List of System Risks and Recommended ways to Control Them
- Sensitive Account Information can be Lost to Hackers Using spoofing and spamming Recommended controls
- Application Servers are Subject to PHP Remote File Include
Use PHP versions that has secured register_globals, allow_url_fopen (Remote File Inclusion, 2009).
• Enforce PHP program security, e.g. input check to filter out executable remote file include as passed parameter from client web browsers to web and application servers.
- The Database Systems are Vulnerable to SQL Injection.
- The system can be affected by worms, viruses, spyware and other malicious code
Deploy new techniques, such as Vigilante, that can pose Contain Internet Worm Epidemics
• Use up to date anti-virus and anti-spyware software
• Enable TCP Wrapper/libwrap service deaemons. Khusial, D., McKegney(2005)
• Deploy Intrusion detection system and ACLs
- Stealing of User Data and Account Information
• Implement RDBMS vendor’s new security technologies, such as Oracle Transparent Data Encryption and column labeling (Oracle, 2009) to enforce database security at different gratuity level (e.g. database, table, column level).
• Proactive action to prevent suspicious and malicious SQL queries to access
- User account/password can Subject to Dictionary Attacks
Enforce strong password policy to ensure it has certain complexity, length and mix of cases and numbers.
Use incremental delay response after each failed login. Pinkas, B., Sander, T. (2002)
• Enforce customers’ use of secure web connections (HTTPS)
• Help customer to develop and configure filters using such technologies as “black list” and Microsoft Intelligent Message Filter to prevent phishing and pharming sites and spoofed-emails (E-mail Spoofing, 2009) from reaching customers.
• Implement new filter technologies such as “white-list”, which automatically record legitimate website based on URL address, page features, and DNS-IP