Update Assessing Information System Vulnerabilities and Risk

User Generated

zzz2012

Writing

Description

Project 3 Outline and Notes documents provides detailed information that is need in both SAR and RAR.

Please address all comments in both SAR and RAR. Highlights the narrative and table and graph you added. Highlight any modification provided.

Included citations with your update

Unformatted Attachment Preview

Assessing Information System Vulnerabilities and Risk Attached is OIG Audit Report. This OIG Audit Report and recommendations on the OPM Breach should help to develop Enterprise Level Security Plans. Attached is a suggested outline and alternative templates for the Project 3 SAR and RAR. Again, these are just guidelines, you can adapt them anyway you like, as long as you address the questions/requirements for the project. I hope these help. SCENARIO You are an Information Assurance Management Officer, IAMO, at an organization of your choosing. One morning, as you're getting ready for work, you see an email from Karen, your manager. She asks you to come to her office as soon as you get in. When you arrive to your work, you head straight to Karen's office. “Sorry for the impromptu meeting,” she says, “but we have a bit of an emergency. There's been a security breach at the Office of Personnel Management.” We don't know how this happened, but we need to make sure it doesn't happen again, says Karen. You'll be receiving an email with more information on the security breach. Use this info to assess the information system vulnerabilities of the Office of Personnel Management. At your desk, you open Karen's email. She's given you an OPM report from the Office of the Inspector General, or OIG. You have studied the OPM OIG report and found that the hackers were able to gain access through compromised credentials. The security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings. In addition, access to the databases could have been prevented by implementing various encryption schemas and could have been identified after running regularly scheduled scans of the systems. Karen and the rest of the leadership team want you to compile your findings into a Security Assessment Report or SAR. You will also create a Risk Assessment Report, or RAR, in which you identify threats, vulnerabilities, risks, and likelihood of exploitation and suggested remediation. The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls). The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements that are sure to follow in order to stay in step with ever-changing information system technologies. The data breach at the Office of Personnel Management (OPM) is one of the largest in US government history. It provides a series of lessons learned for other organizations in industry and the public sector. Some critical security practices, such as lack of diligence to security controls and management of changes to the information systems infrastructure were cited as contributors to the massive data breach in the OPM Office of the Inspector General's (OIG) Final Audit Report, which can be found in open source searches. Some of the findings in the report include: weak authentication mechanisms; lack of a plan for life-cycle management of the information systems; lack of a configuration management and change management plan; lack of inventory of systems, servers, databases, and network devices; lack of mature vulnerability scanning tools; lack of valid authorizations for many systems, and lack of plans of action to remedy the findings of previous audits. The breach ultimately resulted in removal of OPM's top leadership. The impact of the breach on the livelihoods of millions of people is ongoing and may never be fully known. There is a critical need for security programs that can assess vulnerabilities and provide mitigations. There are nine steps that will help you create your final deliverables. The deliverables for this project are as follows: 1. Security Assessment Report (SAR): This should be an 8-10 page doublespaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Risk Assessment Report (RAR): This report should be a 5-6 page doublespaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab. When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. • • • • • • • • • • • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. 5.2: Knowledge of architectural methodologies used in the design and development of information systems and knowledge of standards that either are compliant with or derived from established standards or guidelines. 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology. 