Computer systems are very useful in the daily activities of an organization, company, institution or even and individual. The system(s) is useful in aiding human beings in completion of various tasks with less effort. For instance, a hospital system can be built in that, it assists in the storage of data of the patients that come to the hospital. Retrieved the data. Provides a rep [ort on the number of patients who have visited the hospital in a period of a day, a week a month or even specific years. Besides, the system may help in generating information that will be useful in the arrangement of the drug store, in that it provides information on how many drugs are in store, how many have been used, and how many are remaining. These among other works are done by the computer systems. However, systems may be affected by various intrusions that can cause a big mess. When systems are intruded on, sensitive data may be breached to people who are not supposed to access it, data may be lost, data may be corrupted among other negative effects. Some of the data intrusion and security vulnerabilities include;
Firewall vulnerability. When one considers keeping their system safe from external attacks, firewall is the first defense that is considered. However, the firewall may be falsified hence making it vulnerable. Some of the leak sources that cause the firewall to be vulnerable are;
a) use of lax passwords. Lax passwords are used especially by people which have difficulties to remember their passwords. Creating a strong and complex password for them is quite challenging. This leads to such individuals, to use simple passwords that are easily hacked or guessed.
b) Inactivated controls.
Some systems have very strong tools that keep them safe from any attack. However, these tools are not activated. For instance, some systems have anti-spoofing tools which are very essential in ensuring that the system is safe from spam, malware among other deceptive traffic. If these tools are not activated, then the system is exposed to threats and attacks despite having very strong tools that can protect it.
c) Using a firewall software that is outdated. Outdated software are by themselves enough risk to external attacks. Using a firewall that is not updated puts the system in great risk of attack. This is because, as the system software are advancing, so does the software used by hackers. If the firewall remains in its old state, then it is exposed to a great deal of hackers.
d) Insider attacks vulnerability.
This happens when a source that has access to the firewall gives out the access and hence the firewall is exposed to attack to ensure that the firewall is safe from this internal attack, the system can be protected using Firewall Network Segment Configuration Strategy, which subdivides the network into subnets that are independent, hence slowing down the activity of the hacker, giving you time to notice and correct the hacking. e) lack of documentation. Lack of documentation happens when a key IT personnel who was working on the system leaves without having logs that can be retrieved. This creates a gap that can be manipulated, leading to system hack. f) too basic inspection protocols. Older protocols are regarded to be too weak to withstand the current hackers. Older protocols only checked the source and destination of packets coming in the system However, with the next-generation systems, that use layer 7 protection, the source destination and the content of the packets are reviewed to assert the security of the system as a whole. Advancing to the current security measures would be ideal to safeguard the system from attacks coming in this format. (Trustnet, n.d.).
Unpatched computer software versions. Patching computer software versions is an activity that can be considered to be unending. Computer applications, tools and systems need to be updated frequently so as to keep them up to date. This is necessary in ensuring that the system is collaborating with the changing versions of applications that they work together with it. Most importantly, it is important in ensuring that the system version is safe from threats and hacks that would develop over time. As systems are updated, so does hackers’ systems get updated. (Packetlabs, n.d.).
Weak passwords. The use of a password works in a manner like, when one has a friend, they have to produce a secret word so that you can communicate sensitive information. If one does not know the secret word, then they are not party to know the information you have or communicate with you regarding the information you have. Passwords have advanced from using a dictionary word like “Hollow” to advancement in systems demanding for, a word and a number “Hollow1” to more advancements demanding for keys like “@#$%^&*” for instance, “Hollow1@>”. These advancements ensured shifting from weak passwords to strong ones (Nopsec, 2017). Systems can be hacked when passwords are guessed or even cracked. Hence to avoid vulnerability caused by weak passwords, a strong password with a mixture of a dictionary word with at least one letter in upper case, a number and an odd key are necessary.
Unencrypted data. Sensitive data needs to be hidden using all means. Use of passwords is not enough, hence, organizations employ more sophisticated methods to have the data secure. Encryption can take various forms among them, the saving of the data in a “corrupted” language that can only be retrieved by the rightful user. Unencrypted data is a network vulnerability.
Virus and malware vulnerability. This type of vulnerability is caused by system viruses that affect the normal functioning of the system. Viruses’ corrupt systems in carious ways. Among them could be giving access to the system sensitive data to un authorized persons which puts the system at risk.
Social Engineering. This is a type of human security vulnerability, which affects involves indulgence to the system by individuals who use emails to send spam links. These links may cause the system to be at risk of been tapped and hacked.
Intrusion detection abbreviated as IDS is software system which monitors the traffic of a network so as to detect suspicious activities in the network. When such is detected, or discovered, the system makes an alert. Although the primary functions are reporting and anomaly detection, some of the intrusion detection systems have the ability to take action in case an anomalous traffic or a malicious action has been detected, which includes the blocking of traffic which has been sent from internet protocol addresses (IP addresses) that are suspicious.
The IDS are basically used in detecting anomalies so that they can catch hackers before they impose a harm to the system. The IDS can be host-based or network-based. Host-based IDS are installed on the computer of the client, while the network-based IDS is installed or found in the systems network. The IDS function by seeking out signatures of attacks that are known or normal activity deviations. The deviations are pushed to the top of the stack, where they are examines at the application and protocol layer. They cad detect effectively, events like Christmas tress scans, also domain name system poisonings. There exists also, cloud-based IDS which protect systems and data in the cloud.
An Intrusion Prevention System (IPS) is a type of network security which works in detection and prevention of threats that have already been identified (Gillis, 2020). The IPS monitor in a continuous mode, the network of a user, by looking for existing and any possible incidents that can be malicious to the system, and thus capture information about the threats and incidences. The events are reported by the IPS to the system administrators who then take preventive measures and actions like closing access points and configuration of firewalls in an aim to prevent attacks that might occur in future (Force point, n.d.). The IPS solutions are also very vital in identifying issues with the corporate security policies, discouraging network guests and employees from violating policies and rules contained.
The two can therefore be contrasted as in, an IDS basically detects and records the threats while an IPS is in a constant monitoring of the packets of network, for potential malicious network traffic, but unlike the IDS, it has the ability to prevent the threats when detected (Lutkevich, 2020).
The IDS can work in protecting passwords through detection of incorrect passwords. In the advancement of technology, the IDS can process a new password every time a user wants to sign in or, it could use a more complex method of verification for a user. This method is two-factor authentication (2FA). This security process requires the user or users to be able to authenticate themselves using two means of verification, whenever they want to log in, in an account. An example is the onetime passcode (OTP) which is usually sent via a mobile phone (iperva, n.d.).
Data encryption ensures that data is protected. Sometimes, data encryption protects data in a way that the data is stored in language that cannot be understood, or read by any other software apart from a specific decryption software. It works as in the data is corrupted and can only be retrieved by a special program that can decrypt the encrypted data. The IDS/IDPS work in a manner that they detect the infringing or trial to decrypt the data and could change the encryption language, once an attempt is detected.
Outdated patches may be a loophole to intrusion. Although the intrusion detection and /or prevention systems work to have the data protected by their own without been manned, sometimes these systems may fail to work effectively and data may be hacked. This especially happens in a case where the computer systems are out of date. For instance, when a computer program, firewall, IDS or IDPS is of an outdated version, malicious attackers with advanced security breach programs may be able to bypass them. Since the hackers have a more advanced system as compared to the protector, it is possible for the hackers to bypass the protection, leaving the protected data at the risk of been corrupted or hacked. Update of the systems id therefore very important.
Administrators have more privileges as compared to normal users in any type of a network. Some of the admin rights, for instance in a hospital management system is; they can check daily, weekly and monthly reports and print them out. They can visit any department data from the system, be it wards data, procurement, cashier among other data. The admin also has the privilege to add or subtract data in the system, giving them more power that is equivalently dangerous. Therefore, in case the admin rights are gotten by another person who is not an admin by virtue of hacking the admin account or by using the admin logins to access the account, then the system may be at a risk and could be messed up. Therefore, the IDS/IDPS can be used in a way that, they use a 2verifiaction factor that can assert that indeed, it is the admin who is interacting with the account and not anyone else.
In-house software development involves the designing and making of a software that has been customized using the organizations or company’s demands. This poses a more advantage since the developers of the system are in most cases the employees of the organization. Therefore, the organization is put at a safer ground, having its system protected from third parties. Social engineering happens especially when a user of a system, is coerced or manipulated to give access to a system. By giving access to the system, the system is left at the hands of the malicious attackers. The IDS/IDPS may be curative in the sense that they may subject the hackers to a verification process that kicks them out. For instance, the 2FA.
