Assessing Information System Vulnerabilities and Risk
Attached is OIG Audit Report. This OIG Audit Report and recommendations on the
OPM Breach should help to develop Enterprise Level Security Plans.
Attached is a suggested outline and alternative templates for the Project 3 SAR
and RAR. Again, these are just guidelines, you can adapt them anyway you like, as
long as you address the questions/requirements for the project. I hope these
help.
SCENARIO
You are an Information Assurance Management Officer, IAMO, at an organization
of your choosing. One morning, as you're getting ready for work, you see an email
from Karen, your manager. She asks you to come to her office as soon as you get
in. When you arrive to your work, you head straight to Karen's office. “Sorry for
the impromptu meeting,” she says, “but we have a bit of an emergency.
There's been a security breach at the Office of Personnel Management.”
We don't know how this happened, but we need to make sure it doesn't happen
again, says Karen. You'll be receiving an email with more information on the
security breach. Use this info to assess the information system vulnerabilities of
the Office of Personnel Management. At your desk, you open Karen's email.
She's given you an OPM report from the Office of the Inspector General, or OIG.
You have studied the OPM OIG report and found that the hackers
were able to gain access through compromised credentials. The security breach
could have been prevented, if the Office of Personnel Management, or OPM, had
abided by previous auditing reports and security findings. In addition, access to
the databases could have been prevented by implementing various encryption
schemas and could have been identified after running regularly scheduled
scans of the systems. Karen and the rest of the leadership team want you to
compile your findings into a Security Assessment Report or SAR. You will also
create a Risk Assessment Report, or RAR, in which
you identify threats, vulnerabilities, risks, and likelihood of exploitation and
suggested remediation.
The security posture of the information systems infrastructure of an organization
should be regularly monitored and assessed (including software, hardware,
firmware components, governance policies, and implementation of security
controls). The monitoring and assessment of the infrastructure and its
components, policies, and processes should also account for changes and new
procurements that are sure to follow in order to stay in step with ever-changing
information system technologies.
The data breach at the Office of Personnel Management (OPM) is one of the
largest in US government history. It provides a series of lessons learned for other
organizations in industry and the public sector. Some critical security practices,
such as lack of diligence to security controls and management of changes to the
information systems infrastructure were cited as contributors to the massive data
breach in the OPM Office of the Inspector General's (OIG) Final Audit Report,
which can be found in open source searches. Some of the findings in the report
include: weak authentication mechanisms; lack of a plan for life-cycle
management of the information systems; lack of a configuration management
and change management plan; lack of inventory of systems, servers, databases,
and network devices; lack of mature vulnerability scanning tools; lack of valid
authorizations for many systems, and lack of plans of action to remedy the
findings of previous audits.
The breach ultimately resulted in removal of OPM's top leadership. The impact of
the breach on the livelihoods of millions of people is ongoing and may never be
fully known. There is a critical need for security programs that can assess
vulnerabilities and provide mitigations.
There are nine steps that will help you create your final deliverables. The
deliverables for this project are as follows:
1. Security Assessment Report (SAR): This should be an 8-10 page doublespaced Word document with citations in APA format. The page count does
not include figures, diagrams, tables, or citations.
2. Risk Assessment Report (RAR): This report should be a 5-6 page doublespaced Word document with citations in APA format. The page count does
not include figures, diagrams, tables, or citations.
3. In a Word document, share your lab experience and provide screen prints to
demonstrate that you performed the lab.
When you submit your project, your work will be evaluated using the
competencies listed below. You can use the list below to self-check your work
before submission.
•
•
•
•
•
•
•
•
•
•
•
1.1: Organize document or presentation clearly in a manner that promotes
understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points so that each is internally unified
and so that each functions as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writer’s
ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message and audience.
1.6: Follow conventions of Standard Written English.
5.2: Knowledge of architectural methodologies used in the design and
development of information systems and knowledge of standards that either
are compliant with or derived from established standards or guidelines.
5.6: Explore and address cybersecurity concerns, promote awareness, best
practice, and emerging technology.
