Encryption And Firewall Case Study
1. Was the firewall and Web server used by Linen Planet providing encryption services?
If so, what kind of protection was in place?
2. How could the access to Linen Planet’s Web server have been better secured?
Padma Santhanam, the CTO of Linen Planet, is traveling to work and get an urgent request to log in to the work order system and approve the change request (Whitman & Mattord, 2010). If this is not done they will miss the window for the new version of their online credit application (Whitman & Mattord, 2010). This issues appears to urgent that it could not even wait till Padma Santhanam arrives at work in a short while, it needed to be done the day before and was overlooked (Whitman …show more content…
By doing this, the criminal hopes to get your login and password to allow them to larger compromise. In this situation with Padma Santhanam it is more of a form of eavesdropping, but is just as effective. While most scams require some amount of deceit or technical knowledge, shoulder surfing does not. This is the modern age equivalent of having your pocket picked, but now instead of a pickpocket using their quick hands to steal, they use their sharp eyes and memory, or a smart phone (Shoulder Surfing, n.d.). When you’re working on your personal computer in a public space or sharing personal information, it’s vital to check for prying people. You must be aware of how you position yourself, and how easy it is to see you laptops screen and in this case, how easy it is to be over heard. You can also use your hand to protect your keyboard or number pad anytime you are inputting sensitive data such as your usernames, passwords or credit card numbers (Shoulder Surfing, n.d.). However, the best policy is simply to be totally aware of your surrounding at all times when providing sensitive data, whether it is on the phone or directly into your computer or an automated teller …show more content…
The use of multi-factor authentication (MFM) helps guarantee that a user is who they claim to be (Rouse, n.d.). The more factors used to determine a user’s true identity gives a greater trust of authenticity (Rouse, n.d.). In this case with Padma Santhanam, if the company had been using milti-factor authentication, he would not have even been able to just give her password and ID to another user and compromises the entire Linen Planet network. With milti-factor authentication, each added factor increases the reassurance that an individual involved in some kind of communication or requesting access to the system is who, or what, they are professed to be (Rouse, n.d.). The three most common categories are often described as something you know, something you have and lastly something you are (Rouse, n.d.). So if Linen Planet server was requiring as second factor of authentication with say such as a key fob, an employee ID card or common access card (CAC), the entire compromise would have been impossible. Even with the Linen Plant use of encryption for connections to these servers would not have done anything to stop this type of compromise. The connection to server uses HTTPS pages that could use one of two secure protocols to encrypt communications (What is HTTPS, n.d.).