Cyber security is a major issue that might have devastating effects on various system users when not well sorted out. For instance, the South Hallam Shire Police Service (SHPS) is changing its services to investigators by deploying kiosks laid to key locations. Different personnel and authorities will be accessing the data stored in their computer system; therefore, plans and strategies based on identification and authentication features must be laid down so that the kiosks work as planned. The system must allow extensive privileged access management to ensure the right personnel will access the right information at the right times . Privileged access management provides a protected and efficient way to offer login permissions and monitor the system users. IAA enables the creation of an audit trail that cannot be altered , complying with access control, integrating an endpoint privileged management, and finally eliminating the need or essence of the users to have or need the local system’s password.
The user’s ability to change passwords should be done away with. For example, a nonprivileged detective can alter the passwords making it hard for other detectives to access the system records. It is also possible for a higher-ranking officer to modify the passwords making it impossible for the other officers to access the needed information at the right time, thus affecting root or non-root users. To mitigate this, enhanced security must be performed to prevent users from making their passwords by bringing about system-generated passwords that change after a given period . The restriction should be put into place to determine the length of the passwords. The characters were attempting to choose a password that violates this format results in an error message that says invalid password format.
The system should keep records of people who log in. keeping the records of logged-in members makes it easy for audit trail has several advantages, including transparency, protection of documents, maintaining the integrity of the records, and accuracy—audit trail. It also protects the system from harm or even misuse and ensures that sensitive information is kept safe.
Also, privileged endpoint management can be put into place. In this process, employees are allowed to access the system for them to be productive. Suppose the detectives are allowed to access the security system. In that case, they can be productive, unlike when controlled for, they have full access to the information needed to work. The detectives are not given full access to the computing system since they can only view given details.
Announced auditing can be very challenging; thus, this shouldn’t deter one from doing their job because a lot can be done in preparation for the audit both at a personal level and other kinds of stuff . One must know what the auditors are into for thorough preparation and keeping the system set for any audit. One should view the processes just like the auditor will conduct a prior audit before the intended one. The detective in charge of a kiosk must take details of the devices they have and the activities they perform, and at what rate. He must capture the hours of operation of the kiosks and the officers in charge at a given time. The detective in charge should also know the holidays taken, names and contacts of the detectives, safety requirements, and the health, not forgetting any traveling necessities. Upon looking on unannounced auditing, it clearly shows compliance and give confidence to the shareholders that these kiosks are ensuring operations are well undertaken as well as the guidelines. It also helps to detect weaknesses earlier prior to the intended day hence being productive and thwarting swindlers defensive tactics because it disrupts any unnecessary motive or plan in the kiosks. And abrupt audit is the only way to detect the truth about operations hence it helps in maintaining clear records with integrity. For instance, financial and inventory records statements of a kiosk are at risk of fraud and which can be curbed by unannounced audit. It is clear that an unannounced audit is the only way to control fraud by maintaining an integrity, correctness and timeliness of data or information.
By continuous interaction with the customers, a business can greatly develop a better and product delivery at an improved service. Listening to them may also improve or create a long-time relationship hence generating a lifetime source of income. With improvements in technology, various brands can set up automated feedback systems, saving time and cost. The Ruritanian Brewing company can interactively voice response (IVR) and use short message services . IVR is pre-recorded, where the customers respond to questions either by typing or by voice responses. A well-designed IVR can support the company by increasing the customers’ satisfaction and improving contact centers processes . It can help clients get results and do other easy tasks by themselves. Whenever a customer needs to contact the service provider, the IVR system can redirect calls as fast as possible to the nearest call center so that their request is addressed. IVFR can have set voice notes that can be useful to receive customers’ feedback and opinion. SMS is not left aside because it also lay a great foundation that the company can use to get feedback from their esteemed customers. They are easier to use because no data is needed. Hence, they are easily accessible. Although collecting customers’ details is tedious and somewhat expensive by other means, it’s a great option to collect customers’ feedback. For an in-person order, an individual may give feedback directly, which may be more accurate and reliable. I would recommend in-person purchases because there is one-on-one interaction with the customers as one would be able to observe the customer’s body language; hence it would be able to determine whether the feedback is legitimate or not.
The security threat of IVR is that when a huge number of tones or changing the frequency, it may crushing. For the SMS, there might occur an information harvesting for mobile numbers and their pins; hence one can access them, making it insecure for the intended purpose. The IVR should be kept at the right frequency and tone to prevent crushing . For the SMS, the owners should keep their identification number personal, for they have to keep it away from unauthorized access. To come up with a secure IVR, new encryption and decryption keys must be created or otherwise import the existing ones and store them in a secure manner like in the web service of the company parameter store then create a web service lambda function for the purpose of decryption of collected numbers. Security is a necessary parameter which creates a sense of freedom thus creating a harmonious environment between the customers and company.
