Running Head: IT RISK ASSESSMENT 1
IT RISK ASSESSMENT 17
IT risk assessment
Name:
Institution:
Professor:
Course:
Date:
Authentication refers to a process whereby credentials provided are compared directly to those on the file in the database of the authorized users’ information, which is in the authentication server of the local operation system. The user is granted authorization for accessing the information if the credentials he has provided the match. The network security issues refer to the process of ensuring that the data in the organization has been secured from any internal or external threat (Stallings, 1995). The organization has to ensure that these two areas are given the required attentions to curb the problems that may occur. To start with, the organizational authentication technology, the Global Finance, Inc. should have authentication technology in the network that will prevent the unwanted users from getting or transferring information from their systems. Authentication of users is very crucial in such a particular organization, and this is done by use of the computer systems before the access to the user is allowed.
The authentication logins are needed in the organization in accepting or denying the user in getting access to some information in the business. It is a threat to the organization due to this failure of not putting in place a good authentication technology machine. Since the numbers of devices that are internet enabled have increased, there is the need for the Global Financial, Inc. to adopt machine authentication (Gleichauf et al., 2001). Information can be interchanged through the web and the data transferred from one place to another to curb this problem the organization is needed to have strong machine authentication. The devices that have to be used with this machine authentication should then be configured for a very limited permission access, and this limits what can be done after they have been breached.
User authentication is also needed in the organization to be also introduced to the organization especially to the non-sensitive areas. The users here will then be required to have their user ID and the password that will authenticate the validity of the user whether he is a valid user or is an unauthorized user. The user authentication will facilitate the human to machine interactions in applications and the operating systems. The organization needs a high technology authentication that protects the information of the organization.
The network security issues of the organization come at first from the failure of putting in place the right and efficient authentication for the users who try to access the organization network. Some security issues or problems are affecting the Global Financial, Inc. The first one is the spiking of the network traffic that is noted by the engineers from crossing into the internal networks (Gleichauf et al., 2001). This is a security threat and calls for quick action to be undertaken to prevent or secure confidential corporate data and the customer information. Another threat to the safety of this organization is the cyber-attacks that cause the organization to lose its confidentiality. The cyber-attack refers to malicious acts of destroying information or altering is, and this leads to losing of data, and it is a big threat to the organization (Stallings, 1995). Then lastly network security threat to this organization was the malicious virus which that infected the entire Oracle for several days, and this led to distorting of lots of information.
As an IT expert then these security threats should be defended before the organization fails. The solutions to these problems are for instance putting in place firewalls whereby these firewalls will be blocking any unknown or untrusted request from the external network in accessing the system (Stallings, 1995). The firewalls do play a crucial role as far as the security is required as they prevent the malicious programs that may be sent to the organizations network. In addition, the information from the organizations should be encrypted especially if it is being passed through a network since unauthorized users as if the hackers can access it and use it for malicious works. After the encrypted information reaches the desired network, then it can be decrypted, and this enforces integrity. Physical security for instance by use of the managed secure hubs provide further protection to the data in the network of the organization (Stallings, 1995). The organization’s server application or the software needs to be kept up to date and ensure that the patches are continuously released to make sure that the system is not vulnerable to the new public threats (Gleichauf et al., 2001). Network access passwords which are weak is also a threat to the organizational network as the hackers can take advantage of this and get access to the organizations information. This security issues will be solved by complex passwords that will have at least seven characters with unique keys included.
The access points in this organization are into two groups the internal access points and the external access points. Their primary role is to ensure that the quality of service is guaranteed in the both software and hardware configurations. They also provide a secure application platform. The internal access points in the Global Financial, Inc. included the Trusted Computing Base Internal Network; this is the remote access point in the organization as the information of the organization has its central base here (Gleichaufet al., 2001). It has Oracle DB server, SUS server, Internal DNS, Exchange E-mail, File and Printer server, Internal Web Server and the workstations. They give access to the information to the whole organization, for instance, the intranet web server provides internet access to the organization users who can access the information. They also keep the customer credentials and the organization’s information secure such that it is not possible for any unauthorized user to access the critical information of the organization. The external remote access points in the Global Finance, Inc. include the off-site remote Dial up Users, VPN Gateway, The Internet, and Wireless Antenna. These external access points extend the information of the organization to the external environment whereby the external customers can access the information from outside (Gleichaufet al., 2001). The internet provides an external platform for the customers to access their accounts from even from a far distance but the information accessed is the end user information whereby they cannot access the complete organizations information.
