Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1
Security Risk Assessment for Quality Web Design
Ting Yin
Submitted to: Jude Lamour
SE571 Principles of Information Secur...
2
Table of Contents
Executive Summary………………………………………………………………………….3
Company Overview…………………………………………………………………………..3
Securi...
3
Executive Summary
Dell Sonic Firewall TCO recommends QWD to use Dell NSA 250m and NSA 6600 and
to replace its current IP...
4
network infrastructure (hardware). The second vulnerability is associated with SQL injection
attack into the client’s we...
5
The third threat is related to the potential SQL code insertion or injection client’s web
application. SQL injection is ...
6
3- Medium –Critical: QWD business still can somewhat manage its operations, but it has to do it
under the interference c...
7
(The Myth). The Ponemon Institute “estimates that the average cost of one minute of downtime
due to a DDoS attack is $22...
8
Justification for Using Dell Sonic NSA 220 M and NSA 6600
Dell SonicWall Firwall TCO Comparison and analysis tool and mo...
9
Training
Ongoing Operational (IT Labor) $125 $1,141 $1,015 89.0%
Total TCO - Total Cost of
Ownership (over 3 years) $50,...
10
Figure 2: Additional Security Services Appliances and Licensing Costs
Additional Security Services Appliances and
Licen...
11
access beyond managed desktops to different user services. Secure Remote Access, powered by
the Sonic Wall SSL/IPsec VP...
12
and web threat prevention that enables QWD mobile workers , stationary workers and clients to
be productive while helpi...
13
Figure 2: Dell NSA 250 M in Remote Office
14
NSA 250M and NSA 6600 Expert Rating
Category Rating
Feature 5/5
Ease of Use 5/5
Performance 5/5
Documentations 5/5
Supp...
15
By using Dell to brand its business can potentially attract more customer to QWD. Once
the customers understand the hei...
16
against application exploitation and malicious traffic. The Dell IPS service is scalable to provide
service to organiza...
17
Dell NSA 250 M Specification
Operating system SonicOS 5.9
Security Processor 2x 700 MHz
Memory (RAM) 512 MB
Firewall in...
18
Encryption/Authentication DES, 3DES, AES (128, 192, 256-bit)/MD5,
SHA-1
Key exchange Diffie Hellman Groups 1, 2, 5, 14
...
19
Operating system SonicOS 6.2
Security Processor 24x 1.0 GHz
Firewall inspection throughput1 12.0 Gbps
Full DPI throughp...
20
SSO, LADP, Novell, Internal user database,
Terminal Services, Citrix
Certifications VPNC, ICSA Firewall, ICSA Anti-Virus
21
Reference
Advantage of Telecommuting. (2014). Global Workplace Analytics.
http://globalworkplaceanalytics.com/resources...
22
NSA 220 Network Security Appliance. (2014). Dell SonicWall. Retrieved from
:http://www.sonicwall.com/us/en/products/NSA...
23
http://webcache.googleusercontent.com/search?q=cache:UnLmTmaPU8wJ:https://www.s
onicwall.com/downloads/WP-ENG-035_Why-R...
