How ebay identified breach
Breach took place on February 2014 but the company identified it by April 2014. Two weeks after intrusion detection ebay revealed identity theft to the public by may 2014. Ebay discovered the breach when company internal security team detected some of its employees unusual data access on the corporate network. It took almost 100 days for the security team to identify the intrusion. Ebay worked with Federal bureau of investigation and outside forensic team to find how the intrusion occurred. After a week of investigation they found that hackers had been inside the corporate network since February 2014. Ebay discovered the breach accidentally not by monitoring the corporate networks.
Consequences
Revenue Loss: If
…show more content…
The company revenue depends upon customers purchase if there is reduction in customers then it will contribute huge revenue loss. " It takes many good deeds to build a good reputation and only one bad one to lose it." Benjamin Franklin.
Vandalism: It is nothing but planting false information on the website to ruin company reputation within very short time. Black hat hackers usually do these type attacks to bring havoc to the targeted enterprises.
Huge data Loss: It affects customer and company relationship. Business process gets completely ceased when the website is down. Other than company, customers are major victims of attack therefore it is essential for the company to secure information.
Legal consequences: It is associated with the identity theft and legal actions depends upon share holders and customers. whenever security breach is perceived the enterprise should take necessary action to remove the vulnerabilities to avoid further legal problems.
The big threat is not revenue loss and password but 148 million people personal information are now in the hands of criminals . Ebay discovered breach after three months and this time is enough to sell people information and to test it on other systems and websites.
Customer
…show more content…
To leave the network packets has to exit through the gateway so this part of the network is vulnerable to attacks from outside so security expects focus on this area to prevent attacks. Each enterprise uses different criteria to design its perimeter layer. This gateway connects public networks, remote users and branch offices. Security mechanisms implemented in this perimeter are
Firewall: These are hardware or software implementation on the network to prevent unauthorized access and to filter traffic. The firewall configurations are done to continuously monitor incoming and outgoing traffic.
Ip address translation: Private IP addresses that are not allowed to enter the public networks like internet and they are used within the local area network. Network address translation(NAT) is a internet standard protocol used to convert private ip address to public ip addresses. Ip address translations provide some forms of security because attackers can notice only the natted ip address. So hacker can't directly communicate with any internal devices other than the