Quality Web Design Case Study
Essay by sgelin09 • November 15, 2012 • Case Study • 1,074 Words (5 Pages) • 1,724 Views
Quality Web Design (QWD)
Security Weaknesses
Steve Gelin
Submitted to: Jack Sibrizzi
SE571: Principles of Information Security and Privacy
Keller Graduate School of Management
Submitted: 8/25/2012
Table of Contents
Executive Summary 3
Company Overview 3
Security Vulnerabilities 3
Software Vulnerabilities 4
Hardware Vulnerabilities 4
Recommended Solutions 5
A Hardware Example Solution 5
A Software Example Solution 5
Impact on Business Processes 5
Summary 5
References 6
Executive Summary
My paper focuses on a security assessment of Quality Web Design (QWD), which is a very successful company that is well-known for its magnificent and appealing websites; they work on trying to get your company or business in the top 10 search engine results so that searchers find you on the first page of the search results. They have a competitive pricing scheme going on, they offer many different options for their website construction, and they start by offering the customer a selection of pre-designed websites that they themselves can customize with their individual logos, text, images, themes or just a whole different template and any other information that would be helpful in catching the eye of potential customers.
Company Overview
Quality Web Design (QWD) is a business that specifies and focuses on Web site, Web development, content design, programming, graphic design, photo editing and logo design for all types of businesses. QWD is a web graphic design and development company based out of Orlando, Fl. QWD cater to a huge and diverse clientele that spans across USA, UK and Canada.
Security Vulnerabilities:
Software Vulnerabilities
Listed further down are two security vulnerabilities: software and hardware. These security vulnerabilities were identified through the initial verification of the QWD software usage for their web design company. A majority of QWD personnel require out of office access when working on projects for the company, so the use of Virtual Private Networks called (VPN's), Outlook Web email, Microsoft SQL 2008 Server and Microsoft Exchange 2007 email servers which utilize the corporate intranet resources. Remotely utilizing these programs or software out of the company will cause QWD to be exposed to attacks from the internet. But not only that, employees put the utilization of corporate equipment such as desktops, laptops & mobile devices (iPhones and Windows Mobile 6) in very harmful situations that the company will pay for dearly later as time progress.
Having these equipment listed it is possible to incur outside attacks from the internet while utilizing the company intranet resource on a remote computer that is not protected. As I've read the different equipment listed within the QWD company it seems that there employee laptops, & mobile devices are being used unprotected over the internet which could lead to situations such as Trojan horses and email worms.
For example Microsoft Exchange 2007 email servers has a well-known vulnerability that could allow remote code execution, this vulnerability can allow an attacker to take control of your affected system with Exchange Server service account privileges or the attacker could just disable your services within Microsoft Exchange completely.
Hardware Vulnerabilities
The same can be said for the companies hardware systems listed such as their iPhones and Windows Mobile 6, these hardware devices that employees of QWD are devices that can easily be hacked by an outside user for example the iPhone 4 has
...
...