Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Security of Information System and Risk Management in MetaSoft System

Verified

Added on 2023/06/07

AI Summary

This article discusses the security threats faced by MetaSoft System and proposes solutions to mitigate them. It covers topics like ransomware, threats to routers and switches, reliability and availability of Windows Server 2012 web services, confidentiality and integrity in staff mails through Microsoft Exchange servers, and more.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: IS SECURITY IN METASOFT SYSTEMS
Security of Information System and Risk Management in MetaSoft System
Name of the student:
Name of the university:
Author note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1IS SECURITY IN METASOFT SYSTEMS
Table of Contents
1. Introduction..................................................................................................................................3
2. Discussion....................................................................................................................................3
2.1 Ransomware malware threats against MetaSoft....................................................................3
2.1.1 Working of Ransomware................................................................................................3
2.1.2 Three tools that will tackle ransomware.........................................................................4
2.2 Threats faced by the routers and switches connected to the network....................................4
2.2.1 The way routers and switches are vulnerable to destruction..........................................4
2.3 Reliability and availability of Windows Server 2012 web services......................................5
2.4 Confidentiality and integrity in staff mails through Microsoft Exchange servers.................5
2.4.1 Working principle of the Microsoft Exchange server....................................................5
2.5 Threats that webmail and webservers of MetaSoft face........................................................7
 Spoofing............................................................................................................................7
 Malicious attachments.......................................................................................................7
 Links to malicious webpages............................................................................................7
2.6 Two proposed method that will ensure the availability of email server................................7
2.6.1 DKIM setting..................................................................................................................7
2.6.2 Reverse DNS..................................................................................................................8
2.7 Impact of humans on information security............................................................................9
2.7.1 Risk management recommendation to reduce employee risk........................................9
2.8 Log records for analysing webservers and email server problems......................................10
2.9 Use of audit log reports for performing auditing analysis...................................................10
2.10 Propose five network devices that will help to mitigate the security issues and threats to
webservers and email servers....................................................................................................11
3. Conclusions................................................................................................................................13
3.1 Recommendations................................................................................................................14
4. References..................................................................................................................................15

2IS SECURITY IN METASOFT SYSTEMS
1. Introduction:
This assignment will enlighten on Information system security and risk management in MetaSoft
Ltd. MetaSoft Ltd deals with clients located in Australia as well as New Zealand. It is a software
development company and is planning to move its computer infrastructure to cloud. The board of
directors assumes that this will increase the flexibility of operations that are being carried out in
the company and will increase the responsiveness of the company along with some savings in
cost. The company provides IS services to its staffs and clients. The data collected from the staffs
and clients are securely stored in servers. The company will shift all the data to cloud to make
them more secure. The three services open to them are Infrastructure as a service (IaaS),
Software as a service (SaaS) and Platform as a service (PaaS). However, network information
systems faces common malware problems like ransomware. The following paragraph will
elaborately explain the working of ransomware in the network and the steps that MetaSoft will
be required to take if such malware occurs in their system.
2. Discussion:
2.1 Ransomware malware threats against MetaSoft:
2.1.1 Working of Ransomware:
One of the fastest growing threats in the world of computers is ransomware. Ransomware
is defined as a malicious software that takes away ransom from an infected computer (Pathak &
Nanded, 2016). There are various types of ransomware that exists in IT world. They differ from
each other by the process they extract ransom from the infected systems. They are System
lockers that blocks the access of the user to the operating system unless the user pays some
ransom to it. Application lockers is another type of ransomware that blocks the access of the user

3IS SECURITY IN METASOFT SYSTEMS
to certain application unless some ransom is paid. Data encrypting ransomware works on the
data of targeted computer and encrypts them unless the system pays some ransom. Fake data
encryption ransomware just deletes all the data present in the targeted system and makes the user
believe that the data has been encrypted to take some ransom from it.
2.1.2 Three tools that will tackle ransomware:
To combat and tackle ransomware attacks MetaSoft can implement three types of anti-
ransomware that are available in the market. The first category is the disinfection tool that cleans
the PC before data is restored after an attack (Richardson & North, 2017). The disinfection tool
is similar to that of integrated multiple anti-virus programs. The second category is the
decryption tool. It helps to tackle the data encryption ransomware attack (Mercaldo et al., 2016).
The third category is the protection tool used to protect the computers from ransomware attacks
beforehand.
2.2 Threats faced by the routers and switches connected to the network:
2.2.1 The way routers and switches are vulnerable to destruction:
The threats that routers and switches faces are unauthorized access, masquerading,
password guessing as well as router protocol attacks. Session replay attacks and ping of death
attacks are the other forms of attacks faced by the routers. MetaSoft Ltd is vulnerable to router
and switch attacks through session hijacking, rerouting hijacking and masquerade attacks. When
the attackers insert falsified IP packets in the network after a session is established through IP
spoofing, session hijacking occurs (Shu et al., 2016). Rerouting hijacking is defined as
modifying routers in the network such that traffic flows to unauthorized destinations. Last type

