Free Essay

Identifying Potential Malicious Attacks, Threats and Vulnerabilities

In:

Submitted By psotoole
Words 1563
Pages 7
Recently the Chief Information Officer of our company Celtic Gamers Frontier Inc. (CGF) has read of an increase in the threat space regarding the electronic game industry and he is concerned with regards to our Companies overall architecture, and the risks to our Research and Development efforts and other Intellectual Property. He has tasked the company’s corporate information technology group to produce an information paper detailing the types of cyber threats and malware are being reported on the internet. They would also like the security group to give the company’s executive leadership a detailed report regarding the threats, vulnerabilities and the overall risks that may be present in our current corporate infrastructure. The security department for the organization is relatively small and short on resources so this task has been given to me to do the research and create an executive report detailing the current vulnerabilities, risks and threats and potential impact to our network should we have any security incidents. “Unfortunately, there are inherent risks to computer usage — hackers, viruses, worms, spyware, malware, unethical use of stolen passwords and credentials, unauthorized data removal by employees with USB flash drives, or servers crashing and bringing productivity to a halt” ("Cybersecurity," 2013) .
The CGF network is a typical office network composed of an external firewall with an external DMZ with public use servers, and internal firewall protecting the corporate network. The internal CGF network includes Microsoft Windows OS workstations and enterprise servers supporting: web, exchange, file, AD and FTP servers, additionally there are 100 workstations consisting of desktops and laptops, VOIP telephones and a wireless access point for corporate users. The overall corporate network architecture follows best industry practices by using a hierarchical topology and defense-in-depth placement of security tools. The security tools deployed to aid in the protection of the network consist of two (2) firewalls and one (1) Network Intrusion Detection System (IDS) that is monitoring the network traffic in the DMZ between the firewalls. The corporate routers are also running full Access Controls Lists (ACL) configured in accordance with CISCO’s best business practice guidance. Based off the current information that was given it is not possible to tell if there is antivirus software installed on all corporate assets. Additionally it is not clear what if any encryption and authentication method is used on the corporate Wireless Access Point (WAP). The corporate policies must be reviewed also to determine what the companies’ policies are with regards to the standard workstation software and application configurations, workstation and server security setting configurations, application updating, and new application testing and software change control management.

Researching the current threats to the various operating systems, applications and technologies that our company uses for everyday operations of the corporation there are some that present higher risks to the organization than others. There are also some technical controls that can be implemented to reduce the risk factors and help the company recover critical information should there be a security incident. The current threats seem to target the main asset to the company that is hardest to secure, the employees. The emerging threats can be categorized as: Browser attacks – Whether you use Windows, OS X, Linux, or any of the smart phone or tablet mobile platforms, or even a browser-equipped e-reader, the browser is the one application everyone has. Email and text messages containing links to malicious websites will become almost indistinguishable from legitimate communications. Watering-hole attacks - the adversaries or criminals will post malicious content on a webpage, and then lure users to visit the site and download malware to their systems which might be vulnerable to the exploit. Phishing and social networking attacks - Users frequently choose convenience and simplicity over security, and all too often fall prey to phishing schemes. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain attachments with embedded malware or links to websites that are infected with malware and often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. This allows the criminal to steal Personally Identifiable Information that they can use to create or open new credit cards. Data breaches - While traditional malware attacks such as automated exploits and worms are on the decline thanks to security advances, attackers will continue to target weak security on Internet-facing database systems in order to acquire thousands or millions of compromised records at once (Mediati, 2012). The CGF network was built using all the best known practices at the time, there are numerous items that present potential risks and points of interest that an adversary could leverage to gain access to our network and corporate propriety information. To start limiting the risk of our network being compromised I would recommend re-engineering several factors of the overall topology to improve the security control measures. I would start with the firewall pair of device and re-design their placement so that the external DMZ network is off of one of the external firewall’s interfaces to be able to provide some more granular control over what type of network traffic is allowed to reach these public facing servers. Additionally we could control if these servers are allowed to reach any internal corporate hosts. Next I would modify the IDS device that is monitoring our network; I would install additional devices to monitor the network traffic on the inside of the corporate network to be able our user traffic. Next, I would move the CGF WAP device to an interface off the internal firewall to control how this device is seen on the network and where on the network the wireless users are allowed to reach. The wireless access point configuration would be the next item that I would work on improving. The CGF wireless network will need to be protected with encryption protocols with the most secure algorithm available, which would be WPA2 encryption. This will limit the risk of the network being used by any users that are not corporate employees and not authorized to be on our network. Additionally, I would recommend an authentication method for validating wireless users on our corporate network. To keep the costs down I would recommend that we integrate some authentication methods on the WAP by leveraging the LDAP integration with the CGF active directory servers and leverage the authorized user accounts. The company would also benefit from the user of a corporate antivirus protection technology. This technology would be deployed to all of the CGF corporate IT assets provide a measure of malware protection and detection capabilities for the company. The last security improvement measure I would recommend the corporation design and run a user security training program that must be retaken annually. The company employees are the best security asset that we have and they are also the greatest risk to the company if they are not properly educated to the security risks that they could face in their daily duties. This training should include information regarding some of the newer or emerging threats that face all IT users in the corporate world as well as at home. This user training will be up to date as possible and present the threats and risks to the users and the corporation in the most useful perspective to our employees so that they will be the greatest security asset that we could have in the company.
The Celtic Gamers Frontier Inc. (CGF) corporate network was designed and implemented with the best business practices of the times in mind. Today’s corporate networks need to be able to change and improve their overall security posture to be able to deal with the ever changing threat scape that the internet presents to the organizations that are connected to the global internet as required by our modern business environment ("Security of the Internet and the Known Unknowns," 2012). There are weekly reports of penetrations and data thefts at some of the world’s most sensitive, important, and heavily guarded computer systems. There is good evidence that global interconnectedness combined with the proliferation of hacker tools means that today’s computer systems are actually less secure than equivalent systems a decade ago. This is why we must be continually on guard and constantly improve the security posture and controls of our corporate network. The overall risk to our corporate network is low but there are numerous areas that we can improve to further limit the risks, one is the overall network topology and improving the control measures and improve the access controls to a more granular level. The next is the wireless portion of the CGF network, it will need to be improved and secured better to limit the risks that having this type of access possess to the organization. The last and most important piece is our corporate employee security training and knowledge because the better educated our users are the lower the biggest risk to our company will be.

