Free Essay

Identifying Potential Risk, Response and Recovery

In:

Submitted By Projects01
Words 1277
Pages 6
Assignment 2
Identifying Potential Risk, Response and Recovery
Karen Raglin
Professor West
Networking Security Fundamentals
March 3, 2013

I previously identified several types of attacks, threats and vulnerabilities that exist with your multilayered network. You have requested that I develop a strategy to deal with these risks as well as a plan to mitigate each risk to reduce the impact that each will have on your organization. With any network organization you want to make sure that you keep on top of vulnerabilities of anything that reaches out to the internet. Computers and servers that touch the internet are ones that must be scanned. As a company you have to make sure that you configure the security settings for the operating system, internet browser and security software. As a company you also want to set personal security policies for online behavior. There also needs to be an antivirus installed on the network like Norton or Symantec which blocks threats targeting the vulnerabilities.
Your firewall, which is your first line of defense, is susceptible to two common types of attacks. First there are attacks against the firewall itself with the purpose of the attacker being to take control of the firewalls functionality and then launching a DoS attack. The second type of attack against firewalls is an attack on the LAN side of the firewall. These attacks circumvent the rules and policies of the firewall to gain access to the devices that are supposed to be protected by the firewall. The largest vulnerability that exists with firewalls is improper configuration settings. This can lead to the development of security holes which allow unauthorized access from both outside and within your network. All of the aforementioned attacks, threat and vulnerabilities can be mitigated and or avoided altogether.
There are several keys to ensuring that your firewall is as secure as possible. Use a VPN for all non-public traffic. Ports on your firewall should only be open for services that are utilized by the public. Because most people have dynamic IP addresses, your firewall has to constantly open ports and modify its rules to allow access, this can lead to ports being left open and vulnerable to attacks. Limit the size of your network. Simply put, if you don’t need it, turn it off. If your servers are not running a service that is used by the public, don’t allow it to pass through the firewall. Enabling a firewall logging allows you to detect problems that are currently going on as well as those that have previously occurred. Additionally, if you see that your server is getting strange requests or a single IP address is consistently scanning your network, it will raise a red flag. Monitoring your firewall traffic is essential, if you know what the typical traffic pattern is, you will know when it changes too. The sooner you discover unusual patterns, the better. Try to keep your firewall configuration as simple as possible. Constantly review your rules and permissions to ensure that the security level is appropriate for your organization.
The Web/FTP server is responsible for connecting to the internet to make websites available to anyone on the network who may be looking for them. The biggest vulnerability with this type of server is that it requires that a connection to the internet remains open. With this connection open, your network resources are also exposed to the internet as well. There are attackers that specialize in surfing the internet looking for open connections to access peoples’ internal networks. Preventive measures include the creation of a DMZ within this server; you will develop a buffer zone where traffic from both sides is let in, but not able to penetrate the network itself without the proper permissions.
Internal controls to mitigate this risk include the creation and management of an Access Control Matrix. That way you can assign access and usage rights only to those who require access to the files. Additionally, you can overlap permissions so that it acts as an internal system of checks and balances, therefore no one person has completed control to access, modify and delete content from the server.
The most common type of attack on your email server is the DoS attack. There are so many different types of devices connect to and utilize the email server, security in this area is very difficult to attain. DoS attacks are also common on Active Directory Domain controllers. In the case of these DoS attacks risk acceptance is necessary and you must mitigate these risks and vulnerabilities to minimize damage. You can ensure that your antivirus protection is up-to-date as well as requiring that employees do not stay logged into their email. You can also adjust the time out length to ensure that idle computers are automatically logged off the server if they lay dormant for too long. These can all help prevent unnoticed attacks from occurring.
The sharing of files which are located on your server can pose a unique threat. This could be considered more of an internal than external threat. You have to be careful who you give the ability to access and change files to.
Wireless access points are another vulnerability and target for attacks. The signal can actually extend to your network and outside the walls of the building. It is extremely important that you enable all of the available security features offered by your wireless access point device. Encryption is a must over your wireless network because radio waves can easily be intercepted.
Email server needs to be sure that spam doesn’t get through the network. The ways that spam works is unwanted email messages get solicited to a large number of recipients. “Spam should be a major concern in your infrastructure since it can be used to deliver email which can include Trojan horses, viruses, worms’ spyware and targeted attacks aimed specifically in obtaining sensitive and personal identification information.”
The last vulnerability and risk I have identified is the use of laptops and other types of mobile devices such as smart phones or tablets. These portable devices pose additional risk because they may not always be in view of the operator and they may not be used strictly for business only, especially handheld devices. Smart phones have become a hot target for attacks where information such as passwords and personal information is being stolen via downloadable apps. Attackers are then utilizing this information to gain unauthorized access the resources this information is used for. Viruses and Malware can also be introduced into your network via these devices, especially if users are using them to access the internet, download files or check email. This could be crippling to your organization. You must mitigate this by stressing the importance of utilizing these devices strictly for business access, having the latest antivirus software installed and maintaining physical possession of the devices at all times.
All of the threats and vulnerabilities I have identified can be potentially crippling to your organization. They can cause loss of data, the inability to access important files and resources, and can cost your organization tens of thousands of dollars in property loss, time loss and revenue loss. If you take all of my recommendations seriously, I think you will find that we have minimized the impact that attackers can have on your network and your business.

