Running head: Security Assessment Report
1
Project 3: Security Assessment Report
Abstract
This is a summary of the security assessment made by the Information Assurance Management
Officer regarding the security breach that occurred at the Office of Personnel management that
Security Assessment Report
2
resulted from compromised credentials. Government and cooperate agencies are experiencing far
more frequent cyber security attacks, than they were even a decade ago. These attacks result in
the organization suffering severe negative impacts; for instance, data loss on personnel. The
security threats and vulnerabilities should be assessed and remedied in order to prevent future
attacks. This report will contain in-depth information about the purpose of this research, its
scope, security assessment methodologies, data findings, recommendation, and conclusions.
Most security breaches can be prevented in organizations. The case in point is the breach of the
Office of Personnel Management (OPM) which was the largest government data breach in the
United States history. OPM has since enacted preventative measures such as encryption.
Security Assessment Report
3
Purpose
The reason for routine security audits or network assessments is to necessitate quality
security control measures against security breaches to organizational projects that could be
available to hackers in the computer system. Assessing and monitoring the entire computer
systems and the organization’s infrastructure, including its policies and processes, should
regularly be conducted. It is particularly important to examine the system for vulnerabilities
when a new system or additional infrastructures are added. The assessment must include making
certain that the organization’s is for making certain that the organization’s Information Systems
(IT) resources are compliant with the Federal Information Security Modernization Act (FISMA).
Organization
OPM is a medium sized government entity that has a goal of providing quality, confidential
and uninterrupted services to the consumers. The functional organizational structure has leaders
with divided roles, responsibilities, and powers to manage different sectors each sector being led
by its manager. The structure of the organization is provided in Figure 1 below.
CEO
Marketing
Sales
Marketing, Sales, and Services
Figure 1. Organization Structure
Services
Security Assessment Report
4
Enterprise Network
Computer and data networking are the interconnections of different computers for the
primary reason of sharing resources using dedicated data link connections between the nodes.
Commonly used are: Wireless Fidelity (Wi-Fi), Ethernet, and Fiber-Optic Cables). Networking
enhances communications and sharing among devices. Networking can serve two computers or
an extensive number of computers, their applications, and their services. The networking can
include the use of hardware devices such as printers, fax machines, and storage devices and the
ability to access the Internet. There are several common types of computer networks.
•
Wireless Local Area Network (WLAN): WLAN is a local network supported by Wi-Fi
technology
•
Local Area Network (LAN): LAN is a network that covers a short distance, for example,
a networked school, home or office building.
•
Wide Area Network (WAN): WAN is a geographically widely distributed groups of
LANs
•
Metropolitan Area Network (MAN): MAN is a network covering a larger area than LAN
but smaller than WAN (Mitchel, 2018).
Below is an example of a computer network which depicts one server connecting four PCs and
one printer through the use of one modem and one network switch.
Security Assessment Report
5
Figure 2. WAN Network https://oikos-international.org/penn/about-us/network/
Given this is a medium-sized government organization, I propose the use of both LAN and
WAN networks for efficiency because one can supplement the other in case of difficulties or
threats. The advantages and disadvantages of LAN and WAN are noted at the end of the
document in Figures 3 and 4 below.
ADVANTAGES
DISADVANTAGES
High speed
Its strength is limited to a small area
Easy to set up
Low cost
Figure 3. Advantages and Disadvantages of LAN (Freeman, 2015)
Security Assessment Report
6
ADVANTAGES
DISADVANTAGES
It covers near an infinite geographical area
It is expensive
Can be used for large and more intricate
Not easy to setup
networks
Figure 4. Advantages and disadvantages of WAN (Freeman, 2015)
Computer networking aside from the many advantages, has a high risk of cybercrimes as
it is easy for the hackers to gain unauthorized access of the organization's data by deploying a
computer worm or viruses to attack the system or by directly hacking into the network and
gaining access (Stallings, Brown, Bauer & Bhattacharjee, 2012). Worms and viruses can be be
downloaded easily as the networking system’s software often comes from unsecured sources or
through links that carry viruses. To prevent breaches, there are precautions such as encryption of
data and personal passwords and access codes into the networking system. Encryption is a
process of encoding a piece of information such that it is only accessible to authorized personnel
(Stallings et al., 2012). Strong encryption and security policies ensure that LAN and WAN
networks cyber threats are prevented. An example of a strong password encryption is one that
makes it very hard for a hacker to ‘guess’. It would have least 8-10 characters inclusive of
random capitalized letters, numbers randomly placed with the password, and symbols also
randomly place such as mZj10$4@ym7& (Sebastian, 2013).