References
Cybersecurity. (2013). Smart Business Northern California, 6(8), , 10.
Mediati, N. (2012, Dec). 2013 in Security: The Threats to Watch Out For.. PC World, 30(12), 43-44.
Security of the Internet and the Known Unknowns. (2012). Communications of the ACM, 55(6), 35-37. doi:10.1145/2184319.2184332

Similar Documents

Premium Essay

Identifying Potential Malicious Attacks, Threats and Vulnerabilities

...Identifying Potential Malicious Attacks, Threats and Vulnerabilities Brian Cox Strayer Univerity Professor Leonard Roden Networking Security Fundamentals May 03, 2016            Have you ever thought about the measures that you need to go through when protecting yourself from online threats and attacks? There are many different types of attacks and threats that can be carried out against networks and organizations. The attacks that could be carried out can cause serious damage to the company and range on a scale from very minimal to very severe data loss and data theft. It is important for companies to take every precaution available and have not only the best software for prevention of these attacks but stay on top of what the intruders, hackers, attackers are learning and how the technology is forming when they are deploying these systems on their servers, networks, and office computers that employees will use on a day to day basis. The computers each employee is using should come with a User Agreement and the do’s and do not’s when it comes to daily computer usage. This will enhance the security as each employee will understand what is acceptable and how to obtain maximum security of their signed computer. It is also advisable within the User Agreement to list out the things that are unacceptable such as plugging in your phone, downloading things from the internet, and other things that may seem harmless but could hurt the company if it was exploited by accident...

Words: 1622 - Pages: 7

Premium Essay

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...For a better understanding of the situation in the network of the company I decided to start the analysis by the vulnerabilities that this one presents. Many of these vulnerabilities are the cause for different types of network attacks. It should be noted that while many of these vulnerabilities may be mitigated or eliminated the possibility of an attack always exists. The first vulnerability is the email server. Although very well controlled for been within the Demilitarized Zone (DMZ), this is always a vulnerability with which most companies have to deal with. This vulnerability opens the way for phishing attack. One way to mitigate this vulnerability is configuring the email server so that only authorized email may enter. This is difficult because our video game company has a large list of customers and suppliers that are in constant change. The best option is to alert users about the security measures and company policies regarding private and unknown emails. The Web and FTP server can be a not very alarming vulnerability. Because it is located in the DMZ and after the Intrusion Detection System (IDS), is unlikely to be corrupted without being detected. The location of the file servers in the network is totally unprotected against internal attacks. Any successful attack in the LAN would leave the data servers exposed. The establishment of a demilitarized zone with a completely different set of log on names and password than any other machines would give these servers better...

