Web Based Security

The growing rise of information accessibility and internet community has prompted Cox Furniture Company to deploy e-business solutions, where the majorities are accessible by use of web browser. Often, these web applications are vulnerable to various security issues that can allow an attacker to compromise confidential and sensitive data. It is thus essential to mitigate the physical, network and application web-based security of the company.

Physical Security

When it comes to information security, physical security is often taken as a second thought. It is frequently overlooked because it has technical and administrative elements and most institutions focus on “technology-oriented security countermeasures” in preventing hacking attacks. Hacking is not the only way that sensitive information is used against or stolen from organizations. Therefore, it is important that Cox Furniture Company implements physical security correctly to inhibit attackers from gaining physical access and taking what they want. The objective of physical security is to safeguard IT infrastructure, equipment, facilities, information, personnel and all other company assets. 

Physical security protects and manages resources in the form of physical, technical and administrative controls. The environment can be controlled by use of deterrence, denial, detection then delays controls. Physical security contains three essential components: surveillance, testing, and access control. In ensuring physical security, Cox furniture should place obstacles in the way of potential attackers and hardening physical sites against environmental disasters, attacks, and accidents. 

Network Security

The network of Cox furniture is “architectured” to assist users to select the level of resiliency and security appropriate for their workload. The company is using network devices like firewall and other boundary devices, which monitors and controls communication at the external boundary and key internal boundary of the network. The boundary devices employ the set rules, access control lists (ACL), and configuration which enforces the flow of information to particular information system services. Cisco Security Framework (CSF) identifies current vector threats while also tracking evolving and new threats. It is critical to secure the network infrastructure to the overall network security, be they servers, switches, routers or other infrastructure devices CISCO Systems (2008.)

 Leidigh (2005) explains that in case the access of infrastructure device is compromised, the management and security of the entire system are compromised. CISCO Systems (2008) describes the critical steps that secure both management and interactive infrastructure device access which are: restriction of device accessibility, presenting legal notification, authentication of access, action authorization, data confidentiality, and log and account for all access

Web Application Security

The stakes are high for web applications for businesses that generate high revenues from Internet commerce, for criminals making big money from compromising bank accounts or payment details, and for users who have put their trust in web applications (Stuttard, & Pinto, 2011). The most severe potential attacks of Cox Furniture Company against web applications are those that gain unrestricted access or that expose sensitive data to the back-end system where the application is running. For this company, any attack that can cause system downtime is critical. One technology used according to Stuttard and Pinto (2011) is Secure Socket Layer (SSL), an excellent technology which protects the integrity and confidentiality of data in transit between the web server and the user’s browser. It defends against eavesdroppers, and it gives assurance to the user of the web server identity he/she is dealing with. However, SSL does not stop attacks which directly targets the client or server components of application-

Some of the defense mechanisms that Cox Furniture Company should deploy include the following. It should handle the access of users to the application’s functionality and data to prevent users from unauthorized access. The company should manage the input of users to the application’s functions as a way of preventing malformed inputs that cause undesirable behavior. Another way according to Stuttard and Pinto (2011) is handling of attackers in ensuring that the application behaves properly when targeted directly, using suitable offensive and defensive measures to frustrate the attacker. Lastly is the management of application which will assist the administrators to configure its functionality and monitor its activities. 

Running Help Desk during Web Site Outage

Service interruptions and outages are inevitable. During such a time, it is important to communicate effectively with the customers about the unexpected inconveniences. Turner (2015) explains that it is important to communicate with their clients when an important part of the website is going to be down for maintenance. In the case of planned outages, notice should be sent to customers before. Nevertheless, unexpected outages do not leave room for notices. However, communication should be undertaken so as the problem is detected. 

In the case of a website outage, Cox furniture can employ Twitter to communicate with their customers and fans. Through this, they will inform their clients of what is happening and the meaning of that to them. In doing this, the company should strive at building confidence by letting them know that the situation is being taken care off. The response should be quick to ensure there is no creation of annoyed customer. The help desk can then give an alternative solution to customers while updating them on when to have the site back online. This can be followed by makeup to the customers after the site is back using an appreciation token like a thank you message. Using the above tactics in a help desk during outages makes the customers appreciate the efforts of being offered better service, even if the outages is frustrating to them in the short time.

References

CISCO Systems,. (2008). CISCO Network Security Baseline (1st ed.). Retrieved from http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook.pdf

Leidigh, C. (2005). Fundamental Principles of Network Security (1st ed.). American Power Conversion. Retrieved from http://book.itep.ru/depository/security/general/APC_Fundamental_Principles_of_Network_Security.pdf

Stuttard, D., & Pinto, M. (2011). The Web Application Hackers Handbook: Finding and Exploiting Security Falws (2nd ed., pp. 5-20). Canada: John Wiley & Sons. Retrieved from https://leaksource.files.wordpress.com/2014/08/the-web-application-hackers-handbook.pdfTurner, J. (2015). Communicating With Customers When Your Site is Down for Maintenance. Seedprod. Retrieved from https://www.seedprod.com/1808-2/