Table of Contents
Executive Summary 3
Company Overview 3
Hardware Vulnerabilities 3
Policy Vulnerabilities 6
Recommended Solution - Hardware 7
Impact on Business Processes 10
Recommended Solution – Policy 10
Impact on Business Processes 11
The purpose of the report is to assist Aircraft Solutions (AS) in indentifying the most significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the ...view middle of the document...
The firewall configuration at AS San Diego is improperly configured to meet the security needs of the company. The main area of concern was that of the firewall located between AS Main Router and the Router to DD. The security assessment revealed that DD Santa Ana has direct access without firewall authentication to AS San Diego's network.
"Misconfigured network gear represents a major security threat. It's estimated that 65% of cyber attacks exploit misconfigured systems" (Marsan, 2009). There are many different threats associated with not having properly configured Firewalls and the statistics show that 6.5 companies out of 10 are being attacked because of the vulnerabilities associated to not configuring their systems correctly. There are many threats associated with not having a properly configured Firewall, due to the misconfiguration; our security assessment revealed that the main threat to AS Headquarters would be an infiltration via the exploitation of the firewalls back door. Attackers can install listening devices that will detect which ports are open on AS's perimeter firewall. Once it's determined which ports are open, the Attacker can take advantage of the misconfiguration and deposit or execute backdoor code, or simply access the system without authorization.
The consequences associated with not having a properly configured firewall could be the annoyance of adware or as severe as bringing AS operations to a standstill. A majority of AS business operations are controlled through AS San Diego via their headquarters network. The likely hood of a threat is significant, but the risk associated with it is Severe. "Network performance and reliability also are affected by misconfigured gear, it's estimated that 62% of IP network downtime is due to configuration issues" (Marsan, 2009). AS San Diego IT network could be down for assessment and repairs for as little as a couple days to as long as a couple months. The monetary impact to AS San Diego could be significant for repairs but the financial impact through loss of business could be crippling to AS San Diego bottom line. Companies will distrust their vendors when they have an understanding that their company's information is not being protected, which in turn leaves them vulnerable. Businesses will take business elsewhere to ensure the integrity of their information and to protect their companies well being.
AS's hardware footprint is fairly significant in that there are many different pieces of hardware that must be maintained individually. Having such a large footprint raises the risk of equipment malfunction causing a disruption to data processing. Malfunctioning equipment, such as security safeguards may leave AS's system significantly weak while negating strengths in other parts of the system. Security threats could include unauthorized access to AS's information systems, hardware theft and hardware destruction. The likelihood of hardware malfunctioning is...