Security Assessment Report
7
Other networking computing platforms that can be implemented and are available. Cloud
computing which is the use of Internet-hosted remote servers over local server/computer systems
in managing, accessing, processing and storing data, information, and programs (Dikaiakos,
Katsaros, Mehra, Pallis, & Vakali, 2009). Distributed Computing has distributed systems
located in different networks but achieves a common goal through passing information to each
other. An example of a distributed system is a multiplayer online game (Dikaiakos et al., 2009).
Centralized Computing involves using a central computer in all computing process as long as the
computer peripherals are connected to the central computer which is in control either using
terminal servers or physically. These computing platforms achieve the same goals of
communications, coordination, and sharing of resources like other networks and should be
included in the organization’s network system because of their unique features for the smoother
running of programs (Dikaiakos et al., 2009).
Enterprise Threats
From the OIG report, there are several security deficiencies mentioned that contributed to
the vulnerability of OPM networks leading to a breach. These threats can be described as internal
threats and external threats. Internal threats refer to the security threats that occur from within the
organization (Yeh & Chang, 2007). Research has shown that approximately 40% of the total
security breaches are a result of internal threats (Yeh & Chang, 2007). There are various types of
internal security threats including; weak authentication mechanisms, poor vulnerability
assessment scanning tools, lack of a life cycle plan of management for information systems, no
remedy actions on previous audits, non-compliance activities and inadequacy of OPMs
assessment of the information systems plus a lack of trained personnel in accordance to the
organization policy (Yeh & Chang, 2007). The OPM threat occurred as a result of internal
Security Assessment Report
8
threats which was caused by poor authentication and expired security agreements between the
party handling OPM information systems and OPM itself. All these securities have significant
risks to the organization because in one way or another they depend on each other. OPMs
inability to monitor and assess its system regularly is the greatest weakness as it results in
security breaches which could be prevented.
Lastly described here are the external threats. External threats originate from outside
the organization. External threats include, worms, viruses, installing malware and ransomware
and hacking into a networking system’s passwords and thus releasing valuable information to the
hackers. When weak security policies and software are not kept current, such as the case with
OPM, breaches occur (Freeman, 2015).
Threat Intelligence
Threat intelligence is knowledge based on knowing how to identify threats, remediate them,
and prevent them from occurring again (Freeman, 2015). The evidence that can comprise the
knowledge of a threat is found in the mechanisms and context of the system (Freeman, 2015).
Solutions and decision-making on how to control and prevent future threats can occur in
brainstorming sessions with key individuals who have been screened thoroughly and are of no
internal threat or risk to the company (Freeman, 2015).
Network Assessment and Scanning
Network traffic refers to the amount of data going through a specific networking device at
a given time (Chapell, 2010). For project 2, Security Assessments Reports for the operating
systems Window and Linux, the team used MBSA and Open VAS as the assessment scanning
tools for Windows OS and Linux respectively. There are other assessment tools for scanning
Security Assessment Report
9
threats and vulnerabilities in the system such as Wireshark, Nikto, Retina CS Community,
Aircrack, Nessus Professionals and Tripwire IP360 (Yeh & Chang, 2007). In this project, I will
use Wireshark as the analyzing tool for the analysis of the network. Wireshark is widely used as
an analyzing tool for network protocols. I choose Wireshark because just like Open VAS and
MBSA, Wireshark is an open-sourced software known for its powerfulness abilities in analyzing
LAN. It is fully integrated, has advanced alerts and triggers, has flexible and module solutions to
threats and can work with multiple network packets analysis with different IP addresses or hosts
(Chapell, 2010).
Security Issues
Using Wireshark as a network analyzer and assessment tool to detect existing threats and
vulnerabilities in the OPM network and system environment, the following threats were
identified (Stallings, Brown & Bauer, 2012)
•
Incidents of invalid authorizations
•
OPM’s inability to monitor, assess and manage its network system environment
•
Non-compliance and inadequacy of frequent assessment and analyzing of the system
•
Inaccurate inventory networks and system devices which lower the effectiveness of
security control measures that are in place
•
Lack of an established Risk Executive Function of the OPMs systems
•
Lack of skilled and trained personnel to operate the OPMs systems per its policy
•
Weak or non-existence of enforced life cycle plan for all OPMs systems projects
•
No remediation actions for previous audits
Security Assessment Report
10
The key system development personnel control the network access that is granted to the
employees. The use of strong passwords is encouraged as it reduces the percentage of security
breaches that are experienced by the company (Sebastian, 2013). A strong password often
involves the use of different case characters with numerical figures as well (Sebastian, 2013)
Strong passwords can be the first step in keeping the computer system secured from threats and
breaches as they are often difficult to decode (Sebastian, 2013).