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. Step 1: Enterprise Network Diagram During Project One, you researched a hypothetical or actual organization of your choice. You had to understand the goals of the organization and the types of systems that would fulfill those goals. You will now research and learn about types of networks and their secure constructs that may be used in organizations to accomplish the functions of the organization’s mission. You will propose a local area network (LAN) and a wide area network (WAN) for the organization, define the systems environment, and incorporate this information in a network diagram. Discuss the security benefits of your chosen network design. Read about the following computing platforms available for networks and discuss how these platforms could be implemented in your organization. Include the rationale for all platforms you choose to include in your network design. • • • • • common computing platforms cloud computing distributed computing centralized computing secure programming fundamentals Step 2: Enterprise Threats Review the OIG report on the OPM breach that you were asked to research and read about at the beginning of the project. The OIG report included numerous security deficiencies that likely left OPM networks vulnerable to being breached. In addition to those external threats, the report also describes the ways OPM was vulnerable to insider threats. The information about the breach could be classified as threat intelligence. Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach. You just provided detailed background information on your organization. Next, you’ll describe threats to your organization’s system. Before you get started, select and explore the contents of the following link: insider threats (also known as internal threats). As you’re reading, take note of which insider threats are a risk to your organization. Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization? Step 3: Scanning the Network Note: You will use the tools in Workspace for this step. If you need help outside the classroom to complete this project, register for CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Select the following link to enter Workspace. and complete the lab activities related to network vulnerabilities. You will now investigate network traffic, and the security of the network and information system infrastructure overall. Past network data has been logged and stored, as collected by a network analyzer tool such as Wireshark. Explore the tutorials and user guides to learn more about the tools you will use. Click the following link to read more about these network monitoring tools: Tools to Monitor and Analyze Network Activities. You will perform a network analysis on the Wireshark files provided to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. Include this information in the SAR. You will then return to the lab in order to identify any suspicious activities on the network, through port scanning and other techniques. You will revisit the lab and lab instructions in Step 7: Suspicious Activity. Click here to access the Project 3 Workspace Exercise Instructions. In order to validate the assets and devices on the organization's network, run scans using security and vulnerability assessment analysis tools such as MBSA, OpenVAS, Nmap, or Nessus depending on the operating systems of your organization's networks. Live network traffic can also be sampled and scanned using Wireshark on either the Linux or Windows systems. Wireshark allows you to inspect all OSI layers of traffic information. Further analyze the packet capture for network performance, behavior, and any suspicious source and destination addresses on the networks. In the previously created Wireshark files, identify if any databases had been accessed. What are the IP addresses associated with that activity? Include this information in the SAR. Step 4: Identifying Security Issues You have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization's network in a SAR. Now it's time to identify the security issues in your organization's networks. You have already used password cracking tools to crack weak and vulnerable passwords. Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization? Step 5: Firewalls and Encryption Next, examine these resources on firewalls and auditing–RDBMS related to the use of the Relational Database Management System (i.e., the database system and data) RDBMS. Also review these resources related to access control. Determine the role of firewalls and encryption, and auditing – RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. Reflect any weaknesses found in the network and information system diagrams previously created, as well as in the developing SAR. Step 6: Threat Identification You know of the weaknesses in your organization's network and information system. Now you will determine various known threats to the organization's network architecture and IT assets. Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization? • • • • • IP address spoofing/cache poisoning attacks denial of service attacks (DoS) packet analysis/sniffing session hijacking attacks distributed denial of service attacks In identifying the different threats, complete the following tasks: 1. Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization. 2. Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified. 3. Also discuss the value of using access control, database transaction and firewall log files. 4. Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks. Include these in the SAR. Step 7: Suspicious Activity Note: You will utilize the tools in Workspace for this step. Hackers frequently scan the Internet for computers or networks to exploit. An effective firewall can prevent hackers from detecting the existence of networks. Hackers continue to scan ports, but if the hacker finds there is no response from the port and no connection, the hacker will move on. The firewall can block unwanted traffic and NMap can be used to self-scan to test the responsiveness of the organization's network to would-be hackers. Select the following link to enter Workspace and conduct the port scanning. Return to the lab instructions by clicking here to access the Project 3 Workspace Exercise Instructions. Step 8: Risk and Remediation What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report findings and recommendations as a possible source for methods to remediate vulnerabilities. Read this risk assessment resource to get familiar with the process, then prepare the risk assessment. Be sure to first list the threats, then the vulnerabilities, and then pairwise comparisons for each threat and vulnerability, and determine the likelihood of that event occurring, and the level of impact it would have on the organization. Use the OPM OIG Final Audit Report findings as a possible source for potential mitigations. Include this in the risk assessment report (RAR). Step 9: Creating the SAR and RAR Your research and Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership. Prepare a Security Assessment Report (SAR) with the following sections: 1. 2. 3. 4. 5. 6. 7. Purpose Organization Scope Methodology Data Results Findings The final SAR does not have to stay within this framework, and can be designed to fulfill the goal of the security assessment. Prepare a Risk Assessment Report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. Devise a high-level plan of action with interim milestones (POAM), in a system methodology, to remedy your findings. Include this high-level plan in the RAR. Summarize the results you obtained from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your report. The deliverables for this project are as follows: 1. Security Assessment Report (SAR): This should be an 8-10 page doublespaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 2. Risk Assessment Report (RAR): This report should be a 5-6 page doublespaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. 3. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab. 4. APA style references Submit your deliverables to the assignment folder. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • • • • • • • • • • • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. 5.2: Knowledge of architectural methodologies used in the design and development of information systems and knowledge of standards that either are compliant with or derived from established standards or guidelines. 5.6: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology. 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. 8.1: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents. 8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately. Running head: Risk Assessment Report Project 3: Risk Assessment Report 1 Risk Assessment Report 2 Abstract Risk assessment is the process of identifying, evaluating and analyzing threats and vulnerabilities (risks) that will result in possible future damages to the organization system. It involves risk evaluation and analysis. It is conducted following easy steps of firstly identifying the risk, determining the subjects that might be inflicted by the uncertainty, risk evaluation and coming up with control or preventive measures, implementation and recording of the findings and finally risk assessment reviews when necessary at least quarterly per year. There are different types of risks an organization can impose after evaluating and analyzing the effects of the threat. This report will consist of the following topics; Threats, Vulnerabilities, Likelihood of exploitation, Impact of exploitation, Remediation, Plan of Action and Milestones (POA and Ms), Conclusions and References Security threats As seen in the audit reports from the OIG, OPM reported weaknesses in their information technology environment that contributed to the security breach. Security and risks assessments are conducted to make sure that the organization operating systems satisfies the necessities of the Federal Information Security Modernization Act (FISMA). Most of the threats were internal which with critical considerations the danger could be avoided. The internal risks identified were; • Inaccurate inventory network and system devices that lower the effectiveness of security controls • Invalid authorizations Risk Assessment Report 3 • OPM inability to monitor and evaluate its network system environment • Few OPM systems have conducted the contingency plan tests not all • Non-compliance and Inadequacy assessment of the network system environment. • Unskilled and untrained personnel in accordance to the organization policy operating the OPM systems • Expired agreements between the contractors handling the system and the OPM system body • Misconfigurations of the virtual private network servers as per the agency policy • Incorporation of identified weakness to POA and Ms while large systems contain the Plan of Actions and Milestones that are overdue. • Lack of established Risk Executive Function. • Lack of matured vulnerable assessment and scanning tools. Vulnerabilities The security threat is potential damage, loss or