Vulnerabilities, Threats and Risks in Cyberspace

Abstract 

Cloud-based applications are flexible and efficient in service delivery. However, these applications have been hampered by vulnerabilities, risks and threats associated with cyber-attacks. In this paper, we shall discuss the key differences between vulnerabilities, threats and risks in cyberspace. Also, the potential threats and vulnerabilities in a cloud environment, web applications and end-users will be highlighted. This will serve to give insights on how best the system can be secured against malicious attackers. There are various analysis methods that the company can use to identify and classify risks in the case scenario. Therefore, the research paper will enumerate the most suitable method that can be used in the stated case scenario. Finally, some of the basic strategies will be highlighted in order to establish a long lasting secure platform for the firm.

Potential Threats And Vulnerabilities 

Information security is a key consideration for most businesses and organizations. Securing a company’s sensitive information has become a difficult task due to key advancements in technology. Hackers have invented new ways of penetrating any cloud-based application. In order to come up with efficient and secure structures, there is a need to understand the key differences between threats, vulnerabilities and risks in cyberspace. A threat implies a new incident in the cyber system which has the capabilities to harm the whole firm. Threats can be categorized into three types. These include; natural, unintentional and intentional threats. Unintentional threats include absurd scenarios such as access to wrong information. Intentional threats, on the other hand, include malware and spyware elements that can destroy the entire system. Floods and tornados are examples of natural threats. The term vulnerability refers to a weakness in the system which can be exploited by attackers. These are channels through which attackers use to penetrate the system. For instance, when one of the organization’s employee resigns and his original account is not disabled. This scenario makes the company vulnerable to cyber-attack since the resigned employee may use his or her original account for malicious reasons. Risk is a general term used to refer to the ability of experiencing loss when attackers exploit the system vulnerabilities. Generally, a risk is the product of threats and vulnerabilities in the system. 

A cloud environment refers to the information technology paradigms that allow for the pooling of the system resources for all users. This technique allows for various system users to share the configurable data of the organization. However, a cloud environment is limited by its susceptibility to attack. Data breach is a potential vulnerability of a cloud-based system. In most cases, human error plays a vital role in information breach. This can be financial records or any other sensitive information that was not intended for the public. Insufficient user identification feature is also a potential system vulnerability. For instance, in the scenario above, the company only has the password and username for identification. Insufficient identification features endanger the organization since they offer room for unauthorized access into the system. In addition, malicious insiders pose a huge threat to the cloud-based system. For instance, an administrator who has access to all the sensitive information in the system can use his or her administrative power for malicious reasons. In fact, a malicious insider is one the main threats in any cloud environment. Also, Advanced persistent threats(APTs) are other potential threats that can be experienced in a cloud environment. Generally, APTs are well-structured cyber-attacks that normally target to infiltrate sensitive data from the organization. Finally, the sharing of configurable tools in a cloud environment can enhance the system’s vulnerability to attacks. Improper designs in the shared resources may not isolate some of the pooling configurations of the system thus making it vulnerable to attacks. 

An SQL injection is a potential vulnerability in any web application (Hashizume et. al , 2013). In this type of system vulnerability, an attacker may use a code application to compromise the information in the database. Therefore, the code application allows the intruder to edit, delete and update the stored information in the database. “Cross-Site Request Forgery” (CSRF) is a web application attack where the user is coerced to engage in a malicious program (Rahman & Cheung, 2014). For instance, the user may be compelled to sign into a given prompt which the attacker can use to gain access into the system. Also, “Cross-Site Scripting” (XSS) is another potential vulnerability in a web application. XSS involves injecting a code in the output configurations of a user application. This can be in the form of a JavaScript which manipulates the user’s side-script for attacker’s malicious interests. Session hacking is another potential threat to a web application. In this attack, the intruders take advantage of the transition of information between the user and the server. They manipulate the URL parameters so that they can access the user account before the information reaches the server. Furthermore, buffer flow is another potential threat in a web application. In the event that the storage space allocated for a given set of data runs out, the extra information will be overwritten in other undesignated areas in the system. Therefore, if hackers gain access to such kind of information, they can use it for their own malicious purposes. 

An expired patch is a potential threat for the system administrator or end-user. This is because hackers normally target for vulnerabilities in the expired system patches. An expired patch offers an easy route through which the attacker can easily gain access into the system. Therefore, it is important for the end-users to update their patches before logging into the system. Reusing of passwords in multiple platforms is a vulnerability that the end-user imposes to the system. In the event that an attacker identifies the reused password, he or she can gain access to the system and source out vital information from multiple platforms. Excessive access by other staff members compromises the administrator’s ability to uphold the system’s integrity. Furthermore, excessive access by other users may compromise the administrator’s accountability and control. This process plays a vital role in making the system vulnerable to attack. This is because users will have the freedom to access all the information in the system. 

Method of Analysis Used 

In the described scenario, the company uses an application hosted in Amazon's cloud environment. In order to exhaustively analyze the case, it is important to contextualize the fact that the web application is based on Ruby On Rails (RoR). Therefore, the security assessment technique is a vital tool to be used in this scenario. This technique uncovers the system vulnerabilities and the potential threats by using both network and application scans. In the network-based scan, the assessor identifies all the devices connected to the network and evaluates for the possible vulnerable points in the network. For instance, the assessor may list all the services being executed in the system and highlight the key information in the TCP listening ports. It also scans for the information pertaining to the host and all devices attached to the system. This analysis method helps to identify any unwarranted device in the system. It also helps to identify Trojans and other ATPs that may be present in the system. Furthermore, this vulnerability and threat analysis method incorporate application scans. In this technique, the assessor scans for vulnerabilities in the web software by gaining access to its DAST tools (Kindy & Pathan, 2013). This technique helps to uncover the risks associated with vulnerabilities like SQL injections, XSS and exposure of vital information to other users. 

Strategy 

Considering the findings that can be discovered in the above risk assessment technique, it is important to contextualize the fact that CVE identifier is a common vulnerability for Ruby on Rails web application (Kindy & Pathan, 2013). CVE identifier poses major threats in the RoR web application because it allows for the execution of codes remotely. Therefore, this system vulnerability can be rectified by turning on the RoR “XML parser.” This action allows for serialization of RoR which consequently makes it difficult for an attacker to manipulate the information serialization tool, YAML. It is also recommended that the company ensures that its web application is not operated with a ruby on rails version that is not patched. This is the responsibility of the system administrator to ensure that the system patches are updated in order to reduce its susceptibility to attack. The company can also increase the user identification levels other than the password and username prompts. This will help to secure the system since it is almost impossible to come up with application codes that can manipulate three or four security stages of logging into the system. This is because a single sign-on feature does not guarantee safety from the cyber attackers. 

References 

Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing.  Journal of internet services and applications ,  4 (1),5. 

Kindy, D. A., & Pathan, A. K. (2013). A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks and Remedies.  Int. Journal of Communication Networks and Information Security (IJCNIS) ,  5 (2). 

Rahman, M., & Cheung, W. M. (2014). Analysis of Cloud Computing Vulnerabilities.  International Journal of Innovation and Scientific Research ISSN , 2351-8014.