Words: 1141 - Pages: 5

Premium Essay

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...it also exposes the Organization to possible attacks and threats. Such attacks have been the most challenging issue for most network administrators and a worrying topic for administrators. Organizations need to share services resources and information but they still need to protect these from people who should not have access to them, while at the same time making those resources available to authorized users. Effective security achieves these goals. The greatest threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant. When the action is malicious, some motivation or goal is generally behind the attack. For instance, the goal could be to disrupt normal business operations, thereby denying data availability and production. April 13, 2000, 3:55 P.M. Pacific time: The Web site for the Motion Pictures Association of America (MPAA) is suffering intermittent outages, and the organization suspects computer vandals are to blame. A source inside the organization, who asked not to be identified, said that the MPAA is currently “experiencing problems with their public Web site, and they suspect a denial-of-service attack.” The attack was first rumored on http://www.hackernews.com/, a Web site for news on computer hacking. Most of the attacks are becoming more frequent and more damaging, and they are using well-known techniques and methods to exploit vulnerability in security policies and systems. 1. Network...

Words: 5140 - Pages: 21

Premium Essay

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...Categories of Computer Crimes Alan Johnson Strayer University Assignment 1 There are four general categories of computer crimes. Generally someone will target a computer to forbid that person access. This is known as your hacker. He could be a single stand-alone hacker or part of a network hacking club or group similar to some of the ones known as Anti-Sec that are affiliated with the group known as ‘Anonymous’ that hacked into some 70 mostly rural law enforcement websites throughout the United States. Then there is the hacker that uses the computer as an instrument of crime to commit such acts as theft of services, fraud and the theft of information technology that can be traded and sold on the black market. This information can damage some financial institutions for years. Many hackers use the instrument of crime to steal phone and computer services. This allows them to use the phone and have internet access free of charge until caught or shut down by officials. Pyramid schemes, lottery schemes and overseas bank fraud transactions are very popular and target your unsuspecting older new computer user that hasn’t been exposed to the criminal world of the computer crimes and they innocently respond to these online criminals with information and money that causes them to become victims of devastating financial crimes without ever leaving their homes. Other aspects of instrumental computer crimes is government sensitive information access or that of a large financial institution...

Words: 970 - Pages: 4

Premium Essay

Term Paper

...Identifying Potential Malicious Attacks, Threats and Vulnerabilities Networking Security Fundamentals – CIS 333 April 29, 2012 Identifying Potential Malicious Attacks, Threats and Vulnerabilities There are a myriad of potential threats and vulnerabilities that leave a system open to malicious attack, anytime you have a computer network that connects to the internet there is a potential for malicious attack so it is important that you know the vulnerabilities of a system to protect it from potential threats and malicious attacks. “A vulnerability is any weakness in a system that makes it possible for a threat to cause harm.” (Kim & Solomon, 2012, p. 96). There are several common vulnerabilities that exist within the seven domains of an IT infrastructure for example there is the lack of awareness or concern for security policy vulnerability in the User Domain as well as intentional malicious activity ( Kim & Solomon, 2012). Within the Workstation Domain there exists unauthorized user access, weakness in installed software, and malicious software introduced vulnerabilities, unauthorized network access, transmitting private data unencrypted, spreading malicious software, exposure and unauthorized access of internal resources to the public, introduction of malicious software, loss of productivity due to internet access, denial of service attacks, brute-force attacks on access and private data are all examples of vulnerabilities within the seven domains of IT infrastructure...

Words: 587 - Pages: 3

Premium Essay

Identifying Potential Risk, Response, and Recovery

...Assignment 2: Identifying Potential Risk, Response, and Recovery Emory Evans August 26, 2012 Dr. Robert Whale CIS 333 There are a myriad of potential threats and vulnerabilities that leave a system open to malicious attack, anytime you have a computer network that connects to the internet there is a potential for malicious attack so it is important that you know the vulnerabilities of a system to protect it from potential threats and malicious attacks. “A vulnerability is any weakness in a system that makes it possible for a threat to cause harm.” (Kim & Solomon, 2012, p. 96). There are several common vulnerabilities that exist within the seven domains of an IT infrastructure for example there is the lack of awareness or concern for security policy vulnerability in the User Domain as well as intentional malicious activity ( Kim & Solomon, 2012). Within the Workstation Domain there exists unauthorized user access, weakness in installed software, and malicious software introduced vulnerabilities, unauthorized network access, transmitting private data unencrypted, spreading malicious software, exposure and unauthorized access of internal resources to the public, introduction of malicious software, loss of productivity due to internet access, denial of service attacks, brute-force attacks on access and private data are all examples of vulnerabilities within the seven domains of IT infrastructure which are User, Workstation, LAN...

