Premium Essay

Principles of Infosec - Vulnerabilities

In: Computers and Technology

Submitted By melandp929
Words 513
Pages 3
Name: Melina Escamilla
Course: Principles of Information Security
Professor: Jonathan Coombes

Course Project Phase I – Week 3

Company Overview
Aircraft Solutions (AS) is a reputable organization whose mission is to deliver custom made products based on unique customer requirements.
Aircraft Solution’s customer base is made up of an array of industries, which include defense, commercial, aerospace and electronics. Aircraft solutions have worked with different countries to meet specific demands for government customers as well as family businesses.
With that being said, Aircraft Solutions’ workforce is made up of several different types of skilled professionals. This company prides itself on customer service and is mission driven.

Security Vulnerabilities, Threats and Risks
This report will explain two vulnerabilities found within Aircraft Solutions hardware and security policy. The report will briefly discuss threats for each the hardware and policy vulnerability and the likelihood in which the threat will happen.
Hardware Vulnerability: Currently, the public can access information on AS’s website regarding commercial aircraft, however, there is only one parameter in place regarding a firewall. With Aircraft Solutions working with several different industries, especially commercial aircraft, multiple firewalls should be established to support the networks needed to keep our different industries secure.
Hardware Threat: According to our text, a threat that can be associated with firewall vulnerabilities are data leaks. We do not want the defense agenda inadvertently accessed by the public seeking commercial aircraft information.
Hardware Risks: The risk of commercial users accessing government information through AP’s Internet website is likely to occur.
Policy Vulnerability: Aircraft Solution’s security policy management completes their…...

Similar Documents

Premium Essay

Security Vulnerabilities and the

...Employee’s Security Vulnerabilities and the Affects on Organization’s Information Technology University Maryland University College Employee’s Security Vulnerabilities and the Affects on Organization’s Information Technology Cyber security vulnerabilities and threats are real and constant. Information technology breakthroughs have given our adversaries cheaper and often effective cyber weapons to harm U.S. computer networks and systems (Gen Alexander, 2011). Unfortunately, our adversaries are not our greatest vulnerability to cyber security or cyber space. Cyber security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Cyber space is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. (Ruquet, 2011). The government has been coordinating with private organizations and the public sector to protect information technology. They have been working to detect, prevent, and mitigate cyber threats and vulnerabilities. There are multiple vulnerabilities which adversely affect information technology but this paper will focus on the human factor. ......

Words: 2131 - Pages: 9

Free Essay

Sans Institute Infosec Reading Room

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Security Strengths and Weaknesses of Two Popular Web Servers As the mediator between your business and the world the Web Server that you choose must be completely sound in regards to security. You do have many options when choosing which Web Server package you will use to transmit your company's on-line presence to the rest of the world. There are two Web Server packages in particular that dominate the market for Web Servers. These two Web Server packages are Microsoft's Internet Information Server, and Apache. Copyright SANS Institute Author Retains Full Rights AD Brad Bell August 19, 2001 Security Strengths and Weaknesses of Two Popular Web Servers As the mediator between your business and the world the Web Server that you choose must be completely sound in regards to security. You do have many options when choosing which Web Server package you will use to transmit your company's on-line presence to the rest of the world. There are two Web Server packages in particular that dominate the market for Web Servers. These two Web Server packages are Microsoft's Internet Information Server, and Apache. What is a Web Server? Key definition andAF19 FA27 a web998D FDB5 DE3D F8B5 06E4 A169 4E46 static content to The fingerprint = purpose of 2F94 server is a software......

Words: 3755 - Pages: 16

Premium Essay

Windows of Vulnerability

...Vulnerability labels a condition or a set of conditions that create a weakness in systems or networks that can potentially be manipulated. Think of vulnerability as the susceptibility of a system or network to be attacked and possibly damaged or disrupted. Vulnerabilities take many forms: ▪ Easily guessable logon passwords ▪ Poorly configured access controls ▪ Exploitable programming flaws ▪ Incorrect security implementations ▪ Non-exploitable disruptive design flaws, such as denial of service (DoS) ▪ Undocumented maintenance or debugging backdoors in software or systems All of these problems and many others can exist simultaneously across numerous systems and devices. Threats, risks, and vulnerabilities negatively impact the confidentiality, integrity, and availability (CIA) triad. Confidentiality is breached when an attacker discloses private information, integrity is broken when an attacker modifies privileged data, and availability is ruined when an attacker successfully denies service to a mission-critical resource. The length of time these vulnerabilities are present creates a window of vulnerability (WoV), the period within which defensive measures are reduced, compromised, or lacking. The WoV covers a timeline from the moment a vulnerability is discovered and identified by the vendor. It also includes the time taken to create, publish, and finally apply a fix to the vulnerability. Problems arise as fixes can be disruptive to......

