Preview

Identifying Potential Risk, Response, Recovery

Powerful Essays
Open Document
Open Document
1574 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Identifying Potential Risk, Response, Recovery
Identifying Potential Risk 1
Assignment 1: Identifying Potential Risk, Response, and Recovery
CIS333

Identifying Potential Risk 2

In this paper I have just been hired as an Information Security Engineer for a video game development company. I have previously identified all of the potential Threats, Vulnerabilities and Malicious Attacks for the videogame development company. The CIO have reviewed my report and has now requested that I draft a report analyzing and assessing any potential Malicious Attacks, Vulnerabilities and Threats that may be carried out against the company’s network. I will then choose a strategy for dealing with risk, such as mitigation, assignment, risk and avoidance. Next I will develop controls that will be used to mitigate each risk.

Identifying Potential Risk 3 Now let’s begin by discussing the threat of the Web/FTP server, some servers, or hosts, must be open to the internet. Web servers are examples of such hosts. You want any user to be able to access your web server- but you don’t want everyone to be able to get to your internal network (Fundamentals of Information Systems Security). The simple solution for this is just to isolate the host that is connected to the internet from the internal networks and then create a demilitarized zone. The risk mitigation for the Web/FTP, the FTP is very useful for working with remote systems, or to move files between systems. On the other hand the use of FTP across the internet or other untrusted networks, exposes you to certain security risk. Your object authority scheme might not provide enough protection when you allow the FTP on your system. The next risk for FTP is a hacker can mount a denial of service attack with your FTP server to disable user profile (FTP Security). This is usually done by repeatedly trying to logging on with the incorrect password for a user profile, generally



References: 10 Ways to mitigate Your Security Risk retrieved from, http://www.informationweek.com Kim, David and Solomon, Michael G., 2012, Fundamentals of Information Systems Security, CH 7.p.235 and CH10. P.335. Network Intrusion Detection, retrieved from http://www.itillious.com. Wireless technology Migration: Mitigating risk and increasing supply chain efficiency, retrieved from http://www.ien.com

You May Also Find These Documents Helpful

  • Better Essays

    It255 Project Part 1

    • 634 Words
    • 3 Pages

    References: David Kim., and Michael G. Solomon. Fundamentals of Information Systems Security , 2012: Sudbury, MA 2012…

    • 634 Words
    • 3 Pages
    Better Essays
  • Good Essays

    NT2580 Project part 1

    • 606 Words
    • 3 Pages

    Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…

    • 606 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    To restrict Web site or FTP access to specific computers or companies, you can create a list of IP…

    • 1432 Words
    • 7 Pages
    Powerful Essays
  • Good Essays

    Week 5 Quiz

    • 531 Words
    • 3 Pages

    Limit what services are running on the server to only what is absolutely needed, use unique id/strong password in combination with principle of least privilege to help prevent unauthorized access, use up-to-date anti-malware software, use firewalls to prevent unauthorized access, use intrusion detection software to monitor for unauthorized access…

    • 531 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    IT302 assignment 5

    • 356 Words
    • 2 Pages

    d. If you want vsftpd to run in standalone mode, what do you need to set in vsftpd.conf?…

    • 356 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    IS3220 Assignment 3

    • 980 Words
    • 4 Pages

    At the present there is one web server for employees to access both internal and external sites. The network security team will be integrating a web server located within the internal network. This Web server will be accessible only from within IDI’s local area network. We will be using the layered security concept to protect IDI’s internal servers. An (IDS) intrusion detection system will be set up to send out alerts in the event of an intrusion…

    • 980 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    In the LAN-to-WAN domain, we need to shut down the FTP server we have running and switch it over to use secure FTP so that only users allowed on our system can access our FTP server.…

    • 512 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Corporation Tech will face many security risks with their current network. The user domain is the single most vulnerable part of any network and as such poses the most obvious security risk. To mitigate risks involving the users is to implement policies and training to educate the user on proper use and security best practices. By educating the user on security practices such as secure passwords, safe web surfing, and securing their workstations, many potential attacks can be avoided. Policies and training are also necessary because they can be used as evidence when taking administrative action against a user or intruder in the event the system or data information is compromised.…

    • 612 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Besides the basic physical security of a site, the next most important aspect is controlling digital access into and out of the organization’s network. In most cases this means controlling the points of connectivity to the outside world, typically the Internet. Partitioning the boundary between the outside Internet and the internal intranet is a critical security piece. Any services not actually needed should be turned off so that they will not become avenues of attack for security threats. Different systems will have different services running by default.…

    • 1578 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    References: Kim, D., & Solomon, M. G. (2012). Fundamentals of Information Systems SecuritY. Sudbury: Jones & Bartlett Learning.…

    • 651 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Defense against web attacks is a key element in a security professional’s skill set. For this assignment, your manager has asked you to review the Aim Higher College’s Web server and application security and to suggest appropriate defenses. For each of the following scenarios, explain what the threat or threats are, what defenses you would recommend, and why.…

    • 1988 Words
    • 8 Pages
    Better Essays
  • Satisfactory Essays

    Unit 1&2 Discussion

    • 379 Words
    • 2 Pages

    Security of web applications first begins with configuring the server itself with strict security in mind. Many will often deploy various layers such as a WAF, IDS, or Mod Security to react in real time to various hacking and threats for HTTP requests. However, securing the entire server and any running services with a high level of security in mind is the first fundamental step to avoid the risk of being hacked or compromised.…

    • 379 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    3. What is the source IP address of the FTP client workstation and FTP server?…

    • 381 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    Lab8 1 Some Common Risks

    • 505 Words
    • 3 Pages

    The deny-by-default rulesets for incoming traffic should be placed on host-based firewalls when accessing the network remotely to prevent malware incidents (Wikia, n.d.).…

    • 505 Words
    • 3 Pages
    Good Essays
  • Better Essays

    This is a multi-layered security system that consists of the user’s domain. The user is the first and the weakest link in any system. The security is only as strong as the user’s ability to understand what can go wrong. We can implement a training program session for security awareness. Another security measure is to implement a policy to stop employees from bringing in CD’S, DVD’S, and USB’S or other personal devices into the work place that can connect to the network and possibly harming the system. The work station domain is where users first access the system, applications, and the data. The system should be password coded for authentication purposes. Applications and data ought to be monitored and permissions set accordingly. Downloading should also be limited to only those people with the proper permissions. The LAN domain is a collection of computers all connected to a central switch configured to run all of the company’s data. The LAN would have all the standards, procedures, and guidelines of all the users. I would insure all information closets, demark locations and server rooms are locked and secured at all times. Only those with proper ID or authorization would be allowed to access these locations. The LAN to WAN domain contains both physical and logical designs of the security appliances. For this layer you want to apply security protocols on file transfers, scans, and unknown files. The WAN connects the system to remote locations, such as other PC’s on your system i.e. the other 7 locations on our network. URL filters implemented on the system may ensure limited access to the web sites that are undesirable for business use. “The Remote Access Domain connects users to the organization’s IT infrastructure. Remote access is critical for staff members who work in the field or from home.” It is…

    • 775 Words
    • 4 Pages
    Better Essays