Free Essay

Identifying Potential Risk, Response and Recovery

In: Computers and Technology

Submitted By Projects01
Words 1277
Pages 6
Assignment 2
Identifying Potential Risk, Response and Recovery
Karen Raglin
Professor West
Networking Security Fundamentals
March 3, 2013

I previously identified several types of attacks, threats and vulnerabilities that exist with your multilayered network. You have requested that I develop a strategy to deal with these risks as well as a plan to mitigate each risk to reduce the impact that each will have on your organization. With any network organization you want to make sure that you keep on top of vulnerabilities of anything that reaches out to the internet. Computers and servers that touch the internet are ones that must be scanned. As a company you have to make sure that you configure the security settings for the operating system, internet browser and security software. As a company you also want to set personal security policies for online behavior. There also needs to be an antivirus installed on the network like Norton or Symantec which blocks threats targeting the vulnerabilities.
Your firewall, which is your first line of defense, is susceptible to two common types of attacks. First there are attacks against the firewall itself with the purpose of the attacker being to take control of the firewalls functionality and then launching a DoS attack. The second type of attack against firewalls is an attack on the LAN side of the firewall. These attacks circumvent the rules and policies of the firewall to gain access to the devices that are supposed to be protected by the firewall. The largest vulnerability that exists with firewalls is improper configuration settings. This can lead to the development of security holes which allow unauthorized access from both outside and within your network. All of the aforementioned attacks, threat and vulnerabilities can be mitigated and or avoided altogether.
There are several keys to ensuring that your firewall is as secure as possible. Use a VPN for all non-public traffic. Ports on your firewall should only be open for services that are utilized by the public. Because most people have dynamic IP addresses, your firewall has to constantly open ports and modify its rules to allow access, this can lead to ports being left open and vulnerable to attacks. Limit the size of your network. Simply put, if you don’t need it, turn it off. If your servers are not running a service that is used by the public, don’t allow it to pass through the firewall. Enabling a firewall logging allows you to detect problems that are currently going on as well as those that have previously occurred. Additionally, if you see that your server is getting strange requests or a single IP address is consistently scanning your network, it will raise a red flag. Monitoring your firewall traffic is essential, if you know what the typical traffic pattern is, you will know when it changes too. The sooner you discover unusual patterns, the better. Try to keep your firewall configuration as simple as possible. Constantly review your rules and permissions to ensure that the security level is appropriate for your organization.
The Web/FTP server is responsible for connecting to the internet to make websites available to anyone on the network who may be looking for them. The biggest vulnerability with this type of server is that it requires that a connection to the internet remains open. With this connection open, your network resources are also exposed to the internet as well. There are attackers that specialize in surfing the internet looking for open connections to access peoples’ internal networks. Preventive measures include the creation of a DMZ within this server; you will develop a buffer zone where traffic from both sides is let in, but not able to penetrate the network itself without the proper permissions.
Internal controls to mitigate this risk include the creation and management of an Access Control Matrix. That way you can assign access and usage rights only to those who require access to the files. Additionally, you can overlap permissions so that it acts as an internal system of checks and balances, therefore no one person has completed control to access, modify and delete content from the server.
The most common type of attack on your email server is the DoS attack. There are so many different types of devices connect to and utilize the email server, security in this area is very difficult to attain. DoS attacks are also common on Active Directory Domain controllers. In the case of these DoS attacks risk acceptance is necessary and you must mitigate these risks and vulnerabilities to minimize damage. You can ensure that your antivirus protection is up-to-date as well as requiring that employees do not stay logged into their email. You can also adjust the time out length to ensure that idle computers are automatically logged off the server if they lay dormant for too long. These can all help prevent unnoticed attacks from occurring.
The sharing of files which are located on your server can pose a unique threat. This could be considered more of an internal than external threat. You have to be careful who you give the ability to access and change files to.
Wireless access points are another vulnerability and target for attacks. The signal can actually extend to your network and outside the walls of the building. It is extremely important that you enable all of the available security features offered by your wireless access point device. Encryption is a must over your wireless network because radio waves can easily be intercepted.
Email server needs to be sure that spam doesn’t get through the network. The ways that spam works is unwanted email messages get solicited to a large number of recipients. “Spam should be a major concern in your infrastructure since it can be used to deliver email which can include Trojan horses, viruses, worms’ spyware and targeted attacks aimed specifically in obtaining sensitive and personal identification information.”
The last vulnerability and risk I have identified is the use of laptops and other types of mobile devices such as smart phones or tablets. These portable devices pose additional risk because they may not always be in view of the operator and they may not be used strictly for business only, especially handheld devices. Smart phones have become a hot target for attacks where information such as passwords and personal information is being stolen via downloadable apps. Attackers are then utilizing this information to gain unauthorized access the resources this information is used for. Viruses and Malware can also be introduced into your network via these devices, especially if users are using them to access the internet, download files or check email. This could be crippling to your organization. You must mitigate this by stressing the importance of utilizing these devices strictly for business access, having the latest antivirus software installed and maintaining physical possession of the devices at all times.
All of the threats and vulnerabilities I have identified can be potentially crippling to your organization. They can cause loss of data, the inability to access important files and resources, and can cost your organization tens of thousands of dollars in property loss, time loss and revenue loss. If you take all of my recommendations seriously, I think you will find that we have minimized the impact that attackers can have on your network and your business.

References
Kim, D. & Solomon, M. (2012). Fundamentals of Information Systems Security http://www.gfi.com/blog/5-steps-to-protect-exchange-server-from-security-attacks Steps to Protect Exchange Server from Security Attacks. http://technet.microsoft.com/en-us/library/cc700820.aspx Northrup, T. Firewalls.…...

Similar Documents

Premium Essay

Identifying Potential Risk, Response, and Recovery

...Assignment 2: Identifying Potential Risk, Response, and Recovery Emory Evans August 26, 2012 Dr. Robert Whale CIS 333 There are a myriad of potential threats and vulnerabilities that leave a system open to malicious attack, anytime you have a computer network that connects to the internet there is a potential for malicious attack so it is important that you know the vulnerabilities of a system to protect it from potential threats and malicious attacks. “A vulnerability is any weakness in a system that makes it possible for a threat to cause harm.” (Kim & Solomon, 2012, p. 96). There are several common vulnerabilities that exist within the seven domains of an IT infrastructure for example there is the lack of awareness or concern for security policy vulnerability in the User Domain as well as intentional malicious activity ( Kim & Solomon, 2012). Within the Workstation Domain there exists unauthorized user access, weakness in installed software, and malicious software introduced vulnerabilities, unauthorized network access, transmitting private data unencrypted, spreading malicious software, exposure and unauthorized access of internal resources to the public, introduction of malicious software, loss of productivity due to internet access, denial of service attacks, brute-force attacks on access and private data are all examples of vulnerabilities within the seven domains of IT infrastructure which are User, Workstation, LAN...

Words: 705 - Pages: 3

Premium Essay

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...above in order to develop protective measures that will protect the information from the outside world, while allowing known individuals with unique identities the access required. Here are some protective measures to consider: Prevention: Take measures that prevent your information from being damaged, altered, or stolen. Preventive measures can range from locking the server room door to setting up high-level security policies. Detection: Take measures that allow you to detect when information has been damaged, altered, or stolen, how it has been damaged, altered, or stolen, and who has caused the damage. Various tools are available to help detect intrusions, damage or alterations, and viruses. Reaction: Take measures that allow recovery of information, even if information is lost or damaged. The above measures are all very well, but if we do not understand how information may be compromised, we cannot take measures to protect it. Here are some components that we can examine on how information can be compromised: Confidentiality: The prevention of unauthorized disclosure of information. This can be the result of poor security measures or information leaks by personnel. An example of poor security measures would be to allow anonymous access to sensitive information. Integrity: The prevention of erroneous modification of information. Authorized users are probably the biggest cause of errors and omissions and the alteration of data. Storing incorrect data......

