10. Damages organizations’ computer systems
Financial Impact
Legal action
Loss of reputation
Costs of contacting all of the individuals
Organization’s market share
Prevent or Mitigate Access Control Attacks
Example: Target
‹#›
Hackers originally gained access to Target’s network by
stealing the access credentials, via a phishing attack, of a
11. refrigeration contractor
Electronic interaction with Target was limited to billing,
contract submission, project management
Sophisticated and prolonged attack at Target
Once the hackers infiltrated the Target network, they distributed
malware to thousands of PoS machines designed to siphon off
customer data
The stolen data was later uploaded from the Target network to
an FTP server
Then, they set up a control server within Target’s internal
network that acted as the central repository for the stolen credit
card data
Example Discussion Activity
How could this attack have been prevented?
‹#›
12. Protecting the Enterprise
‹#›
Requires a coordinated defense involving people, processes and
tools that span anti-malware, firewalls, applications, servers,
network access controls, intrusion detection and prevention,
security event monitoring, and more
Identity and Access Management (IAM)
Obtain visibility and control over user access privileges, who
has access to what?
‹#›
Detective controls
Access policy
Automated account reconciliation
Authentication Attacks
13. ‹#›
Occur when a web application authenticates users unsafely,
granting access to web clients that lack the appropriate
credentials
Access Control Attacks
‹#›
Occur when an access control check in the web application is
incorrect or missing, allowing users unauthorized access to
privileged resources such as databases and files
Web Applications
‹#›
Exposing these rich interfaces to anyone on the Internet makes
web applications an appealing target for attackers who want to
gain access to other users’ data or resources
Access Control
14. ‹#›
Access control attacks attempt to bypass or circumvent access
control methods
Access control begins with identification and authorization
Access Aggregation
‹#›
Collecting multiple pieces of non-sensitive information and
combining, or aggregating, the pieces to learn sensitive
information
Reconnaissance Attacks
‹#›
Access aggregation attacks that combine multiple tools to
identify elements of a system, such as IP addresses, open ports,
running services, and operating systems
15. Protecting Against Access Control Attacks
‹#›
Control physical access to systems
Control electronic access to password files
Encrypt password files
Create a strong password policy
Use password masking
Deploy multifactor authentication
Use account lockout controls
Use last logon notification
Educate users about security
Audit access controls
18. 1
Running head: TITLE OF YOUR PAPER (50 characters max)
4
TITLE OF YOUR PAPER
Title of Your Paper
Your Name
Independence University
Abstract
An abstract is optional and is a general overview of the content
covered in your paper. The abstract should be no more than 250
words. In general class assignments, the abstract may not be
required. Please check with you instructor regarding this
requirement. For the running head above, the words Running
head: should be in the same 12-point font as the rest of the
paper, only appear on the cover page, be on the same line as the
page number, and be aligned with the left 1” margin. The paper
title portion should be in all caps. For the second page and
beyond, the running head should only include the paper title in
all caps. The page numbers should be aligned at the right 1”
margin.
19. Title of Your Paper
The initial paragraph is assumed in APA to include the
introduction to your paper, and therefore does not require the
heading of “Introduction”. Use the paper title as the initial
paper heading, centered, not in bold, with major words
capitalized. The heading and content should start at the top of
the page with no extra spacing. The entire paper should be
double-spaced with no extra spacing between headings or
paragraphs. The first line of every paragraph should be indented
5-7 spaces, or .5” by default. This includes paragraphs
following numbered lists and images. This section should
“introduce” the reader to the content covered in your paper. In
many ways, the introduction serves as a mini-outline for the rest
of the paper. So, as you continue to write the remaining
sections, make sure to only include the information related to
what you have “introduced” in your introduction paragraph. To
sum it up, this section should tell the audience what you are
going to talk about in the Body.
Body
Use a level 1 APA heading appropriate for the content to
introduce this section, centered and in bold. Do not use the
Body heading. The “body” of your paper should expand on the
concepts covered in your introduction. It is appropriate to have
main and subtopics in this section. The main and subtopics
should be identified by using the appropriate Level Heading.
To sum it up, this section should talk about what you told the
20. audience you were going to talk about in your Introduction. Use
additional APA heading levels following an outline format for
each new concept section in your paper. Level 1 is centered and
in bold. Level 2 is left-aligned and in bold, level 3 is in the first
line of the paragraph, in bold, and ending with a period., etc.
Each heading should be appropriate for the content contained in
the paragraphs under the heading.
Citing Your Sources
When using information from outside sources in your writing,
you must cite those sources appropriately. As an example, if
you are paraphrasing, follow the end of the information with a
citation, then follow with the period to end the sentence. The
citation must include the author and year, like this (Lodico,
Spaulding & Voegtle, 2010). The citations must match the
references provided at the end of the paper. Only provide the
author’s initials in the full references at the end of the paper,
not within the citations. A quote would be followed with a
citation containing the page or paragraph number for the quoted
content. An example would be, “This is a hypothetical quote”
(Scaduto, Lindsay, & Chiaburu, 2008, p. 27). If you introduce
the authors in your sentence, immediately follow their names
with the year in parentheses. For example, Lodico, Spaulding
and Voegtle (2010) wrote a paper discussing educational
research methods.
Conclusion
This section should cover the highlights of the previous
content. The conclusion should “briefly” remind your
reader/audience about what is included in the previous sections.
Refrain from introducing new topics or ideas in this section,
unless you want to revisit and rework/rewrite previous sections
to include them. To sum it up, this section is going to remind
your audience of what you just told them in the Body, while
making a final point. Once you have completed this section, you
need to complete the References page. An outline of the
Reference page is below.
21. References
Lodico, M.G., Spaulding, D.T., & Voegtle, K.H. (2010).
Methods in educational research: From theory to practice. San
Francisco, CA: Jossey-Bass.
Scaduto, A., Lindsay, D., Chiaburu, D.S. (2008). Leader
influences on training effectiveness: motivation and outcome
expectation processes. International Journal of Training and
Development, 12(3), 158-170.
This is where all the references you used will be listed
alphabetically by author’s last name. The reference page needs
to be double-spaced and the second line of the same reference
should be added as a “hanging” indent. All references should
also be double-spaced with no extra spacing between them. All
references should be in the same font as the rest of the paper.
The content of this page should begin at the top of the page with
no extra spacing. Once you have added your references, please
delete this section and the information below from the template.
Additional APA resources are below:
Purdue Online Writing Lab APA
Son of Citation Machine APA
How to cite and reference just about any type of source, with
examples
APA 6 writing instructions and example