Words: 276 - Pages: 2

Free Essay

Window of Vulnerability

...The Window of Vulnerability The window of vulnerability is a time frame within which defensive measures are reduced, compromised or lacking. When trying to calculate the window of vulnerability you need to look at least 4 different things before being able to figure out the entire vulnerability. Those four things are discovery-time, exploit time, disclosure time and patch time. Discovery time is when someone discovers that a product has security or survivability implications, the flaw then becomes vulnerable. Hopefully it was found before an attacker found the vulnerability and exploited it. Exploit time is the time between the discovery and the patch time. It is when most, if not all, attacks will occur on a network. When attackers find vulnerabilities they can break through the security relatively quickly, and if they are not stopped they can damage a network extremely. Disclosure time is the vulnerability is disclosed when the discoverer reveals details of the problem to a wider audience. Disclosure time and exploit time can be occurring at the same time, it just depends on when the vulnerability was discovered and by whom. Patch time takes the longest because of all the code that needs to be fixed in order to close the vulnerability. Patches can take a few days to fix the problems or can take longer than 3 weeks, it all depends on how bad the vulnerability is and how badly the attackers want to get into the network. Even with patches and other fixes to networks there...

Words: 275 - Pages: 2

Premium Essay

Thoughts on Being Asked “How Do I Get Into Infosec?”

...So You Want To Get Into INFOSEC Huh? I got a request through a friend for a friend of that friends kid to talk to him about how to get into INFOSEC the other day. Now usually I am a curmudgeon (as you all know and love) and am loathe to be some sort of big brother of INFOSEC to anyone but in this case I said ok cuz I am just that nice. After some email wrangling we finally got together today (scant minutes ago actually) and now feel an obligatory blog post on the subject of getting into the business coming on …And there it is …Feel the burn… So after agreeing to a time to meet I began to wonder just what I would say to this kid as to how to get into the business. For that matter I really wondered if I should encourage him at all to get into INFOSEC in the first place. My mind started to ponder why I was in it still and just how if at all it was rewarding given all that I have seen and still deal with on a daily basis. Often times my daily job sends me in to apoplectic fits that you all see in my blog posts and on twitter screeds of 140 characters at a clip so I imagine all of you out there might not think that I enjoy my work on average. On the whole though I would say that I do enjoy my work but I would caution anyone looking to get into this business to take a deep look at their abilities and their coping mechanisms before they took the plunge. My conversation with this guy (in his 30′s) covered a range of things but I mainly focused on just how technical he was if at......

Words: 1490 - Pages: 6

Free Essay

Vulnerability

...Vulnerability Assessment Scan Using Nessus CNT 4403 Anthony de Cardenas Patricia McDermott-Wells 1. Zenmap GUI is a multi-platform application that provides advanced experience network mapping. It would be used by beginners to understand how the network functions. The software probes computer networks by sending packets and analyzes its responses. It is useful when you want to understand the system’s vulnerabilities or detect specific services running on the network. 2. When describing the risks and vulnerabilities of an information system, it has to start where security of data is compromised. Protecting the user names and passwords of a system is vital. When there are vulnerabilities, the system’s sensitive data is at risk. That is the reason you need to secure your information when transferred through the network. 3. The application that is used for Step 2 in the hacking process is Nessus. 4. If you are to conduct an ethical hacking, you have to make sure that you have the proper authorization. Without it, any probing could be considered malicious and would be subject to prosecution. 5. A CVE, or a Common Vulnerabilities & Exposure, is a list of all the known vulnerabilities in the system. They also provide a way to close or patch them up to limit the risk of security leaks. The CVE database is sponsored by the Mitre Corporation under the control of Homeland Security. 6. The Zenmap GUI can definitely detect the operating system......

Words: 328 - Pages: 2

Premium Essay

Window of Vulnerability

...Window Of Vulnerability (WoV) Window of Vulnerability (WoV) is calculated from the time the attack started to when the attack is found removed or fixed. In this case the attack was found but just referred to as the previous day and the detection was found by the server software. We will say that the attack was on a Monday morning. The software company will be releasing a patch for the attack in three days. We should receive the patch on Thursday then. When we get the patch we will need to install and test the patch, this will take generally according to the size of the computer and the # of end users any part of one week to complete the testing before putting it into production. Once the testing is done on all workgroups & end users devices the patch will need to be installed which is considered into production. The update will be company-wide to all machines that access the network. We will need to send out notification office wide via memo and/or email message to all employees. We should request that all end user’s leave the PC’s or devices on so that we can remotely install the updates or for all of the end users that contain windows 7 which most companies do have the upgrade from XP since it will soon be unsupported, you can use Microsoft Deployment Toolkit (MDT) to automate the update to reduce the Desktop support time & cost to do each and every machine. From the day we found the security hole to the the time we fix the security hole, according to......

Words: 296 - Pages: 2

Premium Essay

Vulnerability in Information

...CHAPTER 1 Vulnerabilities, Threats, and Attacks Upon completion of this chapter, you should be able to answer the following questions: ■ ■ What are the basics concepts of network security? What are some common network security vulnerabilities and threats? ■ ■ What are security attacks? What is the process of vulnerability analysis? Key Terms This chapter uses the following key terms. You can find the definitions in the glossary at the end of the book. Unstructured threats Structured threats External threats Internal threats Hacker Cracker Phreaker Spammer Phisher page 21 page 21 page 21 page 21 page 21 page 20 page 20 page 20 page 21 White hat Black hat page 21 page 21 page 28 page 28 Dictionary cracking Brute-force computation Trust exploitation Port redirection page 28 page 29 page 30 Man-in-the-middle attack Social engineering Phishing page 30 page 30 2 Network Security 1 and 2 Companion Guide The Internet continues to grow exponentially. Personal, government, and business applications continue to multiply on the Internet, with immediate benefits to end users. However, these network-based applications and services can pose security risks to individuals and to the information resources of companies and governments. Information is an asset that must be protected. Without adequate network security, many individuals, businesses, and governments risk losing that asset. Network security is the process by which digital information......

Words: 13317 - Pages: 54

Premium Essay

Single Most Importan Cybersecurity Vulnerability

...Single Most Important Cybersecurity Vulnerability Facing IT Managers Disclaimer: please do not copy and paste the paper With the growing usage of the Internet, the expansion of global communication, the office in its traditional sense is fading away. In order for corporations, whether small or large to be profitable in this competitive market, the walls of their offices have had to expand beyond the four walls located at their physical business address. In order to conduct business effectively nowadays, it has become necessary to have internal private business and government networks connecting to other corporate and government networks; as such, the use of portable devices has significantly increased and private corporate information travels more and more. While this is extremely convenient, and allows conducting business at unconventional hours and locations, it is simultaneously risky and requires organizations to proactively secure their data from being compromised. Internet access is available from the privacy of our homes, but also in an increasing number of public places: libraries, fast food restaurants, cafés, and department stores. With the growing cyberworld has come a multiplication of cyber-attacks, where both amateurs and dedicated hackers constantly try penetrating corporate networks. It has become a very challenging objective for IT managers and IT professionals to keep information secured while travelling through the internet. Additionally, one of......

Words: 3016 - Pages: 13

Free Essay

Wireless Vulnerabilities

...Wireless Vulnerabilities DUE DATE: 01/10/2016 ISSC 680 BY: TAMMY BATTLE PROFESSOR: Dr. Louay Karadsheh Introduction What is vulnerability? Vulnerabilities are shortcomings in the physical design, association, strategies, work force, administration, organization, equipment, or programming that might be misused to make hurt framework. The objective of the preparatory helplessness evaluation is to add to a rundown of framework vulnerabilities (defects or shortcomings) that could be misused by a potential danger. For new frameworks, the quest for vulnerabilities ought to concentrate on security arrangements, arranged methodology, framework necessities definitions, and security item examination. For operational frameworks, break down specialized and procedural security highlights and controls used to ensure the framework. Weakness investigation includes the accompanying five security control territories: (FAA) * Technical – the computer hardware and software, modes of communication, and the system architecture. * Operational - methods that individuals perform as for as information system * Administrative - feeble countermeasures in the authoritative methodology that influence the information systems. * Physical - frail countermeasures in the physical design of, and access to, offices and fenced in areas where computerized data frameworks are house. * Personnel - feeble countermeasures in approach, procedure, and methods utilized for security......

Words: 2588 - Pages: 11

Premium Essay

Infosec Career

...and motivated applicants. The jobs exist, but we repeatedly see candidates being given false advice to get them. With tremendous and very much appreciated help from many of my colleagues and friends in the field, I have endeavored to compile a comprehensive blog about starting an InfoSec career. This is a very lengthy blog broken into sections that may help people as parts or as a whole. We want you to succeed in our field. As always, please feel free to ask questions or leave comments / gripes / suggestions. Chapter 1: The Fundamentals  Unfortunately, for all the interminable hacking tool tutorials and security guides floating around the internet, many InfoSec job candidates haven’t grasped two fundamental concepts: * To hack something (or defend it from hacking), you must have a solid understanding of how that thing works. And, * InfoSec is not a career that can be put in a box once you go home from work or school. You must be passionate enough about the field to be continually learning and aware of quickly changing current events. If you want a career that you can forget about once you go home at 5:00 PM, InfoSec is probably not the right choice. The really intriguing thing about InfoSec and hacking in general is how they draw heavily from knowledge of all sorts of IT subjects. It’s difficult to understand attacks, malware traffic, or intrusions without a firm understanding of network ports, protocols, and architecture. Similarly, it’s difficult to understand......

