Identifying Potential Risk, Response And Recovery

1294 words - 6 pages

Assignment 2
Identifying Potential Risk, Response and Recovery
Karen Raglin
Professor West
Networking Security Fundamentals
March 3, 2013

I previously identified several types of attacks, threats and vulnerabilities that exist with your multilayered network. You have requested that I develop a strategy to deal with these risks as well as a plan to mitigate each risk to reduce the impact that each will have on your organization. With any network organization you want to make sure that you keep on top of vulnerabilities of anything that reaches out to the internet. Computers and servers that touch the internet are ones that must be scanned. As a company you have to make sure that ...view middle of the document...

Use a VPN for all non-public traffic. Ports on your firewall should only be open for services that are utilized by the public. Because most people have dynamic IP addresses, your firewall has to constantly open ports and modify its rules to allow access, this can lead to ports being left open and vulnerable to attacks. Limit the size of your network. Simply put, if you don’t need it, turn it off. If your servers are not running a service that is used by the public, don’t allow it to pass through the firewall. Enabling a firewall logging allows you to detect problems that are currently going on as well as those that have previously occurred. Additionally, if you see that your server is getting strange requests or a single IP address is consistently scanning your network, it will raise a red flag. Monitoring your firewall traffic is essential, if you know what the typical traffic pattern is, you will know when it changes too. The sooner you discover unusual patterns, the better. Try to keep your firewall configuration as simple as possible. Constantly review your rules and permissions to ensure that the security level is appropriate for your organization.
The Web/FTP server is responsible for connecting to the internet to make websites available to anyone on the network who may be looking for them. The biggest vulnerability with this type of server is that it requires that a connection to the internet remains open. With this connection open, your network resources are also exposed to the internet as well. There are attackers that specialize in surfing the internet looking for open connections to access peoples’ internal networks. Preventive measures include the creation of a DMZ within this server; you will develop a buffer zone where traffic from both sides is let in, but not able to penetrate the network itself without the proper permissions.
Internal controls to mitigate this risk include the creation and management of an Access Control Matrix. That way you can assign access and usage rights only to those who require access to the files. Additionally, you can overlap permissions so that it acts as an internal system of checks and balances, therefore no one person has completed control to access, modify and delete content from the server.
The most common type of attack on your email server is the DoS attack. There are so many different types of devices connect to and utilize the email server, security in this area is very difficult to attain. DoS attacks are also common on Active Directory Domain controllers. In the case of these DoS attacks risk acceptance is necessary and you must mitigate these risks and vulnerabilities to minimize damage. You can ensure that your antivirus protection is up-to-date as well as requiring that employees do not stay logged into their email. You can also adjust the time out length to ensure that idle computers are automatically logged off the server if...

Other Papers Like Identifying Potential Risk, Response and Recovery

Disater Buisness Plan Essay

861 words - 4 pages Summary of Disaster Recovery Plan This document contains the summary of the Disaster Recovery Plan for Penson Financial Services, Inc. It is intended to serve as the centralized repository for the tasks that would be necessary to facilitate the Penson decision-making process and its timely response to any disruptive or extended interruption of the department’s normal business operations. This is especially important if the cause of the

Pm595 Risk Paper #2

967 words - 4 pages tender’s approach to the potential effects of risk on the project. The two phase process is a systematic process which helps to ensure the greatest attention and effort is focused on the high risk areas for the project. 1. Which case study does a better job at identifying risks? Explain why. Phase 1 and Phase II use the same process for identifying risk; therefore there is an equal level of performance. Determining which case study does a better job

What Are the Characteristics of a Population for Which a Mean/Median/Mode Would Be Appropriate? Inappropriate

1626 words - 7 pages to disaster can even induce more stress on individuals and place them at risk for developing a variety of adverse reactions and psychological consequences. This section takes the first step towards introducing you to the key elements of disaster management and response at multiple levels. The focus of this chapter is on the framework of disaster planning, preparedness, and response. In the event of a disaster in your community, you may be asked