Firewalls and Encryptions
Firewalls in computer networking security are network security measures which control
and monitor the outgoing and incoming network traffics (data networks) basing on the
organization security details (Chapell, 2010). Firewalls protect the networking systems from
untrusted networks by stopping a popup that could carry a virus or other security threat (Chapell,
2010). Also necessary to put into place is encryption which is the process of protecting data from
unauthorized access by encoding the data in the particular message and is only accessible by
protected decryption key known only to a high level trusted employee who is involved in the
networking system’s security. Auditing computer networking systems contribute to the valuable
management of firewall data (Sebastian, 2013)
Relational Database Management System (RDMS) has a RDM server that hosts both the
server and the client database systems (Stallings et al., 2012). RDM supports some
programming languages like C and SQL which can be exploited for injection attacks but RDMS
assists in guarding data ensuring the primary objectives of security assessments are attained.
These objectives of data in the information system are confidentiality, integrity, and availability
(Stallings, et al., 2012)
Security Assessment Report
11
Organizational Network Threats identification and remediation
Above I outlined several system threats that lead to massive data breaches. There is a
difference between system threats and network threats as it shall be seen at the end of this topic.
Below, is a list of network attacks and threats that put the organization at risk of data loss
(Sebastian, 2013):
•
Denial of Service attacks (DOS). DOS is an attack purposed to lock the intended live
ware out from accessing any component of the computer system and network.
•
IP address spoofing. Spoofing involves the creation of fake Internet Protocol IP addresses
to impersonate other system identities concealing attackers’ details.
•
Session hijacking attacks. Session hijacking thefts use HTTP cookies. This threat is also
called cookie hijacking. It is a good practice to delete cookies from computers regularly.
•
Packet sniffing/ analysis. This is a strategic attack on network packets where at Ethernet
level the attacker acquires the data networks and use it in retrieving sensitive data after
analyzing it.
•
Distributed denial of service attacks- occurs commonly in organizations using distributed
computing platforms where they attack the online system services making it the services
inaccessible.
These threats can be remedied through enforcement and configurations of firewall log files
systems and encryptions methods as explained above under Firewall and Encryption to protect
the network from unauthorized access. The use of Wireshark analyzer in analyzing and
troubleshooting the WANs and LANs network frequently at least quarterly per year is a good
practice to adopt.
Security Assessment Report
12
Recommendation
Frequently, hackers assess and scan Internet connections and ports for vulnerabilities and
unprotected computer networks systems that are easy to exploit. If an active firewall was in
place, the OPM’s system would have been able to counter these threats by blocking the untrusted
network traffic. My recommendation is the use of NMAP which is application software that
allows the OPM system to self-scan itself on a scheduled basis and can respond to stop an attack
by also continually testing the strength of the firewalls that are in place and can prevent future
cyber insecurities and attacks.
Security Assessment Report
13
References
Dikaiakos, M. D., Katsaros, D., Mehra, P., Pallis, G., & Vakali, A. (2009). Cloud computing:
Distributed internet computing for IT and scientific research. IEEE Internet computing,
Final Audit Report. (2015) “Federal Information Security Modernization Act Audit.”
Freeman, R. L. (2015). Telecommunication system engineering (Vol. 82). John Wiley & Sons.
https://www.symantec.com/connect/articles/security-11-part-3-various-types-network-attacks
Mitchel, B. 2018). Introduction to LANs, WANs, and Other Kinds of Area Networks.
Retrieved from; https://www.lifewire.com/lans-wans-and-other-area-networks-817376.
Sebastian, Z. (2013). Security 1:1 - Part 3 - Various types of network attacks. Retrieved from;
Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security:
principles and practice. pp. 978-0. Pearson Education: New Jersey.
Yeh, Q. J., & Chang, A. J. T. (2007). Threats and countermeasures for information system
security: A cross-industry study. Information & Management, 44(5), 480-491.
Purchase answer to see full
attachment