The authentication technology for the Global Financial, Inc., which will be designed will be able to identify threats and the attacks on the system and will, therefore, protect the information in a better way. The best design for the Global Financial, Inc. is the Kerberos, which will be the best for authenticating the organization’s network from attacks and anonymous logins (Neuman, 1994). The design will be as the following
(
Client machine
)
(
Server
Machine
)
(
Log in module
)
(
GSS-API based on one time password server application
) (
Username: one-time password:
) (
Username: Kerberospassword:
)
(
One time password verification process server
) (
Username: Kerberos password: onetime pass
w
ord
ker
)
Using this design the user will have to enter the username and the password and then the user will be required to enter the Kerberos username and the same password that he will be needed to remember. If the authentication fails, then the user will be denied the access to the organization’s information (Neuman, 1994). The encryption of password will be provided by the GSS-API, which is based on OTP; this will encrypt the authentication results and, therefore, pass it to the client login. The results will then be decrypted, and the result will be interpreted, and if the result is successful, then it will allow the user to log in and access the information he wants.
The network security design is very crucial and in the Global Financial, Inc., the design will start from the client computers to the web server and the mail server (the intranet) whereby they will have a firewall, which will be monitoring data flow, and the files send within the networks. The firewall will be denying access to the requests, which come from open networks, or files, which are, corrupted (Gleichauf et al., 2001). From the mail server and the Web server (the intranet) and the DMZ, which comprises of the FTP server and Honeypot, there will be a router/ firewall packet filter/ VPN, which will be filtering the packets, which are flowing from the internet to the DMZ. This will be protecting the malicious programs from entering the organization’s network together with the viruses, which can be sending, from the internet by hackers to corrupt the information and the data of the organization (Neuman, 1994). The presence of this firewall will provide high security to the data of the organization and its integrity will be enforced, and, therefore, the malicious programs and unrecognized data transmission will not be able to take place since security will be highly enforced by the firewalls.
The encryption of organizations data files will also enhance security in the network such that when the information is being transmitted through the network cannot be read by anybody in the network even if the network is hacked (Voelker & Bershad, 1994). The encrypted data will only be decrypted using a decryption key, which will be provided, to the destination of that particular data. The Wi-Fi will be secured with a password and then be limited in access from the neighborhood since this may be a threat to security when it is accessed over a wide area. The machines and the laptops and mobile phones or any device, which will be connecting to the Wi-Fi, will have to be authenticated, and if it is not within the organization then, the access will be denied to enhance the security of the information transfer.
The unknown facts to the CEO of the Global Finance, Inc. are that the IT department is very crucial to the success and security of the organization. She does not know that the depriving the IT department its full control and functionality and minimizing the budgets she is increasing the probability of the organization to be attacked by the hackers. Another assumption made in the Global Financial, Inc. is that there is no good security system as and the people working in the IT department are not good trained in preventing the unknown network traffic, which is very dangerous to the information security (Gleichauf et al., 2001). The network traffic, which is happening in the organization, may be being transferred from the organization to an outward source, which may, in turn, expose the business information to the competitors. Since the Global Financial, Inc. is planning to be offering its services and products online, then the security issue and the integrity of data should be very high. The other assumption of the known facts is that the network security cannot be tampered with by anybody. The fact is that the hackers using malicious programs can tamper with the network, and, therefore, it needs to be taken into consideration (Neuman, 1994). The network of the organization should regularly be checked, and any outside feeding of information to the network should be prevented.