Words: 5140 - Pages: 21

Premium Essay

Assignment 2: Identifying Potential Risk, Response, and Recovery

...policies for the site are properly implemented. Firewalls are the basis of computer and network security defense. They are widely deployed. They are very hard to configure properly, and people who configure them may not know the current threats and attacks. For example, an administrator maybe working on some task and might leave something open in a firewall where attackers can enter through. Some firewalls have the vulnerability that enables attackers and be defeated. By identifying the network components, you can evaluate their vulnerabilities. These vulnerabilities can have flaws in the technology, configuration, or security policy. Vulnerabilities can be fixed different ways, applying software patches, reconfiguring devices, or deploying countermeasures such as firewalls and antivirus software. Threat is when people take advantage of vulnerability and cause a negative impact on the network. If threat occurs it needs to be identified, and the associated vulnerabilities need to be addressed to minimize the risk. As of today, most of the hackers are interested in hacking services such as HTTP (TCP Port 80) and HTTPS (TCP Port 443), which are open in many networks. By using access control devices, they can detect malicious exploits aimed at these services. Now these days applications has improve and very hard for hackers to get into but the technology need to stay up to date and be more intelligent. The attack methodology requires firewalls to provide not only access......

Words: 1056 - Pages: 5

Premium Essay

Identifying Potential Malicious Attacks

...Identifying Potential Malicious Attacks The CIO Company will use firewalls, intrusion detection systems, virus scanners and other protective software to provide some assurance that the security policies for the site are properly implemented. Firewalls are the basis of computer and network security defense. They are widely deployed. They are very hard to configure properly, and people who configure them may not know the current threats and attacks. For example, an administrator maybe working on some task and might leave something open in a firewall where attackers can enter through. Some firewalls have the vulnerability that enables attackers and be defeated. By identifying the network components, you can evaluate their vulnerabilities. These vulnerabilities can have flaws in the technology, configuration, or security policy. Vulnerabilities can be fixed different ways, applying software patches, reconfiguring devices, or deploying countermeasures such as firewalls and antivirus software.   Threat is when people take advantage of vulnerability and cause a negative impact on the network. If threat occurs it needs to be identified, and the associated vulnerabilities need to be addressed to minimize the risk.  As of today, most of the hackers are interested in hacking services such as HTTP (TCP Port 80) and HTTPS (TCP Port 443), which are open in many networks. By using access control devices, they can detect malicious exploits aimed at these services. Now these days......

Words: 1060 - Pages: 5

Premium Essay

Assignment 1: Identifying Potential Malicious Attack

...Assignment 1: Identifying Potential Malicious Attack CIS 333 Assignment 1: Identifying Potential Malicious Attack Potential malicious attacks and threats that may be carried out against the network include illegally using user accounts and privileges, Stealing hardware and software, Running code to damage systems, running code to damage and corrupt data, modifying stored data, stealing data, using data for financial gain or for industrial espionage, performing actions that prevent legitimate authorized users from accessing network services and resources, and/or performing actions to deplete network resources and bandwidth. Threats to the network can be initiated from a number of different sources, hence the reason for network attacks being classified as either external or internal network attacks/threats. Individuals carry out external threats or without assistance from internal employees or contractors. A malicious and experienced individual, a group of experienced individuals, an experienced malicious organization, or inexperienced attackers (script kiddies) carry out these attacks. Such attackers usually have a predefined plan and the technologies or techniques to carry out the attack. One of the main characteristics of external threats is that they usually involve scanning and gathering information. Users can therefore detect an external attack by scrutinizing existing firewall logs. Users can also install an Intrusion......

Words: 1068 - Pages: 5

Premium Essay

The Role of Social Media in Crisis Preparedness, Response and Recovery

...PREPAREDNESS, RESPONSE AND RECOVERY By Jason Christopher Chan (RPO) Executive Summary In recent years, social media has exploded as a category of online discourse where people create content, share it, bookmark it and network at a prodigious rate. The five key characteristics of social media: collectivity; connectedness; completeness; clarity and collaboration lend itself to be used increasingly to support crisis management functions. This paper examines the various categories of social media tools to understand how they can be utilised to enhance analytical and response capabilities of organisations for crisis management. The paper identified four main social media functions: (1) information dissemination, (2) disaster planning and training, (3) collaborative problem solving and decision making, and (4) information gathering, which are then mapped onto the three crisis management phases of preparedness, response and recovery to describe how a range of social media tools may be used to enhance crisis communications. Case examples of international organisations and governments using social media for crisis management are shared. The paper proposes a framework to enhance government use of social media for crisis management that encompasses the need for a mandate, differentiated guidelines and three key capabilities to be developed. 1 Introduction 1. Crisis management is a critical organisational function that involves planning and dynamic incident response to......

Words: 6572 - Pages: 27

Premium Essay

Identifying Potential Malicious Attacks

...Identifying Potential Malicious Attacks, Threats and Vulnerabilities Joseph Escueta Strayer University CIS 333 Dr. Emmanuel Nyeanchi January 30, 2014 Abstract The world of any organization lays a network structure that controls all the operations of the company. Every company has its own sensitive information about their success and why they such a good reputation. Because of the growing technology various enchantments have been develop to make sure that its investments are secured and locked hidden in its networks. However network attacks have been around for decades and each new security can be breach. This is one of the major causes of any company to lose money or its capital after being attack by network attackers. It is proven to be a nuisance for any organization trying to make a living. However, this attacks can be avoided if one should take precautions and to be aware of the network attacks. In this case study I will identify its causes and threats against the network. I will also expose the vulnerabilities that exist in networks today. Identifying Potential Malicious Attacks, threats and Vulnerabilities There are many attacks in the network but the most important purpose is to protect the company’s assets. We are not taking about average hackers who just do it for fun but rather want to cause damage to a company’s reputation. In a network security there are two important categories which is logic attacks and resource attacks. A logic attack......

Words: 1207 - Pages: 5

Free Essay

Identifying Potential Malicious Attacks, Threats and Vulnerabilities

...Recently the Chief Information Officer of our company Celtic Gamers Frontier Inc. (CGF) has read of an increase in the threat space regarding the electronic game industry and he is concerned with regards to our Companies overall architecture, and the risks to our Research and Development efforts and other Intellectual Property. He has tasked the company’s corporate information technology group to produce an information paper detailing the types of cyber threats and malware are being reported on the internet. They would also like the security group to give the company’s executive leadership a detailed report regarding the threats, vulnerabilities and the overall risks that may be present in our current corporate infrastructure. The security department for the organization is relatively small and short on resources so this task has been given to me to do the research and create an executive report detailing the current vulnerabilities, risks and threats and potential impact to our network should we have any security incidents. “Unfortunately, there are inherent risks to computer usage — hackers, viruses, worms, spyware, malware, unethical use of stolen passwords and credentials, unauthorized data removal by employees with USB flash drives, or servers crashing and bringing productivity to a halt” ("Cybersecurity," 2013) . The CGF network is a typical office network composed of an external firewall with an external DMZ with public use servers, and internal firewall......

Words: 1563 - Pages: 7

Free Essay

Is351 Identifying It Project Risks

...The five potential risks for this new project that I think they may encounter is Positive Risk, Resistance to change by employees/students, Fraud, identity theft, hacking or phishing, Accidental wrong information and Accessibility. The first one I call a positive risk (this is referred to as the risk that we initiate ourselves because we see a potential opportunity, along with a potential for failure.). It’s the process of teaching the students and or teachers how to use the program. This is positive because the program is supporting them to take control of their own human resource information. This will help after the program reduces the number of HR employees needed. There can be some risks because it has to do with the fact that the program is online. Not everyone has the savvy computer skills to find their way around the website such as older employees. They may never have used a computer for tasks other then word processing or spreadsheets. Then for those personnel with weaker computer skills who might be hesitant to use the program. To help improve efficiency the Human Resource will need to set up training or conferences where the employees and students will be taught step by step how to access, use and manage the new system. As well, there will be a role out phase, where there will be Human Resource staff on hand to help out when needed. For those people who still have concern, there will always be someone in HR who can help at any time. The next potential is......

Words: 1021 - Pages: 5

Premium Essay

Risk in Potential Acquisitions--Google

...money. Moreover, most companies purchased by Google by 2006 are small private company and it will increase risk of management for Google if Google want to transfer them to public companies. There may be potential difficulties on integration of each company’s accounting, management information, human resources and other administrative systems. Lack of research and explanation of the role of the management accountants in M&A integration process raises some important questions for senior financial managers charged with the responsibility of integrating the various functions and tasks inherent in the MAS (management accounting systems) integration process. For example: when a company acquires another for a specific technology it developed and then in the confusion of integrating the two companies mistakenly closes the department that created the targeted technology asset. Spending management time on acquisitions may temporarily divert attention from operating activities of Google. One of Google’s growth strategies is the acquisition of complementary businesses and technologies, before acquisition ,to identify a suitable acquisition candidates takes a lot of time; when we make acquisitions, a significant amount of management time and financial resources may be required to complete the acquisition and integrate the acquired business into our existing operations. Potential difficulty in integrating the employees of an acquired company in to the Google organization (1)......

Words: 660 - Pages: 3

Premium Essay

Risk Response Planning

...Instructions of Risk Response Planning Jinghan Xie PJM 6015 Project Risk Management Jacques Alexis Northeastern University College of Professional Studies August 8, 2015 Abstract As the fourth step in the risk management, risk response planning is very significant and it could affect the subsequent steps of risk management as well as the whole project. In other words, if a risk management plan does not has the sufficient preparation in response part, the subsequent risk management process (monitoring & controlling) would generate mistakes and the previous effort (planning, identification and analysis) would be wasted. This paper uses PMBOK (main reference) and several scholarly articles (secondary references) to elaborate the definition of risk response planning, find necessary tools & techniques, emphasize the importance of risk trigger and contingency plan, and discuss some key factors which could affect the risk response decision. Keywords: risk response planning, contingency plan, risk trigger, risk response decision Risk Response Planning To begin with, I want to use the content of PMBOK to define the risk response planning. Plan Risk Responses is the process of developing options and actions to enhance opportunities and to reduce threats to project objectives. It follows the Perform Qualitative Risk Analysis process and the Perform Quantitative Risk Analysis process (if used). It includes the identification and assignment of one person (the “risk......

Words: 1460 - Pages: 6

Premium Essay

The Cost of Business Continuity Planning Versus the Potential of Risk

...The Cost of Business Continuity Planning Versus the Potential of Risk Though the cost of mitigating risk can be high, the lack of proper business continuity planning and disaster recovery planning will leave a company is at risk of a catastrophic loss of revenue due to the loss of the Information Systems. Any company that relies on its Information Systems for their operations should invest the time and revenue in developing an efficient and effective Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). This study will compare the differences in what a Business Continuity Plan is used for and what a Disaster Recovery Plan is used for. Additionally, it will evaluate the risk having a Business Continuity Plan and Disaster Recovery Plan versus accepting the potential loss of revenue and business in the event of a disaster. It is important to any company that uses it Information Systems to generate revenue. If a company is effected by a disaster, the longer a company takes to respond to the emergency and recover its resources, the more time it will take the company to get back to normal operations (Harris, 2013, p. 887). As history has shown, our world has and will continue to experience many destructive events such as, floods, earthquakes, terrorism, hurricanes, and many other catastrophic events that could cripple a company that is not prepared. Disasters are uncontrollable and over time, every organization will have to deal with the fallout of a disaster. Three...

Words: 2924 - Pages: 12

Premium Essay

Identifying Potential Malicious Attacks, Threats and Vulnerabilities

...            Identifying Potential Malicious Attacks, Threats and Vulnerabilities Brian Cox Strayer Univerity Professor Leonard Roden Networking Security Fundamentals May 03, 2016            Have you ever thought about the measures that you need to go through when protecting yourself from online threats and attacks? There are many different types of attacks and threats that can be carried out against networks and organizations. The attacks that could be carried out can cause serious damage to the company and range on a scale from very minimal to very severe data loss and data theft. It is important for companies to take every precaution available and have not only the best software for prevention of these attacks but stay on top of what the intruders, hackers, attackers are learning and how the technology is forming when they are deploying these systems on their servers, networks, and office computers that employees will use on a day to day basis. The computers each employee is using should come with a User Agreement and the do’s and do not’s when it comes to daily computer usage. This will enhance the security as each employee will understand what is acceptable and how to obtain maximum security of their signed computer. It is also advisable within the User Agreement to list out the things that are unacceptable such as plugging in your phone, downloading things from the internet, and other things that may seem harmless but could hurt the company if it......

Words: 1622 - Pages: 7

Premium Essay

Litigation Exposure in Identifying and Investigating Fraud Risks

...Litigation Exposure in Identifying & Investigating Fraud Risk In the backlash of fraud and failed auditing, a more stringent standard for auditors was enacted in hopes to avoid the failures of the early 2000s. The Sarbanes-Oxley Act and statements of auditing standards such as SAS 99 were put into place to accomplish this goal. Yet, with more stringent standards comes a heightened public expectation that may increase the potential litigation auditors face. In the world of auditing, a very important aspect that should always concern an auditing firm is the risk of litigation exposure that a firm may encounter in performing an audit. Here, we will look at the guidelines advocated by Statement on Auditing Standard No. 99 in the context of several scenarios to see how the procedures promoted by it may increase the risk of litigation exposure that a firm faces in the event that fraud goes undetected. Statement on Auditing Standard no. 99 requires, as part of planning the audit, that there be a discussion among the audit team members to consider how and where the entity's financial statements might be susceptible to material misstatement due to fraud and to reinforce the importance of adopting an appropriate mindset of professional skepticism. SAS 99 instructs auditors to identify general and specific fraud risks that might be present in a client’s company. While this initial identification of areas where potential fraud risks exist is of great importance for the......

Words: 2824 - Pages: 12

Premium Essay

Environmental Concerns, Mission-Related Risks and Potential Effects

...On a mission, each of us must comply with the host nation, with Federal, State and Local environmental laws and Regulations. Protecting the environment is everyone responsibilities. The best way we can comply with this is identifying the different areas such as: Areas of environmental concerns, mission- related environmental risks and Potential effects of environmental factors on missions and operations. 1-. Areas of Environmental Concerns: A-.Hazardous Waste (HW): Units must • Have a collection and turn in point • Keep a cleanup, report and document any hazardous spill properly. • Transport all HW according to local and installation procedures. B-.Hazardous material (HM): Units must • Report the location of any unexploded ordnance. • Conduct maintenance involving that HM only after being trained. • Maintain a current inventory and a material safety data sheet (MSDS). • Support the Installation Recycling Program. • Remove materials such as expended brass, communication wires, concertina, booby traps, and propellant charts from training sites. • Conduct police calls to collect and dispose of solid-waste materials (trash). • Dispose of liquid waste from kitchens, showers and baths properly. • Avoid entering terrain drainage areas with vehicles unless the area is dry and the ground will support such activities. C-. Noise Pollution; Units must • Avoid tactical maneuvers in erosion susceptible areas and refill fighting positions. • Verify range......

Words: 757 - Pages: 4