Riordan Network Vulnerabilities
|
Vulnerability |
Threat |
Probability |
Impact |
Suggested Mitigation Steps |
1 |
USB DRIVE |
The most common way to infect a network from inside a firewall |
|
|
Implement and enforce policies regarding use of such devices. |
2 |
LAPTOP |
Can tap directly into the network and infect with malware allowing others access |
|
|
Implement and enforce policies regarding portable devices. |
3 |
BLUETOOTH |
Identity detection, DOS, involuntary control and access of data |
|
|
Implement and enforce policies regarding use of such devices. |
4 |
WI-FI |
Clear text data can be captured |
|
|
Implement and enforce policies regarding use of such devices. |
5 |
FIREWALL |
Protects content on desktops and in turn keeps entire network safe |
|
|
Install and configure firewalls |
6 |
NETWORK PROTOCOLS |
Flawed unpatched protocols can cause remote sabotage and DOS |
|
|
Disable unused protocols and monitor ones being used. |
7 |
SMARTPHONES |
Potentially pose the same threats as notebooks and thumb drives |
|
|
Implement and enforce policies regarding use of such devices. |
8 |
OPTICAL MEDIA |
Being able to steal and leaking confidential data |
|
|
Implement and enforce policies regarding access and use of recordable media. |
9 |
ROUTERS |
Exposed ports, Network access |
|
|
Install and configure routers based on industry standards |
10 |
NETWORK CABLES |
Reduce the danger of electronic interference or loss of network connectivity |
|
|
Install cable in areas to minimize interference. Label cables. |
11 |
PRINTERS |
While the print task is in the queue, the data is unencrypted and vulnerable to theft |
|
|
Update printer firmware and keep an update inventory of all printers and drivers |
12 |
FAX MACHINES |
Unsecure faxing will put you at risk for confidential and identity theft |
|
|
Implement and enforce policies regarding information distribution |
13 |
SAN STORAGE |
Network availability |
|
|
Limit access to data storage based on classification and need to know. |
14 |
EMPLOYEES |
Individuals having access to restricted area of the network |
|
|
Maintain a strict access control policy for restricted areas. |
15 |
SERVERS |
Open to brute force attacks, botnets, cross-site scripting and DOS |
|
|
Harden servers against cyber attacks using industry standard or better. |
16 |
WORKSTATIONS |
Can be used by attackers as "slave" machines in coordinated attacks. |
|
|
Harden workstations against cyber attacks using industry standard or better. |
17 |
VIDEO CONFRENCING |
Machines set to auto answer will allow the attacker to essentially gain a front-row seat inside corporate meetings |
|
|
Should be hardened disable auto answer to prevent eaves dropping. |
18 |
THEFT |
Attacker steals privilege information to gain access |
|
|
Access control and password policy |
19 |
IMPERSONATION |
Attacker poses as a service provider or custodial crew to physically gain access |
|
|
Security awareness training and policy |
20 |
LAPTOPS/TABLETS |
Portable and easy to hide and attach to network. |
|
|
Implement and enforce portable device policy |
21 |
USB DEVICES |
MP3 Players, etc |
|
|
Implement strict policies regarding USB devices. |
22 |
FIRE ALARM |
Fire retardant system does not work when needed |
|
|
Test fire alarm system periodically |
23 |
ELECTRICAL POWER |
No backup power in case of public power outage |
|
|
Backup generators and UPS for critical systems |
24 |
AIR CONDITION SYSTEM |
Cooling system fail causing equipment to overheat and fail |
|
|
Service and maintain heating and cooling system. |
25 |
POOR MAINTENANCE |
Do not know when unauthorized equipment is attached to the network |
|
|
Inventory and label all equipment and document change management |
Logical Network Vulnerabilities |
|||||
1 |
DATABASE |
SQL Injection, DOS Attacks, Database Exposure and Privilege elevation |
|
|
|
2 |
VPN |
Confidential information can be inadvertently downloaded. Unobstructed route for Malware. |
|
|
|
3 |
MAN-IN-THE-MIDDLE |
Attacker monitors and steals Information in real time |
|
|