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4IS SECURITY IN METASOFT SYSTEMS
of attack that MetaSoft faces is the masquerade attack where the IP packets are modified or
masked and sent to falsify IP addresses.
2.3 Reliability and availability of Windows Server 2012 web services:
It has been assumed that MetaSoft System is using Windows server 2012 to provide web
services. The organisation will ensure reliability of its web services by using Storage Spaces, a
new concept that has been introduces by the windows server. Storage Spaces manage all the disk
drives connected to the server with the help of Storage Pool concept. Storage Pools consists of
one or more physical disks that are attached and help to create Volumes. Individual Volumes can
be created by the three layouts simple, mirror or parity.
The availability in the Windows server 2012 web service can be ensured by the use of
Dynamic quorum. The quorum majority is determined in Windows server 2012 by a set of nodes
that are active members of the cluster.
2.4 Confidentiality and integrity in staff mails through Microsoft Exchange servers:
Microsoft Exchange server is a mail or calendar server that facilitates the transfer of
emails and its connection to mobile phones while maintaining the reliability and confidentiality
and improved performance. The server runs only on Windows server operating systems. As it is
assumed that MetaSoft uses Windows server 2012 therefore, it will be using Microsoft exchange
servers to maintain confidentiality in its staffs emails (Trotter, 2013). When a person is not in
office, the exchange server allows his colleagues to check emails so that important information
do not get unnoticed thus maintaining confidentiality as well as integrity of staff emails.
2.4.1 Working principle of the Microsoft Exchange server:

5IS SECURITY IN METASOFT SYSTEMS
Figure 1: Working of the exchange server
(Source: Rewagad & Pawar, 2013)
The various steps of email exchange to maintain confidentiality and integrity are:
 At first, the emails received are stored and organized in the information store.
 The email addresses of the sender and receiver are created and managed by the system
attendant.
 The simple mail transfer protocol (SMTP) plays an important role in communicating
emails from one server to another (Trotter, 2013). In other words, it allows inter-server
message transmission (Rewagad & Pawar, 2013). The client email is kept confidential by
this protocol and sent to long distances when the location of the receiver is far away.
 The active directory updates the systems for new mailbox along with managing the user
accounts and distribution lists.
2.5 Threats that webmail and webservers of MetaSoft face:

6IS SECURITY IN METASOFT SYSTEMS
The various threats that emails and webservers that MetaSoft face are discussed below:
 Spoofing: The email protocols used are unable to authenticate email addresses, as a result
of which hackers use the addresses to perform malicious actions in them. Spoofing can be
done on individual mailbox or in any company’s domain. This type of attack is given
high priority and is common in IT sector.
 Malicious attachments: Attachments are sent via email which when accessed installs
ransomware and other malwares in the system thereby destroying it. This attack is given
the highest priority as it is one of the most common attack.
 Links to malicious webpages: Links are sent via webmail that opens malicious
webpages when accessed.
2.6 Two proposed method that will ensure the availability of email server:
To maintain IT business continuity redundancy and fault tolerance are the two key
factors. Similarly, to maintain the continuity and availability of email servers two proposed
method would be the DKIM settings and the Reverse DNS. The two methods are explained in
details in the following paragraphs:
2.6.1 DKIM setting: Domain Keys Identified Mail is a new standard authenticates the delivery
chain of email messages. The key signs the message with a special cryptographic signature that
can be verified by a third party however, cannot be counterfeited (Ho, Javed, Paxson & Wagner,
2017). The relay server in the delivery chain includes the signature in the emails that proves
message is passed via that server (Backholm, 2016). This helps in eliminating spammers that
creates fake messages. DKIM cannot block spam messages in the network however, gives
receiver confidence on the source of the message.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7IS SECURITY IN METASOFT SYSTEMS
Figure 2: DKIM Setting
(Source: Ho, Javed, Paxson & Wagner, 2017)
2.6.2 Reverse DNS: When mail servers receive connection from a particular IP address then
reverse DNS is performed to look for the IP address. The reverse DNS process yields a
hostname. Forward lookup is performed by the server to check if the generated IP address
matches with the original address. This process is known as forward confirmed reverse DNS. If
the addresses do not match with each other then message delivery is not successful.