Words: 705 - Pages: 3

Premium Essay

Assignment 1: Identifying Potential Malicious Attack

...Assignment 1: Identifying Potential Malicious Attack CIS 333 Assignment 1: Identifying Potential Malicious Attack Potential malicious attacks and threats that may be carried out against the network include illegally using user accounts and privileges, Stealing hardware and software, Running code to damage systems, running code to damage and corrupt data, modifying stored data, stealing data, using data for financial gain or for industrial espionage, performing actions that prevent legitimate authorized users from accessing network services and resources, and/or performing actions to deplete network resources and bandwidth. Threats to the network can be initiated from a number of different sources, hence the reason for network attacks being classified as either external or internal network attacks/threats. Individuals carry out external threats or without assistance from internal employees or contractors. A malicious and experienced individual, a group of experienced individuals, an experienced malicious organization, or inexperienced attackers (script kiddies) carry out these attacks. Such attackers usually have a predefined plan and the technologies or techniques to carry out the attack. One of the main characteristics of external threats is that they usually involve scanning and gathering information. Users can therefore detect an external attack by scrutinizing existing firewall logs. Users can also install an Intrusion Detection...

Words: 1068 - Pages: 5

Free Essay

Unit 1 Assignment 1

...Malware The major threats that were outlined in the Symantec Security Report were mostly occurring in the United States. This was due to a weakness in the Internet Explorer. Attackers used a Web-Based attack exploited in the Internet Explorer 7 uninitialized Memory Code Execution Vulnerability accounting for 6 percent of the total. This vulnerability was published on February 10, 2009. The second most widely exploited attack was the downloading of a suspicious PDF file. Attackers tried to aim this one towards people trying to get information on the H1N1 virus, since this was the latest news that most consumers wanted information about. The attack exploited vulnerabilities in Foxit Reader. These two types of vulnerabilities took up 79% of the threats aimed at financial institutions. Threats are separated into different types of categories for example; Allowing for remote access, exporting email addresses, and exporting system data). Separating the threats into different categories helps with securing against cyber criminals. The importance of identifying these threats is to combat against them. By observing the malicious activity by region helps different companies prepare for what type of threats are most likely to be used against their systems. For example if there are threats about a PDF document that may contain code to execute a bot that will take all of your contacts and forward them to the Malicious user, you would want to prevent this by identifying the code that is being...

Words: 469 - Pages: 2

Premium Essay

Malicious Attacks

...click Word Count. Title of Paper In this assignment, I will write a four to five report in how to thwart a malicious attacks, threats, vulnerabilities to a game system. I have just been hired as an Information System Engineer for a videogame development company. The organization network structure have been identified by the company as having 2- firewall, 1- Web/FTP server, 1-Microsoft Exchange Email Server, Network Intrusion Detection System(NIDS), 2-Windows Server 2012 Active Directory Domain Controllers(DC) 3-File servers 1-Wireless access point(WAP) 100-Desktop/Laptop computers VoIP telephone system. The CIO of this company has just received a report of malicious activities on the rise and has become extremely concerned with the protection of intellectual property and highly sensitive data maintained by his organization. As part of my job task with the organization, I will identify and draft a report identifying potential malicious attacks, threats, and the vulnerabilities that is specific to his organizations. It has been requested that in the report, I give a brief scenario explanation and how what kind of potential impact it will have on the organization. Any threat is alarming because it could damage the assets of the company if this is true we first need to have a Business Continuity Plan (BCP) which allows the company to keep operating in case of an attack. My order of planning would be to discover the disaster recovery...

Words: 401 - Pages: 2

Premium Essay

Identifying Potential Malicious Attacks

...Identifying Potential Malicious Attacks, Threats and Vulnerabilities Joseph Escueta Strayer University CIS 333 Dr. Emmanuel Nyeanchi January 30, 2014 Abstract The world of any organization lays a network structure that controls all the operations of the company. Every company has its own sensitive information about their success and why they such a good reputation. Because of the growing technology various enchantments have been develop to make sure that its investments are secured and locked hidden in its networks. However network attacks have been around for decades and each new security can be breach. This is one of the major causes of any company to lose money or its capital after being attack by network attackers. It is proven to be a nuisance for any organization trying to make a living. However, this attacks can be avoided if one should take precautions and to be aware of the network attacks. In this case study I will identify its causes and threats against the network. I will also expose the vulnerabilities that exist in networks today. Identifying Potential Malicious Attacks, threats and Vulnerabilities There are many attacks in the network but the most important purpose is to protect the company’s assets. We are not taking about average hackers who just do it for fun but rather want to cause damage to a company’s reputation. In a network security there are two important categories which is logic attacks and resource attacks. A logic attack usually...