Upcoming SlideShare
Loading in …5
×

Security Risk Assessment for Quality Web Design

1,244 views

Published on

Security Risk Assessment for Quality Web Design

Published in: Technology
  • How long does it take for VigRX Plus to start working? ♥♥♥ http://t.cn/Ai88iYkP
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Stop getting scammed by online, programs that don't even work! ♣♣♣ http://scamcb.com/ezpayjobs/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Earn $500 for taking a 1 hour paid survey! read more... ◆◆◆ http://ishbv.com/surveys6/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Have you ever heard of taking paid surveys on the internet before? We have one right now that pays $50, and takes less than 10 minutes! If you want to take it, here is your personal link ★★★ https://tinyurl.com/realmoneystreams2019
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Security Risk Assessment for Quality Web Design

  1. 1. 1 Security Risk Assessment for Quality Web Design Ting Yin Submitted to: Jude Lamour SE571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: November 16, 2014
  2. 2. 2 Table of Contents Executive Summary………………………………………………………………………….3 Company Overview…………………………………………………………………………..3 Security Vulnerabilities……………………………………………………………………....3 Threats………………………………………………………………………………… ……4 Risk Assessment ……………………………………………………………………..……..5 The Consequence …………………………………………………………………….…….6 The Affects on The Company Competitive Advantages .......................................................7 The Definition of Solution ………….……………………………………………………..15 Justification …………………………………………………………………………………6 Impact on Business Processes ………………………………………………………………10 Reference…………………………………………………………………………………….19
  3. 3. 3 Executive Summary Dell Sonic Firewall TCO recommends QWD to use Dell NSA 250m and NSA 6600 and to replace its current IPSec VPN. NSA 250m and NSA 6600 appliances come with a wide range and heighted level of security protection services and additional security protection hardware and software bundles. Based on a reputable technology survey, NSA 250 m and NSA 6600 are given rating of 5 out of 5 (NSA Review). NSA 6600 system should be located near QWD office headquarters and NSA 250m should be located near in QWD remote office. Both NSA systems have the right tools to protect QWD from intrusion, denial of service, and SQL attacks. In addition to the security protection, NSA systems offer mobile service for workers, business partners, customer, clients or QWD affiliations to be able to collaborate online on QWD related projects. The remote access and connectivity can further improve QWD business process and even increase revenue. Company Overview Quality Web Design (QWD) is a web design and development company that designs and creates client side web application for different industries. The web application that QWD make can help their clients to market their client information in form of web content to the outside world. QWD has a basic Microsoft (MS) shop that uses a Visual Studio (VS) Team Foundation to support its image repository. For quality analysis and site development, QWD uses VS. QWD also utilizes MS SQL Server and MS Exchange (SEC 517). Two Security Vulnerabilities In this paper, I will discuss three security vulnerabilities: one is associated with hardware, the second is associated with the software. The first vulnerability is found within the
  4. 4. 4 network infrastructure (hardware). The second vulnerability is associated with SQL injection attack into the client’s web page (SEC 517). Threats Against VPN or Server In this section, two threats against a VPN will be discussed: 1) Intrusions; 2) Denial of Service. Intrusion is a form of threat that offers opportunities for unauthorized outsider to access and to control over parts of the VPN. The parts that can affect could be internal computers, servers, network elements, and other network components. To access into internal information or equipment as hackers or intruders, the malicious individual first inject code for traffic control into the VPN. In a simple case of the virtual invasion and unauthorized internal control is to send a single IP packet to a destination in the VPN (Threat Against). The terminals or phones and other mobile devices that are left opened and neglected are one of the primary reason that unauthorized individual can gain access to the internal resources that lie with QWD. “VPNs will likely continue to be the weakness link in an organization’s security infrastructure for some time to come.” (VPNs Virtual) Any organization is as secure as its weakest links or connections. VPNs provide illusion of a false sense of security, due to “poor implementation and maintenance.” Perhaps, VPN can be considered as one the weakest link in QWD (The Myth). Denial of service is another threat from outside against the VPN. Unlike intrusion discussed above this section, DoS prevents other from accessing the web. For hackers to complete DoS, s/he first needs to able to inject packets into the trusted zone of the VPN. The DoS attack can also interfere the VP user indirectly. When a PE router is affected by DoS attack can affect a given VPN that affect PE, which in turn can negatively affect the connected VPN (Threat Against).