8IS SECURITY IN METASOFT SYSTEMS
Figure 3: Reverse DNS
(Source: Backholm, 2016 )
2.7 Impact of humans on information security:
As stated by various researchers, employee commitment towards the organisation has an
important role to play in information security. Employees who are committed towards the
company will strive to abide by the security policies and maintain the rules and regulation of the
organisation. The employees would understand the negative impact of not abiding by the security
policies. Studies say that security of information in an organisation is completely vested on the
employees. They are the key factors.
2.7.1 Risk management recommendation to reduce employee risk:

9IS SECURITY IN METASOFT SYSTEMS
Some of the recommendations that MetaSoft should follow to reduce the risk of
employees are:
 Continuous monitoring the employees: The employers need to monitor employees from
all angles to protect them engaging in unlawful events.
 MetaSoft should keep all their employees fit and healthy. They should look to the needs
and requirements of their employees and manage risks every day.
 All business organisation should have a risk-based approach to identify the critical
valuable assets and vulnerabilities of the company. This will help them identify the risk
of the employees and take necessary actions to eliminate them.
 The employee and the company should avoid recklessness.
2.8 Log records for analysing webservers and email server problems:
Log records has been identified to be an important piece of information that is provided
by the server. It provides information on “who, when and how” accessed the server. This type of
data will help to monitor the performance and eliminate the risk issues of the server. Log records
also help to investigate web and email servers to find out the IP address of users in case any
malicious events have taken place.
2.9 Use of audit log reports for performing auditing analysis:
The web and email servers provide two log files namely access.log and the error.log files.
The access.log file records all the files that are requested. If a visitor requests
www.example.com/main.php, the following entry will be added in the log file.
88.54.124.17 - - [16/Apr/2016:07:44:08 +0100] "GET /main.php HTTP/1.1" 200 203
"-" "Mozilla/5.0 (Windows NT 6.0; WOW64; rv: 45.0) Gecko/20100101
Firefox/45.0"

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10IS SECURITY IN METASOFT SYSTEMS
From the above log it can be revealed that a visitor with IP address 88. 54. 124. 17 requested for
main.php file on 16 April 2016 at 7:44 and the request made was successful. If log file was not
present, then the IP address that accessed the server could not be traced and therefore, auditing
analysis and monitoring could not be done. Data stored in the log file or log report will help to
solve the long-term security problems of the organization.
2.10 Propose five network devices that will help to mitigate the security issues and
threats to webservers and email servers:
 SSH keys: These keys are a pair of cryptographic keys that will authenticate SSH servers
as an alternative to password based logins.
Figure 4. SSH keys
(Source: Rad et al., 2015)
 Firewalls might be hardware or software that controls anything connected to the network.

11IS SECURITY IN METASOFT SYSTEMS
Figure 5: Firewall
(Source: Balmer et al., 2014)
 VPNs and private networking.
Figure 6: VPN and private networking
(Source: Border, Dillon & Pardee, 2015)
 Use of SSL/TSL encryption.

12IS SECURITY IN METASOFT SYSTEMS
Figure 7: SSL/TSL
(Source: Brubaker et al., 2014)
 Service auditing
Figure 8: Service auditing
(Source: Schiffman et al., 2013)
3. Conclusions:
From above discussions, it can be concluded that the network information systems faces
common malware problems like ransomware. One of the fastest growing threats in the world of
computers is ransomware. To combat and tackle ransomware attacks, organisation can

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13IS SECURITY IN METASOFT SYSTEMS
implement three types of anti-ransomware that are available in the market. Employee
commitment towards the organisation has an important role to play in information security.
Studies showed that security of information in an organisation is completely vested on the
employees.
3.1 Recommendations:
Information security is one of the major issues that most of the organization are facing.
Therefore, to overcome the security issues I would suggest the following actions:
 Regular monitoring of the servers and the networks. The process involved in scrutinizing
the network devices and the servers is hectic however, for resolving the problem
monitoring is required to be done.
 I would recommend installation of strong anti-viruses in the network as well as the
network devices. Anti-viruses should be efficient enough to detect and fight against any
type of malware.
 Updating the anti-viruses is another work that will help to eliminate the risks of the
security and threats to the network.

