Security Assessment Report (SAR)
Assessing Information Systems Vulnerabilites and Risk
January 23, 2018
Prepared by: Shaneika Rose
University of Maryland University College
FOR OFFICIAL USE ONLY
Table of Contents
2. ORGANIZATION AND NETWORKS……………….………………………5
3. INSIDER AND EXTERNAL THREATS…..…………………………………7
4. VULNERABILITY TOOLS AND FINDING ……………………………….9
5. REMEDIATION VULNERABILITIES….…………………………..………11
Being able to understand and apply risk assessment methodology is important to successfully and competently create a safe computing environment. This may still be a challenge for the information security experts due to altering technological systems, and the vast growth of the internet, and just basically being able to find and evaluate risk. By means of computer security and computer systems becoming more complex, integrated and connected to third parties, the security and controls budget quickly reach restrictions. Through this kind of restrictions, information technology experts need to comprehend the relative implication of different sets of systems, application, data, storage and communication mechanisms. To meet these requirements and more organizations need to complete security risks assessments that service enterprise risk assessment approach to certifying all aspects of IT are addressed, including hardware and software, employee alertness training and business processes. This report will evaluate the organization’s current computer network design and systems, the different threats related to the network systems and how they can better guard their network systems against vulnerabilities. This report will also find the security issuse in the organization networks and provide a breakdown of the strength of passwords used by the employees in the organization to determine whether weak passwords is a security issue for the organization.
The purpose of this security assessment report is to integrate network security and physical security to examine security data risk. This scrutiny consist of any past intrusions through the network or physically, any identified threats or any potential threats. This assessment will arrange which of the risk deserves the highest allocation of resources to address, individuals and systems most affected by the risks.
2. ORGANIZATION AND NETWORKS
The main goal of the organization is to determine and develop a working system groundwork. The objective is to realize and build up a LAN and WAN system program that will help the original multipurpose and adjustable system structure. The outline will help the organization develop a more general system that strengthens its financial framework with more benefits and deals in the future. The system intends to assist the partnership specialist with employing the new applications which are urgent to the efficient operation of new preparing plans for the organization. The network is comprised of LANs and WANs. A LAN consists of a computer network at a single site, usually within an individual office building. LANs are useful for sharing resources, such as data storage and printers. Smaller LANs can use one to three computers, whereas lager LANs can accommodate hundreds or even thousands of computers. LANs rely on wired connections to increase speed and security, but wireless connections can also be incorporated into the LAN. A WAN occupies a large area, such as a country or the world. The WAN can contain many smaller LANs. The Internet is an example of a WAN. WAN is a wireless computer network that links multiple devices using a wireless distribution method within a limited area.
Advantages of using WANS
Ø Centralizes IT infrastructure – WAN removes the need to buy email or file servers for individual office. Setting up a WAN also simplifies server management, since you won’t have to support, back-up, host, or physically protect several units. Also, setting up a WAN offers important economies of scale by providing a vital pool of IT resources the whole organization can tap into.
Ø Boosts your privacy – Setting up a WAN lets you share sensitive data with all your sites without having to send the information over the Internet. Having your WAN encrypt your data before you send it adds an extra layer of protection for any confidential material you may be moving. A business needs all the protection it can get from network intrusions with so many hackers out there.
Ø Increases bandwidth – Corporate WANS often use leased lines instead of broadband connections to form the backbone of their networks
Ø Eliminates Need for ISDN – WANs can cut costs by removing the need to rent expensive ISDN circuits for phone calls.
Ø Guaranteed uptime – Several WAN providers offer business-class support. That means you get a precise amount of uptime monthly, quarterly, or yearly as part of your SLA.
Ø Cuts costs, increase profits – In addition to removing the need for ISDN, WANs can help you cut costs and increase profits in a wide variation of other ways.
Figure 1. Shows the difference between LAN and WAN
3. INSIDER AND EXTERNAL THREATS
‘Understanding insider threat has been the focus of many researchers and led to several classification schemes. An early classification was performed by Anderson (J.P. Anderson), who grouped insiders into three categories: (i) masqueraders, which are individuals who steal the identity of a legitimate user becoming an impersonated legitimate user, (ii) misfeasors, which are legitimate users who are authorized to use systems and to access information but misuse their privilege, and (iii) clandestine users, which are individuals who evade access control and audit mechanisms and therefore are unknown until they become masqueraders or misfeasors”. “Other classifications focus on insiders’ intention, such as the one used by CERT4, that classifies insiders’ intentions into three categories: (i) theft of information, also called espionage, when someone steals confidential or proprietary information from the organization, (ii) IT sabotage when someone harms, in any sense, the organization or individuals within the organization, and (iii) fraud when someone obtains unjustifiable services or property from the organization (M. Keeney).”
