in today’s world. There are
different kinds of issues such as unethical hacking by
the hackers form the outside world such as financial
manipulations, tax frauds as well as defamation of
brand image for the organizations. These issues can
often cause the large organizations to pay hefty fines
as well as facing ethical dilemmas. In the following
report such data privacy and safety concerns that are
faced by Dell, which is one of the largest IT company
in the world today, will be discuss in details. By the
end of the report, the reader will have a clear idea on
the data security related concerns and
recommendations will be provided in order to prevent
such issues within the organization. The CISCO safe
model will also be discussed and the important data
within Dell that needs maximum protection will be
discussed in the following paragraphs.
LITERATURE REVIEW:
Company background and threats faced by the
company:
Dell is one of the most renowned Information
technology company in the world. It has multiple data
centres and branches all across the world that are
connected through the internet and there are
different kinds of threats and vulnerabilities that exist
for the organizational network that has to be secured.
Dell is headquartered in Round rock, Texas, in the
United States. Recently Dell had faced multiple
threats in the customer’s information that it stores in
its databases for its customers. Dell has recently
detected some unauthorized activities in its internal
network, which has tried to extract confidential
customer information from Dell.com. Important
information such as customer names, their email
addresses as well as hashed passwords and other
extremely important information were compromised.
Some of the information were removed from the
network while some information were compromised
and values changed. These had not only caused
trouble for the customers but also defamed the brand
image of Dell and had put questions on the data
security policy of the organization. Several important
information was removed from the databases and
were exposed in the internet to the public. These
include the hashing of our customers’ passwords and
a mandatory Dell.com password reset [1]. Credit card
and other sensitive customer information was not
targeted. The incident did not affect any Dell products
or services.
Vulnerabilities faced at Dell:
Dell has different kind of vulnerabilities for its
services and products. It has security vulnerabilities
for the customer information that it stores in its
databases as well as its own products and services.
Some of the most probable security related
vulnerabilities that are faced by the organization are
discussed below in a tabular format:
Name of
vulnerability
Effect
The Dell Encryption
v10.1.0
This vulnerability related to
the disclosure of
information. A hacker or
even an internal employee
with unethical mind-set who
has physical access to this
machine has the capability of
exploiting this vulnerability
and gain access to the
unencrypted folder called
“RegBack” which stores the
backup copies of important
organizational information.
Vulnerability in Dell
2335dn series of
printers
It is equipped with a Printer
Firmware of Version
2.70.05.02 and an engine
firmware version of 1.10.65
as well as a Firmware Version
for the Network which is
V4.02.15(2335dn MFP) 11-
22-2010. Through the
following combination of the
firmware’s, the interface of
the admin allows the hacker
to retrieve confidential
information from the SMTP
server [2]. It also allows the
hacker to retrieve the LDAP
password by accessing the
source code of HTML in the
Email Settings webpage.
Dell WMS versions
of 1.1
These are vulnerabilities of
unquoted path of service
path. Virus infected
software’s carries out
installation of the different
services that are
incorporated in an incorrect
way that specifies the paths
to the executable’s of the
services without the proper
quotes. This allows the low-
privileged local users to
execute the arbitrary
executables with higher
privileges.
Figure 1: Tabular format of the vulnerabilities of Dell
(Source: As used by the author).
Potential risks and mitigation techniques:
Some of the potential risks of for the company
due to the above-discussed vulnerabilities are
network while some information were compromised
and values changed. These had not only caused
trouble for the customers but also defamed the brand
image of Dell and had put questions on the data
security policy of the organization. Several important
information was removed from the databases and
were exposed in the internet to the public. These
include the hashing of our customers’ passwords and
a mandatory Dell.com password reset [1]. Credit card
and other sensitive customer information was not
targeted. The incident did not affect any Dell products
or services.
Vulnerabilities faced at Dell:
Dell has different kind of vulnerabilities for its
services and products. It has security vulnerabilities
for the customer information that it stores in its
databases as well as its own products and services.
Some of the most probable security related
vulnerabilities that are faced by the organization are
discussed below in a tabular format:
Name of
vulnerability
Effect
The Dell Encryption
v10.1.0
This vulnerability related to
the disclosure of
information. A hacker or
even an internal employee
with unethical mind-set who
has physical access to this
machine has the capability of
exploiting this vulnerability
and gain access to the
unencrypted folder called
“RegBack” which stores the
backup copies of important
organizational information.
Vulnerability in Dell
2335dn series of
printers
It is equipped with a Printer
Firmware of Version
2.70.05.02 and an engine
firmware version of 1.10.65
as well as a Firmware Version
for the Network which is
V4.02.15(2335dn MFP) 11-
22-2010. Through the
following combination of the
firmware’s, the interface of
the admin allows the hacker
to retrieve confidential
information from the SMTP
server [2]. It also allows the
hacker to retrieve the LDAP
password by accessing the
source code of HTML in the
Email Settings webpage.
Dell WMS versions
of 1.1
These are vulnerabilities of
unquoted path of service
path. Virus infected
software’s carries out
installation of the different
services that are
incorporated in an incorrect
way that specifies the paths
to the executable’s of the
services without the proper
quotes. This allows the low-
privileged local users to
execute the arbitrary
executables with higher
privileges.
Figure 1: Tabular format of the vulnerabilities of Dell
(Source: As used by the author).