14IS SECURITY IN METASOFT SYSTEMS
4. References:
Backholm, A. (2016). U.S. Patent No. 9,444,916. Washington, DC: U.S. Patent and Trademark
Office.
Balmer, M. L., Slack, E., De Gottardi, A., Lawson, M. A., Hapfelmeier, S., Miele, L., ... &
Bernsmeier, C. (2014). The liver may act as a firewall mediating mutualism between the
host and its gut commensal microbiota. Science translational medicine, 6(237), 237ra66-
237ra66.
Border, J., Dillon, D., & Pardee, P. (2015). U.S. Patent No. 8,976,798. Washington, DC: U.S.
Patent and Trademark Office.
Brubaker, C., Jana, S., Ray, B., Khurshid, S., & Shmatikov, V. (2014). Using frankencerts for
automated adversarial testing of certificate validation in SSL/TLS implementations.
IEEE security & privacy, 2014, 114.
Ho, G., Javed, A. S. M., Paxson, V., & Wagner, D. (2017). Detecting Credential Spearphishing
Attacks in Enterprise Settings. In Proceedings of the 26rd USENIX Security Symposium
(USENIX Security’17) (pp. 469-485).
Landsman, R. A. (2013). U.S. Patent No. 8,601,475. Washington, DC: U.S. Patent and
Trademark Office.
Lee, S., Jo, J., Kim, Y., & Stephen, H. (2014, June). A framework for environmental monitoring
with Arduino-based sensors using Restful web service. In Services Computing (SCC),
2014 IEEE International Conference on (pp. 275-282). IEEE.

15IS SECURITY IN METASOFT SYSTEMS
Marman, T., & Kukreja, R. (2014). U.S. Patent No. 8,793,801. Washington, DC: U.S. Patent and
Trademark Office.
Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals
your phone. formal methods rescue it. In International Conference on Formal
Techniques for Distributed Objects, Components, and Systems (pp. 212-221). Springer,
Cham.
Pathak, P. B., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing
challenge. International Journal of Advanced Research in Computer Engineering &
Technology (IJARCET) Volume, 5.
Rad, P., Chronopoulos, A. T., Lama, P., Madduri, P., & Loader, C. (2015, November).
Benchmarking bare metal cloud servers for HPC applications. In Cloud Computing in
Emerging Markets (CCEM), 2015 IEEE International Conference on (pp. 153-159).
IEEE.
Rewagad, P., & Pawar, Y. (2013, April). Use of digital signature with diffie hellman key
exchange and AES encryption algorithm to enhance data security in cloud computing. In
Communication Systems and Network Technologies (CSNT), 2013 International
Conference on (pp. 437-439). IEEE.
Richardson, R., & North, M. (2017). Ransomware: Evolution, mitigation and prevention.
International Management Review, 13(1), 10-21.
Schiffman, J., Sun, Y., Vijayakumar, H., & Jaeger, T. (2013, June). Cloud verifier: Verifiable
auditing service for iaas clouds. In Services (SERVICES), 2013 IEEE Ninth World
Congress on (pp. 239-246). IEEE.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16IS SECURITY IN METASOFT SYSTEMS
Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A. V., & Imran, M. (2016). Security in software-
defined networking: Threats and countermeasures. Mobile Networks and Applications,
21(5), 764-776.
Trotter, D. H. (2013). U.S. Patent No. 8,381,287. Washington, DC: U.S. Patent and Trademark
Office.
Tuli, P., & Sahu, P. (2013). System monitoring and security using keylogger. International
Journal of Computer Science and Mobile Computing, 2(3), 106-111.
Tyree, D. S., & Tomlinson, J. E. (2014). U.S. Patent No. 8,856,315. Washington, DC: U.S.
Patent and Trademark Office.

1 out of 17

+13062052269

info@desklib.com

Security of Information System and Risk Management in MetaSoft System

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

IS Security and Risk Management: Vulnerabilities, Mitigation Strategies and Impact of Human Factors

Information System Security and Risk Management

IS Security & Risk Management: Threats, Mitigation Techniques and Improvements

IT Security and Risk Management: Threats, Malware, and Solutions

Information System Security: Threats and Solutions for Google Company

IS security and Risk Management