Identifying Potential Malicious Attacks, Threats and Vulnerabilities

In: Computers and Technology

Submitted By psotoole
Words 1563
Pages 7
Recently the Chief Information Officer of our company Celtic Gamers Frontier Inc. (CGF) has read of an increase in the threat space regarding the electronic game industry and he is concerned with regards to our Companies overall architecture, and the risks to our Research and Development efforts and other Intellectual Property. He has tasked the company’s corporate information technology group to produce an information paper detailing the types of cyber threats and malware are being reported on the internet. They would also like the security group to give the company’s executive leadership a detailed report regarding the threats, vulnerabilities and the overall risks that may be present in our current corporate infrastructure. The security department for the organization is relatively small and short on resources so this task has been given to me to do the research and create an executive report detailing the current vulnerabilities, risks and threats and potential impact to our network should we have any security incidents. “Unfortunately, there are inherent risks to computer usage — hackers, viruses, worms, spyware, malware, unethical use of stolen passwords and credentials, unauthorized data removal by employees with USB flash drives, or servers crashing and bringing productivity to a halt” ("Cybersecurity," 2013) .
The CGF network is a typical office network composed of an external firewall with an external DMZ with public use servers, and internal firewall protecting the corporate network. The internal CGF network includes Microsoft Windows OS workstations and enterprise servers supporting: web, exchange, file, AD and FTP servers, additionally there are 100 workstations consisting of desktops and laptops, VOIP telephones and a wireless access point for corporate users. The overall corporate network architecture follows best industry practices by using a…...

Similar Documents

Identifying Potential Risk, Response, and Recovery

...Assignment 2: Identifying Potential Risk, Response, and Recovery Emory Evans August 26, 2012 Dr. Robert Whale CIS 333 There are a myriad of potential threats and vulnerabilities that leave a system open to malicious attack, anytime you have a computer network that connects to the internet there is a potential for malicious attack so it is important that you know the vulnerabilities of a system to protect it from potential threats and malicious attacks. “A vulnerability is any weakness in a system that makes it possible for a threat to cause harm.” (Kim & Solomon, 2012, p. 96). There are several common vulnerabilities that exist within the seven domains of an IT infrastructure for example there is the lack of awareness or concern for security policy vulnerability in the User Domain as well as intentional malicious activity ( Kim & Solomon, 2012). Within the Workstation Domain there exists unauthorized user access, weakness in installed software, and malicious software introduced vulnerabilities, unauthorized network access, transmitting private data unencrypted, spreading malicious software, exposure and unauthorized access of internal resources to the public, introduction of malicious software, loss of productivity due to internet access, denial of service attacks, brute-force attacks on access and private data are all examples of vulnerabilities within the seven domains of IT infrastructure which are User, Workstation, LAN...

Words: 705 - Pages: 3

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...For a better understanding of the situation in the network of the company I decided to start the analysis by the vulnerabilities that this one presents. Many of these vulnerabilities are the cause for different types of network attacks. It should be noted that while many of these vulnerabilities may be mitigated or eliminated the possibility of an attack always exists. The first vulnerability is the email server. Although very well controlled for been within the Demilitarized Zone (DMZ), this is always a vulnerability with which most companies have to deal with. This vulnerability opens the way for phishing attack. One way to mitigate this vulnerability is configuring the email server so that only authorized email may enter. This is difficult because our video game company has a large list of customers and suppliers that are in constant change. The best option is to alert users about the security measures and company policies regarding private and unknown emails. The Web and FTP server can be a not very alarming vulnerability. Because it is located in the DMZ and after the Intrusion Detection System (IDS), is unlikely to be corrupted without being detected. The location of the file servers in the network is totally unprotected against internal attacks. Any successful attack in the LAN would leave the data servers exposed. The establishment of a demilitarized zone with a completely different set of log on names and password than any other machines would give these servers......

Words: 1141 - Pages: 5

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...computer as a base of filtering through their criminal activities. The criminal basically wants to forge their criminal activities over the internet without involvement of the police or any other type of law enforcement agency. They use the computer internet for exploitation of minors revealing pornographic material of young boys and girls for monetary gain. This type of criminal activity not only involves the pedophilic type of person but also involves the married Joe that lives at home with his wife and kids of his own. They usually get caught in pornography sting operations where undercover agents lure these unsuspecting pedophiles into a home or apartment where they are thought to meet an underage girl to engage in sexual activity. The attack on the local Sheriffs’ department’s web database on a national scale may have leaked information of a sensitive nature concerning an ongoing investigation with one local police department. Gassville, Arkansas, Chief of police told the associated press that some of the information stolen was posted online and displayed pictures of teenage girls in their swimsuits. The posting of the teenage girls in swimsuits was an ongoing investigation that the department was looking into concerning child pornography. Many of the local officers affected by the hacking lost valuable information like tips from concerned citizens, credit card information and e-mails which hold enough information to commit identity theft. The action of this hacking......

Words: 970 - Pages: 4

Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...it also exposes the Organization to possible attacks and threats. Such attacks have been the most challenging issue for most network administrators and a worrying topic for administrators. Organizations need to share services resources and information but they still need to protect these from people who should not have access to them, while at the same time making those resources available to authorized users. Effective security achieves these goals. The greatest threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant. When the action is malicious, some motivation or goal is generally behind the attack. For instance, the goal could be to disrupt normal business operations, thereby denying data availability and production. April 13, 2000, 3:55 P.M. Pacific time: The Web site for the Motion Pictures Association of America (MPAA) is suffering intermittent outages, and the organization suspects computer vandals are to blame. A source inside the organization, who asked not to be identified, said that the MPAA is currently “experiencing problems with their public Web site, and they suspect a denial-of-service attack.” The attack was first rumored on http://www.hackernews.com/, a Web site for news on computer hacking. Most of the attacks are becoming more frequent and more damaging, and they are using well-known techniques and methods to exploit vulnerability in security policies and......

Words: 5140 - Pages: 21

Identifying Potential Malicious Attacks

...Identifying Potential Malicious Attacks The CIO Company will use firewalls, intrusion detection systems, virus scanners and other protective software to provide some assurance that the security policies for the site are properly implemented. Firewalls are the basis of computer and network security defense. They are widely deployed. They are very hard to configure properly, and people who configure them may not know the current threats and attacks. For example, an administrator maybe working on some task and might leave something open in a firewall where attackers can enter through. Some firewalls have the vulnerability that enables attackers and be defeated. By identifying the network components, you can evaluate their vulnerabilities. These vulnerabilities can have flaws in the technology, configuration, or security policy. Vulnerabilities can be fixed different ways, applying software patches, reconfiguring devices, or deploying countermeasures such as firewalls and antivirus software.   Threat is when people take advantage of vulnerability and cause a negative impact on the network. If threat occurs it needs to be identified, and the associated vulnerabilities need to be addressed to minimize the risk.  As of today, most of the hackers are interested in hacking services such as HTTP (TCP Port 80) and HTTPS (TCP Port 443), which are open in many networks. By using access control devices, they can detect malicious exploits aimed at these services. Now these days......

Words: 1060 - Pages: 5

Malicious Attacks and Threats

...Malicious Attacks and Threats Malicious Attacks and Threats As the lead Information Systems Security Engineer it is my job to ensure that the ongoing threat of malicious attacks and vulnerabilities to the organizations computer network are kept to a minimum so that highly sensitive data will continue to remain protected. However, recent reports from the CIO suggest that there has been a small amount of malicious activity reported on the network. The CIO is requesting I look into the current network infrastructure and make necessary changes to the network so that the system remains free from the threat and vulnerability of future malicious activity that would impact the organizations network. Attacks on computer systems and networks occur by the billions every year and are on a dramatic increase. Many organizations have invested vast amounts of money in computer networks, only to find out that although it is providing means of improving the efficiency and productivity of the organization it also exposes the organization to possible malicious attacks and threats. Such attacks have been the most challenging issue for a majority of Information System Security Engineers where they utilize the necessary resources to protect the network from these vulnerabilities. The greatest overall threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant. When the action is malicious, some motivation or......

Words: 1172 - Pages: 5

Assignment 1: Identifying Potential Malicious Attack

...Assignment 1: Identifying Potential Malicious Attack CIS 333 Assignment 1: Identifying Potential Malicious Attack Potential malicious attacks and threats that may be carried out against the network include illegally using user accounts and privileges, Stealing hardware and software, Running code to damage systems, running code to damage and corrupt data, modifying stored data, stealing data, using data for financial gain or for industrial espionage, performing actions that prevent legitimate authorized users from accessing network services and resources, and/or performing actions to deplete network resources and bandwidth. Threats to the network can be initiated from a number of different sources, hence the reason for network attacks being classified as either external or internal network attacks/threats. Individuals carry out external threats or without assistance from internal employees or contractors. A malicious and experienced individual, a group of experienced individuals, an experienced malicious organization, or inexperienced attackers (script kiddies) carry out these attacks. Such attackers usually have a predefined plan and the technologies or techniques to carry out the attack. One of the main characteristics of external threats is that they usually involve scanning and gathering information. Users can therefore detect an external attack by scrutinizing existing firewall logs. Users can also install an Intrusion......

Words: 1068 - Pages: 5

Identifying Potential Malicious Attacks

...Identifying Potential Malicious Attacks, Threats and Vulnerabilities Joseph Escueta Strayer University CIS 333 Dr. Emmanuel Nyeanchi January 30, 2014 Abstract The world of any organization lays a network structure that controls all the operations of the company. Every company has its own sensitive information about their success and why they such a good reputation. Because of the growing technology various enchantments have been develop to make sure that its investments are secured and locked hidden in its networks. However network attacks have been around for decades and each new security can be breach. This is one of the major causes of any company to lose money or its capital after being attack by network attackers. It is proven to be a nuisance for any organization trying to make a living. However, this attacks can be avoided if one should take precautions and to be aware of the network attacks. In this case study I will identify its causes and threats against the network. I will also expose the vulnerabilities that exist in networks today. Identifying Potential Malicious Attacks, threats and Vulnerabilities There are many attacks in the network but the most important purpose is to protect the company’s assets. We are not taking about average hackers who just do it for fun but rather want to cause damage to a company’s reputation. In a network security there are two important categories which is logic attacks and resource attacks. A logic attack......

Words: 1207 - Pages: 5

Cis 333 Assignment 1 Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...CIS 333 Assignment 1 Identifying Potential Malicious Attacks, Threats, and Vulnerabilities http://homeworktimes.com/downloads/cis-333-assignment-1-identifying-potential-malicious-attacks-threats-vulnerabilities/ For More Tutorial Visit: http://homeworktimes.com/ For any Information Email Us: : onlineeducationalservice@gmail.com CIS 333 Assignment 1 Identifying Potential Malicious Attacks, Threats, and Vulnerabilities http://homeworktimes.com/downloads/cis-333-assignment-1-identifying-potential-malicious-attacks-threats-vulnerabilities/ For More Tutorial Visit: http://homeworktimes.com/ For any Information Email Us: : onlineeducationalservice@gmail.com CIS 333 Assignment 1 Identifying Potential Malicious Attacks, Threats, and Vulnerabilities http://homeworktimes.com/downloads/cis-333-assignment-1-identifying-potential-malicious-attacks-threats-vulnerabilities/ For More Tutorial Visit: http://homeworktimes.com/ For any Information Email Us: : onlineeducationalservice@gmail.com CIS 333 Assignment 1 Identifying Potential Malicious Attacks, Threats, and Vulnerabilities http://homeworktimes.com/downloads/cis-333-assignment-1-identifying-potential-malicious-attacks-threats-vulnerabilities/ For More Tutorial Visit: http://homeworktimes.com/ For any Information Email Us: : onlineeducationalservice@gmail.com CIS 333 Assignment 1 Identifying Potential Malicious Attacks, Threats, and Vulnerabilities http://homeworktimes.com/downloads/cis-333-assig...

Words: 351 - Pages: 2

Malicious Attacks

...click Word Count. Title of Paper In this assignment, I will write a four to five report in how to thwart a malicious attacks, threats, vulnerabilities to a game system. I have just been hired as an Information System Engineer for a videogame development company. The organization network structure have been identified by the company as having 2- firewall, 1- Web/FTP server, 1-Microsoft Exchange Email Server, Network Intrusion Detection System(NIDS), 2-Windows Server 2012 Active Directory Domain Controllers(DC) 3-File servers 1-Wireless access point(WAP) 100-Desktop/Laptop computers VoIP telephone system. The CIO of this company has just received a report of malicious activities on the rise and has become extremely concerned with the protection of intellectual property and highly sensitive data maintained by his organization. As part of my job task with the organization, I will identify and draft a report identifying potential malicious attacks, threats, and the vulnerabilities that is specific to his organizations. It has been requested that in the report, I give a brief scenario explanation and how what kind of potential impact it will have on the organization. Any threat is alarming because it could damage the assets of the company if this is true we first need to have a Business Continuity Plan (BCP) which allows the company to keep operating in case of an attack. My order of planning would be to discover the disaster recovery plan that the company has in place in......

Words: 401 - Pages: 2

Cis 333 Week 4 Assignment 1 - Identifying Potential Malicious Attacks, Threats, and Vulnerabilities Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...333 WEEK 4 Assignment 1 - Identifying Potential Malicious Attacks, Threats, and Vulnerabilities Identifying Potential Malicious Attacks, Threats, and Vulnerabilities To Purchase Click Link Below: http://strtutorials.com/CIS-333-WK-4-Assignment-1-Identifying-Potential-Malicious-Atta-CIS3332.htm CIS 333 WK 4 Assignment 1 - Identifying Potential Malicious Attacks, Threats, and VulnerabilitiesIdentifying Potential Malicious Attacks, Threats, and Vulnerabilities You have just been hired as an Information Security Engineer for a videogame development company. The organization network structure is identified in the below network diagram and specifically contains: 1) 2 – Firewalls 2) 1 – Web / FTP server 3) 1 – Exchange Email server 4) 1 – Network Intrusion Detection System (NIDS) 5) 2 – Windows 2008 Active Directory Domain Controllers (DC) 6) 3 – File servers 7) 1 – Wireless access point (WAP) 8) 100 – Desktop / Laptop computers 9) VoIP telephone system The CIO has seen reports of malicious activity being on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first tasks with the organization, the CIO requested you identify and draft a report identifying potential malicious attacks, threats, and vulnerabilities specific to your organization. Further, the CIO would like you to briefly explain each item and the potential impact it could have on......

Words: 289 - Pages: 2

Malicious Attacks and Threats

...Malicious Attacks and Threats     As the lead Information Systems Security Engineer it is my job to ensure that the ongoing threat of malicious attacks and vulnerabilities to the organizations computer network are kept to a minimum so that highly sensitive data will continue to remain protected.   However, recent reports from the CIO suggest that there has been a small amount of malicious activity reported on the network.   The CIO is requesting I look into the current network infrastructure and make necessary changes to the network so that the system remains free from the threat and vulnerability of future malicious activity that would impact the organizations network.     Attacks on computer systems and networks occur by the billions every year and are on a dramatic increase.   Many organizations have invested vast amounts of money in computer networks, only to find out that although it is providing means of improving the efficiency and productivity of the organization it also exposes the organization to possible malicious attacks and threats.   Such attacks have been the most challenging issue for a majority of Information System Security Engineers where they utilize the necessary resources to protect the network from these vulnerabilities.   The greatest overall threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant.   When the action is malicious, some motivation or goal is generally behind the attack.  ......