Potential risks and mitigation techniques:
Some of the potential risks of for the company
due to the above-discussed vulnerabilities are
employee vandalism and unauthorized access and
misuse of important organizational data. Due to the
WMS versions of Dell the low privileged uses can gain
unauthorised access to the important databases for
Dell and can manipulate important information such
as financial documents, tax calculations and other
information and cans cause massive tax frauds and
other unethical activities which in turn can also cause
huge economic losses and brand defamation for the
organization. Systems infected with virus can also
corrupt the data without the knowledge of the
supervisors and cause Dell to be answerable to
ethically challenging questions, which is not at all
desirable for the reputation of the company [3]. It can
also cause the customers and stakeholders to lose
their trust on the security policy of the organization.
This can also affect the business of the organization.
The kind of threats and vulnerabilities faced
by Dell regarding information security need different
kind of threat mitigation techniques. These include
techniques such as hashing of the customers’ account
passwords as well as a mandatory password reset for
Dell.com. Strong passwords should be set that should
contain numbers, mixtures of upper case and lower
case alphabets as well as special characters and the
system administrators should ensure there are also
proper data and decryption policies within Dell. This
can ensure that the important data can be retrieved
even in unforeseen situations such as system crashes,
hardware failures and natural disasters. There should
also be audit trail features in each of the systems for
the administrators to track who accessed what
information from which systems and at what point in
time. Enterprise antivirus software solutions such as
Kaspersky internet solution should be installed
mandatorily on each employee workstations [4].
There should also be properly scheduled data backup
cycles that can have the capability of backing up data
in regular cycles in the online cloud storage databases
of Dell across all its branches in the different parts of
the world.
SECURITY POLICY AT DELL:
It is extremely important for Dell to develop a
proper security policy for ensuring optimum data and
information security within the organization. The
steps of implementing the security policy can be
explained as below:
- Studying the requirements: Dell first has to
understand the issues in details. It has to
clearly understand the requirements in order
to incorporate the security policy. The
different requirements such as agreements
with third party vendors as well as the
requirements from standards such as ISO
27001 or BS 25999-2. The hardware as well as
software requirements such as enterprise
licence of antivirus software solutions on a
bulk scale for all the workstations within Dell
has to be purchased [5]. There are other
investments in requirements of information
systems and in terms of work force that has to
be considered by the organization.
- Results of risk assessment should also be
taken into consideration: The potential
threats related to the storage of data in the
dell servers and the possible attacks from the
hackers of has to be taken into consideration
while framing the security policy. The
probable consequences of acts of employee
vandalism and unethical acts such as tax
frauds etc., has to be considered as well.
- Optimization and alignment of documents: It
is another important step in the formulation
of the security policy. The security procedures
should be optimized in order to ensure that
misuse of important organizational data. Due to the
WMS versions of Dell the low privileged uses can gain
unauthorised access to the important databases for
Dell and can manipulate important information such
as financial documents, tax calculations and other
information and cans cause massive tax frauds and
other unethical activities which in turn can also cause
huge economic losses and brand defamation for the
organization. Systems infected with virus can also
corrupt the data without the knowledge of the
supervisors and cause Dell to be answerable to
ethically challenging questions, which is not at all
desirable for the reputation of the company [3]. It can
also cause the customers and stakeholders to lose
their trust on the security policy of the organization.
This can also affect the business of the organization.
The kind of threats and vulnerabilities faced
by Dell regarding information security need different
kind of threat mitigation techniques. These include
techniques such as hashing of the customers’ account
passwords as well as a mandatory password reset for
Dell.com. Strong passwords should be set that should
contain numbers, mixtures of upper case and lower
case alphabets as well as special characters and the
system administrators should ensure there are also
proper data and decryption policies within Dell. This
can ensure that the important data can be retrieved
even in unforeseen situations such as system crashes,
hardware failures and natural disasters. There should
also be audit trail features in each of the systems for
the administrators to track who accessed what
information from which systems and at what point in
time. Enterprise antivirus software solutions such as
Kaspersky internet solution should be installed
mandatorily on each employee workstations [4].
There should also be properly scheduled data backup
cycles that can have the capability of backing up data
in regular cycles in the online cloud storage databases
of Dell across all its branches in the different parts of
the world.
SECURITY POLICY AT DELL:
It is extremely important for Dell to develop a
proper security policy for ensuring optimum data and
information security within the organization. The
steps of implementing the security policy can be
explained as below:
- Studying the requirements: Dell first has to
understand the issues in details. It has to
clearly understand the requirements in order
to incorporate the security policy. The
different requirements such as agreements
with third party vendors as well as the
requirements from standards such as ISO
27001 or BS 25999-2. The hardware as well as
software requirements such as enterprise
licence of antivirus software solutions on a
bulk scale for all the workstations within Dell
has to be purchased [5]. There are other
investments in requirements of information
systems and in terms of work force that has to
be considered by the organization.
- Results of risk assessment should also be
taken into consideration: The potential
threats related to the storage of data in the
dell servers and the possible attacks from the
hackers of has to be taken into consideration
while framing the security policy. The
probable consequences of acts of employee
vandalism and unethical acts such as tax
frauds etc., has to be considered as well.
- Optimization and alignment of documents: It
is another important step in the formulation
of the security policy. The security procedures
should be optimized in order to ensure that
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Network and Cybersecurity: Threats and Control Measureslg...
|13
|1909
|314
Network Security Threats and Control Measures for Open University Malaysialg...
|10
|3121
|88
Computer Security within JL: Mitigation Techniques and Advantages of Artificial Intelligencelg...
|11
|2506
|299
A Discussion on Cyber Wars and Securitylg...
|6
|1274
|166
Network Security: Protecting the Integrity and Usability of Networking Services and Datalg...
|25
|1420
|50
Risk Assessment Report- Docslg...
|11
|1091
|30