The cybersecurity landscape is constantly evolving as organizations and governments continue to battle increasingly sophisticated hackers and cyber threats. To mitigate the risk associated with cyberattacks, it is imperative to understand the nature of threats. There are several threats that are prevalent in today’s cyber landscape that companies and national agencies need to be aware of and the most highly used of them are:
Ø Denial of Service Attacks(DoS) – Which is an attack that is meant to shutdown a machine or network making it unaccessible to its intended users.
Ø Session Hijacking Attack – is a method of taking over a web user session by secretly gaining the session ID and hidden as the authorized user.
Ø IP Address Spoofing/ Cache poisoning Attack- By spoofing a program acts like another program in order to gain access to illegal networks. Cache poisoning involves an attack on the cache of the DNS servers and then replace one or more IP addresses with ones that are spoofed.
Ø Packet analysis/sniffing – Is used to monitor network traffic and can be used to capture data of all the actions that pass on a network.
Ø Distributed denial of service attacks – is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resources.
3. VULERABILITIES TOOLS AND FINDINGS
Benefits of using a free network analyzer tool such as Wireshark and Nmap
Security tools enable security professionals to identify system vulnerabilities, test for weaknesses, and monitor for intrusions, yet in the wrong hands, they can be used to exploit the very systems they are intended to protect. Wireshark is an open source network protocol analyzer. The tool’s intended use: Intrusion identification through real-time monitoring. Monitored data packets can be filtered by a plethora of protocols. The tool’s intended users: Security professionals who need to know what is happening on their network. The dark side of the tool: Live data can be read if not encrypted, and the tool also includes decryption for numerous protocols. Potential Solutions: Monitoring and block unauthorized port sniffing. Nmap is a free open source security tool for network auditing and discovery, network inventory, and host monitoring. The tool’s intended use: Network auditing. “The dark side of the tool: Nmap uses IP packets to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.”( Darknet.org.UK.) Hackers can use this information to identify weak links. Potential solutions: Use a proxy server on the outer edge of your layered security to block the inner, more secure network from public view.
Figure 2. Test using the command: nmap –sS –v –O WINTGT01
4. REMEDIATION VULNERABILITIES
Vulnerability management requires an automated or manual workflow. Assessment reports should be provided to IT asset administrators and then verified by an auditing and feedback process. Once corrective action is taken to remediate the vulnerability, the IT asset should be re-examined for compliance. The more automated the process, the more efficiently your company can correct known vulnerability exposures. It is essential to recognize that resolving the vulnerability for good depends on the IT asset and its role. The following can be considered remediation measures:
· Patching the vulnerability;
· Disabling vulnerable functionality;
· Uninstalling vulnerable components;
· Changing the system configuration; and
· Upgrading the platform or service.
“Organizations should document all decisions not to remediate to prevent them from multiplying and becoming unmanageable. Failure to address a vulnerability is a decision to accept the risk. This decision should never be made by the IT or information security team, but by the business owner of the vulnerable asset. Exceptions should show up on the vulnerability assessment reports and the use of exceptions logged and tracked.”( Stulz, R.M.,)
Vulnerabilities are situations that enhance the possibility of a threat, which in turn enhance risk. The network is packed with free projects that are intended to protect systems from vulnerabilities, malware, device misconfigurations, internet attacks, and a diversity of other threats and weaknesses. Luckily, Wireshark and Nmap helped us in this project to build a remarkable security arsenal without costing a cent because it is free. When it comes to the number of options available for a packet and protocol analyzer, few come close to the number of options for the price offered by Wireshark. Even though it is not possible to outline every Wireshark selection or create filters for every identified or unidentified attack, we can always grasp the opportunity to think outside the box and re-purpose the features that exist in Wireshark and apply it to our own situation. This report also shows the work of Wireshark as a network protocol analyzer and also underlines its flexibility as an open source utility. Along with Wireshark, I have also conferred the uses and finding of other network security tools such as Nmap.
Combs, G. (n.d.). (May 4, 2014)About Wireshark. from http://www.wireshark.org/about.html
CSOonline.com, (2013).”20 Best Free Security Tools”
Darknet.org.UK. (2006 ) “Top 15 Security Hacking Tools”.
J. P. Anderson, (1980 )”Computer Security Threat Monitoring and Surveillance,” James P. Anderson Co., Fort Washington, PA, USA, Tech. Rep. http://seclab.cs.ucdavis.edu/projects/history/papers/ande80.pdf.
M. Keeney, E. Kowalski, D. Cappelli, A. Moore, T. Shimeall, and S. Rogers, (May 2005 )”Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors,” U.S. Secret Service and CERT Coordination Center.
M. R. Randazzo, M. Keeney, E. Kowalski, D. Cappelli, and A. Moore, (August 2004 )”Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector,”, U.S. Secret Service and CERT Coordination Center
Stulz, R.M., (June 2000), “Why Risk Management Is Not Rocket Science”, Financial Times, Mastering Risk Series,.
Sectools.org, “Top 125 Security Tools”, Dynamic web pages
Toolswatch.org, “(January 2015) Top Security Tools as Voted by Toolswatch.org Readers”.