Another assumption is that the IT department does not need a large amount of money as the budget is reduced and the number of workers in the department has been decreased. The known fact is that the installation of the security system in the organization is very costly, and it required a large pool of skilled workers who will be working in different terminals of the network. The installation of the authentication system like the Kerberos is very expensive. The reduction of the budget on this department will then bring deficiencies in the network system, and the installation will not be effective. Reducing the number of workers in the department will give rise to inadequate labor in the department and. Therefore, there will be some critical areas of security which will be affected and. Therefore, the risk will of losing information will be high (Neuman, 1994).
Lastly, there is an assumption that the network security and authentication technology shown to be shifted from the IT department to service integrator. The fact is that the security integrator will not be able to give the risks of the network and authentication technology the required attention because these areas are very sensitive to the organization.
Vulnerability refers to a weakness of asset or set of assets that may be exploited by one or more threats. This organization has more than one vulnerabilities, which can be exploited causing a security breach in the organization. A resource, which can be either logical or even physical, can have one or more points that can be used by the agents of threat in cases of a threat action. Vulnerability compromises the availability confidentiality and integrity of resources. In this organization, its vulnerability can be classified into Wireless access points. The wireless access points usually provide immediate connectivity to users within proximity of this network. Regardless of encrypting a file, wireless access points are naturally insecure. Some protocols as if wireless encryption protocol contains known vulnerabilities, which are easily compromised within attack frameworks (Velte et al., 2009). If Strong keys are not used protected wireless, access and WPA2 are also prone to attacks. The organization is recommended to use WAPA2 using RADIUS along with an access point that is capable of performing authentication as well as enforce security measures.
The inside connections, The internal company’s employees may also inadvertently or times intentionally access some of the areas networks are not allowed otherwise have access to and can compromise the endpoint. If necessary, an employee should ask their comrades for help to access to areas that they have no access to or authority to access. The organization should change its passwords regularly (Gleichauf et al., 2001). In addition, the organization should create a protocol that controls the access levels of the employees to critical information. The organization should even use biometric access protocols for the essential information.
The architecture can be insecure. Misconfiguration in the network act as a primary point of entry for those users those are unauthorized. Leaving open a trust-based local network makes it vulnerable to the high insecure internet (Gleichauf et al., 2001). If anyone gets to discover that the network is open, he/she can use it to exploit the system. Broadcast networks. The system administrators times forget to realize the network hardware importance in their security schemes. Hardware like the router or hub relies on non-switched principles or broadcast. I.e. every time a node transmits data, across a network to the recipient node, the router or hub usually send a broadcast of data packets until the required recipient node gets and processes the received data. This method makes it hard to address media access control or address resolution protocol address spoofing by either intruders or even unauthorized users on the local hosts.
The servers are centralized. The use of centralized computing is another network pitfall. The most common cost-cutting measures for an organization are by consolidating all servers to a single powerful machine. This is convenient, and it is easy to manage cost effective than the use of multiple server configurations. A centralized server, however, introduces only one point of network failure. In any case, the central server is compromised then it is likely that the whole system will be compromised or prone to data manipulation, theft or even the whole system my crush down. The organization should budget on introducing several back-up servers and make their access highly secure. The network administrator only should only access the server room.
Poor administrators are greatest threats to the security of the server in the administrators who may fail to patch the systems. Assigning untrained key personnel or new network manager to maintain the network security is the primary cause of security vulnerability to the network. Such administrators fail to watch the log messages from network traffic or even the system kernel or fail to patch the workstations as well as the server (Gleichauf et al., 2001). The organization should employ those people who have the necessary skills as required.
The services are inherently insecure. One of the categories of vulnerable network services includes those that do require unencrypted usernames and their passwords for their authentication. Such services can easily fall to man-in-the-middle attacks. A cracker can redirect the network traffic through tricking a cracked server name on the network to a point to his/her computer instead of the intended servers (Velte et al., 2009). When a cracker gets the passwords, he can quickly access the server without it noticing on an external interaction. The organization should ensure that they secure the usernames and passwords to avoid such scenarios. It may even use thumb scanning for a password.