7.3: Knowledge of methods and tools used for risk management and
mitigation of risk.
8.1: Demonstrate the abilities to detect, identify, and resolve host and
network intrusion incidents.
8.2: Possess knowledge and skills to categorize, characterize, and prioritize an
incident as well as to handle relevant digital evidence appropriately.
Step 1: Enterprise Network Diagram
During Project One, you researched a hypothetical or actual organization of your
choice. You had to understand the goals of the organization and the types of
systems that would fulfill those goals. You will now research and learn about
types of networks and their secure constructs that may be used in organizations
to accomplish the functions of the organization’s mission. You will propose a
local area network (LAN) and a wide area network (WAN) for the organization,
define the systems environment, and incorporate this information in a network
diagram. Discuss the security benefits of your chosen network design.
Read about the following computing platforms available for networks and discuss
how these platforms could be implemented in your organization. Include the
rationale for all platforms you choose to include in your network design.
•
•
•
•
•
common computing platforms
cloud computing
distributed computing
centralized computing
secure programming fundamentals
Step 2: Enterprise Threats
Review the OIG report on the OPM breach that you were asked to research and
read about at the beginning of the project. The OIG report included numerous
security deficiencies that likely left OPM networks vulnerable to being breached.
In addition to those external threats, the report also describes the ways OPM was
vulnerable to insider threats. The information about the breach could be classified
as threat intelligence. Define threat intelligence and explain what kind of threat
intelligence is known about the OPM breach.
You just provided detailed background information on your organization. Next,
you’ll describe threats to your organization’s system. Before you get started,
select and explore the contents of the following link: insider threats (also known
as internal threats). As you’re reading, take note of which insider threats are a
risk to your organization.
Now, differentiate between the external threats to the system and the insider
threats. Identify where these threats can occur in the previously created
diagrams. Relate the OPM threat intelligence to your organization. How likely is
it that a similar attack will occur at your organization?
Step 3: Scanning the Network
Note: You will use the tools in Workspace for this step. If you need help outside
the classroom to complete this project, register for CLAB 699 Cyber Computing
Lab Assistance (go to the Discussions List for registration information). Primary lab
assistance is available from a team of lab assistants. Lab assistants are
professionals and are trained to help you.
Click here to access the instructions for Navigating the Workspace and the Lab
Setup.
Select the following link to enter Workspace. and complete the lab activities
related to network vulnerabilities.
You will now investigate network traffic, and the security of the network and
information system infrastructure overall. Past network data has been logged and
stored, as collected by a network analyzer tool such as Wireshark. Explore the
tutorials and user guides to learn more about the tools you will use. Click the
following link to read more about these network monitoring tools: Tools to
Monitor and Analyze Network Activities.
You will perform a network analysis on the Wireshark files provided to you in
Workspace and assess the network posture and any vulnerability or suspicious
information you are able to obtain. Include this information in the SAR.
You will then return to the lab in order to identify any suspicious activities on the
network, through port scanning and other techniques. You will revisit the lab and
lab instructions in Step 7: Suspicious Activity.
Click here to access the Project 3 Workspace Exercise Instructions.
In order to validate the assets and devices on the organization's network, run
scans using security and vulnerability assessment analysis tools such as MBSA,
OpenVAS, Nmap, or Nessus depending on the operating systems of your
organization's networks. Live network traffic can also be sampled and scanned
using Wireshark on either the Linux or Windows systems. Wireshark allows you to
inspect all OSI layers of traffic information. Further analyze the packet capture for
network performance, behavior, and any suspicious source and destination
addresses on the networks.
In the previously created Wireshark files, identify if any databases had been
accessed. What are the IP addresses associated with that activity? Include this
information in the SAR.
Step 4: Identifying Security Issues
You have a suite of security tools, techniques, and procedures that can be used to
assess the security posture of your organization's network in a SAR.
Now it's time to identify the security issues in your organization's networks. You
have already used password cracking tools to crack weak and vulnerable
passwords. Provide an analysis of the strength of passwords used by the
employees in your organization. Are weak passwords a security issue for your
organization?