References
Kim, D. & Solomon, M. (2012). Fundamentals of Information Systems Security http://www.gfi.com/blog/5-steps-to-protect-exchange-server-from-security-attacks Steps to Protect Exchange Server from Security Attacks. http://technet.microsoft.com/en-us/library/cc700820.aspx Northrup, T. Firewalls.

Similar Documents

Premium Essay

Identifying Potential Risk, Response, and Recovery

...Assignment 2: Identifying Potential Risk, Response, and Recovery Emory Evans August 26, 2012 Dr. Robert Whale CIS 333 There are a myriad of potential threats and vulnerabilities that leave a system open to malicious attack, anytime you have a computer network that connects to the internet there is a potential for malicious attack so it is important that you know the vulnerabilities of a system to protect it from potential threats and malicious attacks. “A vulnerability is any weakness in a system that makes it possible for a threat to cause harm.” (Kim & Solomon, 2012, p. 96). There are several common vulnerabilities that exist within the seven domains of an IT infrastructure for example there is the lack of awareness or concern for security policy vulnerability in the User Domain as well as intentional malicious activity ( Kim & Solomon, 2012). Within the Workstation Domain there exists unauthorized user access, weakness in installed software, and malicious software introduced vulnerabilities, unauthorized network access, transmitting private data unencrypted, spreading malicious software, exposure and unauthorized access of internal resources to the public, introduction of malicious software, loss of productivity due to internet access, denial of service attacks, brute-force attacks on access and private data are all examples of vulnerabilities within the seven domains of IT infrastructure which are User, Workstation, LAN...

Words: 705 - Pages: 3

Premium Essay

Assignment 2: Identifying Potential Risk, Response, and Recovery

...policies for the site are properly implemented. Firewalls are the basis of computer and network security defense. They are widely deployed. They are very hard to configure properly, and people who configure them may not know the current threats and attacks. For example, an administrator maybe working on some task and might leave something open in a firewall where attackers can enter through. Some firewalls have the vulnerability that enables attackers and be defeated. By identifying the network components, you can evaluate their vulnerabilities. These vulnerabilities can have flaws in the technology, configuration, or security policy. Vulnerabilities can be fixed different ways, applying software patches, reconfiguring devices, or deploying countermeasures such as firewalls and antivirus software. Threat is when people take advantage of vulnerability and cause a negative impact on the network. If threat occurs it needs to be identified, and the associated vulnerabilities need to be addressed to minimize the risk. As of today, most of the hackers are interested in hacking services such as HTTP (TCP Port 80) and HTTPS (TCP Port 443), which are open in many networks. By using access control devices, they can detect malicious exploits aimed at these services. Now these days applications has improve and very hard for hackers to get into but the technology need to stay up to date and be more intelligent. The attack methodology requires firewalls to provide not only access control...

Words: 1056 - Pages: 5

Premium Essay

Explain The Five-Step Process Of Following The Oppsec

...With any type of threat especially one that may be eminent emotions and doubt will be uncontrolled and as the emergency manager it will be necessary to maintain a sense of practicality and composure. To maintain control and focus it would be essential to follow the OPSEC outlined by Maniscalco & Christen (2011) in the five-step process: 1. Identification of critical information: Critical information is factual data about an organizations intentions, capabilities and activities that the adversary needs to plan and act effectively to degrade operationally effectiveness or place the potential of organizational success at risk (Maniscalco & Christen, 2011). Part of the initial actions as emergency manager is to reaffirm the credibility of the threat with local law enforcement and the federal partners and perhaps identify additional critical information regarding the threat. 2. Analysis of the threat: To know as much as possible about each adversary and its ability to target the organization and to tailor the threat to that actual activity and to the extent possible (Maniscalco & Christen, 2011). The purpose of this step is focused on the possible severity of the actions and the impact once carried out. 3. Analysis of vulnerabilities: The analysis attempts to identify weaknesses...

Words: 1060 - Pages: 5

Premium Essay

Disaster Planning and Management

...Ronald R. Yager Iona College, New Rochelle, NY 10801 ABSTRACT Recent events such as hurricanes, tsunamis, earthquakes, power outages, and the threat of pandemics have highlighted our vulnerability to natural disasters. This vulnerability is exacerbated by many organizations’ increasing dependence on computer, telecommunications, and other technologies, and trends toward integrating suppliers and business partners into everyday business operations. In response many organizations are implementing disaster recovery planning processes. In this paper we discuss how to identify threats and scenarios; how to articulate the disaster recovery strategies; and four elements of the generic disaster recovery plan: Mitigation, preparedness, response, and recovery. We then provide examples of software that can help disaster recovery professionals in the planning and implementation process. Finally we present some trends that will reinforce the criticality of the issue. Keywords: Disaster Recovery Planning; Business Continuity Planning; Risk Assessment INTRODUCTION Several major natural disasters that have occurred in the past few years have placed disaster management on the front pages: The Tsunami of late 2004, Hurricanes Katrina and Rita, and the earthquake in Pakistan in 2005 affected both life and property and emphasized our vulnerability to natural threats. EM-DAT (2006) figures complied by the Belgian Université Catholique de Louvain’s Center for Research on the Epidemiology of Disasters...

Words: 7241 - Pages: 29

Premium Essay

Emergency Planning and Business Continuity Management and How It May Be Integrated with Security Risk Management.

...large multinational and small to medium, should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant security threats. Therefore,...

Words: 5764 - Pages: 24

Premium Essay

Is305 Project

...Risk Management Plan Project Name: IS305 Project Manager: Paul Bettinger Date: October 1, 2013 RISK management PLAN INTRODUCTION 2 PURPOSE AND SCOPE 2 RISK MANAGEMENT PLANNING 3 RISK MANAGEMENT ASSIGNMENTS 6 RISK MANAGEMENT TIMELINE 7 MITIGATION PLAN Introduction 8 Cosiderations 8 Prioritizing 9 Cost benefit analysis 10 Implementation 11 Follow-up 11 Buisness impact analysis Introduction 12 Scope 12 PURPOSE AND objectives 13 Steps of bia 13 final review 15 BUSINESS CONTINUITY PLAN Introduction 16 oBJECTIVES 16 BCP PLANNING 17 PLAN UPDATES AND TRAINING 21 computer incident response team Introduction 22 Purpose 22 elements of the plan 23 incident handling process 23 cirt members 23 detection 24 containment 24 recovery and review 24 cirt policies 25 FINAL THOUGHT RISK MANAGEMENT PLAN INTRODUCTION A risk management plan is a process for identifying, assessing, and prioritizing risks that could cause the company a loss. Identifying these risks, threats and vulnerabilities and taking action to prevent or control them now and in the future. Creating a risk management consists of measuring and prioritizing risks involved and taking actions to reduce any loss the company may encounter. Being that indirectly we work with the Department of Defense, which as you knows is a department of the United States Government dealing with national security, a well-developed risk management plan is of the upmost importance. Without updating...

Words: 5009 - Pages: 21

Premium Essay

Disaster Management

...affecting records 8 Disasters affecting Australian organisations 8 Counter disaster management for records 9 Disaster review of your agency 10 Risk Assessment 10 Establish the context 11 Identify the risks 11 Critical needs determination 13 Analyse the risks 14 Assess the risks 15 Treat the risks 15 Monitor and review 16 Planning 16 Project Planning 17 Project team responsibilities 18 Content of the plan 18 How to prepare the response and recovery plan 19 Components of the response and recovery plan 20 Lists and supplies 22 Insurance and emergency funding arrangements 23 On-site equipment 23 Implementing the plan 24 Maintaining the plan 24 Distribution issues 25 Plan maintenance responsibilities 25 Training and testing 25 Post disaster analysis 27 Vital Records Protection 28 Identifying vital records 29 Protecting vital records 31 Preventative measures 31 Recovery and restoration 33 Critical data protection 34 Response 35 Recognising a disaster and contacting the right people 35 Activating the plan 35 Assessment of damage 36 Security activities 37 Contingency arrangements 38 Recovery 38 Stabilising and protecting records 38 Records assessment 38 Commencing salvage operations 40 The salvage team 40 The evaluation...