  5. 5. 5 The third threat is related to the potential SQL code insertion or injection client’s web application. SQL injection is found as one of most prevalent destructive system attack. Open Web Application Security Project (OWASP) point out SQL injection as the number one threat. Injecting extraneous code into the textboxes can potentially debilitate the entire database. SQL injection can potentially be used to perform the following types of attacks. The injection can allow hacker to illegally logon to the internal application and illegally earn the privilege to manipulate the data stored in database and to disclose confidential information (SQL Injection). Risk Assessment In 2006, the U.K. Department of Trade and Industry (DTI) did a survey and released the results on businesses regarding security incidents. Of organization surveyed, it was found that intrusion was constant at 17 percent in their period of survey study, and failure of equipment was up to 29 percent (Pfleeger, 256) . In an official study, it was found that 87-percent of businesses surveyed have suffered a service degradation up to a full outage in 2013 from a DDoS attack (XAND LAUNCHES). SQL inject was found to be one of the six most commonly reported threats for Web applications. SQL among with other top five threats accounted for 40 percentage of threats found in 2012 (HP 2012). Level of Risk and Its Influence on QWD Operation Threat Level of Risk Denial of Service 4 Intrusion 3 SQL Inject 3 4- Critical: QWD business will not be operational when it encounters the type of threat as listed
  6. 6. 6 3- Medium –Critical: QWD business still can somewhat manage its operations, but it has to do it under the interference caused by the threats. The Consequence The consequences of security breach through VPN can lead to the theft of QWD proprietary or confidential information or loss of client information, to the exploitation or manipulation of confidential information, to web page content modification, etc. The authentication method used by IPsec authentication can weaken authentication process and can be unmanageable for QWD in deploying web services for multiple clients’ organizations. The expenses and the complexities associated with IPsec deployment, IPsec VPN selectors are insufficient to meet the need of the authorization-associated policies that QWD must have in today highly regulated environment (The Myth). To compensate the weaker authentication by IPsec VPN, QWD have to create relatively more complicated constituency-orientated policies to limited user access. IPsec VPN remote access need VPN client software and policy configuration at the end devices. With the need of additional supports and resources, QWD simply cannot deliver cost-effective secure remote access to all users from all devices. When a client is connected using IPsec, every resource inside this protected network is potentially available to the user, and therefore vulnerable to misuse and attack from that client during the entire connection (The Myth). DDoS attacks can cause costly and destructive downtime on the client’s hosted applications and resources. During the downtime caused by DDoS, the users of the websites developed and designed by QWD would be able to access the websites and the services that are offered by the clients through the web pages. In the meantime, QWD and its clients cannot communicate with the users and the clients’ customers due to the malfunctioning of the websites
  7. 7. 7 (The Myth). The Ponemon Institute “estimates that the average cost of one minute of downtime due to a DDoS attack is $22,000. The average attack lasts at least an hour, inflicting devastating and expensive downtime on business operations.” (Xand Launches). Through SQL Injection, the hackers can obtain unauthorized access to MS SQL 2008 database (DB) server or the DB located in the corporate office. The hackers can create, review, insert, alter, or remove QWD images or confidential information stored in the QDW back-end database. Through SQL injection and manipulation, the hackers can potentially can lock or delete tables stored in the DB at the QWD servers. The malicious manipulation of the data can cause denial of service to authorized users and can unauthorized-ly grant remote command executions that are normally reserved for administrators (SQL Injection). The Affects on the Company Competitive Advantages More of QWD may go to its competitors to see more similar services to decreased trust about the security and service provided by QWD. The outrage can cause an increase in volume of customer inquiries about the outage, which can result in a loss in revenue. The security fear can drive decline in stock prices and investor confidence. The comprised IT system at QWD can further be susceptible to multiple attacks within relatively short period of time (DDoS). With data breach of confidential information (QWD corporate confidential information, employee private information and client private information) can potentially raise lawsuit not only against QWD Company itself but also to its employees as well. If hackers are able to intrude into the system developed by the software developer or engineers, the computer professional are liable to lawsuits (Five Ways).