All Papers

911 words - 4 pages . Preparedness is the key. The planning process should minimize the disruption of operations and ensure some level of organizational stability and an orderly recovery after a disaster. Other objectives of disaster recovery planning include providing a sense of security minimizing risk of delays guaranteeing the reliability of standby systems providing a standard for testing the plan. Minimizing decision-making during a disaster the three-part

Contingency Planning

4506 words - 19 pages limiting and even counterproductive. It is, however, useful in some instances. For example, it may not be possible to avoid every activity that carries a risk, but it is possible to avoid the more significant ones. Fear of a risk should inform rather than restrict activity. The second strategy is to reduce the potential impact of the risk. This involves analysing the risk and identifying what factors can be improved or controlled. The third

Information Technology

1171 words - 5 pages . Describe the “transfer” strategy. Describe how outsourcing can be used for this purpose. 15. Describe the “mitigate” strategy. What three planning approaches are discussed in the text as opportunities to mitigate risk? 16. How is an incident response plan different from a disaster recovery plan? The DR plan and the IR plan overlap to a degree. In many respects, the DR plan is the subsection of the IR plan that covers disastrous events

risk management

3766 words - 16 pages  Introduction of the purpose and importance of risk management Risk management planning is a critical and often overlooked process on every project.  Allowing for the proper amount of risk planning in your project schedule can mean the difference between project success and project failure when those potential risks become real issues. The plan is only the output of the process. It details how the process will be implemented

Credit Risk Analysis in Standard Charter Bank

562 words - 3 pages return. • Lessons learned from recent risk management failures: sub-prime, CLOs, leveraged loans, trading losses and etc. Capital allocation • Types of capital: shareholder, regulatory and economic capital. • Economic capital: key management assumptions. • Regulatory capital Basel 1 versus Basel 2. • Managing capital structures: comparisons between banks. II. CREDIT RISK Identifying and quantifying the risk • Seven categories of credit risk: lending

Discovery Recovery Plan for Kudler

5924 words - 24 pages contingency (3) disaster recovery procedures will be reviewed to insure specific teams are formed, lead for teams are designated, policy and procedure are documented, formal response to crisis is formulated, personnel are fully equipped to handle crisis situations (4) any outsourced work will be reviewed for potential weaknesses (5) the business environment will be accessed for verification of adherence to overall business plan (6) the corporations

Csec 650 Individual Assignment 2

4332 words - 18 pages incident; through this evaluation vital services and their associated systems components can be matched to the need for recovery processes. Building on those findings, the necessary sequence of events to restore those priority systems can be determined. The analysis of these systems and their effect on operations should also include a risk assessment of the security posture of the IT systems; these security of the systems, and its management need to

Risk Management

1482 words - 6 pages cyber crimes, terrorism, natural disasters, and accidents within the workplace, lawsuits, and physical crimes. An organization will face some risk, and some organizations may never have to face a risk; however, the organization that faces the risk will need to have a way to respond to the risk. For example the criminal justice system faces a potential threat with the legal responsibility of providing the necessary response, which faces a greater risk

Related Essays

Identifying Potential Malicious Attacks, Threats, And Vulnerabilities

1161 words - 5 pages for been within the Demilitarized Zone (DMZ), this is always a vulnerability with which most companies have to deal with. This vulnerability opens the way for phishing attack. One way to mitigate this vulnerability is configuring the email server so that only authorized email may enter. This is difficult because our video game company has a large list of customers and suppliers that are in constant change. The best option is to alert users about

Itt Lab 6 Nt2580 Essay

954 words - 4 pages Office and branches) 13 HQ LAN/VoIP/IT Infrastructure Marketing and public relations 16 Marketing Analysis System Lab #6 Assessment Questions & Answers 1. What is the different between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission

Risk Response Planning Essay

1479 words - 6 pages The Instructions of Risk Response Planning Jinghan Xie PJM 6015 Project Risk Management Jacques Alexis Northeastern University College of Professional Studies August 8, 2015 Abstract As the fourth step in the risk management, risk response planning is very significant and it could affect the subsequent steps of risk management as well as the whole project. In other words, if a risk management plan does not has the sufficient

Reshaping Crisis Management Essay

976 words - 4 pages . