Attack Plan on Goodwill Industries International - Essay Example

? Attack Plan Introduction The modern age of computers, coupled with the increased globalization present throughout society, has certainly simplified life in many regards. In many instances, however, it has opened up vulnerabilities inside organizations that were previously unheard of. In decades past, the theft of information was almost always physical and done from within the organization building itself. The modern age of attacking company and personal information, however, has bought with it criminal activity that has no boundaries. One person thousands of miles away can wreak havoc on an entire company. Computer networks are vulnerable attack and it is wise to consider those weak points in order to prevent attacks that can have disastrous consequences. This report will detail an attack plan on Goodwill Industries International. Background on Goodwill Industries International Goodwill Industries International is now a work wide organization that began as a grassroots effort aimed at providing underprivileged individuals with sustainable employment opportunities. Through a series of second hand stores and other facilities worldwide, this goal has been made a reality. Goodwill depends on a done network in the millions worldwide in order to meet its financial obligations and to keep thousands of individuals employed. The organization now largely depends on the Internet for its elaborate system of financial donors, without which it would almost certainly struggle to exist. Possible Attacks As Goodwill must keep a system of donor records, these lists are readily available inside its network. We the donation sites to be shut down, it would debilitate the organization, which in the end would prove quite costs. Financial information that is leaked, or that falls into the wrong hands, would wreak havoc on millions of donors worldwide. An attacker would likely first seek to gain access to donor databases (Bayrak, et al 71). They could also work to take Goodwill Industries International offline. Attackers can also infiltrate donor information with malicious code, which would disable the ability of the organization as a while to access valuable information. Without access to donor records, a charitable organization such as Goodwill would struggle to raise the needed financial capital it needs on a monthly basis. In addition, an attack that threatens the integrity of donor information will also be an attack on the trustworthiness of the organization. If individual donors can no longer feel that their information is safe with Goodwill, they will likely cease to give to the charitable organization. One goal of an attack of this magnitude would be that an individual or group of people simply want to cause harm to the organization. This could be as a result of simple malicious behavior, or because the individual holds a grudge of some sort against the company. In addition, accessing privileged donor information could destroy the integrity of the entire charitable industry concept worldwide. A secondary goal could be to actually use the personal information gained during such an attack to cause individual harm to a particular donor or group of donors. Social Engineering and Physical Security Social engineering could certainly give an attacker an avenue whereby contact with individual donors at Goodwill Industries International, enticing them to give more money to causes that are actually fictitious and non-existent. Phishing is one such strategy that could be utilized to trap users into giving their password information, after which the attacker could easily gain access to privileged information (Mayur & Richards 69). This is a relatively simply strategy that Goodwill is particularly susceptible to. By creating a mirror image of the actual Goodwill site, donors could be tricked into thinking that the organization is actually asking for information when, in fact, it is the attacker that is seeking to steal their private information. In the end, social engineering could be used to allow the attacker to make urgent pleas on behalf of Goodwill that are of a fictitious nature. Because many donors are sensitive to charitable causes, if the perceive that the request is genuine, they will be more likely to provide the information or money that is requested (Kiekintvel, et al 128). Messages that are sent by making use of this strategy can contain links that direct donors and users of the Goodwill Industries International website to alternate location on the Internet that are fake and contain malicious code or information that is designed to trap the user. Securing Vulnerabilities In short, just like many organizations of its scope, Goodwill is quite vulnerable to an attack. Its computer network contains millions of users, each with personal information could very well be compromised if it cannot be adequately secured. A viable attack plan, at present would most likely succeed until a fix is discovered and implemented. As such, the organization needs to begin now to prevent such attacks. Attackers, for example, could use Nessus as a way to monitor and decide which aspects of its network are currently vulnerable. Once they understand this, they can work to eliminate the threat. It is plausible that a gifted attacker could hack into the web site by using either Netcraft or a Paros Proxy. These tools grab web server information and allow attackers to gain complete access to the network. Goodwill Industries International must also strive to safeguard the integrity of its users by denying access to anyone who does not belong. This entails developing a strong system of password protected access that is difficult to hack into. Administrators need to be vigilant in preventing attacks by working to ensure that passwords are frequently changed and that they are secure. When individuals leave the organization. access should be immediately revoked and any passwords that those individuals had in their possession should be changed. It is important to realize that almost no network is 100% secure, but all networks can work to make an attack difficult (Keller, et al 11). If Goodwill Industries International can make it difficult for an intruder to gain access, they will be going a long way towards ensuring the integrity of their overall operation. Works Cited Bayrak, T., &7 Brabowski, M. R. Critical Infrastructure Network Evaluation. The Journal of Computer Information Systems 46.3 (2006): 67-86. Keller, S., Powerll, A., Horstmann, B., & Crawford, M. Information Security and Threats in Small Business. Information Systems Management 22.2 (2005): 7-19. Kiekintvel, C., Marecki, J., Paruchuri, P., and Sycara, K. Risk Analysis of Security Applications. Informatica 34.2 (2010); 127-128. Mayur, D., and Richards, T. System Insecurity - Firewalls. Information Management and Computer Security 15.1 (2012): 64-77. Read More