Identifying Potential Risk, Response and Recovery
Networking Security Fundamentals
March 3, 2013
I previously identified several types of attacks, threats and vulnerabilities that exist with your multilayered network. You have requested that I develop a strategy to deal with these risks as well as a plan to mitigate each risk to reduce the impact that each will have on your organization. With any network organization you want to make sure that you keep on top of vulnerabilities of anything that reaches out to the internet. Computers and servers that touch the internet are ones that must be scanned. As a company you have to make sure that ...view middle of the document...
Use a VPN for all non-public traffic. Ports on your firewall should only be open for services that are utilized by the public. Because most people have dynamic IP addresses, your firewall has to constantly open ports and modify its rules to allow access, this can lead to ports being left open and vulnerable to attacks. Limit the size of your network. Simply put, if you don’t need it, turn it off. If your servers are not running a service that is used by the public, don’t allow it to pass through the firewall. Enabling a firewall logging allows you to detect problems that are currently going on as well as those that have previously occurred. Additionally, if you see that your server is getting strange requests or a single IP address is consistently scanning your network, it will raise a red flag. Monitoring your firewall traffic is essential, if you know what the typical traffic pattern is, you will know when it changes too. The sooner you discover unusual patterns, the better. Try to keep your firewall configuration as simple as possible. Constantly review your rules and permissions to ensure that the security level is appropriate for your organization.
The Web/FTP server is responsible for connecting to the internet to make websites available to anyone on the network who may be looking for them. The biggest vulnerability with this type of server is that it requires that a connection to the internet remains open. With this connection open, your network resources are also exposed to the internet as well. There are attackers that specialize in surfing the internet looking for open connections to access peoples’ internal networks. Preventive measures include the creation of a DMZ within this server; you will develop a buffer zone where traffic from both sides is let in, but not able to penetrate the network itself without the proper permissions.
Internal controls to mitigate this risk include the creation and management of an Access Control Matrix. That way you can assign access and usage rights only to those who require access to the files. Additionally, you can overlap permissions so that it acts as an internal system of checks and balances, therefore no one person has completed control to access, modify and delete content from the server.
The most common type of attack on your email server is the DoS attack. There are so many different types of devices connect to and utilize the email server, security in this area is very difficult to attain. DoS attacks are also common on Active Directory Domain controllers. In the case of these DoS attacks risk acceptance is necessary and you must mitigate these risks and vulnerabilities to minimize damage. You can ensure that your antivirus protection is up-to-date as well as requiring that employees do not stay logged into their email. You can also adjust the time out length to ensure that idle computers are automatically logged off the server if...