  8. 8. 8 Justification for Using Dell Sonic NSA 220 M and NSA 6600 Dell SonicWall Firwall TCO Comparison and analysis tool and model take into consideration of QWD current firewall requirements. Based on the client system requirement and configuration, Dell TCO make product recommendation that can improve the QWD system condition and it then make compares the selection of Dell SonicWALL product and service with a similar version of a Cisco solution. The TCO suggested solution are Dell SonicWall NSA 6600 and NSA 250 QWD system (Dell). Total TCO Savings 3 Year-over-Year of Dell SonicWall NSA over Cisco ASA is $381,405. The percentage of difference for Total Cost of Ownership (over 3 years) for Dell Sonic Wall NSA over Cisco ASA is -88.4%. QWD can save at least 88.4% when it purchases the Dell product over the Cisco version. Percent of difference projected number of labor FTEs of Dell SonicWall over Cisco ASA is 74.4%. Staff to device support ratio (Devices per 1 FTE) of DellSonic Wall is 159.9%. Firewall TCO per user (NPV over 3 years) is 88.4% of Cisco ASA (Figure 1) (Dell). Figure 1: Total Cost of Ownership Comparsion Total Cost of Ownership (TCO) Dell SonicWALL Cisco Difference Percent Difference Appliance Hardware and Support $41,321 $144,956 $103,635 71.5% Additional Security Services $7,664 $282,512 $274,848 97.3% Implementation / Configuration / $903 $2,810 $1,907 67.9%
  9. 9. 9 Training Ongoing Operational (IT Labor) $125 $1,141 $1,015 89.0% Total TCO - Total Cost of Ownership (over 3 years) $50,014 $431,419 $381,405 88.4% Key Performance Indicators Dell SonicWALL Cisco Difference Percent Difference Projected Number of Labor FTEs 0.0 0.1 0.0 74.4% Staff to Device support ratio (Devices per 1 FTE) 143.7 55.3 88.4 159.9% Firewall TCO per user (NPV over 3 years) $50 $431 $381 88.4% Dell SonicWall NSA products include Comprehensive Gateway Security Suite (CGSS), Simple Firewall, Gateway Anti-Virus/Anti-Spyware (GAV), Intrusion Prevention Service Bundle, Application Intelligence and Control , Content Filtering Service , Botnet Filter , Context Aware Security Support Level, IPSec VPN License, and SSL VPN license. The cost saving of Dell SonicWall NSA over Cisco ASA is $157,247 and the TCO different of Dell over Cisco is – 92.6%. This mean Dell SonicWall’s security package cost 92.6% less than Cisco version (Figure 2) (Dell).
  10. 10. 10 Figure 2: Additional Security Services Appliances and Licensing Costs Additional Security Services Appliances and Licensing Costs Dell SonicWALL Cisco Difference Percent Difference Selected Deep Packet Inspection Services $0 $149,847 $149,847 100.0% √ Intrusion Prevention Service (IPS) Appliance (Dell-Not Req. ) $0 $86,490 $86,490 100.0% √ Intrusion Prevention Service (IPS) Licensing (Dell-Included ) (Cisco-Included ) $0 $0 $0 100.0% √ Application Intelligence and Control (AIC) (Dell-Included ) (Cisco-Included ) $0 $0 $0 100.0% √ Content Filtering Service (CFS) (Dell- Included ) (Cisco-Not Incl. ) $0 $0 $0 100.0% Selected Client Services $595 $7,995 $7,400 92.6% √ IPSec VPN (Dell-Included ) $0 $0 $0 0.0% √ SSL VPN $595 $7,995 $7,400 92.6% Impact on Business Process Dell SonicWall technologies integrate both SSL/IPsec VPN into its system. The SSL/IPsec VPN offers the capability to securely and conveniently extends the corporate network
  11. 11. 11 access beyond managed desktops to different user services. Secure Remote Access, powered by the Sonic Wall SSL/IPsec VPN edition, enables QWD to securely and seamlessly provide authorized company resources access to a wide ranger of users, contractors, and business partners on the wide variety of mobile and fixed workstations (SNA 6600, SNA 220). With inclusive support for unrestricted full-network access, as well as controlled access select web-based applications and network resources, the sonic wall VPN network platform provide flexibility needed by any VPN deployment in QWD. The VPN provides an effective and efficient combination of seamless controlled access, firewall, intrusion prevention inspection and web threat prevention that empower QWD mobile worker to be