Lab 4
4. Paragraphs 1-4 In User Domain the people are often the weakest link in IT security. In Workstation Domain is vulnerable if not kept up to date. In LAN-to-WAN Domain IP addresses are accessible from anywhere in the world, and attackers are constantly probing public IP addresses. They look for vulnerabilities and when one is found, they pounce. In Remote Access Domain is vulnerable to authentication because when the user provides credentials to prove identity, if found the attacker can later use them to impersonate the user. Also when data is passes between the user and the server. In WAN Domain is the same vulnerabilities as LAN-to-WAN Domain. In System/Application should remove unneeded services and protocols, change default passwords, and regularly patch and update the server systems.
Impact Analysis: The next major step in measuring level of risk was to determine the adverse impact resulting from successful exploitation of vulnerability. The adverse impact of a security event can be described in terms of loss or degradation of any, or a combination of any, of the following three security goals:
Loss of Confidentiality – Impact of unauthorized disclosure of sensitive information (e.g., Privacy Act).
Loss of Integrity – Impact if system or data integrity is lost by unauthorized changes to the data or system.
Loss of Availability – Impact to system functionality and operational effectiveness. The user domain can be assessed by training them properly and the impact can damage the integrity of the company. Workstation domain can be assessed by keeping up with the systems and updating the when needed. LAN to WAN domain can be assessed by keeping good firewall restrictions and implementing them the impact could escalate to network downtime. Remote access domain can be assessed by requiring two credentials from the three something you are, something you have and something you know. This can impact the data stored on the network as well as the network itself.
Impact Analysis: The next major step in measuring level of risk was to determine the adverse impact resulting from successful exploitation of vulnerability. The adverse impact of a security event can be described in terms of loss or degradation of any, or a combination of any, of the following three security goals:
Loss of Confidentiality – Impact of unauthorized disclosure of sensitive information (e.g., Privacy Act).
Loss of Integrity – Impact if system or data integrity is lost by unauthorized changes to the data or system.
Loss of Availability – Impact to system functionality and operational effectiveness. The user domain can be assessed by training them properly and the impact can damage the integrity of the company. Workstation domain can be assessed by keeping up with the systems and updating the when needed. LAN to WAN domain can be assessed by keeping good firewall restrictions and implementing them the impact could escalate to network downtime. Remote access domain can be assessed by requiring two credentials from the three something you are, something you have and something you know. This can impact the data stored on the network as well as the network itself.