Step 5: Firewalls and Encryption
Next, examine these resources on firewalls and auditing–RDBMS related to the
use of the Relational Database Management System (i.e., the database system
and data) RDBMS. Also review these resources related to access control.
Determine the role of firewalls and encryption, and auditing – RDBMS that
could assist in protecting information and monitoring the confidentiality,
integrity, and availability of the information in the information systems.
Reflect any weaknesses found in the network and information system diagrams
previously created, as well as in the developing SAR.
Step 6: Threat Identification
You know of the weaknesses in your organization's network and information
system. Now you will determine various known threats to the organization's
network architecture and IT assets.
Get acquainted with the following types of threats and attack techniques. Which
are a risk to your organization?
•
•
•
•
•
IP address spoofing/cache poisoning attacks
denial of service attacks (DoS)
packet analysis/sniffing
session hijacking attacks
distributed denial of service attacks
In identifying the different threats, complete the following tasks:
1. Identify the potential hacking actors of these threat attacks on
vulnerabilities in networks and information systems and the types of
remediation and mitigation techniques available in your industry, and for
your organization.
2. Identify the purpose and function of firewalls for organization network
systems, and how they address the threats and vulnerabilities you have
identified.
3. Also discuss the value of using access control, database transaction and
firewall log files.
4. Identify the purpose and function of encryption, as it relates to files and
databases and other information assets on the organization's networks.
Include these in the SAR.
Step 7: Suspicious Activity
Note: You will utilize the tools in Workspace for this step.
Hackers frequently scan the Internet for computers or networks to exploit. An
effective firewall can prevent hackers from detecting the existence of networks.
Hackers continue to scan ports, but if the hacker finds there is no response from
the port and no connection, the hacker will move on. The firewall can block
unwanted traffic and NMap can be used to self-scan to test the responsiveness of
the organization's network to would-be hackers.
Select the following link to enter Workspace and conduct the port scanning. Return to the lab
instructions by clicking here to access the Project 3 Workspace Exercise Instructions.
Step 8: Risk and Remediation
What is the risk and what is the remediation? What is the security exploitation?
You can use the OPM OIG Final Audit Report findings and recommendations as a
possible source for methods to remediate vulnerabilities.
Read this risk assessment resource to get familiar with the process, then prepare
the risk assessment. Be sure to first list the threats, then the vulnerabilities, and
then pairwise comparisons for each threat and vulnerability, and determine the
likelihood of that event occurring, and the level of impact it would have on the
organization. Use the OPM OIG Final Audit Report findings as a possible source
for potential mitigations. Include this in the risk assessment report (RAR).
Step 9: Creating the SAR and RAR
Your research and Workspace exercise have led you to this moment: creating
your SAR and RAR. Consider what you have learned in the previous steps as you
create your reports for leadership.
Prepare a Security Assessment Report (SAR) with the following sections:
1.
2.
3.
4.
5.
6.
7.
Purpose
Organization
Scope
Methodology
Data
Results
Findings
The final SAR does not have to stay within this framework, and can be designed to
fulfill the goal of the security assessment.
Prepare a Risk Assessment Report (RAR) with information on the threats,
vulnerabilities, likelihood of exploitation of security weaknesses, impact
assessments for exploitation of security weaknesses, remediation, and
cost/benefit analyses of remediation. Devise a high-level plan of action with
interim milestones (POAM), in a system methodology, to remedy your findings.
Include this high-level plan in the RAR. Summarize the results you obtained
from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your
report.
The deliverables for this project are as follows:
1. Security Assessment Report (SAR): This should be an 8-10 page doublespaced Word document with citations in APA format. The page count does
not include figures, diagrams, tables, or citations.
2. Risk Assessment Report (RAR): This report should be a 5-6 page doublespaced Word document with citations in APA format. The page count does
not include figures, diagrams, tables, or citations.