Words: 16993 - Pages: 68

Premium Essay

Business Contigency Plan

...Business Contingency Plan Disaster assessment and recovery plan is a continuity strategy that is outlined in a detailed process that is designed to assist a company in recovering from an event(s) that disrupts the daily functionality of an enterprise. It should include guidelines and procedures initiated to respond successfully to and recover from disaster scenario(s) that can adversely impact business operations. Plans for this type of situation(s) should be well-constructed and implemented in a step by step process that will enable a company to minimize the effects of a disaster and help the resume essential business functions swiftly and efficiently. This process is called “Business Continuity Planning” and should be in force before a disaster occurs. These steps include the following. 1. Identifying the Risk(s) a. “Business Continuity Planning” is a constant process of identifying risks and the impact they have on the significance of business operations. Creating strategies and procedures for extenuating risks and restoring functions as quickly as possible when a disruptive event occurs are critical deliverables of a BCP. 2. Analyzing the impact of the risk on the business b. Perform a “business impact analysis (BIA)” to evaluate the impact of a potential risk. This analysis will help to ascertain the severity and what effects it will have on how long the business could be sustained without its functionality in place. Additionally, it will determine...

Words: 723 - Pages: 3

Free Essay

It Audit

...Pranay Bhardwaj Disaster Recovery Planning Introduction Hurricane Sandy is regarded as one of the most devastating natural disasters to strike the city of New York. People have different recollections of that time period, with some who recall the catastrophic damage done to their home, while others remember the 4 hours of wait just to fill up their cars with gas. For financial institutions, such as Citi bank, it was a time for the management team to pat themselves on the back and breathe a sigh of relief for being able to secure important data centers and keep bank operations running. All this was a result of successful implementation of Citi’s “Disaster Recovery Plan”. What is a Disaster Recovery Plan? Just like the disaster discussed above, every week, month, and year, companies are exposed to risks of potential disasters that can affect the continuation of vital business processes. When critical processes and applications are lost, the company can incur damages ranging anywhere from $5,000- $5,000,000 per minute, depending on the size and function of the company. Some companies never recover from the excessive damage they incur during the time of the disaster, and may be forced out of business. To avoid such a situation, companies, particularly banking institutions, are heavily encouraged to have a disaster recovery plan in place. A disaster recovery plan is a powerful tool that allows companies to shield itself from any calamity that occurs, be it natural...

Words: 2454 - Pages: 10

Premium Essay

Itt Lab 6 Nt2580

...Lab #6 – Business Recovery Strategy Assessment Spreadsheet e-Commerce/e-Business Organization List of Key Business Functions & Processes - E-commerce processes – primary revenue source for the organization -E-mail based communications – internal for business communications and external for customer service -Telephone call center and on-line customer services – enhanced e-customer service delivery with call center and self-service customer website -Manufacturing and production line – just in time inventory and distribution of products -Production processes – just in time manufacturing and integrated supply chain -Quality control mechanisms – maximize product quality -Maintenance and support services – keep production lines open -Sales and sales administration – inside sales, online sales, sales support, resellers and distributors, etc. -Finance and accounting – G/L, A/R, A/P, Payroll, Benefits -Research and development activities – product development -Human resources management – employee services -Information technology services & Internet connectivity – supports e-commerce and e-business infrastructure -Premises (Head Office and branches) – headquarters facility and administration office -Marketing and public relations – internet marketing and branding Lab #6 – Business Recovery Strategy Assessment Spreadsheet e-Commerce/e-Business Organization List of Impacted IT Systems, Applications, & Data Business Function...

Words: 938 - Pages: 4

Premium Essay

Unit 8

...special contact list that includes a description of the company and any other absolutely critical information about them including key personnel contact information. Personal computers often contain critical information so make sure they are all on backups. Identify critical documents. Articles of incorporation and other legal papers, utility bills, banking information, building lease papers, tax returns, you need to have everything available that would be necessary to start your business over again. A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment. Identifying and evaluating the impact of disasters on business provides the basis for investment in recovery strategies as well as mitigation strategies. If a disaster was ever to happen there are steps that need to be taken. Having backups of everything on multiple hard drives with all the essential data. If there was to be a fire or a natural disaster the hard drives would be safe in the hands of higher up employees. If the natural disaster did happen and it ruined...

Words: 806 - Pages: 4

Premium Essay

Recomdations Baised on Current Problems Faced in Telstra It

...As Information Technology is increasing rapidly IT organisations should keep up-to-date with changing guidelines, software and hardware and skill set. The most of common challenges most of the IT industry face are: disaster recovery, platforms, security and consultants (Small Business - Chron.com, 2013). Information technology has become the essential part of the telecommunications industry. Today every organization is facing the task of balancing the need of have a sophisticated Technology with the need to keep the cost of IT reasonable (atkearney.com, 2010). Telstra at its current growth phase faces host of different challenges in all sectors of its business. Network Management The Telstra has recently look to invest heavily on fast expansion of 4G network (Lemay, 2013). The decision for this expansion was taken to limit growth and reputation of its competitor Vodafone in the 4G race. This huge investment has led to expensive 4G tariff to existing and new Telstra customers when compared to its competitors like Optus. The reason for the above problem is due to poor network planning. According to Finchman and Kemerer (1999), introduction of new technology is always greeted with great sense of enthusiasm and enjoy widespread initial attainment, however it fails to be carefully deployed among many firms. They propose to have diffusion modelling curve to solve above problem. In a diffusion modelling curve Company should jot down the time they take for acquisition and...

Words: 2770 - Pages: 12

Premium Essay

Principle of Information Secuirty Chapter 4 Solutions

...Chapter 4 1. Risk management is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. 2. According to Sun Tzu, the two key understandings we must achieve to be successful in battle are Know Yourself and know the enemy. Know yourself First, you must identify, examine, and understand the information and systems currently in place within your organization. This is self-evident. To protect assets, which are defined here as information and the systems that use, store, and transmit information, you must know what they are, how they add value to the organization, and to which vulnerabilities they are susceptible. Once you know what you have, you can identify what you are already doing to protect it. Just because a control is in place does not necessarily mean that the asset is protected. Frequently, organizations implement control mechanisms but then neglect the necessary periodic review, revision, and maintenance. The policies, education and training programs, and technologies that protect information must be carefully maintained and administered to ensure that they remain effective. Know the Enemy Having identified your organization’s assets and weaknesses, you move on to Sun Tzu’s second step: Know the enemy. This means identifying, examining, and understanding the threats facing the organization. You must determine which threat aspects most...

Words: 963 - Pages: 4

Free Essay

Proj Mgmt

... GIAC Enterprises – Security Controls Implementation Plan Table of Contents Executive Summary Introduction Security Controls Implementation Plan Incident Response Weekend Plan Conclusions References 3 3 4 6 9 9 2 GIAC Enterprises – Security Controls Implementation Plan Executive Summary The cyber-threat landscape has evolved significantly in recent years. From primarily a threat of denial of service and website vandalism in years past, to the currently advanced and well resourced adversaries employing complex technologies to achieve financial and political benefit. At GIAC Enterprises, we have observed huge increases in suspicious network activity directed at our corporate networks, sometimes even targeting key individuals. Due to the huge global increase in demand for fortune cookie messages, it is reasonable to expect that this undesired attention will only increase in the coming months and years as cyber-criminals and possibly corporate spies attempt to closely monitor our business activities and steal vital business information. This paper presents the recommendations of the tiger team, which was recently formed, with the goals of: 1. Developing a strategy for the implementation of the SANS Top 20 Security Controls, and in particular the creation of an incident response capability; and 2. Identifying and eradicating any possible current malware infections. We strongly recommend a focus on detection; the computer security adage goes: “Prevention is ideal, but...

Words: 3167 - Pages: 13

Premium Essay

Unit 5021 Operational Risk Management

...Level 5 Diploma in Management and Leadership Unit 5021 – Operational risk management CARE 4 ME Angela Jackson Content 1. Be able to understand the concept of risk management 2. Be able to understand the identification of risk and risk probability 3. Be able to understand the management of risk response approaches 1.Be able to understand the concept of risk management 1.1 - Discuss the meaning of risk to an organisation Good risk management awareness and practice at all levels is a critical success factor for any organisation. Risk is inherent in everything that an organisation does: treating patients, determining service priorities, project management taking decisions about future strategies or even deciding not to take any action at all. Risk management is the process of identifying, quantifying and managing the risks that an organisation faces. As the outcome of business activities are uncertain, they are said to have some element of risk. These risks include strategic failures, operational failures, financial failures, market disruptions, environmental disasters and regulatory violations. When it is impossible that companies remove all risk from the organisation, it is important that they properly understand and manage the risks that they are willing to accept in the context of the overall corporate strategy. The management of the company is primarily responsible for risk management, but the stakeholders; external auditor and other professionals...

Words: 3249 - Pages: 13