destruction on the network system environment while vulnerability is a pothole or any weakness on the system that can be exploited. The vulnerabilities of the OPM system is; Out-dated-soft wares- the OPM network environment no longer offers security fixes, patches or security updates for the system software due to the unsupported operating and software’s platforms. Utilization of only supported operating and software platforms in the network environment should be enforced to remedy this. Risk Assessment Report 4 Patched management- the entire OPMs environment system should implement patching software to maintain and manage all the non-operating and operating system software's. Unluckily, after the scanning not all system servers in the OPM environment was patched. Weak OPMs vulnerability assessment and scanning tools- this tools analyze, monitors and evaluate networks for weaknesses. They include MBSA, Open VAS, Wireshark and many others Misconfigurations of the computer system (hardware, software, internet services) that can be vulnerable to cyber insecurities under unsecured networks (Gantz, 2012) Likelihood and impact of exploitation It means the possibility of attacks to the network system environment. As seen in Security Assessment Reports for system networks, attackers exploit any given a chance presented to them or go an extra mile in obtaining sensitive organization information through unauthorized access to the system. Although not all attacks are cyber-connected, the vulnerabilities mentioned above act as a gateway through the systems by the cybercriminals. The main reason for the system and network attacks is for the attackers to steal private information from the system leading to an organizational risk of either accepting, mitigate or transfer the risk. A valid decision is made after a risk assessment has been conducted depending on the effects that the threat will inflict on the organization. By the use of vulnerability assessment tools, in this case, Wireshark which is a free/open sourced software known as the most powerful tool for analyzing and monitoring of networks, some network securities attacks were identified. They include packet analysis, Denial of Service attacks (Dos), session hijacking attacks, IP addresses spoofing and Distributed Denial of Service attacks (D-DoS). Risk Assessment Report 5 Remediation and mitigation A solution to cyber-attacks is through the creation of firewalls log files and encryption methods. Firewalls are computer networking systems that control and monitors all the incoming network traffic and outgoing under the OPM security systems rules. Firewalls constructs a barrier between the local servers and the local networks’. In the existence of an active firewall, all strategically planned attacks against the data network of the system are blocked hence the threat will have been prevented. Encryption methods can be used in Relational Database Management System (RDMS) creating minimized access to the database or other files unless you have a decryption key. Mitigation To lessen disadvantageous effects in taking risks against a particular vulnerability, there are strategically planned mitigation risks to be followed before deciding on which way to handle the threat. These strategies are; Risk acceptance- even though it involves doing entirely nothing to solve the vulnerable it is still being considered as a risky strategy. In this, the organization makes no risk and do nothing this is after a risk assessment has been done and the cost of fixing the risk is higher compared to avoid it. Risk avoidance- it’s where actions are taken to avoid the negative impacts of the vulnerable in future. It’s the opposite of accepting risks. Risk transfer- includes the involvement of a willing third group or party to solve risk. For example, insurance policies (Tanimoto, 2011) Risk Assessment Report 6 Plan of Action and Milestones (POA and Ms) Plan of Action and Milestones is a tool purposed to helping agencies in assessing, identifying, monitoring and prioritizing the progressed IT securities systems from their system threats and vulnerable after remediation. OPM effectively used POA and M in keeping tabs of its system by ensuring all the OPM systems are incorporated into POA and M document appropriately, prioritizing weaknesses, active adherence and planning to remediation deadlines, identifying resources to remedy vulnerability, renewing contractors’ agreements on time and contractor documentation systems. And also, planning contingency tests and remote access of the management system data and networks. POA and M will reduce security threats and vulnerabilities on the OPM systems on the next system evaluation period. Conclusion Following the above information about threats and vulnerabilities, I think and believe most security breaches can be prevented if necessary actions are implemented in time. I recommend the use of vulnerability scanning tools (MBSA, Open VAS, Wireshark, Nikto) to identify weakness in the system regularly and in case of a new system too. Use of firewalls and encryptions are the best methods for blocking unauthorized access to the system hence avoidance data loss to unknown individuals. Risk Assessment Report 7 Referencing Cárdenas, A. A., Amin, S., Lin, Z. S., Huang, Y. L., Huang, C. Y., & Sastry, S. (2011, March). Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM symposium on information, computer and communications security (pp. 355-366). ACM. Gantz, S. D., & Philpott, D. R. (2012). FISMA and the risk management framework: the new practice of federal cyber security. Newnes. Kundra, V. (2011). Federal cloud computing strategy. Newman, R. C. (2006, September). Cybercrime, identity theft, and fraud: practicing safe internet-network security threats and vulnerabilities. In Proceedings of the 3rd annual conference on Information security curriculum development (pp. 68-78). ACM. Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H., & Kanai, A. (2011, May). Risk management on the security problem in cloud computing. In Computers, Networks, Systems and Industrial Engineering (CNSI), 2011 First ACIS/JNU International Conference on (pp. 147-152). IEEE. Wu, T. (2003). Network neutrality, broadband discrimination. J. on Telecomm. & High Tech. L., 2, 141. Running head: Security Assessment Report 1 Project 3: Security Assessment Report Abstract Security Assessment Report (systems network) 2 A summary of the security assessment that I will conduct about the organization network as the Information Assurance Management Officer is resulted by an occurrence of a security breach that turned out in the Office of Personnel Management (OPM). Cyber-attacks especially attacks government and cooperate agencies is at a higher rate recently compared to the same attacks back in time. These attacks inflict the organization with severe negative impacts like data loss on unauthorized personnel hence the security threats, and vulnerabilities should be assessed and remedied accordingly preventing similar attacks. The report will contain more in-depth information about the purpose of the research, its scope, security assessment methodologies, data findings, recommendation, and conclusions. The most security breach can be prevented if the organization, in this case, OPM has enacted some of the easy-to-learn preventive measures (encryption). Purpose The essential reason for the security audit or network assessments is to necessitate quality security control measures against security breaches to any designed and implemented organizational projects available in the computer system. Assessing and monitoring the entire computer systems and organizations infrastructure (processes and policies) should regularly be conducted inclusive of when changing to a new system or additional infrastructures to be ahead of any possible future threats. The assessment is for making certain that the organizations Information Systems (IT) resources satisfies the needs of the Federal Information Security Modernization Act (FISMA). Organization. Security Assessment Report (systems network) 3 It is a medium sized legal entity that has a common goal of providing quality products and services to the consumers. It has a functional organizational structure with divided roles, responsibilities, and power to different sectors each sector being led by its manager. The structure of the organization will be provided at the end of this document. Scope; Enterprise network Data or computer network in other terms is the interconnection of different computers with the primary reason of sharing resources using data links connections (Wireless Fidelity (Wi-Fi), Ethernet and fiber-optic cables) between nodes. Networking enhances communications and sharing among devices. It helps in extensive number computer applications and services like use of other hardware devices (printers, fax machines, and storage devices) and in accessing the internet. There are different common types of computer networks; • Wireless Local Area Network (WLAN)- It is a local network supported by Wi-Fi technology • Local Area Network (LAN) - a network that covers a short distance, for example, a networked school, home or office building. • Wide Area Network (WAN)- it is a geographically widely distributed groups of LANs • Metropolitan Area Network (MAN) - it is a network covering a larger area than LAN but smaller than WAN (Bradley Mitchel,2018). Given this is a medium-sized organization I propose the use of both LAN and WAN networks for efficiency because each has its advantages and disadvantages and one can supplement the other in case of difficulties or threats. The advantages and disadvantages of LAN and WAN are noted at the end of the document in Fig.3 and Fig. 4 respectively. Security Assessment Report (systems network) 4 Computer networking can be termed as the most significant source of cybercrimes as it's easy for the hackers to gain unauthorized access of the organization's data by deploying a computer worm or viruses to attack the system or by directly hacking into the network and gain access. Worms and viruses can be voluntary be downloaded as system software's from unsecured sources or through links. But with strong encryption and security policies LAN and WAN networks cyber threats can be prevented. Other networking computing platforms that can be implemented in our network systems and are available are; Cloud computing- this is the use of internet-hosted remote servers over local server/computer systems in