3. In a Word document, share your lab experience and provide screen prints to
demonstrate that you performed the lab.
4. APA style references
Submit your deliverables to the assignment folder.
Before you submit your assignment, review the competencies below, which your
instructor will use to evaluate your work. A good practice would be to use each
competency as a self-check to confirm you have incorporated all of them in your
work.
•
•
•
•
•
•
•
•
•
•
•
1.1: Organize document or presentation clearly in a manner that promotes
understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points so that each is internally unified
and so that each functions as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the
writer’s ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message and audience.
1.6: Follow conventions of Standard Written English.
5.2: Knowledge of architectural methodologies used in the design and
development of information systems and knowledge of standards that
either are compliant with or derived from established standards or
guidelines.
5.6: Explore and address cybersecurity concerns, promote awareness, best
practice, and emerging technology.
7.3: Knowledge of methods and tools used for risk management and
mitigation of risk.
8.1: Demonstrate the abilities to detect, identify, and resolve host and
network intrusion incidents.
8.2: Possess knowledge and skills to categorize, characterize, and prioritize
an incident as well as to handle relevant digital evidence appropriately.
Running head: Risk Assessment Report
Project 3: Risk Assessment Report
1
Risk Assessment Report
2
Abstract
Risk assessment is the process of identifying, evaluating and analyzing threats and vulnerabilities
(risks) that will result in possible future damages to the organization system. It involves risk
evaluation and analysis. It is conducted following easy steps of firstly identifying the risk,
determining the subjects that might be inflicted by the uncertainty, risk evaluation and coming up
with control or preventive measures, implementation and recording of the findings and finally
risk assessment reviews when necessary at least quarterly per year. There are different types of
risks an organization can impose after evaluating and analyzing the effects of the threat. This
report will consist of the following topics; Threats, Vulnerabilities, Likelihood of exploitation,
Impact of exploitation, Remediation, Plan of Action and Milestones (POA and Ms), Conclusions
and References
Security threats
As seen in the audit reports from the OIG, OPM reported weaknesses in their information
technology environment that contributed to the security breach. Security and risks assessments
are conducted to make sure that the organization operating systems satisfies the necessities of the
Federal Information Security Modernization Act (FISMA). Most of the threats were internal
which with critical considerations the danger could be avoided. The internal risks identified
were;
•
Inaccurate inventory network and system devices that lower the effectiveness of security
controls
•
Invalid authorizations
Risk Assessment Report
3
•
OPM inability to monitor and evaluate its network system environment
•
Few OPM systems have conducted the contingency plan tests not all
•
Non-compliance and Inadequacy assessment of the network system environment.
•
Unskilled and untrained personnel in accordance to the organization policy operating the
OPM systems
•
Expired agreements between the contractors handling the system and the OPM system
body
•
Misconfigurations of the virtual private network servers as per the agency policy
•
Incorporation of identified weakness to POA and Ms while large systems contain the
Plan of Actions and Milestones that are overdue.
•
Lack of established Risk Executive Function.
•
Lack of matured vulnerable assessment and scanning tools.
Vulnerabilities
The security threat is potential damage, loss or destruction on the network system environment
while vulnerability is a pothole or any weakness on the system that can be exploited. The
vulnerabilities of the OPM system is;
Out-dated-soft wares- the OPM network environment no longer offers security fixes, patches or
security updates for the system software due to the unsupported operating and software’s
platforms. Utilization of only supported operating and software platforms in the network
environment should be enforced to remedy this.
Risk Assessment Report
4
Patched management- the entire OPMs environment system should implement patching software
to maintain and manage all the non-operating and operating system software's. Unluckily, after
the scanning not all system servers in the OPM environment was patched.