Use cryptography and Hashed Message Authentication Codes |
4 |
PRIVILEGE ESCALATION |
Individual gains access to network higher functions due to misconfiguration |
|
|
Check Roles, Use strong ACLs; and use standard encryption |
5 |
PHISHING |
Used by an attacker to collect sensitive information to gain access |
|
|
Segment network and encrypt data |
6 |
FOOTPRINTING |
Attacker use default username and weak or blank password to gain access to the network |
|
|
Strong password, do not use blank password or weak |
7 |
HIJACKING |
Attacker can take over your internet browser downloading additional malware |
|
|
Use session and communication encryption. Apply patch to fix vulnerabilities |
8 |
SOCIAL ENGINEERING |
Attackers will trick users into revealing their passwords |
|
|
Security awareness training. |
9 |
PASSWORDS |
Easy guessable passwords, hackers gain initial access to a system. |
|
|
Enforce strong password; lock out and audit trails |
10 |
DIGITIAL CERTIFICATE |
Attackers hack into certificate authorities and issue false certificates for legitimate websites |
|
|
Revoke PKI and maintain list of revoked keys to id false certificates. |
11 |
OPERATING SYSTEM |
If not patched regularly the network is open to security vulnerabilities |
|
|
Harden OS |
12 |
TCP/IP |
Vulnerable to a variety of attacks ranging from password sniffing to denial of service |
|
|
Disable unnecessary protocols |
13 |
|
Spyware, Virus, Phishing, and spam |
|
|
Conduct cyber security awareness to educate end user of email threats. |
14 |
WEB BROWSERS |
Attacker can take over your browser making you vulnerable if the browser plug-ins are not fully patched |
|
|
Configure secure web permissions; Use .Net Framework access control |
15 |
INSTANT MESSAGING |
Vulnerable to firewall tunneling, identity theft, data security leaks, and authentication spoofing |
|
|
Strong password, do not cache password, |
16 |
SECURITY MISCONFIG |
Attackers can access networks virtually without attracting attention |
|
|
Configure based on industry standard. Avoid custom configuration |
17 |
WEB APPLICATIONS |
DOS, Elevation of privilege, Information disclosure, and impersonation |
|
|
Input validation Use HTMLEncode and URLEncode functions to encode any output |
18 |
MALWARE |
Can infect networked resources and possibly bring down the network |
|
|
Update definition files and patches. |
19 |
SOFTWARE DEFECT |
Allows data to be viewed by unauthorized people |
|
|
Apply updates and patch vulnerabilities. Or uninstall and replace. |
20 |
SPOOFING |
An attacker pretends to be an entity to take over communication between systems |
|
|
Strong authentication. Do not store secrets Do not pass credentials in plaintext over the wire. Protect authentication cookies with SSL.
|
21 |
DOS ATTACK |
An attack on a network that causes a loss of service to users |
|
|
Resource and bandwidth throttling techniques. Validate and filter input.
|
22 |
SNIFFER ATTACK |
Can read, monitor, and capture network data exchanges |
|
|
Segment network. Encrypt data. |
23 |
BUFFER OVERFLOW |
Exploits poorly written software to allow attackers to take over the target system |
|
|
Validate input Inspect API managed code. Use the /GS flag to compile code |
24 |
REMOTE ACCESS |
Without the appropriate security measures (SSL VPN), all communications are being transmitted in clear text |
|
|
Configure remote access with the necessary security parameters to ensure secure communication. |
25 |
NO ANTIVIRUS |
Not Protected against virus and other malware attacks |
|
|
Install, configure and update antivirus software. |
3 |
Created a table of 50 vulnerabilities and threat pairs relevant to the organization |
0.00 |
0.70 |
0.85 |
1.00 |
0.85 |
|
|
|
|
|
|
|
|
Comment: Trying to find 50 vulnerabilities is not an easy task. Not every item is a vulnerability. Some are attacks, some are threats, and some are vulnerabilities.

Get help from top-rated tutors in any subject.
Efficiently complete your homework and academic assignments by getting help from the experts at homeworkarchive.com