productive while protecting corporate asset or interest (SNA 6600, SNA 220) Combined SSL/ISpec VPN technology into one platform can deliver a highly customizable, simple, and flexible one-box solution for VPN deployment environments, and reduce the expense of deploying remote-access solutions (SNA 6600, SNA 220). Through client- based SSL or IPsec VPN, corporate managed laptop can remotely access seamlessly to QWD corporate network resources. Through clientless SSL VPN, remote user such QWD clients may gain access web-based application from their terminal. Business partner or other professional affiliation can access to specific QWD resources and application. NSA 6600 should be located in the corporate office. NSA 6600 supports a wide range of deployment and application environments, NSA 660 delivers maximum value to QWD with the most comprehensive set of Secure Socket Layer (SSL) and IP security (IPsec) VPN features, performance, and scalability (SNA 6600, SNA 220). The solution is comprised of a single unified platform: the NSA 6600 and the Secure Mobility Solution, enables QWD to use a highly effective combination of seamless controlled access, firewall, intrusion prevention inspection
  12. 12. 12 and web threat prevention that enables QWD mobile workers , stationary workers and clients to be productive while helping to improve corporate profit by increasing sales. With Dell inclusive support for unrestricted full-network access, as well as controlled access to select web-based applications and network resources in QWD, the platform provides the flexibility required by any VPN deployment in QWD (Figure 3) (SNA 6600, SNA 220). Figure 3: Dell NSA 6600 in Corporate Headquarter Office
  13. 13. 13 Figure 2: Dell NSA 250 M in Remote Office
  14. 14. 14 NSA 250M and NSA 6600 Expert Rating Category Rating Feature 5/5 Ease of Use 5/5 Performance 5/5 Documentations 5/5 Support 5/5 Value for Money 5/5 Overall Rating 5/5 The wireless network capabilities offered by NSA 250M and NSA 6600 can empower mobile worker, who can work anywhere while protected by the security service offered the Dell technology. Based on the survey answered by the users of the NSA system, it seem that all these users are 100% satisfied with the system. They give them 5 out 5 for overall rating (NSA Review). By allowing employee the option to work at home at a certain time of a week can improve business result. Evidences have shown around two thirds of people want to work at home and eighty percentage of employee did the survey consider telework as perk. Approximately 6 out 10 employers identify telecommunication as cost saving plan for the employer. IBM saves real estate cost by $50 million, and Nortel save $100,000 per employee, who works at home. Sun Microsystem saves $68 million a year from its telecomm workers (Advantage).
  15. 15. 15 By using Dell to brand its business can potentially attract more customer to QWD. Once the customers understand the heightened level of protection offered by Dell technology, they are more willingly to do more business with QWD or even recommend more customers to QWD. Quality Web Design can potentially experience fewer incidences of system malfunction and data breach that are resulted from intrusion, denial of service, sql injection or other. By having fewer number of incidents can potentially reduce the time and expense involved in litigation workload and cost associated with data breach and unauthorized access. Hard Solution and Security Service Solution Dell SonicWALL is a multi-service platform. The security protection extends from the network core to the perimeter of the system. Unified Threat Management (UTM) integrates support from SonicWALL’s Gateway Anti-Spyware, Anti-Virus, and Intrusion Protection service and Application. These all security appliance delivers real-time protection against the innovative mixtures of threats that include intrusion threat and SQL. The effective combination of protection against application-layer and content-based attacks is a heightened level of gateway protection defends against multiple threat coming from the access points (AP) and thoroughly look through all network layers for threats that either involve or include intrusion threat (SNA 6600, SNA 220). The Dell SonicWall Intrusion Prevention System (IPS) Service provides network protection 24 hours a day and 7 days week. Its major specification is 4.5 Gbps, Maximum Inspected Connection is 500,000, and New Connections/Per Second is 90,000. Dell’s IPS Service is activated on Dell Sonic WALL and Network Security Appliance (NSA). IPS provides high performance and deep pocket inspection with countermeasure for complete protection