Weak OPMs vulnerability assessment and scanning tools- this tools analyze, monitors and
evaluate networks for weaknesses. They include MBSA, Open VAS, Wireshark and many others
Misconfigurations of the computer system (hardware, software, internet services) that can be
vulnerable to cyber insecurities under unsecured networks (Gantz, 2012)
Likelihood and impact of exploitation
It means the possibility of attacks to the network system environment. As seen in Security
Assessment Reports for system networks, attackers exploit any given a chance presented to them
or go an extra mile in obtaining sensitive organization information through unauthorized access
to the system. Although not all attacks are cyber-connected, the vulnerabilities mentioned above
act as a gateway through the systems by the cybercriminals. The main reason for the system and
network attacks is for the attackers to steal private information from the system leading to an
organizational risk of either accepting, mitigate or transfer the risk. A valid decision is made
after a risk assessment has been conducted depending on the effects that the threat will inflict on
the organization.
By the use of vulnerability assessment tools, in this case, Wireshark which is a free/open sourced
software known as the most powerful tool for analyzing and monitoring of networks, some
network securities attacks were identified. They include packet analysis, Denial of Service
attacks (Dos), session hijacking attacks, IP addresses spoofing and Distributed Denial of Service
attacks (D-DoS).
Risk Assessment Report
5
Remediation and mitigation
A solution to cyber-attacks is through the creation of firewalls log files and encryption methods.
Firewalls are computer networking systems that control and monitors all the incoming network
traffic and outgoing under the OPM security systems rules. Firewalls constructs a barrier
between the local servers and the local networks’. In the existence of an active firewall, all
strategically planned attacks against the data network of the system are blocked hence the threat
will have been prevented. Encryption methods can be used in Relational Database Management
System (RDMS) creating minimized access to the database or other files unless you have a
decryption key.
Mitigation
To lessen disadvantageous effects in taking risks against a particular vulnerability, there are
strategically planned mitigation risks to be followed before deciding on which way to handle the
threat. These strategies are;
Risk acceptance- even though it involves doing entirely nothing to solve the vulnerable it is still
being considered as a risky strategy. In this, the organization makes no risk and do nothing this is
after a risk assessment has been done and the cost of fixing the risk is higher compared to avoid
it.
Risk avoidance- it’s where actions are taken to avoid the negative impacts of the vulnerable in
future. It’s the opposite of accepting risks.
Risk transfer- includes the involvement of a willing third group or party to solve risk. For
example, insurance policies (Tanimoto, 2011)
Risk Assessment Report
6
Plan of Action and Milestones (POA and Ms)
Plan of Action and Milestones is a tool purposed to helping agencies in assessing, identifying,
monitoring and prioritizing the progressed IT securities systems from their system threats and
vulnerable after remediation. OPM effectively used POA and M in keeping tabs of its system by
ensuring all the OPM systems are incorporated into POA and M document appropriately,
prioritizing weaknesses, active adherence and planning to remediation deadlines, identifying
resources to remedy vulnerability, renewing contractors’ agreements on time and contractor
documentation systems. And also, planning contingency tests and remote access of the
management system data and networks. POA and M will reduce security threats and
vulnerabilities on the OPM systems on the next system evaluation period.
Conclusion
Following the above information about threats and vulnerabilities, I think and believe most
security breaches can be prevented if necessary actions are implemented in time. I recommend
the use of vulnerability scanning tools (MBSA, Open VAS, Wireshark, Nikto) to identify
weakness in the system regularly and in case of a new system too. Use of firewalls and
encryptions are the best methods for blocking unauthorized access to the system hence avoidance
data loss to unknown individuals.
Risk Assessment Report
7
Referencing
Cárdenas, A. A., Amin, S., Lin, Z. S., Huang, Y. L., Huang, C. Y., & Sastry, S. (2011, March).
Attacks against process control systems: risk assessment, detection, and response.
In Proceedings of the 6th ACM symposium on information, computer and
communications security (pp. 355-366). ACM.
Gantz, S. D., & Philpott, D. R. (2012). FISMA and the risk management framework: the new
practice of federal cyber security. Newnes.
Kundra, V. (2011). Federal cloud computing strategy.
Newman, R. C. (2006, September). Cybercrime, identity theft, and fraud: practicing safe
internet-network security threats and vulnerabilities. In Proceedings of the 3rd annual
conference on Information security curriculum development (pp. 68-78). ACM.
Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H., & Kanai, A. (2011, May). Risk management
on the security problem in cloud computing. In Computers, Networks, Systems and
Industrial Engineering (CNSI), 2011 First ACIS/JNU International Conference on (pp.
147-152). IEEE.
Wu, T. (2003). Network neutrality, broadband discrimination. J. on Telecomm. & High Tech.
L., 2, 141.
Running head: Security Assessment Report
1
Project 3: Security Assessment Report
Abstract
Security Assessment Report (systems network)
2
A summary of the security assessment that I will conduct about the organization network as the
Information Assurance Management Officer is resulted by an occurrence of a security breach
that turned out in the Office of Personnel Management (OPM). Cyber-attacks especially attacks
government and cooperate agencies is at a higher rate recently compared to the same attacks
back in time. These attacks inflict the organization with severe negative impacts like data loss on
unauthorized personnel hence the security threats, and vulnerabilities should be assessed and
remedied accordingly preventing similar attacks. The report will contain more in-depth
information about the purpose of the research, its scope, security assessment methodologies, data
findings, recommendation, and conclusions. The most security breach can be prevented if the
organization, in this case, OPM has enacted some of the easy-to-learn preventive measures
(encryption).
Purpose
The essential reason for the security audit or network assessments is to necessitate quality
security control measures against security breaches to any designed and implemented
organizational projects available in the computer system. Assessing and monitoring the entire
computer systems and organizations infrastructure (processes and policies) should regularly be
conducted inclusive of when changing to a new system or additional infrastructures to be ahead
of any possible future threats. The assessment is for making certain that the organizations
Information Systems (IT) resources satisfies the needs of the Federal Information Security
Modernization Act (FISMA).
Organization.
Security Assessment Report (systems network)
3
It is a medium sized legal entity that has a common goal of providing quality products and
services to the consumers. It has a functional organizational structure with divided roles,
responsibilities, and power to different sectors each sector being led by its manager. The
structure of the organization will be provided at the end of this document.
Scope; Enterprise network
Data or computer network in other terms is the interconnection of different computers with the
primary reason of sharing resources using data links connections (Wireless Fidelity (Wi-Fi),
Ethernet and fiber-optic cables) between nodes. Networking enhances communications and
sharing among devices. It helps in extensive number computer applications and services like use
of other hardware devices (printers, fax machines, and storage devices) and in accessing the
internet. There are different common types of computer networks;
•
Wireless Local Area Network (WLAN)- It is a local network supported by Wi-Fi
technology
•
Local Area Network (LAN) - a network that covers a short distance, for example, a
networked school, home or office building.
•
Wide Area Network (WAN)- it is a geographically widely distributed groups of LANs
•
Metropolitan Area Network (MAN) - it is a network covering a larger area than LAN but
smaller than WAN (Bradley Mitchel,2018).
Given this is a medium-sized organization I propose the use of both LAN and WAN networks
for efficiency because each has its advantages and disadvantages and one can supplement the
other in case of difficulties or threats. The advantages and disadvantages of LAN and WAN are
noted at the end of the document in Fig.3 and Fig. 4 respectively.
Security Assessment Report (systems network)
4
Computer networking can be termed as the most significant source of cybercrimes as it's easy for
the hackers to gain unauthorized access of the organization's data by deploying a computer worm
or viruses to attack the system or by directly hacking into the network and gain access. Worms
and viruses can be voluntary be downloaded as system software's from unsecured sources or
through links. But with strong encryption and security policies LAN and WAN networks cyber
threats can be prevented.
Other networking computing platforms that can be implemented in our network systems and are
available are;
Cloud computing- this is the use of internet-hosted remote servers over local server/computer
systems in managing, accessing, processing and storing data, information, and programs
(Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009)).
Distributed computing- has distributed systems located in different networks but achieves a
common goal through passing information to each other. Example of a distributed system is a
multiplayer online game (Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A.
(2009)).
