Introduction
Remote access can be clearly defined as one’s ability to gain computer or network access from a remote location. Today many business people who travel often need to have remote access to their corporation's network. There is however vulnerabilities that all types of remote access have common, and it doesn’t matter what method used, the endpoint machine is vulnerable like all other systems that have access to the Internet. Whenever a system is accessible via the internet, that system is exposed to danger.
Analyze the Quick Finance Company Network Diagram and describe the assumptions you will need to make in order to identify vulnerabilities and recommend mitigation techniques as there is no further information from this company.
There are elements that are road maps that lead to system vulnerabilities: All systems contain some kind of a flaw, the flawed systems are accessible via the internet, and hackers have knowledge of system flaws and somehow gain access to the system. The network diagram of the Quick Finance Company’s shows that some of vulnerabilities I stated prior may exist in their network. I can therefore make an assumption that there are system vulnerabilities based on the fact the company’s web server was defaced twice in one month, they have experienced Denial-of-Service (DOS) attacks, and their VPN server has been previously hijacked. I can also make assumptions that they have weak administrative controls and/or security procedures. There needs to be a plan put in place to address the administrative controls and/or security procedures, to either create, replace or improve on the current controls and procedures.
I can also make an assumption that there are some hardware and software vulnerabilities, th...
... middle of paper ...
...kely to occur in any network: Ranked #1 would be some sort of a socially engineered Trojan, ranked #2 would be a man-in-the-middle attack, and ranked #3 would be a denial of service attack. There is however vulnerabilities that all types of remote access have common, and it doesn’t matter what method used, the endpoint machine is vulnerable like all other systems that have access to the Internet.
Works Cited
Farrow, R. (n.d.), Network defense, Retrieved from on February 28, 2014 http://www.rikfarrow.com/Network/net0402.html Grimes, R. (2012.), The 5 cyber-attacks you're most likely to face, Retrieved on February 28,
2014 from http://www.infoworld.com/d/security/the-5-cyber-attacks-youre-most-likely-face-208361
Tosch Production. (2012), Mitm 8: Countermeasures, Retrieved from February 28, 2014
http://toschprod.wordpress.com/2012/03/04/mitm-8-countermeasures/
and their use. In Committee on Deterring Cyber attacks: Informing Strategies and Developing Options (Ed.), Proceedings of a Workshop on Deterring Cyber attacks: Informing Strategies and Developing Options for U.S. Policy. Washington, D.C.: National Academies Press.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
The background of the project is that Flayton Electronics faced an eminent problem when it is discovered that there might be a possible breach in their security and the privileged customer information has been compromised. A bank informed the firm that credit card information of the several customers had been leaked and there have been possible fraudulent transactions taken place. The CEO of the firm, Bret Flayton is faced with the challenge of making a tough decision and deciding what to do next. The firm is exposed to various risks and needs to develop a risk management plan in order to manage and mitigate the potential risks that threaten the firm.
The 20 Enemies of the Internet. 1999. Radio Free Europe / Radio Liberty. Feb 20, 2001. <http://www.rferl.org/nca/special/enemies.html>.
For this assignment, I will discuss the evaluation process in assessing and calculating vulnerabilities for one of our nation’s Critical Infrastructures identified, as Defense Industrial Base. A vulnerability assessment is a tool used to evaluate weaknesses of a facility against threats and hazards. Norman describes vulnerability as (Norman, 2010, p.32),” Any condition or factor associated with the selected target that can be exploited to carry out an attack – vulnerabilities may be individuals or systems.” The more vulnerable an asset is, the more it’s deemed attractive, or susceptible to threats. In general, a vulnerability assessment identifies an organizations most critical assets needed to continue its function. They help determine, if functions can be repeated under threat scenarios, or need to be
ABSTRACT : This paper describes the basic threats to the network security and the basic issues of interest in designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers. INTRODUCTION
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Privacy threats are currently the biggest threat to National Security today. The threats are not only concerning to the government, however. An alarming 92% of Americans are concerned that the power grid may be vulnerable to a cyber-attack (Denholm). Although this is a more recent development to the cyber threats we have experienced, this is not the first time that privacy threats have stepped into the limelight as people are forced to watch their every online move.
Andress, Mandy; Cox, Phil; Tittel, Ed (2001). CIW Security Professional. New York, NY: Wiley. p. 638. ISBN 0-7645-4822-0.
For the most part we have addresses the needs of our sales force on a case by case basis but going forward we really need to ensure we have a defined policy to streamline remote access. To accomplish this there are a few benchmarks we need to achieve. First of all the network has to be reliable or in more technical terms it needs to have high availability. Most importantly we need to make sure that the network is secure as much as it is possible with all the different types of users asking for access. Lastly, we need to address how we handle employees using personal or non-company issued computers and how we ensure that those machines meet of other remote access policies.
Corporate Networks in organisations can be complex structures that “requires a great deal of attention” (Clemm 2007). Even small companies can have quite complex networks that are a considerable investment to the business. The notion that corporate network management is a cost to a business rather than a continual beneficial investment is a naive assumption that requires further investigation to the benefits that network management brings. Clemm (Clemm 2007) states in his text that the ultimate goal of network management “is to reduce and minimize total cost of ownership”, improving operational efficiency and lowering cost. Clemm (Clemm 2007) also notes that “Network Management is not just related to cost and quality”, which will be an continual concept presented throughout the report. The report will address key issues with corporate network management and ultimately argue and justify that corporate network management must be seen as a positive benefit to the business and not as a continual expense. The supporting articles will also provide sound evidence that networking is crucial to a business’s processes and production which can be seen from the OpenSSL Heartbleed Security vulnerability fiasco (Nieva 2014) or the QANTAS Amadeus system failure (Heasley 2012).
Taber, M (n.d.). Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network (chapter 3.)
The agreement between the company and I was to advice the company management toward adopting the best network management plan and security plan. Through the study, I carried out in the firm I was required to evaluate the firm requirement in term of network planning and making sure that the firm has proper mechanism to secure its systems against malicious damage. Considering that, the management personnel have background in IT therefore; they required me to give an expert opinion on the best ways in which they can adopt the network management and the security plan. They required me to evaluate firm needs and what the IT world would offer the firm to enable them to lay down plans for the network and security in the firm.
Thomas, Teka. "Cyber defense: Who 's in charge?" National Defense July 2015: 21+. War and Terrorism Collection. Web. 28 Oct.
As a patriot of this great nation, what has been presented is of extreme if not grave concern. The challenges of cyberculture to our nation’s security have been revealed . To what extent our security has been breached is a matter of speculation but be informed that these breaches must be met with complete counter active success - failure to do so is not an option.