The cost of free instant messaging: an attack modelling perspective
- Authors: Du Preez, Riekert
- Date: 2006
- Subjects: Computer security , Instant messaging , Data protection
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9797 , http://hdl.handle.net/10948/499 , http://hdl.handle.net/10948/d1011921 , Computer security , Instant messaging , Data protection
- Description: Instant Messaging (IM) has grown tremendously over the last few years. Even though IM was originally developed as a social chat system, it has found a place in many companies, where it is being used as an essential business tool. However, many businesses rely on free IM and have not implemented a secure corporate IM solution. Most free IM clients were never intended for use in the workplace and, therefore, lack strong security features and administrative control. Consequently, free IM clients can provide attackers with an entry point for malicious code in an organization’s network that can ultimately lead to a company’s information assets being compromised. Therefore, even though free IM allows for better collaboration in the workplace, it comes at a cost, as the title of this dissertation suggests. This dissertation sets out to answer the question of how free IM can facilitate an attack on a company’s information assets. To answer the research question, the dissertation defines an IM attack model that models the ways in which an information system can be attacked when free IM is used within an organization. The IM attack model was created by categorising IM threats using the STRIDE threat classification scheme. The attacks that realize the categorised threats were then modelled using attack trees as the chosen attack modelling tool. Attack trees were chosen because of their ability to model the sequence of attacker actions during an attack. The author defined an enhanced graphical notation that was adopted for the attack trees used to create the IM attack model. The enhanced attack tree notation extends traditional attack trees to allow nodes in the trees to be of different classes and, therefore, allows attack trees to convey more information. During the process of defining the IM attack model, a number of experiments were conducted where IM vulnerabilities were exploited. Thereafter, a case study was constructed to document a simulated attack on an information system that involves the exploitation of IM vulnerabilities. The case study demonstrates how an attacker’s attack path relates to the IM attack model in a practical scenario. The IM attack model provides insight into how IM can facilitate an attack on a company’s information assets. The creation of the attack model for free IM lead to several realizations. The IM attack model revealed that even though the use of free IM clients may seem harmless, such IM clients can facilitate an attack on a company’s information assets. Furthermore, certain IM vulnerabilities may not pose a great risk by themselves, but when combined with the exploitation of other vulnerabilities, a much greater threat can be realized. These realizations hold true to what French playwright Jean Anouilh once said: “What you get free costs too much”.
- Full Text:
- Date Issued: 2006
- Authors: Du Preez, Riekert
- Date: 2006
- Subjects: Computer security , Instant messaging , Data protection
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9797 , http://hdl.handle.net/10948/499 , http://hdl.handle.net/10948/d1011921 , Computer security , Instant messaging , Data protection
- Description: Instant Messaging (IM) has grown tremendously over the last few years. Even though IM was originally developed as a social chat system, it has found a place in many companies, where it is being used as an essential business tool. However, many businesses rely on free IM and have not implemented a secure corporate IM solution. Most free IM clients were never intended for use in the workplace and, therefore, lack strong security features and administrative control. Consequently, free IM clients can provide attackers with an entry point for malicious code in an organization’s network that can ultimately lead to a company’s information assets being compromised. Therefore, even though free IM allows for better collaboration in the workplace, it comes at a cost, as the title of this dissertation suggests. This dissertation sets out to answer the question of how free IM can facilitate an attack on a company’s information assets. To answer the research question, the dissertation defines an IM attack model that models the ways in which an information system can be attacked when free IM is used within an organization. The IM attack model was created by categorising IM threats using the STRIDE threat classification scheme. The attacks that realize the categorised threats were then modelled using attack trees as the chosen attack modelling tool. Attack trees were chosen because of their ability to model the sequence of attacker actions during an attack. The author defined an enhanced graphical notation that was adopted for the attack trees used to create the IM attack model. The enhanced attack tree notation extends traditional attack trees to allow nodes in the trees to be of different classes and, therefore, allows attack trees to convey more information. During the process of defining the IM attack model, a number of experiments were conducted where IM vulnerabilities were exploited. Thereafter, a case study was constructed to document a simulated attack on an information system that involves the exploitation of IM vulnerabilities. The case study demonstrates how an attacker’s attack path relates to the IM attack model in a practical scenario. The IM attack model provides insight into how IM can facilitate an attack on a company’s information assets. The creation of the attack model for free IM lead to several realizations. The IM attack model revealed that even though the use of free IM clients may seem harmless, such IM clients can facilitate an attack on a company’s information assets. Furthermore, certain IM vulnerabilities may not pose a great risk by themselves, but when combined with the exploitation of other vulnerabilities, a much greater threat can be realized. These realizations hold true to what French playwright Jean Anouilh once said: “What you get free costs too much”.
- Full Text:
- Date Issued: 2006
An evaluation to assist a metropolitan broker division to improve the level of service quality towards contracted brokers
- Authors: Calitz, Andries P
- Date: 2001
- Subjects: Customer services -- Quality control , Insurance companies -- South Africa , Customer relations
- Language: English
- Type: Thesis , Masters , MBA
- Identifier: vital:10942 , http://hdl.handle.net/10948/d1006206 , Customer services -- Quality control , Insurance companies -- South Africa , Customer relations
- Description: In this study the service quality from a Metropolitan Broker Division towards contracted brokers in the southern region was investigated. From the industry and competitor analyses it can be concluded that service quality has become an important factor in the financial service industry, especially in the insurance industry. It is therefore important to look at options to outperform competitors. The literature survey was aimed at improving the level of quality service to contracted brokers. Based on the information obtained through the literature study and survey, a guideline to assist a Metropolitan Broker Division to improve the level of service quality was developed. The purpose of the empirical study was to determine if the service that contracted brokers receive from the Metropolitan Broker Division is of an acceptable level. The answers from respondents were analysed and compared with findings from the literature study. Recommendations were formulated for improving the level of service quality towards contracted brokers. The empirical study results were satisfactory and informative. The positive responses identified can be utilised to strengthen the marketing strategies by Metropolitan Broker Division while attention should be given to the negative responses.
- Full Text:
- Date Issued: 2001
- Authors: Calitz, Andries P
- Date: 2001
- Subjects: Customer services -- Quality control , Insurance companies -- South Africa , Customer relations
- Language: English
- Type: Thesis , Masters , MBA
- Identifier: vital:10942 , http://hdl.handle.net/10948/d1006206 , Customer services -- Quality control , Insurance companies -- South Africa , Customer relations
- Description: In this study the service quality from a Metropolitan Broker Division towards contracted brokers in the southern region was investigated. From the industry and competitor analyses it can be concluded that service quality has become an important factor in the financial service industry, especially in the insurance industry. It is therefore important to look at options to outperform competitors. The literature survey was aimed at improving the level of quality service to contracted brokers. Based on the information obtained through the literature study and survey, a guideline to assist a Metropolitan Broker Division to improve the level of service quality was developed. The purpose of the empirical study was to determine if the service that contracted brokers receive from the Metropolitan Broker Division is of an acceptable level. The answers from respondents were analysed and compared with findings from the literature study. Recommendations were formulated for improving the level of service quality towards contracted brokers. The empirical study results were satisfactory and informative. The positive responses identified can be utilised to strengthen the marketing strategies by Metropolitan Broker Division while attention should be given to the negative responses.
- Full Text:
- Date Issued: 2001
- «
- ‹
- 1
- ›
- »