Centralized computing- involves using a central computer in all computing process as long as the
computer peripherals are connected to the central computer which is in control either using
terminal servers or physically.
These computing platforms achieve the same goals of communications, coordination, and
sharing of resources like other networks hence it should be included in the organization network
system because of their unique features for the smoother running of programs (Dikaiakos, M. D.,
Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009)).
Security Assessment Report (systems network)
5
Enterprise threats.
From the OIG report, there are several securities deficiency mentioned that contributed to the
vulnerability of OPM networks that lead to a breach. These threats can be categorized into two;
•
Internal threats- this is the threats rooting from inside the organization. They include
weak authentication mechanisms, misconfiguration or change of plan management
policies, lack of inventory systems (network devices, databases, and servers). Also, poor
vulnerability assessment scanning tools, lack of life cycle plan of management of
information systems, no remedy actions on previous audits, non-compliance and
inadequacy of OPMs continuous assessment of the information systems and lack of
trained personnel in accordance to the organization policy. In addition to, expired security
agreements between the party handling OPM information systems and the OPM itself and
poor authorization procedure for many systems in the organization (Final Audit Report,
2015).
All the above securities threats have significant risks to the organization because in one way or
another they depend on each other. OPMs inability to monitor and assess its system regularly is
the greatest weakness as it results in securities breach which can be prevented.
•
External threats- this is threats that originate from outside the organization leading to data
breaches mainly cyber insecurities promoted by weak OPMs security policies (Macker, J.
(1999)).
Threat intelligence
Security Assessment Report (systems network)
6
It is a knowledge based on threats evidence comprising of mechanisms, implication, context,
indicator and the solutions to the threats advice that assists during decision-making process
concerning the control and preventive measures to be taken against the threat.
Network assessment and scanning.
Network traffic is the given number of data going through a specific networking device at a
given time. In project 2, Security Assessments Reports for operating systems (Window and
Linux) we used MBSA and Open VAS as the assessment scanning tools for Windows OS and
Linux respectively. There are other assessment tools for scanning threats and vulnerabilities in
the system such as Wireshark, Nikto, Retina CS Community, Aircrack, Nessus Professionals and
Tripwire IP360. In this project, I will use Wireshark as the analyzing tool for the analysis of the
network. Wireshark is widely used as an analyzing tool for network protocols. I choose
Wireshark because just like Open VAS and MBSA, Wireshark is an open-sourced software
known for its powerfulness abilities in analyzing LAN. It is fully integrated, has advanced alerts
and triggers, has flexible and module solutions to threats and can work with multiple network
packets analysis with different IP addresses or hosts (Chapell, 2010).
I gained a deeper understanding of network analyzing tools, mainly how to use Wireshark in the
lab with the assistance from the lab assistance CLAB 699 cyber computing. Wireshark acts as a
multitasking software mostly in a complex networking system environment like monitoring
network, network management, network configurations and troubleshooting, server’s assessment
and network analysis. Screen prints showing steps to be followed while analyzing OPMs
network system is provided at the end of this document
Security Issues
Security Assessment Report (systems network)
7
Using Wireshark as a network analyzer and assessment tool to detect existing threats and
vulnerabilities in the OPM network and system environment, the following threats were
identified;
•
Cases of invalid authorizations
•
OPMs inability to monitor, assess and manage its network system environment
•
Non-compliance and inadequacy of frequent assessment and analyzing of the system
•
Inaccurate inventory networks and system devices which lower the effectiveness of
security control measures that are in place
•
Lack of an established Risk Executive Function of the OPMs systems
•
Lack of skilled and trained personnel to operate the OPMs systems per its policy
•
Weak or non-existence of enforced life cycle plan for all OPMs systems projects
•
No remediation actions for previous audits (citation)
Even though strong passwords in the systems during logins does not guarantees effective
security control measures, it reduces organizational risks to security breach occurrences at a
certain percentage. In an organization, the creation of passwords depends on its system
development (design and implementation) where the employees can gain access to the system
and network data according to their position in the organization. Strong passwords keep the
computer system secured from threats and breaches.