managing, accessing, processing and storing data, information, and programs (Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009)). Distributed computing- has distributed systems located in different networks but achieves a common goal through passing information to each other. Example of a distributed system is a multiplayer online game (Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009)). Centralized computing- involves using a central computer in all computing process as long as the computer peripherals are connected to the central computer which is in control either using terminal servers or physically. These computing platforms achieve the same goals of communications, coordination, and sharing of resources like other networks hence it should be included in the organization network system because of their unique features for the smoother running of programs (Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009)). Security Assessment Report (systems network) 5 Enterprise threats. From the OIG report, there are several securities deficiency mentioned that contributed to the vulnerability of OPM networks that lead to a breach. These threats can be categorized into two; • Internal threats- this is the threats rooting from inside the organization. They include weak authentication mechanisms, misconfiguration or change of plan management policies, lack of inventory systems (network devices, databases, and servers). Also, poor vulnerability assessment scanning tools, lack of life cycle plan of management of information systems, no remedy actions on previous audits, non-compliance and inadequacy of OPMs continuous assessment of the information systems and lack of trained personnel in accordance to the organization policy. In addition to, expired security agreements between the party handling OPM information systems and the OPM itself and poor authorization procedure for many systems in the organization (Final Audit Report, 2015). All the above securities threats have significant risks to the organization because in one way or another they depend on each other. OPMs inability to monitor and assess its system regularly is the greatest weakness as it results in securities breach which can be prevented. • External threats- this is threats that originate from outside the organization leading to data breaches mainly cyber insecurities promoted by weak OPMs security policies (Macker, J. (1999)). Threat intelligence Security Assessment Report (systems network) 6 It is a knowledge based on threats evidence comprising of mechanisms, implication, context, indicator and the solutions to the threats advice that assists during decision-making process concerning the control and preventive measures to be taken against the threat. Network assessment and scanning. Network traffic is the given number of data going through a specific networking device at a given time. In project 2, Security Assessments Reports for operating systems (Window and Linux) we used MBSA and Open VAS as the assessment scanning tools for Windows OS and Linux respectively. There are other assessment tools for scanning threats and vulnerabilities in the system such as Wireshark, Nikto, Retina CS Community, Aircrack, Nessus Professionals and Tripwire IP360. In this project, I will use Wireshark as the analyzing tool for the analysis of the network. Wireshark is widely used as an analyzing tool for network protocols. I choose Wireshark because just like Open VAS and MBSA, Wireshark is an open-sourced software known for its powerfulness abilities in analyzing LAN. It is fully integrated, has advanced alerts and triggers, has flexible and module solutions to threats and can work with multiple network packets analysis with different IP addresses or hosts (Chapell, 2010). I gained a deeper understanding of network analyzing tools, mainly how to use Wireshark in the lab with the assistance from the lab assistance CLAB 699 cyber computing. Wireshark acts as a multitasking software mostly in a complex networking system environment like monitoring network, network management, network configurations and troubleshooting, server’s assessment and network analysis. Screen prints showing steps to be followed while analyzing OPMs network system is provided at the end of this document Security Issues Security Assessment Report (systems network) 7 Using Wireshark as a network analyzer and assessment tool to detect existing threats and vulnerabilities in the OPM network and system environment, the following threats were identified; • Cases of invalid authorizations • OPMs inability to monitor, assess and manage its network system environment • Non-compliance and inadequacy of frequent assessment and analyzing of the system • Inaccurate inventory networks and system devices which lower the effectiveness of security control measures that are in place • Lack of an established Risk Executive Function of the OPMs systems • Lack of skilled and trained personnel to operate the OPMs systems per its policy • Weak or non-existence of enforced life cycle plan for all OPMs systems projects • No remediation actions for previous audits (citation) Even though strong passwords in the systems during logins does not guarantees effective security control measures, it reduces