Words: 11232 - Pages: 45

Premium Essay

Vulnerability Assessment

...properly respond to SE attacks. A program tailored to specific types of users would help to educated them about techniques used against them and the systems they use. (Tipton, H. & Krause, M., (2007)) C. Simulated vulnerability test using Social Engineering Social engineering attacks have four generally recognized phases. The ‘preparation’ phase is where information is gained, either by chatting up employees, dumpster diving, internet research, or fake job applications/interviews that can be leveraged for intimate information about the target or to develop a rapport with people associated with the target. The ‘pre-attack’ phase takes this information and develops it into a plan of attack, laying out the objectives of the attack and the methods used. The ‘attack phase’ is where individuals are compromised, either directly or remotely, and whatever objectives for the hack are met. The ‘post attack’ phase is dedicated to controlling the aftermath of the attack or turning the objectives of the attack into vectors for further exploitation. (Janczewski & Colarik, 2007) A vulnerability assessment should take care to include each phase of an SE attack so that all correctable deficiencies are found. The first phase of an SE attack is reconnaissance, so a vulnerability assessment should be done on the company’s website. Internet searches of sites like Google and LinkedIn should be done to see what information is already ‘out there’. During this phase of the assessment a......

Words: 1868 - Pages: 8

Premium Essay

Vulnerability

...conduct vulnerability assessments is of the upmost importance if a company or organization has information that is confidential or vital in nature. The need to conduct penetration testing should be an ongoing task for organizations as new technologies emerge. Even with security measures in place hackers continue to find ways around the roadblocks which are put in place to secure our networks. Just this month alone the Federal Bureau of Investigation’s network was compromised as a hacker was able to penetrate the emails of one of the organization’s special agents (Brito, 2012). The FBI has some of the most sophisticated computer security measures in place known to man and if their systems can be hacked I assure you that no one is safe. In order to properly examine a computer network for vulnerabilities a company’s information systems manager needs to determine whether such testing can be completed in house or should be outsourced to a penetration testing contractor. It is my belief that penetration testing is best left to contractors whose sole function is in conducting these types of tests, as they are better equipped with the tools and knowledge needed to get an accurate overview of a business network. However, penetration testing should be completed periodically by a business internal IT staff as they can apply updates to prevent vulnerabilities throughout the year and can assist a third party vendor in getting the best snapshot of a network’s vulnerabilities. ......

Words: 1998 - Pages: 8

Premium Essay

Vulnerabilities of a Workgroup

...There are several vulnerabilities that exist for any workgroup but the five I have chosen are a remote code execution, an elevation of privileges, an uninitialized memory corruption, a hacker could hijack an active OWA session, information disclosure vulnerability. Several of the vulnerabilities include privilege elevation. This is a very serious type of attack because if a person can elevate there privileges they could completely take over your system and do some serious damage. This particular attack is a remote code execution vulnerability which could allow an attacker to remotely take over your system. The vulnerability is caused by a memory corruption error while handling malformed strings in a Microsoft Office document. The attacker would create specially crafted MS Office files send them as email attachments, or they could host a web site and lure you into visiting by simply clicking on a link. Opening the email attachment could corrupt the system memory and allow the attacker to execute arbitrary code. The workaround for this attack is do not open or save files received from unknown sources or that come unexpectedly from trusted sources. The cure is to apply appropriate patches. The next attack is in Outlook Web Access and it could allow Elevation of Privileges. The attacker could hijack the OWA session and perform actions on behalf of the authenticated user without the user’s knowledge. This vulnerability affects Microsoft exchange server 2000, 2003, 2007 so......

Words: 350 - Pages: 2

Premium Essay

Vulnerability

...Article on Vulnerablity Nur 440 August 22, 2011 Vulnerability Article As cited by De, and Anderson (2008), according to Aday (2001), “vulnerable populations are those at risk for poor physical, psychological, or social health. Anyone can be vulnerable at any given point in time as a result of life circumstances or response to illness or events” (p. 3). This particular article will look at the groups who are vulnerable to influenza. As stated by Hutchins, Truman, Merlin, and Redd (2009) “the US national strategy for pandemic influenza preparedness and response assigns roles to governments, businesses, civic and community-based organizations, individuals, and families” (para. 1). Looking at the group that would have a greater risk there are many barriers. One of the barriers is ensuring that all levels from government, right down to the individual act efficiently and swiftly with the plan of action. Others may be transportation, lack of insurance, lack of knowledge, and the list goes on. There are many vulnerable groups when looking at containing or minimizing an outbreak of influenza. Some of the top groups are newborn’s/infants, poverty/poor class of society (no insurance), and the elderly (>65 years-old). A person then can break the groups down even more and say; anyone within these groups that are compromised with other health problems may be at an even greater risk. With influenza very easily contracted from person to person along with looking at these......

Words: 427 - Pages: 2