A protocol is a key element in our day-to-day activities as it creates a conducive environment in doing our activities. For instance, there are protocols, say file transfer protocol which aids in transferring files over the internet. From the BANS logic, there are goals obtained from this protocol. From the BANS logic, the following protocols are achieved. There is NSSK annotated protocol, the nessett protocol, and The Denning-Sacco attack protocol. There are only four major stages in BAN in protocol review, where the first stage is the protocol idealization followed by documentation of assumptions concerning the first stage . The third stage is annotating the protocol and finally coming up with beliefs derived from the logic held by protocol heads. According to NSK annotated protocol, the modernized NSSK protocol can satisfy its agenda and counterattack some attacks, including cheat not forgetting replay. This protocol is of great importance in a network setup where a formal review is the only way to ensure its safety properties. The nessett protocol from the BAN analysis the nesset protocol is perfect, but upon further analysis, the protocol is found wanting, argued Nesset. The Denning-Sacco attack proposed a resolution to the Needham-Schroeder protocol for sharing secret keys via public key models. It was vulnerable to attacks hence solving this vulnerability. Denning Sacco tries to eliminate the problem by the usage of timestamps when delivering messages. There are several limitations of BAN logic, and they are as follows: the first limitation accepts that agents do not publish secrets, but for sure, it does not full this, thus failing on its part . In addition to that, BAN logic accepts that agents can note types of flaws, but it is very saddening that BAN logic cannot verify the absence of type flaws; BAN LOGIC assumes that all participating protocols are honest, agents that are considered are not compromised, and attackers always don’t have legal keys. As always, BAN accepts perfect cryptography.
There is an increased growth of use and development of wireless telecommunication and also mobile device which are very intelligent. There is also unmanned aerial vehicle UAV which has become common to both public as well as the military police. With the influx of the technology, new security issues may rise up and to curb this menace, detailed security analysis is conducted . There are two basic models of UAV there are fixed wing UAVs and multi rotor UAVs. It is said that the fixed-wing UAV was designed for military intentions and it has become available and made to undergo aerial photographing. There are is general packet service (GPS) spoofing which is the process of duplicating production of GPS signals for the purpose of misleading the target GPS to manipulate its location speed as well as the ting constraints. There is the emergence of cheap user tunable software defined radios as well as the online available projects and tutorials, the launching of GPS spoofing attacks have become more rampant and practical. Successful spoofing attacks may have a devastating effect like changing the direction of a given drone or even crashing it. A drone that is led by GPS can be brute-forced to change its way on its course if the planned pathway is known by the malicious individual. The hijacked drone can be made to fly over no go zones which can cause unnecessary accusations, mainly, drone spoofing can undertake by drug users and smugglers to cross geo boundaries . It can be catastrophic if a military drone gets hijacked in the process as it can be used against the nation by the terrorists. In my opinion, the spoofing individuals could be showing off their prowess by hijacking drones if they are not having malicious intentions. Spoofing can also be achieved to acquire information from targeted individuals like the military base by the terrorists to spy on then and finally planning an attack. in order to fight against spoofing, GNNS signal receiver must be able to know spoofed signals where a signal is detected as a spoof, it is once removed from position calculation. There are advanced interference mitigation technologies like the Septentrio AIM+ which does process signal set of rules where irregularities are detected. For instance, AIM+ cannot be fooled by any advanced signal producer hence deeming spoofing weak and baseless. There are also other various methods being researched like using duo polarized antenna which is being worked on. Mitigation of GPS spoofing will enhance national security as military drones will be secure from external sources as well as they will be a step ahead for, they will be able to detect a spoof attack before it happens.
 Garbis, J., & Chapman, J. W. (2021). Privileged Access Management. In Zero Trust Security (pp. 155-161). Apress, Berkeley, CA.
 Lundberg, T. (2019). Comparison of automated password guessing strategies.
 Prasasd, M. R., Kumar, B. S. P., & Swarnamani, A. (2017). OBE based industry academy approach for embedded system design course. Journal of Engineering Education Transformations, 30(3), 150-156.
 Manning, L. (2018). Triangulation: Effective verification of food safety and quality management systems and associated organisational culture. Worldwide Hospitality and Tourism Themes.
 Åberg, E., & Khati, Y. (2018). Artificial Intelligence in Customer Service: A Study on Customers’ Perceptions regarding IVR Services in the Banking Industry.
 Akther, S., Niger, M., & Hossain, M. (2019). IVR Application on Banking System.
 Lau, C. Q., Cronberg, A., Marks, L., & Amaya, A. (2019, December). In search of the optimal mode for mobile phone surveys in developing countries. A comparison of IVR, SMS, and CATI in Nigeria. In Survey Research Methods (Vol. 13, No. 3, pp. 305-318).
 Fei, Y., Zhu, H., & Vinh, P. C. (2020). Security analysis of the access control solution of NDN using BAN logic. Mobile Networks and Applications, 1-12.
 Shin, D., Yun, K., Kim, J., Astillo, P. V., Kim, J. N., & You, I. (2019). A security protocol for route optimization in DMM-based smart home IoT networks. IEEE Access, 7, 142531-142550.
 Kerns, A. J., Shepard, D. P., Bhatti, J. A., & Humphreys, T. E. (2014). Unmanned aircraft capture and control via GPS spoofing. Journal of Field Robotics, 31(4), 617-636.
 Page, L. (2018). Drone Trespass and the Line Separating the National Airspace and Private Property. Geo. Wash. L. Rev., 86, 1152.