organizational risks to security breach occurrences at a certain percentage. In an organization, the creation of passwords depends on its system development (design and implementation) where the employees can gain access to the system and network data according to their position in the organization. Strong passwords keep the computer system secured from threats and breaches. Firewalls and Encryptions Firewalls in computer networking security are network security which controls and monitors the outgoing and incoming network traffics (data networks) basing on the organization security details. Firewalls protect the networking systems from untrusted networks. On the other hand, Security Assessment Report (systems network) 8 encryption is the process of protecting data from unauthorized access by encoding the data in the particular message and can only be accessed by use of a decryption key. Auditing computer networking systems contribute to the valuable management of firewall data (Minor, 1999). Relational Database Management System (RDMS) - has RDM server that host server/client database system supporting some programming languages like C and SQL which can be exploited for injection attacks but RDMS assists in guarding data ensuring the primary objectives of security assessments are attained. These objectives of data in the information system are confidentiality, integrity, and availability (CIA). Organizational Network Threats identification and remediation Above I outlined several system threats that lead to massive data breach. There is a difference between system threats and network threats as it shall be seen at the end of this topic. Below, are a list of network attacks and threats that put the organization at risk of data loss; • Denial of Service attacks (Dos) - an attack purposed to lock the intended liveware out from accessing any component of the computer system and network. • IP addresses spoofing- involves the creation of fake Internet Protocol IP addresses to impersonate other system identities concealing attackers’ details. • Session hijacking attacks- theft using HTTP cookie. It is also called cookie hijacking • Packet sniffing/ analysis- a strategic attack on network packets where at Ethernet level the attacker acquires the data networks and use it in retrieving sensitive data after analyzing it Security Assessment Report (systems network) • 9 Distributed denial of service attacks- occurs commonly in organizations using distributed computing platforms where they attack the online system services making it the services inaccessible (SebastianZ, 2013). These threats can be remedied through enforcement and configurations of firewalls log files systems and encryptions methods as explained above under Firewall and Encryption to protect the network from unauthorized access. Also the use of Wireshark analyzer in analyzing and troubleshooting the WANs and LANs network frequently at least quarterly per year Recommendation. Frequently, hackers assess and scan internet connections and ports for vulnerable and unprotected computer networks and systems to exploit. In the existence of an active firewall, the OPMs system should be able to counter this requests by blocking the untrusted network traffic. I recommend the use of NMAP which is application software that allows the OPM system to selfscan itself in response to testing the strength of the firewalls preventing future cyber insecurities. Screen shorts of how to use NMAP (network security scanner) is shown along with other graphics in Fig.6 Security Assessment Report (systems network) 10 Fig.1 organizational structure CEO Marketing Sales Marketing, Sales, and Services Services Security Assessment Report (systems network) 11 Fig.2 computer network Fig.3 Advantages and disadvantages of LAN. ADVANTAGES DISADVANTAGES High speed Its strength is limited to a small area Easy to set up Low cost Fig.4 Advantages and disadvantages of WAN ADVANTAGES DISADVANTAGES It covers near an infinite geographical area It is expensive Security Assessment Report (systems network) Can be used for large and more intricate networks 12 Not easy to setup Security Assessment Report (systems network) 13 Referencing. Bradley Mitchel. (2018). Introduction to LANs, WANs, and Other Kinds of Area Networks. Retrieved from; https://www.lifewire.com/lans-wans-and-other-area-networks-817376. Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009). Cloud computing: Distributed internet computing for IT and scientific research. IEEE Internet computing, 13(5). Final Audit Report. (2015) “Federal Information Security Modernization Act Audit.” Macker, J. (1999). Mobile ad hoc networking (MANET): Routing protocol performance issues and evaluation considerations. Sebastian, Z. (2013). Security 1:1 - Part 3 - Various types of network attacks. Retrieved from; https://www.symantec.com/connect/articles/security-11-part-3-various-types-network-attacks Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security: principles and practice (pp. 978-0). Pearson Education.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello,Find attached the completed work.Feel free to ask for any editing or clarification if need be.Looking forward to working with you again in the future.Thank you
Attached.

