ABSTRACT
The purposed of this paper is to discuss the appropriate components to prevent and detect attacks in network environment. By identifying on the threat and attack that impacting online market system, it will help company to design defensive strategies on protecting those threat and attack perimeter from outsider or from the most tremendous damage done by someone inside the organisation. This report is written in descriptive approach to examine on employees across social and market research. Based on several case study has revealed that both internal and external attack are commonly happen to any organisation. It is a practice for a company to implement internal controls to monitor, detect, and prevent access to sensitive resources to only those individuals that require it to perform their specific job function. The goal of this paper will be to identify the most risk internal and external attack and the appropriate components used to prevent it.
BACKGROUND OF STUDY
1.1 INTRODUCTION
Brightidea were founded in 1999, in 2005 Brightidea become the first company launched a centralized innovation management platform. Brightidea is a centralized innovation management platform for enterprises that helps in effective coordination of a multitude of innovation activities (Brightidea, 2005). This study has chosen Airbnd online market company as the main organisation to work with in identifying their internal and external attacks and to identifying an appropriate component to prevent and detect attacks in network their environment.
Due to advances in technology, logistics, payments and trust, new generation of consumers nowadays has choose online shopping as one medium for consumer to have greater convenience, option and value. Enabled by sophisticated technologies, it has allowed consumer to shopping anywhere all the time without bound to business operation hour. By creating an online shopping experience has make everything become easier. Online shopping not only limits for purchasing items. Alternatively today consumer also may book hotel, rental car, apartment and other services globally via online market. Since this nature become trending to consumer nowadays, there are high possibilities for an attacks could happen to consumer account, details and personal information. Based on above mention issue, this paper will discuss further on the type of attack and the security required eliminating those attacks.
1.2 COMPANY BACKGROUND
Airbnb were founded by Brian Chesky, Joe Gabbia and Nathan Blecharczyk on August 2008 in San Francisco, California as American Company which operates an online marketplace and hospitality service for consumer to rent short or long-term accommodations such as homestay, hotel rooms, apartments, and other lodging service that needed. This company is operated 24 hour for customer to make reservation, canceled booking, make payment and for customer service hotline inquiry. Airbnd is a collaborative broker which revenues from service fees percentage with every booking made by customers. Airbnb manage to sustain till today due to the company has over 4 million lodging listings in 65,000 cities and 191 countries and has facilitated over 260 million customers who check-ins using their service.
1.3 PROBLEM STATEMENT
The most tremendous attack that could happen in online market network securities is usually cause by internal worker in organisation. Hence, failure to detect on external attacks and sensitive internal attack that cause by employees can expose company with unauthorized disclosure or loss.
In this context, lack of processes in limiting employee access when using specific system or data on doing their specific job become a major issue that most companies nowadays faced and struggled with. This problem occurred most when an employee is promoted from current position to other position and yet their special systems access is not updated according to their new role. Failure in removing employee access from sensitive assets will cause harm to consumer and company data personal information. This situation is referring to those retired employee and for those employees who no longer have legitimates with the organisation and business.
Hence, as a network security consulting company who providing network security solution in industries and organisation, Brightidea’s need to identify those attack which have high possibilities occur in Airbnb company and provide the security required to eliminate those issue.
1.4 OBJECTIVE
Brightidea is a network security consulting company who trusted by Airbnd in managing their current issue which is related with internal and external attacks. In General, there are two main objective identified in prevent and detect attacks in network environment:
1. Identifying internal and external attack that can occur in Airbnb online market company.
2. Identifying appropriate components to prevent and detect attacks in Airbnb network environment.
1.5 SCOPE OF STUDY
This study is focus on Airbnb Company who is online market representative broker which is dealing with online lodging reservation and other hospitalities. This study will focus on internal attack and external attack that can threat the company operation and position.
Secondly, the scope of this study is to provide type of internal and external attack that can occur in Airbnb. The purposed on listing up the attack type is to give knowledge and educate the company on the unexpected possibilities that might happen in running the business.
Lastly, the study concerns are to provide the best security service and consultation to the company in managing and monitoring their business. Indirectly, these concerns may help Airbnb in preventing and limit those attacks on their company.
1.6 LIMITATION OF STUDY
Previous chapter has discussed on the main objective of this study. Therefore, there are three limitations that have been identified in this writing:
1. Study only focused on Airbnb online market service.
2. Discussion only limited to internal and external attack in Airbnb Company.
3. Prevention and security service only to be use on the problem as mention.
1.7 IMPORTANT OF STUDY
Each research has their specific objective to accomplish. In this context, Brightidea’s choose to identify the type of internal and external attack and how the attacks launched in Airbnb online market company. Furthermore, study also will discuss on the appropriate components that Brightidea should use to prevent and detect those attacks in network environment
Lastly, this study are expected can give benefit to the organisation and other researchers on the network security attacks issue.
FINDING AND ANALYSIS OF STUDY
2.1 INTRODUCTION
In general, these studies are focused on the type of internal and external attacks that Brightidea should detect in Airbnb online market. Findings showing that there are three type of internal and external attack that commonly happening in nowadays organisation. Therefore, to support this outcome, Brightidea will provide the scenario’s on each attack on how it will be launched and impacting the company.
2.1 TYPE OF ATTACKS
There are two type of well-known attack that has been identified in this study which is:
• Internal Attacks: an internal attack usually involving an individual or a group within an organization. This attack is significantly to disrupt organisation operations or exploiting their assets. Attacker usually manipulates the resources, data and skill and information to launch a sophisticated malicious attack without leaving any evidence.
Example: Highly-skilled employees such as administrators and programmers or technical users who benefit from disrupting operations.
• External Attacks: an external attack usually came’s from sophisticated external individual hackers who is tactful in network vulnerabilities or socially manipulate to the organisation software, network and IT database.
Example: Hackers.
2.2 INTERNAL ATTACKS
There are three types of internal attacks that are commonly organisation struggle with:
Type of Attacks Description