Step-by-step solution file
Running head: IDENTIFYING RISKS Identifying Potential Malicious
I need your help.
Attached is the requirements of my assignment (Assignment 2). This assignment is based on the findings that I found in Assignment 1, which is attached as well. Assignment 1, which is attached, lists the findings and in Assignment 2 I'm supposed to provide more details regarding mitigating the potential risk, response and recovery.
Running head: IDENTIFYING RISKS
Identifying Potential Malicious Attacks, Threats, and Vulnerabilities
Ashley M. Davis
Dr. Michael Cianciotta
CIS333: Network Security Fundamentals
August 2, 2016
Identifying Potential Malicious Attacks, Threats, and Vulnerabilities
The demand for information security is always real. As long as there is data or hardware
hosting that data, there will be a need to secure it. This security varies from program to protocol
suites protecting from each side of access to this data. Identifying potential malicious attacks,
threats, and vulnerabilities can be like searching for a needle in a haystack. As an Information
Security Engineer for a videogame development company, the first task with the organization is
to identify and draft a report identifying potential malicious attacks, threats, and vulnerabilities.
In this informative look three (3) specific potential malicious attacks and/or threats will be
analyzed that could be carried out against the network and organization; detailed potential impact
of the three (3) selected malicious attacks will be explained; the security controls that I would
consider implementing in order to protect against the selected potential malicious attacks will be
proposed; and three (3) potential concerns for data loss and data theft that may exist in the
documented network will be analyzed. Let?s begin with analyzing the network for specific
Analysis of Specific Malicious Threats
In analyzing specific potential malicious attacks, threats, and vulnerabilities on the
diagram network of this organization, a few things become obvious as an Information Security
Engineer. Without knowing the configuration that exists on these network servers and devices,
the possibility of potential threats can be speculated. In this network diagram the Wireless
Access Point should have data encryption running on it. The Web and FTP servers should have
FTP and IIS running over SSL on them, and there should be an Intrusion Protection System (IPS)
running on this network. In addition, there should also be SSL/TLS running on the Email Server
Without encryption, the Wireless Access Point transmits clear text over open air ways
rendering data available to everyone in the vicinity of that access point. This is the default
configuration of the Wireless Access Point and should be configured for wireless encryption to
remove that vulnerability. Most of the new wireless access points have the new encryption
standard, which is WEP2 [Cas]. This standard is the second generation of Wired Equivalency
Privacy. It was found that the first generation was able to be cracked in less than a minute [Cas].
This new standard uses the Advanced Encryption Standard, which is AES [Cas].
Intrusion Detection Systems are systems that monitor, analyze and report occurring
attacks on computer networks [Jad12]. It analyzes whole packets while looking for known
events based on log messages. Although it exposes possible vulnerabilities and threats, it still
leaves the potential for those vulnerabilities to become attacks, because it does not perform any
actions to mitigate those vulnerabilities. All findings must be manually mitigated in order to
avoid conceivable attacks. The error in this as it pertains to an IDS is that Information Security
Engineers may view the logs too late and the attack may have already begun. A denial of service
(DoS) attack may be an example of an attack that need immediate attention. Denial of Service
attacks may have already occurred because there have been no actions done to prevent the attack.
This denial of service attack prevents authorized users from accessing a resources temporarily or
permanently (Kim & Solomon, 2014). That?s why having an Intrusion Prevention System (IPS)
in place is a better solution.
The FTP server needs SSL or SSH to secure connections (SRT, n.d.). FTP by itself
utilizes an authentication method between client and server. However, after the authentication is
successful, through a series of synchronized commands controlled by the Command
Connection/Control Connection, a common port is established called the data connection,
whereby files are transferred (SRT, n.d.). When this connection is made it is vulnerable to a
man-in-the-middle attacker, where an attacker can intercept messages between the client and the
server before allowing then to go to the intended destination [Kim14]. In order to secure this, we
must apply SSL. Over the years, extensions have been included, allowing secure connections for
FTP. Those secure connections include industry standard 2048 bit TLS?an upgrade of the
previous 1024 bit SSL version (SRT, n.d.). This allows encryption for both the Control and Data
Connections to both man-in-the-middle attackers (SRT, n.d.).
The Web server also needs to be secure on the internet. The calamity in utilizing a web
server opens up denials of service (DoS) and distributed denials of service (DDoS). The DDoS
attack is where a hacker can install tools or agents on hosts [McD13]. This tool or agent to a
master that communicates with a number of possible agents the exist across the network
[McD13]. These agents will eventually attack a specific host or service to bring it down. SSL
and SSH are a complement to one another, as they securely connect client and server and
transmit individual messages securely, they do not prevent DoS and DDoS attacks. According to
US-CERT.gov, ?there are no effective ways to prevent being the victim of a DoS or DDoS attack
[McD13].? However, there are things that can be done to lessen the vulnerability of attack: 1)
Install and maintain anti-virus software, 2) Install a firewall, and configure it restricting inbound
and outbound traffic, and 3) follow best practices for distributing your email address [McD13].
Also, applying email filters will help in the management of unsolicited traffic [McD13].
In conclusion, it must be declared that there are many other possibilities of security flaws
in the network diagram, but three have been identified along with the detail of their effect, along
with how the finding can be mitigated with a fix to eliminate or reduced the vulnerability. Along
with having a remedy or mitigation, identifying risks is a one-time occurrence, but it is a 24-7
mission that does not stop with couple finding per device. What is found today is only for today.
There might be something else found with the same device tomorrow.
Casey, B. (2015). Top 3 Wi-Fi Security Vulnerabilities. Technopedia. Retrieved from
Jadiodoleslamy, H. (2012). Weakness, vulnerabilities, and elusion strategies against intrusion
detection systems. International Journal of Computer Science & Engineering Survey, 3,
Kim, D. & Solomon, M. (2014). Fundamentals of Information Systems Security: Second Edition.
Burlington, MA: Jones & Bartlett Learning.
McDowell, M. (2013). Security tip (ST04-015): Understanding denial-of-service attacks. USCERT. Retrieved from https://www.us-cert.gov/ncas/tips/ST04-015
SRT. (n.d.). What?s the Difference? FTP, SFTP, and FTP/S. Retrieved from southrivertech.com:
This question was answered on: Feb 21, 2020
This attachment is locked