Firewalls and Encryptions
Firewalls in computer networking security are network security which controls and monitors the
outgoing and incoming network traffics (data networks) basing on the organization security
details. Firewalls protect the networking systems from untrusted networks. On the other hand,
Security Assessment Report (systems network)
8
encryption is the process of protecting data from unauthorized access by encoding the data in the
particular message and can only be accessed by use of a decryption key. Auditing computer
networking systems contribute to the valuable management of firewall data (Minor, 1999).
Relational Database Management System (RDMS) - has RDM server that host server/client
database system supporting some programming languages like C and SQL which can be
exploited for injection attacks but RDMS assists in guarding data ensuring the primary objectives
of security assessments are attained. These objectives of data in the information system are
confidentiality, integrity, and availability (CIA).
Organizational Network Threats identification and remediation
Above I outlined several system threats that lead to massive data breach. There is a difference
between system threats and network threats as it shall be seen at the end of this topic. Below, are
a list of network attacks and threats that put the organization at risk of data loss;
•
Denial of Service attacks (Dos) - an attack purposed to lock the intended liveware out
from accessing any component of the computer system and network.
•
IP addresses spoofing- involves the creation of fake Internet Protocol IP addresses to
impersonate other system identities concealing attackers’ details.
•
Session hijacking attacks- theft using HTTP cookie. It is also called cookie hijacking
•
Packet sniffing/ analysis- a strategic attack on network packets where at Ethernet level
the attacker acquires the data networks and use it in retrieving sensitive data after
analyzing it
Security Assessment Report (systems network)
•
9
Distributed denial of service attacks- occurs commonly in organizations using distributed
computing platforms where they attack the online system services making it the services
inaccessible (SebastianZ, 2013).
These threats can be remedied through enforcement and configurations of firewalls log files
systems and encryptions methods as explained above under Firewall and Encryption to protect
the network from unauthorized access. Also the use of Wireshark analyzer in analyzing and
troubleshooting the WANs and LANs network frequently at least quarterly per year
Recommendation.
Frequently, hackers assess and scan internet connections and ports for vulnerable and
unprotected computer networks and systems to exploit. In the existence of an active firewall, the
OPMs system should be able to counter this requests by blocking the untrusted network traffic. I
recommend the use of NMAP which is application software that allows the OPM system to selfscan itself in response to testing the strength of the firewalls preventing future cyber insecurities.
Screen shorts of how to use NMAP (network security scanner) is shown along with other
graphics in Fig.6
Security Assessment Report (systems network)
10
Fig.1 organizational structure
CEO
Marketing
Sales
Marketing, Sales, and Services
Services
Security Assessment Report (systems network)
11
Fig.2 computer network
Fig.3 Advantages and disadvantages of LAN.
ADVANTAGES
DISADVANTAGES
High speed
Its strength is limited to a small area
Easy to set up
Low cost
Fig.4 Advantages and disadvantages of WAN
ADVANTAGES
DISADVANTAGES
It covers near an infinite geographical area
It is expensive
Security Assessment Report (systems network)
Can be used for large and more intricate
networks
12
Not easy to setup
Security Assessment Report (systems network)
13
Referencing.
Bradley Mitchel. (2018). Introduction to LANs, WANs, and Other Kinds of Area Networks.
Retrieved from; https://www.lifewire.com/lans-wans-and-other-area-networks-817376.
Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009). Cloud computing:
Distributed internet computing for IT and scientific research. IEEE Internet computing,
13(5).
Final Audit Report. (2015) “Federal Information Security Modernization Act Audit.”
Macker, J. (1999). Mobile ad hoc networking (MANET): Routing protocol performance issues
and evaluation considerations.
Sebastian, Z. (2013). Security 1:1 - Part 3 - Various types of network attacks. Retrieved from;
https://www.symantec.com/connect/articles/security-11-part-3-various-types-network-attacks
Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security:
principles and practice (pp. 978-0). Pearson Education.
Purchase answer to see full
attachment