Words: 305 - Pages: 2

Cis 333 Week 4 Assignment 1 - Identifying Potential Malicious Attacks, Threats, and Vulnerabilities Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

...333 WEEK 4 Assignment 1 - Identifying Potential Malicious Attacks, Threats, and Vulnerabilities Identifying Potential Malicious Attacks, Threats, and Vulnerabilities To Purchase Click Link Below: http://strtutorials.com/CIS-333-WK-4-Assignment-1-Identifying-Potential-Malicious-Atta-CIS3332.htm CIS 333 WK 4 Assignment 1 - Identifying Potential Malicious Attacks, Threats, and VulnerabilitiesIdentifying Potential Malicious Attacks, Threats, and Vulnerabilities You have just been hired as an Information Security Engineer for a videogame development company. The organization network structure is identified in the below network diagram and specifically contains: 1) 2 – Firewalls 2) 1 – Web / FTP server 3) 1 – Exchange Email server 4) 1 – Network Intrusion Detection System (NIDS) 5) 2 – Windows 2008 Active Directory Domain Controllers (DC) 6) 3 – File servers 7) 1 – Wireless access point (WAP) 8) 100 – Desktop / Laptop computers 9) VoIP telephone system The CIO has seen reports of malicious activity being on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first tasks with the organization, the CIO requested you identify and draft a report identifying potential malicious attacks, threats, and vulnerabilities specific to your organization. Further, the CIO would like you to briefly explain each item and the potential impact it could have on......

Words: 289 - Pages: 2

Identifying Potential Malicious Attacks, Threats and Vulnerabilities

...            Identifying Potential Malicious Attacks, Threats and Vulnerabilities Brian Cox Strayer Univerity Professor Leonard Roden Networking Security Fundamentals May 03, 2016            Have you ever thought about the measures that you need to go through when protecting yourself from online threats and attacks? There are many different types of attacks and threats that can be carried out against networks and organizations. The attacks that could be carried out can cause serious damage to the company and range on a scale from very minimal to very severe data loss and data theft. It is important for companies to take every precaution available and have not only the best software for prevention of these attacks but stay on top of what the intruders, hackers, attackers are learning and how the technology is forming when they are deploying these systems on their servers, networks, and office computers that employees will use on a day to day basis. The computers each employee is using should come with a User Agreement and the do’s and do not’s when it comes to daily computer usage. This will enhance the security as each employee will understand what is acceptable and how to obtain maximum security of their signed computer. It is also advisable within the User Agreement to list out the things that are unacceptable such as plugging in your phone, downloading things from the internet, and other things that may seem harmless but could hurt the company if it......

Words: 1622 - Pages: 7

Potential Maclicious Attacks and Threats

...Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities Shauna Video games have been around for many years. As technology progresses unfortunately so does the security risks that come with online gaming. “The number of American households which play video games is a roughly 65%.” (Source 2) With any network organization you want to make sure that you keep on top of vulnerabilities of anything that reaches out to the internet. Computers and servers that touch the internet are ones that must be scanned. As a company you have to make sure that you configure the security settings for the operating system, internet browser and security software. As a company you also want to set personal security policies for online behavior. There also needs to be an antivirus installed on the network like Norton or Symantec which blocks threats targeting the vulnerabilities. “With the firewalls you want to configure them in the reputable internet security program to block unsolicited request communication.” (Source 1) Email server needs to be sure that spam doesn’t get through the network. The ways that spam works is unwanted email messages get solicited to a large number of recipients. “Spam should be a major concern in your infrastructure since it can be used to deliver email which can include Trojan horses, viruses, worms’ spyware and targeted attacks aimed specifically in obtaining sensitive and personal identification information...

Words: 1027 - Pages: 5