Questions
1. Was the firewall and Web server used by Linen Planet providing encryption services?
If so, what kind of protection was in place?
2. How could the access to Linen Planet’s Web server have been better secured?
Padma Santhanam, the CTO of Linen Planet, is traveling to work and get an urgent request to log in to the work order system and approve the change request (Whitman & Mattord, 2010). If this is not done they will miss the window for the new version of their online credit application (Whitman & Mattord, 2010). This issues appears to urgent that it could not even wait till Padma Santhanam arrives at work in a short while, it needed to be done the day before and was overlooked (Whitman …show more content…
The use of multi-factor authentication (MFM) helps guarantee that a user is who they claim to be (Rouse, n.d.). The more factors used to determine a user’s true identity gives a greater trust of authenticity (Rouse, n.d.). In this case with Padma Santhanam, if the company had been using milti-factor authentication, he would not have even been able to just give her password and ID to another user and compromises the entire Linen Planet network. With milti-factor authentication, each added factor increases the reassurance that an individual involved in some kind of communication or requesting access to the system is who, or what, they are professed to be (Rouse, n.d.). The three most common categories are often described as something you know, something you have and lastly something you are (Rouse, n.d.). So if Linen Planet server was requiring as second factor of authentication with say such as a key fob, an employee ID card or common access card (CAC), the entire compromise would have been impossible. Even with the Linen Plant use of encryption for connections to these servers would not have done anything to stop this type of compromise. The connection to server uses HTTPS pages that could use one of two secure protocols to encrypt communications (What is HTTPS, n.d.). The first is SSL (Secure Sockets Layer) and the second is TLS (Transport Layer Security) and both use what is known as an asymmetric Public Key Infrastructure (PKI) system (What is HTTPS, n.d.). With an asymmetric system it uses two keys to encrypt communications, a public key and a private key (What is HTTPS, n.d.). Therefore, anything encrypted with the public key can only be decrypted by the private key and vice-versa (What is HTTPS, n.d.). So after Padma Santhanam password and user ID