  16. 16. 16 against application exploitation and malicious traffic. The Dell IPS service is scalable to provide service to organization of all sizes. When QWD expands its business and has more customers, it still can use the Dell SonicWall system. IPS provides a layer of security enforcement and protection between each network zone and the Internet and between Internet zones for additional security against intrusion (SNA 6600, SNA 220). IPS provides bi-directional and full stack inspection that check for inbound and outbound of critical application traffic providing defense against a wide variety of attacks, such as SQL injection, cross-site scripting, remote code execution, shell code payloads, and remote procedure calls. It has a wide range of payload inspection: it spans a wide range of protocols, including MySQL, TCP, DNS, HTTP, HTTPS, SMTP, SNMP, POP3, FTP, Telnet, RTP, etc. Firewall and Networking part of the Dell Sonic Wall offer SYN Flood protection. SYN Flood provides a defense against DOS attacks using both Layer 2 SYN blacklisting and Layer 3 SYN proxies. It provides the ability to defend against DOS/DDoS through UDP/ICMP flood protection and connection rate limiting (SNA 6600, SNA 220). Dell SonicWall Virtual Private Networking technology can make network and security management more efficient for network managers/administrator. Using Dell SonicWall VPN, the network managers can establish a more secure and extensive VPN that can be more readily to control and manage. Dell Sonic VPN technology includes integrated IPSec VPN, for securing site-to-site communication. The VPN technology offers both SSL VPN and IPSec VPN for remote client-secure access. The VPN technology line also offer a complete of Secure Remote Access/SSL VPN appliances that come with remote access and management capabilities to a wide range of organizational size with varying network complexities and specification and security requirement (SNA 6600, SNA 220).
  17. 17. 17 Dell NSA 250 M Specification Operating system SonicOS 5.9 Security Processor 2x 700 MHz Memory (RAM) 512 MB Firewall inspection throughput1 750 Mbps Full DPI throughput2 130 Mbps Application inspection throughput2 250 Mbps IPS throughput2 250 Mbps Anti-malware inspection throughput2 140 Mbps IMIX throughput3 210 Mbps SSL Inspection and Decryption (DPI SSL)2 Available VPN throughput3 200 Mbps VLAN interfaces 35 VPN Site-to-Site VPN Tunnels 50 IPSec VPN clients (Maximum) 2(25) SSL VPN licenses (Maximum) 2(15)
  18. 18. 18 Encryption/Authentication DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1 Key exchange Diffie Hellman Groups 1, 2, 5, 14 Route-based VPN RIP, OSPF IP address assignment Static, (DHCP PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP Relay NAT modes 1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent mode Routing protocols BGP, OSPF, RIPv1/v2, static routes, policy- based routing, multicast Authentication XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix Standards TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 Hardware Form factor Desktop (1U Rack Mountable Kit Available) NSA 6600 Specification
