please see attachmentMicrosoft Word - Exercise 2.docx Part A: Asset Threat and Vulnerability...

Question

please see attachmentMicrosoft Word - Exercise 2.docx Part A: Asset Threat and Vulnerability Identification on a Network     Diagram (20 Marks)Benjamin Yankson, an Information Technology  Security Manager for My-University, contacted you on a matter relating to  IS security risk facing his organization. Benjamin has recently begun to see  signs that his security measures are not quite up to snuff (adequate). In the  last six months, his company has been hit with several viruses, backup  failures, and loss of rather expensive networking equipment. Benjamin  feels that this situation warrants,bringing you an independent Information  System Risk and Policy Specialistto help his organization begin the IS  security risk evaluation. The objective of this case is to use the risk  identification process established in Figure 1 to Identify or brainstorm about  known vulnerabilities and threats specific to each asset in Figure 2.      Figure 1. Information Systems Security Risk Identification Process Diagram  As part of the initial document received, Benjamin provided you with a  Network topology diagram (Figure 2). Using Figure 1, IS Security Risk  Identification Process Diagram, conduct a Risk Identification based on the  organization’s network diagram Figure 2. Present your answer using a  table format. For each asset in Figure 2, identify at minimum one  vulnerability,and specify one threat that has a probability to exploit it. (Note:  For the purpose of this assignment, you can consider all servers as one)            Figure 2. Network TopologyTable 1. This table is a sample Table for Asset,  Threat, and Vulnerability Identification. Asset Name Vulnerability Threat *The

Neha · Accepted Answer

Asset
	Vulnerability
	Threat
	Firewall
	The firewall can be penetrated by the person who has access to it. The person is able to enter through its security and attack system. He is able to bypass the perimeter firewall and will have entrusted access to internal system. 
	If network is having outdated firewall, then they are not effective enough to keep it secure. Generally, the passwords are also difficult to remember. This leads to the temptation of easy passwords or worse case is to have default with factory settings. 
	Router
	Currently the router is not configured properly, and it is exposed to the administrator interface. It is exposed to the untrusted network without any reason. This type of behaviour is very common when we are having external penetration test further teams to find out the HTTP, https or SSH which are exposed to the user over the Internet. All these services are generally vulnerable to the different types of attacks like traffic interception, password guessing and also the authentication bypass. 
	if the attacker is able to get access of the device then they can also grant themselves complete access for the other segments of the network, upload firmware image which is customised for the router and then it will copy the whole traffic and it will be forwarded to the host which is controlled by the attacker or even they can reconfigure it to create denial of service condition for the network. Most of the routers are not familiar with automatic update facility or they do not have the incremental patching ability, so it is important to have full firmware image and apply it to the device.

Microsoft Word - Exercise 2.docx Part A: Asset Threat and Vulnerability Identification on a Network Diagram (20 Marks)Benjamin Yankson, an Information Technology Security Manager for My-University,...

Answer To: Microsoft Word - Exercise 2.docx Part A: Asset Threat and Vulnerability Identification on a Network...

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment