12th Week: Solutions for The Threats Faced by Air Asia and Its Consumers (Part 2)

How about security solutions for customer? Especially we all know that most of the computer reservation system for Air Asia is done in the personal computer or laptop. There are several ways that can be done by the costumer to prevent from security threats, especially from the one that is attacking their personal information, such as credit card information:

1.     Protect your computer with strong security software and keep it updated. Anti-virus provides proven PC protection from Trojans, hackers, and spyware. Its integrated anti-virus, anti-spyware, firewall, anti-spam, anti-phishing, and backup technologies work together to combat today’s advanced multi-faceted attacks. It scans disks, email attachments, files downloaded from the web, and documents generated by word processing and spreadsheet programs.

2.     Use a security conscious Internet service provider (ISP) that implements strong anti-spam and anti-phishing procedures. The SpamHaus organization lists the current top-10 worst ISPs in this category—consider this when making your choice.

3.     Enable automatic Windows updates, or download Microsoft updates regularly, to keep your operating system patched against known vulnerabilities. Install patches from other software manufacturers as soon as they are distributed. A fully patched computer behind a firewall is the best defense against Trojan and spyware installation.

4.    Use great caution when opening attachments. Configure your anti-virus software to automatically scan all email and instant message attachments. Make sure your email program doesn’t automatically open attachments or automatically render graphics, and ensure that the preview pane is turned off. Never open unsolicited emails, or attachments that you’re not expecting—even from people you know.

5.    Be careful when using P2P file sharing. Trojans hide within file-sharing programs waiting to be downloaded. Use the same precautions when downloading shared files that you do for email and instant messaging. Avoid downloading files with the extensions .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

6.    Use security precautions for your PDA, cell phone, and Wi-Fi devices. Viruses and Trojans arrive as an email/IM attachment, are downloaded from the Internet, or are uploaded along with other data from a desktop. Cell phone viruses and mobile phishing attacks are in the beginning stages, but will become more common as more people access mobile multimedia services and Internet content directly from their phones. Mobile Anti-Virus software for a selected devices is available for free with some McAfee PC products. Always use a PIN code on your cell phone and never install or download mobile software from a un-trusted source.

4.     Configure your instant messaging application correctly. Make sure it does not open automatically when you fire up your computer.

5.     Beware of spam-based phishing schemes. Don’t click on links in emails or IM.

6.     Back up your files regularly and store the backups somewhere besides your PC. If you fall victim to a virus attack, you can recover photos, music, movies, and personal information like tax returns and bank statements.

10.     Stay aware of current virus news

Written by Andina F.S

Read More

12th Week: Solutions for The Threats Faced by Air Asia and Its Consumers (Part 1)

The security threats is faced by both the Air Asia (company) as well as the customer (external).

Therefore there are several ways that Air Asia can do for preventing and dectecting the internal threats:

1. Stop Unauthorized Access even when Credentials are Lost, Stolen or Compromised

39% of all malicious data breaches* are the result of negligence including password theft. Social engineering has been used to describe the various means of conning people to reveal personal information such as passwords.

* Source: Symantec ® “Malicious Attacks Catching Up & Costing More” 2013

UserLock stops malicious users seamlessly using valid credentials. It reduces network vulnerability by making it impossible for a rogue user to use a valid password at the same time as their legitimate owner. This is made possible by preventing concurrent logins.

In addition, by restricting user’s individual access to the network by physical location (workstation or device, IP range, department, floor or building) and setting usage/connection time limits, UserLock ensures unauthorized access is no longer a possibility – even when credentials are compromised.

2. Manage the Threat of Shared Passwords

Despite the increase awareness, shared passwords represent a real problem in organizations, as highlighted by the US patient-record security breach. By using other people’s passwords an individual from a partner company gained unauthorized access to the medical records of up to 1,800 patients within Hospitals.

With UserLock, the ability to prevent concurrent logins decreases the likelihood of users to share credentials as it impacts their own ability to access the network.