  19. 19. 19 Operating system SonicOS 6.2 Security Processor 24x 1.0 GHz Firewall inspection throughput1 12.0 Gbps Full DPI throughput2 3.0 Gbps Application inspection throughput2 4.5 Gbps IPS throughput2 4.5 Gbps Anti-malware inspection throughput2 3.0 Gbps IMIX throughput3 3.5 Gbps SSL Inspection and Decryption (DPI SSL)2 1.3 Gbps VPN throughput3 5.0 Gbps VPN Site-to-Site VPN Tunnels 6000 IPSec VPN clients (Maximum) 2,000 (6,000) SSL VPN licenses (Maximum) 2 (50) Encryption/Authentication DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1 Key exchange Diffie Hellman Groups 1, 2, 5, 14 Route-based VPN RIP, OSPF Networking IP address assignemnet Static, DHCP, PPPoE, L2TP, PPTP client), Internal DhCP server, DHCP Relay Authetnicaiton XAUTH/RADIUS, Active Directory,
  20. 20. 20 SSO, LADP, Novell, Internal user database, Terminal Services, Citrix Certifications VPNC, ICSA Firewall, ICSA Anti-Virus
  21. 21. 21 Reference Advantage of Telecommuting. (2014). Global Workplace Analytics. http://globalworkplaceanalytics.com/resources/costs-benefits An Anomaly-Based Approach for Intrusion Detection in Web Traffic. (n.d.) Retrieved from: http://webcache.googleusercontent.com/search?client=safari&rls=en&q=cache:hmDAp gF38E4J:http://digital.csic.es/bitstream/10261/40544/1/ARTICULOS315428%255B1% 255D.pdf%2Bconsequence+intrusion+web+security&oe=UTF- 8&hl=en&as_q&nfpr&spell=1&&ct=clnk Dell SonicWALL Firewall Appliance TCO Comparison. (2014). SonicWall. Retrieved from: https://roianalyst.alinean.com/SonicWALL/ Five Ways Programmers Can be Suit. (n.d.) Retrieved from: http://www.techinsurance.com/blog/computer-consultants/5-ways-web-programmers- can-be-sued/ DDoS Boot Camp: Basic Training for an Increasing Cyber Threat . (n.d.) Retrieved from: www.prolexic.com/...ddos-boot-camp/DDoS_Boot_Camp-Prolexic_executive _ series_white_paper-073113.pdf How to Prevent Security Breaches from Known Vulnerabilities. (n.d.) http://www.esecurityplanet.com/network-security/how-to-prevent-security-breaches- from-known-vulnerabilities.html HP 2012 Cyber Risk Report. (n.d.) Retrieved from: www.hpenterprisesecurity.com/collateral/whitepaper/HP2012CyberRiskReport_0213.pdf %2BHP+2012+Cyber+Risk+Report&client=safari&rls=en&oe=UTF- 8&hl=en&&ct=clnk
  22. 22. 22 NSA 220 Network Security Appliance. (2014). Dell SonicWall. Retrieved from :http://www.sonicwall.com/us/en/products/NSA-220.html NSA 6600 Next-Generation Firewall (NGFW). (2014).Dell SonicWall. Retrieved from: http://www.sonicwall.com/us/en/products/NSA-6600.html NSA Review. (2009). Retrieved from :http://www.scmagazine.com/sonicwall-nsa- 240/review/2678/ The Myth of the Secure Virtual Desktop Avoid a false sense of security with your VPN or VDI endpoints. (n.d.) Retrieved from: http://webcache.googleusercontent.com/search?q=cache:7LfeJvdlN_kJ:http://www.npcda taguard.com/The%2520Myth%2520of%2520the%2520Secure%2520Virtual%2520Deskt op.pdf%2BThe+Myth+of+the+Secure+Virtual+Desktop&client=safari&rls=en&oe=UTF -8&hl=en&&ct=clnk SEC 517 Course: Security Assessment and Recommendations [class handout]. (2014). New York, NY: Keller School of Management, New York, NY Smith, D. (2010). Profiles of major American psychologists [Class handout]. Department of Psychology, Harvard University, Boston, MA. SQL Injection Tutorial. (n.d.) Retrieved from :http://www.w3resource.com/sql/sql-injection/sql- injection.php#sthash.Rq9nWIAW.dpuf Threats Against a VPN. (n.d.) Retrieved from: http://etutorials.org/Networking/MPLS+VPN+security/Part+I+MPLS+VPN+and+Security+F undamentals/Chapter+2.+A+Threat+Model+for+MPLS+VPNs/Threats+Against+a+VPN/ VPNs (Virtual Private Nightmares). Retrieved from: http://www.secureworks.com/resources/newsletter/2004-05/ Why Replace Your IPSec for Remote Access. (n.d.) Retrieved from:
  23. 23. 23 http://webcache.googleusercontent.com/search?q=cache:UnLmTmaPU8wJ:https://www.s onicwall.com/downloads/WP-ENG-035_Why-Replace-Your- IPSec_US.pdf%2BWhy+Replace+Your+IPSec+for+Remote+Access&client=safari&rls= en&oe=UTF-8&hl=en&&ct=clnk XAND Launches Distributed Denial of Service (DDOS) Protection Services to Proactively Services to Proactively Safeguard Mission-Critical IT Infrastructure. (n.d.) http://webcache.googleusercontent.com/search?client=safari&rls=en&q=cache:ZABMjD DDhLQJ:http://www.xand.com/06/press-releases/xand-launches-distributed-denial-of- service-ddos-protection-services-to-proactively-safeguard-mission-critical-it- infrastructure/%2Bdenial+of+service+percentage+risk&oe=UTF-8&hl=en&&ct=clnk

×