Identifying Potential Risk, Response, Recovery

In this paper I bear well(p) been hired as an culture Security Engineer for a television set game development order. I name previously identified all told of the potency Threats, Vulnerabilities and Malicious Attacks for the videogame development conjunction. The CIO have reviewed my track and has now requested that I gulp a report analyzing and assessing some(prenominal) potency Malicious Attacks, Vulnerabilities and Threats that may be carried appear against the companys mesh topology. I get out therefore choose a schema for dealing with institute a chance, much(prenominal) as easing, assignment, encounter and avoidance. conterminous I result develop controls that go forth be subroutined to justify from each oneness risk. instanter lets begin by discussing the little terror of the Web/ transfer emcee, some legions, or hosts, must be open to the net profit. Web emcees atomic number 18 examples of such hosts. You want any substance absubstance ab user to be able to access your web emcee- alone you dont want e genuinelyone to be able to get to your internal net profit (Fundamentals of development Systems Security). The simple solution for this is just to isolate the host that is connected to the internet from the internal networks and then create a demilitarized zone.The risk mitigation for the Web/ transfer, the FTP is very useful for working with contrasted arrangements, or to hold out files surrounded by dodges. On the early(a) hand the use of FTP across the internet or other untrusted networks, exposes you to certain security risk. Your object leave scheme might not brook enough hold dearion when you leave alone the FTP on your system. The next risk for FTP is a hacker advise backing a denial of service flak with your FTP server to disable user indite (FTP Security). This is usually done by repeatedly essay to logging on with the incorrect password for a user profile, generally until the profile is disabled.This kind of outpouring de persona disable the profile if it reached the maximal sign on count of three. If the company use a FTP server logon exit program to reject logon requests by any system user profile and those user profiles that the company designate bequeath not be allowed FTP access. at once we impart discuss the NIDS, the primary blueprint of a network-based intrusion detection system is to identify ravishers trying to expose endangered network services. The NIDS washbasin respond to the attack or alert personnel, who bottom take the necessary and appropriate actions for this type of attack.NIDS allows executive to respond to attacks with actions appropriate to their security policy. To flop analyze false alarm step-down strategies, it is necessary to quantify risk and the NIDS eccentric in risk reduction. The NIDS uses two formulas, one formula assumes that risk is roughly like to single loss expectancy. This formula for this quantification is sy stemic lupus erythematosus= (Asset Value x Expocertain(p) Factor) (Fundamentals of Information Systems Security). The next formula states that risk is catch to expo for sure multiplied by threat. lay on the line= Exposure x Threat.This equation determines threat and the type of threat. For example there argon threats of port discerns, automatize scans and sweeps, Denial of supporter and Service attacks and compromises. Now we leave behinding move on to Windows 2008 Active Directory Domain Controllers (DC), because field of study control conditions provide fine services to their clients, it is life-or-death to minimize the risk of any interference of these services that may be caused by bitchy attacks. Anticomputer virus Softw ar can be used to mitigate the risk of cattish attacks in Windows 2008 Active Directory Domain Controllers.Make sure that you verify the antivirus softw atomic number 18 you select is support to be compatible with your man controllers. Do not use domain controller systems as general workstations. some other bureau to nix malicious attacks on domain controller systems is to not allow users to use domain controllers to surf the web or to perform any other activities that can allow the introduction of malicious code. exactly allow browsing on sites that ar know to be safe, this will be did strictly for the purpose of supporting server operation and maintenance.Another practice to keep in mind is to make sure that all of the companys files, including the shared ones, should be ran against a virus scanning package. This start me to the file servers, have the potential to fetch different viruses such as worms, trojan horses and logic bombs. To allow an end user to upload files to your website, is like opening other door for a malicious user to compromise your server (acunetix. com). read uploads are permitted in social network applications. File uploads are too allowed with blogging, e-banking sites and you tube.All o f these network sites allow users the opportunity to efficiently share files with somatic employees. Users are allowed to share files with corporate employees, by dint of uploaded videos, pictures, avatars and many other types of files. The best dash to sustain malicious attacks through the companys file servers is to make sure that the file that is creation uploaded is validated. This will prevent a hacker from uploading files with malicious codes that can lead to a server compromise. Another elan to prevent a malicious attack on the file server is for the company to head off all spartan extensions.In cases like this, there would be a blacklist, the list will show the heavy extensions and there access will be denied if the extension of file they are trying to upload is on this list. The best practices to discover when uploading files onto websites and web applications. The first risk mitigation in a file server is to estimate the size of programs, files, and transaction. Then you will need to prevent deviation in size of the files as well as the amount of users that have access to the files. Now we will move forward the receiving set access gunpoint (WAP), this is the connection between a wired and radio set network.This is also a wireless security protocol designed to address and fix the known security issues in WEP. WAPs are radios, sending and receiving networking cultivation over the oxygenize between wireless devices and the wired network wireless (Fundamentals of Information Systems Security). The best dash to prevent malicious attacks on a WAP is to increase security. Presently WPA provides users with a high level of assurance that their data will remain protected by employ Temporal Key Integrity communications protocol for data encryption.If the data is not encrypted then it is considered as fair game, because it would be very easy for anyone that have access to a radio to access this data. The mitigation risk for a Wireless access point is to make sure your engineering is updated. tribulation to upgrade to unseasoneder, more advanced technologies could potentially impact productivity and lead to substantive downtime, security vulnerabilities, and non-compliance issues. Older wireless technology do not support new features and functions that are proving to be so valuable.Next you will need to choose the right carrier, ensuring information is secure within the supply chain, complying with all the latest government and retailer mandates and winning advantage of all the latest features and functions to celebrate time and money can await like a daunting occupation ( Wireless technology Migration Mitigating risk and change magnitude supply chain efficiency). Now we will discuss the 100- Desktop/Laptop computers, twain of these computers are subject to viruses such as worms, hoaxes, Trojans and other security vulnerabilities.The best way to prevent these from occurring is to install and use a firewall. Alw ays make sure you are set up and updating the latest critical security software. Add a virus software scanner, to allow the software to scan your computer for potential viruses. Next we will discuss the VOIP telephony system, this is one of the newest technologies that is being rapidly embraced by the market as an alternative to the traditional public switched telephone network. The malicious attacks that can occur with this system is denial of service, impersonation or spoofing or tollfraud.The best way to prevent this from happening is to add port security, cisco secure access control server, DHCP Snooping, cisco firewall solutions and intrusion prevention. Data transit can also be used to protect the voice traffic over the wireless LANs. The risk mitigation for ground/laptop is as followed is to target malware with automated defenses. One of the first line of defenses for any PC or laptop is to block or eliminate viruses, worms, spyware, and other malware, including Trojan dow nloaders and keystroke loggers, both on endpoints and at the gateway.Deploy anti-malware and filtering software for all email gateways, to prevent malware and e-mail from ever reaching the PCs. Next you would want to patch your vulnerabilities as apace as possible, create a password to access your PC or laptop. To authentically maximize security in a minimal amount of time, as part of the acceptable use policy, prohibit users from installing unauthorized software on PCs or laptops (10 Ways to mitigate your security risk).