UserLock provides the motivation to adhere to password security policy and help protect the organization’s critical assets.

3. Ensure Access to all of the Organization’s Critical Assets is Attributed to an Individual Employee

Specific events need to be associated with specific users for accountability. Organizations need to know exactly who is on the network and what they are doing.

With UserLock’s granular rules and policies to secure network access, accountability and non-repudiation issues are removed.

UserLock automatically identifies each unique user making them responsible for each and every activity.

4. Offer Immediate Response to Suspicious or Disruptive Access Behavior

UserLock empowers IT by monitoring, recording and automatically blocking all suspicious sessions.

What’s more, it can proactively deal with suspicious or disruptive employees to reduce the risk of malicious activity. As soon as any suspicious access event is detected, UserLock can alert the administrator, offering IT the chance to instantly react by remotely locking, logging off or resetting the appropriate session.

5. Perform Accurate IT Forensics in the Event of any IT Security Breach

In addition to real time session surveillance and monitoring, UserLock records all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL …) giving IT administrators the ability to support accountability, legal investigations, and internal trends analysis.

If an IT security breach does occur, UserLock will provide accurate, detailed information about who was connected, from which system(s), since what time, for how long, etc.

6. Educate Employees on Data Security

Employees need to understand what security policies and procedures are, why they exist and what security measures are used on the network. Informed employees are the second line of defense! (logins are the first!)

From CERT best practices, “A consistent, clear message on organizational policies and controls will help reduce the chance that employees will inadvertently commit a crime or lash out at the organization for a perceived injustice.”

UserLock allows an organization to notify all users prior to gaining access to a system with a tailor-made warning message. Messages about legal and contractual implications discourage employees from committing cybercrime or lashing out at the organization for a perceived injustice.

Source : http://www.isdecisions.com/blog/it-security/prevent-insider-threats-from-both-malicious-and-careless-activity/

Written by Andina F.S

Read More

11th Week : Competitive Advantages, Problem, and Recommendations

Advantages and Disadvantages of Using Computer Reservation System

There are advantages of electronic ticket for both passengers and airlines. First of all, the benefit of e-ticket for passenger . Its 10% cheaper than regular ticket. Second its flexible so passengers can change their booking easily without being worry to lose the ticket. Also its more convenient, customers can purchase the ticket when they at home in any time they want. The good thing about e- ticket for both sides airlines and passengers its save time so the customer do not have to wait in long queue. Also it is consider as environmental friendly.

There are some disadvantages of e-tickets. Some websites have some difficulties to use so it is require some knowledge to reserve online. The negative thing of e-ticket it may cause redundancy of travel agency because the machines take over human’s work.

In the future, we will move to Self Serving Model where passengers will book, purchase ,issue their own ticket and even boarding passes without any assistance.

Recommendations for Consumers

·           Buy tickets only from official web of Air Asia.

·      Remember that paying by credit card offers greater protection than with other methods in terms of fraud, guarantees and non-delivery.

·            Double check all details of your ticket purchase before confirming payment.

·            Do not reply to unsolicited emails from sellers you don’t recognize. 

·   Some websites will redirect you to a third-party payment service (such as WorldPay). Ensure that these sites are secure before you make your payment.

·            Safeguard and remember the password you have chosen for the extra verification services used on some websites, such as Verified by Visa. 

·            Check sellers’ privacy policy and returns policy.

·          Always log out of sites into which you have logged in or registered details. Simply closing your browser is not enough to ensure privacy.

·            Keep receipts.  

·          Check credit card and bank statements carefully after ticket purchase to ensure that the correct amount has been debited, and also that no fraud has taken place as a result of the transaction. 

·    Ensure you have effective and updated antivirus software and firewall running before you go online.

Written by Andina F.S

Read More

10th Week : The Business Process of Air Asia

                                                     Value Chain Diagram

Considering the environment where Air Asia was competing, here are lists of activities, as shown in table 1 and table 2, which were believed to be significant to Air Asia in creating its value as a low cost air carrier. The analysis was based on Porter’s value chain.

To summarize, Air Asia has developed a considerable value chain in its approach to the strategy. The value for these activities really added a significant amount in its pursuit to provide low price air transportation services.

However, there is no evidence whether Air Asia has already implemented further management information system beyond its reservation system. It is recommended that Air Asia should implement more analytical capabilities, such as Customer Relationship Management or Business Intelligence, in its computerized system. By implementing such technologies, Air Asia will be able to bring better decision in proper time at proper place.(Sheehan, 2003)

Sources:  "Might of Air Asia: Internal Analysis perspective" by Sandy Hofman Aruan

Written by Andina F.S

Read More

9th Week : Topology system and IT Component of Air Asia's Computer Reservation Systems

Today, we would like to discuss about the topology system that is being used by Air Asia’s Computer Reservation System as well as its hardware, software, and telecommunication system that is involved.

We try to interview several IT specialist in order to identify and analyze the topology system and the components that is used to running it. Therefore, the information below is our analyze of Air Asia’s Computer Reservation System based on our research by interview with the specialist, literature review, and internet research.

Based on our research, we believe that Air Asia is implementing Mesh Topology for its Computer Reservation System.

In a mesh network topology, each of the network node, computer and other devices, are interconnected with one another. Every node not only sends its own signals but also relays data from other nodes. In fact a true mesh topology is the one where every node is connected to every other node in the network. This type of topology is very expensive as there are many redundant connections, thus it is not mostly used in computer networks. It is commonly used in wireless networks. Flooding or routing technique is used in mesh topology. 

Advantages

1.     The use of dedicated link guarantees that each connection can carry its own data load. It eliminates traffic problem.

2.     If one link becomes unusable, it does not harm the entire system.

3.     It is easy to troubleshoot.

Disadvantages

1.     A full mesh network can be very expensive.

2.     It is difficult to install and reconfigure.

Hardware and Software:

1.     Supercomputer

2.     Server with a minimum specification as below:

a.     Operating Systems: Win98 / NT / 2000 / XP / Linux / Solaris / HP-UX

b.     Server: Apache (with ionCube support)

c.      Server Side: PHP (builds compatible with the standard API)

d.     Database: MySQL

Telecommunication Networks

Multiprotocol Label Switching-based Virtual Private Network.

"MPLS" and "VPN" are two different technology types. Multiprotocol Label Switching (MPLS) is a standards-based technology used to speed up the delivery of network packets over multiple protocols – such as the Internet Protocol (IP), Asynchronous Transport Mode (ATM) and frame relay network protocols. A virtual private network (VPN) uses shared public telecom infrastructure, such as the Internet, to provide secure access to remote offices and users in a cheaper way than an owned or leased line. VPNs are secure because they use tunneling protocols and procedures such as Layer Two Tunneling Protocol (L2TP). With those definitions understood, an MPLS VPN is a VPN that is built on top of an MPLS network, usually from a service provider, to deliver connectivity between enterprise office locations. The terms "MPLS IP VPN," "MPLS VPN" and "MPLS-based VPN" can be used synonymously. 

Advantages and disadvantages of MPLS VPNs

MPLS VPN advantages

Many MPLS VPNs offer much more flexibility at more cost-effective price-points than other WAN technologies such as T1 lines. The label-switching technology offers QoS and CoS capabilities. Also, keeping your traffic on a single vendor using MPLS VPNs gives the vendor the ability to offer your company service-level agreements (SLAs) for network performance, unlike the "best effort" delivery of the Internet, network consultant Tom Lancaster says.

MPLS VPN disadvantages

Keep in mind that with MPLS VPNs, service providers run the core of your network, which presents several disadvantages:

·         Your routing protocol choice might be limited.

·         Your end-to-end convergence is controlled primarily by the service provider.

·         The reliability of your L3 MPLS VPN is influenced by the service provider's competence level.

Written By Andina F.S

Read More