Running head: Risk Assessment Report

Project 3: Risk Assessment Report

1

Risk Assessment Report

2

Abstract
Risk assessment is the process of identifying, evaluating and analyzing threats and vulnerabilities
(risks) that will result in possible future damages to the organization system. It involves risk
evaluation and analysis. It is conducted following easy steps of firstly identifying the risk,
determining the subjects that might be inflicted by the uncertainty, risk evaluation and coming up
with control or preventive measures, implementation and recording of the findings and finally
risk assessment reviews when necessary at least quarterly per year. There are different types of
risks an organization can impose after evaluating and analyzing the effects of the threat. This
report will consist of the following topics; Threats, Vulnerabilities, Likelihood of exploitation,
Impact of exploitation, Remediation, Plan of Action and Milestones (POA and POAMs),
Conclusions and References

Risk Assessment Report

3
Security threats

As seen in the audit reports from the OIG, OPM reported weaknesses in their information
technology environment that contributed to the security breach. Security and risks assessments
are conducted to make sure that the organization operating systems satisfies the necessities of the
Federal Information Security Modernization Act (FISMA). Most of the threats were internal
where it would have been possible to avoid the security breach through safeguarding against
these threats. Internal risks identified were;


Inaccurate inventory network and system devices that lower the effectiveness of security
controls



Invalid authorizations



OPM inability to monitor and evaluate its network system environment



Few OPM systems have conducted the contingency plan tests not all



Non-compliance and Inadequacy assessment of the network system environment.



Unskilled and untrained personnel in accordance to the organization policy operating the
OPM systems



Expired agreements between the contractors handling the system and the OPM system
body



Misconfigurations of the virtual private network servers as per the agency policy



Weaknesses to POA and the POAMs while the major systems contain overdue Plan of
Actions and Milestones systems.



Lack of established Risk Executive Function.



Lack of matured vulnerable assessment and scanning tools.

Risk Assessment Report

4
Vulnerabilities

Vulnerabilities include weaknesses which are usually exploited by attackers causing a
system to perform an unauthorized function (Gantz & Philpott, 2012). For an attacker to exploit
vulnerability in the system, they must be able to use an applicable technique or tool that allows
them to connect to the weakness that has been detected in the system. It is therefore necessary to
implement measures that will prevent the exploitation of system vulnerabilities by attackers.
The vulnerabilities of the OPM system are;
Out-dated-soft wares- the OPM network environment no longer offers security fixes, patches or
security updates for the system software due to the unsupported operating and software’s
platforms. Utilization of only supported operating and software platforms in the network
environment should be enforced to remedy this.
Patched management- the entire OPMs environment system should implement patching software
to maintain and manage all the non-operating and operating system software's. Unluckily, after
the scanning not all system servers in the OPM environment was patched.
Weak OPMs vulnerability assessment and scanning tools- this tools analyze, monitors and
evaluate networks for weaknesses. They include MBSA, Open VAS, Wireshark and many others
Misconfigurations of the computer system (hardware, software, internet services) can be
vulnerable to cyber insecurities under unsecured networks (Gantz, 2012). The organization is
currently experiencing weaknesses in the security system as a result of a recent attack. The
credentials are compromised due to the use of weak passwords in the system thus granting access

Risk Assessment Report

5

to unauthorized users. The lack of various encryption schemas is also a weakness that has been
identified in the system.
Likelihood and impact of exploitation
It means the possibility of attacks to the network system environment. As seen in Security
Assessment Reports for system networks, attackers exploit any given a chance presented to them
or go an extra mile in obtaining sensitive organization information through unauthorized access
to the system. Although not all attacks are cyber-connected, the vulnerabilities mentioned above
act as a gateway through the systems by the cybercriminals. The main reason for the system and
network attacks is for the attackers to steal private information from the system leading to an
organizational risk of either accepting, mitigate or transfer the risk. A valid decision is made
after a risk assessment ...


Anonymous
Really helpful material, saved me a great deal of time.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags