identifying potential Malicious Attacks, Threats, And Vulnerabilities Case Study
A video game development company has the following network components: 2 firewalls, 1 Web/FTP server, 1 Microsoft exchange email server, 1 network intrusion and detection system, 2 Windows Server 2012 Active Directory Domain Controllers, 3 file servers, 1 Wireless access point, 100 desktops/laptops and VoIP telephone system.
In my mandate as Information Security Engineer, and through this paper, I report on the potential malicious attacks, threats, and vulnerabilities specific to this organization. The report will also highlight the impact of the selected malicious activities and propose security controls to counter them. Also, an analysis of the potential concerns for data loss in the documented network is given, their impacts and security controls required to protect against these concerns.
Malicious attacks, vulnerabilities
Worms, viruses, and Trojan horses
These are malicious software which is inserted onto a host to damage a system, corrupt files or replicate them. They also deny networks, systems and services resources required for their functioning. At the extreme, they allow copying of sensitive information.
They include packet sniffers, port scans and ping sweeps. For example, an attacker ping sweeps a network and determines IP addresses that are alive. The intruder then queries the ports to determine application systems and types and even operating system running on a target. It is based on this information that an intruder determines whether a possible vulnerability exist. The information caught from sniffing software such as Nslookup and Whois are used to advance other type of attacks.
Social engineering is access vulnerability in authentication services for the purpose of gaining entry to access confidential information. It is actually the easiest because it does not require any computing skill. An intruder tricks the user to believing it is a legitimate contact and in the process seeks confidential information such as location files, passwords and other personal information which are used to perpetrate further attacks.
Malicious attacks impacts negatively on the existence of an organization. Trojan horses ask the user to enter sensitive information into a commonly trusted site. For instance, an attacker might log in to a Windows box and run a program that resemble Windows Logon screen. Unaware, the user is prompted to enter username and password. The program then forwards the name and password information to the attacker and gives a Windows error for a wrong password. The user would log out and the correct Windows screen appears. The password of the user has just been stolen and can be used to access sensitive information from the network. This results in enormous damages in terms of organizational data theft.
Sniffing and eavesdropping attacks causes loss of information confidentiality. The impacts are information gathering and information theft. Network intruders collect passwords and usernames carried in packets such as credit card number which are subsequently used to steal data from networks by gaining unauthorized access.
Social engineering attacks such as phishing involve use of email communication to trick users to provide sensitive information such as credit card numbers and passwords. The phisher masquerades as trusted party with legitimate need for sensitive information. Phishing emails contain hyperlinks that seem to be legitimate but are not. Once a user provide their information, they are used to perpetrate other crimes such as financial fraud.
Eavesdropping attacks is controlled by three methods namely;
Using encryption tools that meet security standards of organizations without causing excessive constraints on system resources and users. For instance, by encrypting after the UDP or TCP headers, IP payload data is encrypted and network routers and switches will forward traffic as they would any other IP packets.
Using switched networks
Enforcing and implementing policy directives that prevent use of protocols with known vulnerabilities to eavesdropping
Phishing is controlled by educating users not to divulge sensitive information to anyone under any circumstance. Because administrators of computer systems rarely, if any, need to know users passwords to undertake administration tasks, password sharing should be discouraged. The organization should institute security policies that define how usernames and passwords area created, used, stored and disposed. Apart from these, user responsibility should be reinforced so that every user is held responsible for actions taken using their credentials.
Data loss concerns
In this network, data loss may result from three scenarios:
Unsecured Wi-Fi hacking
Unauthorized access to desktops and laptops
Windows file server hacking
The impacts of unsecured Wi-Fi is huge given that almost everything on the network can be displayed to the intruders once they get in. Information on employee, financials, proprietary rights and others can be comprised.
Usually, employees can leave their desktops running as they close the day’s work until the next day. If insufficient physical and logical controls are not in place, strangers can access the organizations computer systems and steal sensitive data. The impact of this theft may be espionage, loss of business due to revealed trade secrets or customer information exposure which lead to legal and reputational battles.
The file server of an organization holds the gold of the network. They house databases, intellectual property and highly sensitive information and passwords. When the server goes down, the network is incapacitated and when compromised, a whole lot of hell breaks loose. In a Windows platform for instance, the file server can be hacked by exploiting a missing patch. Using common and free tools such as NeXpose and Metasploit, against MS08-067 vulnerability, the server can be controlled time and again without the owner realizing. The damage that could be done by using a full sever command prompt access add/remove user, copy and backup database, delete files and others is massive.
Protection of Wi-Fi is achieved using WPA2 encryption. This way, the wireless network can only allow those with authentication to access resources.
Information contained in computer networks should be secured using strong passwords combinations. This can be facilitated by a security policy which makes it mandatory for passwords to have certain characters. For example, employee passwords should have a minimum of eight characters with alphanumeric combinations. This makes it hard for password crackers to bypass it. Locations where computing resources are located should have sufficient security to get rid of strangers who are looking for loopholes.
association, I. S. (2014). Critcal elements for information security programs .
Mavridis .I.P., H. P. (2011). Real life paradigm of wireless network security attacks. 2011 Panhellenic Conference on Informatics.
Woody, A. (2013). Enterprise Security: A Data-Centric Approach to Securing the Enterprise. Packt Publishing Ltd.