Mobility is necessary for an organization such as Global Finance, Inc. (GFI) for it to interact with its customers and its workers. Global Finance, Inc. (GFI) CEO John Thompson is concerned with its mobility security and wants a research for the best practice for the mobility computing. Some of the major risks involved in Bring Your Device (BYOD) may include the following: BYOD increases the risk of data leakages. As our workforce is becoming more and more reliant on our mobile devices such as mobile phones and tablets, data leakages, and treats become more critical. This may result in greater reliance on the information technology departments to secure these devices. These devices are prone to attacks. Global Finance, Inc. should implement acceptable use procedures and policies that clearly communicate the boundaries and the punishment if such principles are violated.
Exploitation of vulnerabilities. Many organizations are having minimal control over smart phones, tablets, laptops, etc. used in their organization, which means they are more vulnerable to many attacks (Voelker& Bershad, 1994). As the employees download mobile applications and connect to an external wireless network without having correct security protocols put in place, they create security holes that can be exploited. This security issues can violate their privacy as well as data theft as the data lack adequate encryptions. These devices are more vulnerable as most of them do not have ant-viruses and others have a weak firewall. Global Finance, Inc. put a VPN in place to prevent any viruses spreading into the system. The VPN grants permission to access data by verifying that data transferred from these devices into the central system network are permitted and encrypted.
The devices are less taken care of and, therefore, the organization fears for the theft or mishandling of these devices. Some of these devices may have critical organizations information, which can be used destroy the organizations system or even other people’s confidentiality. Many organizations are addressing these security breaches by prompting employees to use basic security features such a pin code to secure their devices (Voelker & Bershad, 1994). Global Finance, Inc. should implement strategies such as remote wiping of data from these devices as soon as possible without having the user granting permission. This will give the department of information technology greater control over these devices.
Although BYOD has more significant benefit to Global Finance, Inc., it may introduce some risks that should be identified and appropriate control measures put in place to protect the business against any security breaches and malicious attacks. The primary considerations that the CEO John Thompson should figure out are how the infrastructure will come up with a high number of devices accessing the network and also ensuring that the employee’s devices are adequately secure cannot breach the company’s security policies. Wireless networking is coupled by many security threats that affect whole organization’s security. Wireless networks present some issues for to the network manager. Some of the wireless vulnerabilities and threats are addressed as follows as well as their countermeasures: Malicious association. This occurs when crackers can be able to connect to a company’s network when wireless devices are actively made through the cracking of laptops instead of a company’s access point. The crackers make a wireless network card seem like a legitimate AP (Velte et al., 2009). When these crackers are granted access, they can steal passwords, even launch an attack to the wired network, or even plant a Trojan.
MAC spoofing. This is also known as identity theft. This occurs when crackers can identify the MAC address of any computer within the network after being able to listen to the network traffic. The crackers have a program that has sniffing capabilities (Velte et al., 2009). Most of the wireless systems allow MAC filtering to access and utilize a system only to those computers that have specific MAC ID and authority to do so.
Man-in-the-middle attacks. This entices computers to be able to log into soft access point computers. When this is done, a hacker can connect to a real access point using another wireless card, which offers a steady traffic flow through a transparent computer used to hack the network. Now the hacker can easily sniff into the network traffic. This attack will force the access point connected computers to disconnect and reconnect with the hackers’ soft access point.
Denial of services. A DOS attack occurs when an attacker can continually bombard an access point, which it has targeted, or a network, which has bogus requests, failure messages, or premature successful connection message (Velte et al., 2009). These usually cause a legitimate user not to get connections to the network and may cause a network crash. Mostly these attacks highly rely on an abuse of Extensible Authentication Protocol.
Network injection. In this attack, the cracker makes use of APs that are highly exposed to non-filtered traffic, Spanning Trees, HSRP, and OSPF. The hackers usually inject a bogus network re-configuration command, which affects the switches routers and hubs. This manner can bring the whole network down and even reprogram the intelligent network devices or request a reboot. To safeguard most of these attacks and secure data the following actions should be implemented:
To protect the confidentiality of the wireless transmissions, Global Finance, Inc. (GFI) use signal-hiding techniques as one of their counter measures. For the attackers to intercept wireless transmissions, they need first to identify and locate the wireless network. The easiest way that the organization can hide the transmission, at least, the cost is turning off the service set identifier broadcasting via a wireless AP, reduce the signal strength or assign cryptic names to the SSIDs. Encryption. Encrypting all wireless traffic is one of the best methods of protecting information-transmitted confidentiality over a wireless network (Velte et al., 2009). Countermeasures to reduce the DOS attack risk. Careful site survey may be used to identify the locations where signals sent from other devices exist. These results may be used in deciding on where to locate the wireless access point.
Preventing alteration of intercepted communications. This represents a man-in-the-middle attack. Strong encryption and strong authentication of users and devices. To secure the wireless Access Points (Voelker & Bershad, 1994). Organizations are in a position to reduce a risk of unauthorized access to the wireless network by Eliminating rogue access points. The best way of dealing with rogue AP threat is by the use of 802.1 as on wired network for authentication of all devices plugged into the network. The 802, 1x will prevent unauthorized devices from getting a connection from the network. Use anti-viruses, also anti-spyware software, and a strong firewall to the network. Install anti-viruses and anti-spyware software and ensure that you keep them updated. Ensure the firewall is always turned on to prevent authorized access to the system in the network. Allow only some specific computers to access your wireless network (Voelker & Bershad, 1994). Assign each computer that is being used a unique MAC address at will be allowed by the router to access the network
Cloud computing is Internet-based computing, where shared data, information, and resources are provided to computers and other devices when required. Users and enterprises are provided with capabilities for storing and processing their intended data independently. Cloud computing allows companies to avoid upfront infrastructural costs and mainly focuses on projects that usually differentiate their businesses instead of their infrastructures. Cloud computing will enable Global Finance, Inc. (GFI) to get and run their applications very fast with an improved manageability and with minimal maintenance (Velte et al., 2009).
Global Finance, Inc. (GFI) should deploy a private cloud model where infrastructures are operated solely by the organization. The private cloud will be managed internally by the organization (Velte et al., 2009). When undertaking a private cloud the project will require a significant level and a high degree of engagement to virtualize the organizations environment, and this will force Global Finance, Inc. (GFI) to reevaluate the decisions about the existing resources. If this is done in the right way, it will improve the business. Encryption is necessary for data rest as well as in motion. Global Finance, Inc. (GFI) will choose a secure encryption algorithm and define data access policies. The generation distribution storage and recovery of encryption keys must be clearly defined in these security policies (Velte et al., 2009). Another security feature that can be adopted is Data Masking, which is also known as tokenization. This replaces critical data parts with irrelevant characters. Lastly, the organization can use Right Management. Where one can control access to your data and on how the stored data can be used.
In summary, the risk in the Global Financial, Inc. was because of the poor network security and the poor authentication technology, which was installed in the network of the organization. The risk was being propelled by the lack of the network security system to be installed in the network, and this made the system prone to the external threats. The malicious virus, which affected lots of customer files and databases, caused the organization to incur a lot in correcting this. The authentication system was not installed in the organization, and this was an opportunity for a risk of the information being accessed by the unauthorized people. For instance, the abnormal network trafficking, which was being noted in the organizations network. The employment of an IT expert in the organization was a great move since the vulnerabilities were assessed and the threats also then the solutions to these threats have been prepared. The mobile computing has been enhanced in the network of the organization regarding the authentication whereby the laptops, mobile phones, and tablets have to get authentication first before being granted access to the information.
References:
Gleichauf, R. E., Randall, W. A., Teal, D. M., Waddell, S. V., & Ziese, K. J. (2001). U.S. Patent No. 6,301,668. Washington, DC: U.S. Patent and Trademark Office.
Neuman, B. C., & Ts’ O, T. (1994). Kerberos: An authentication service for computer networks. Communications Magazine, IEEE, 32(9), 33-38.
Stallings, W. (1995). Network and internetwork security: principles and practice (Vol. 1). Englewood Cliffs: Prentice Hall.
Velte, T., Velte, A., & Elsenpeter, R. (2009). Cloud computing, a practical approach. McGraw- Hill, Inc..
Voelker, G. M., & Bershad, B. N. (1994). Mobisaic: An information system for a mobile wireless computing environment. In Mobile Computing (pp. 375-395). Springer US.