Words: 1207 - Pages: 5

Premium Essay

Identifying Potential Malicious Attacks

...Identifying Potential Malicious Attacks The CIO Company will use firewalls, intrusion detection systems, virus scanners and other protective software to provide some assurance that the security policies for the site are properly implemented. Firewalls are the basis of computer and network security defense. They are widely deployed. They are very hard to configure properly, and people who configure them may not know the current threats and attacks. For example, an administrator maybe working on some task and might leave something open in a firewall where attackers can enter through. Some firewalls have the vulnerability that enables attackers and be defeated. By identifying the network components, you can evaluate their vulnerabilities. These vulnerabilities can have flaws in the technology, configuration, or security policy. Vulnerabilities can be fixed different ways, applying software patches, reconfiguring devices, or deploying countermeasures such as firewalls and antivirus software.   Threat is when people take advantage of vulnerability and cause a negative impact on the network. If threat occurs it needs to be identified, and the associated vulnerabilities need to be addressed to minimize the risk.  As of today, most of the hackers are interested in hacking services such as HTTP (TCP Port 80) and HTTPS (TCP Port 443), which are open in many networks. By using access control devices, they can detect malicious exploits aimed at these services. Now these days applications...

Words: 1060 - Pages: 5

Premium Essay

Common Information Security Threats

...Information Security Threats NAME CMGT400 – Intro to Information Assurance and Security DATE INSTRUCTOR Common Information Security Threats Information is one of the biggest and most important assets an organization has. This information is what drives a company, such as Bank of America, to be profitable and retain a customer’s trust. Without the customer’s trust, an organization will lose those customers, and therefore will be unsuccessful. So, in order to manage information securely, a risk assessment of all data storage devices and data transmitters should be produced to weigh the potential risks involved, the vulnerabilities of the risks, the impact the risks may cause, and the mitigation needed to safeguard any threats from occurring. The most well known, and one of the biggest threats to information loss are undoubtedly viruses, Trojan horses, and worms. These threats are no longer only considered childish annoyances as they once were. They can cause serious damage to an organization whether it’s financially, or to their reputation. Often referred to as malware, which means malicious code, these programs infect information systems that can replicate at a rapid rate by exploiting vulnerabilities in a computer’s operating system or network. These malicious tools can be used to steal company data, destroying information completely, or bringing down an entire corporation to its knees. In addition to malware, Distributed Denial of Service (DDoS) attacks are specifically...

Words: 1137 - Pages: 5

Premium Essay

Wk 3 Lab

...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...

Words: 1054 - Pages: 5

Free Essay

Evaluating the Security of Computer Networks

...Evaluating the Security of Computer Networks Security in Systems Architecture and Applications SE579 2 Table of Contents Evaluating the Security of Computer Networks I. Vulnerabilities A. Design Flaws B. Poor Security Management C. Incorrect Implementation II. Firewalls A. Packet Filtering B. Circuit Level Gateway Proxy Server C. Application Gateway III. Antivirus A. Scans IV. Intrusion Detection Systems V. Disadvantages VI. Conclusion 3 One of the major computing challenges in today’s economy is the lack of adequate security over the information computer networks, and internet applications in which business, government, and economy depend on. Businesses have become more dependent on information. The gathering, organizing, managing, finding, and analyzing of information are crucial to businesses. Computer viruses created by hackers cost businesses $55 billion in 2003. In 2011, a single instance of hacking on the Play Station cost Sony more than $170 million, while Google lost $500,000 due to hacking in 2005.(Coyne) 2003 Single instances of hacking may cost as much as $600,000 to $7m a day for...

Words: 2281 - Pages: 10

Free Essay

Plag Check

...mission critical assets, identifying and reducing vulnerabilities, Risks and threats to the firms confidential proprietary intelligence, sensitive customer data and other important assets within each of the Seven Domains that make up the core for the IT infrastructure as a whole. An aggressive approach should be mapped out in a 3-5 year progressive implementation achievement plan starting with one or two security initiatives where success can be clearly demonstrated and evaluated. First, indentifying Risk, Threat and Vulnerabilities within each of the seven Domains that make-up the firms IT infrastructure. Secondly, proposed security measures and controls for headquarters and each branch office. Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices(Symantec 2008). What's more, while yesterday's attack activity consisted of a single compromise aimed at gaining access to the data on a computer, current attack techniques are multi-staged. Hackers use their initial compromise to establish a beachhead from which they can launch subsequent attacks. With an estimated 1...

Words: 866 - Pages: 4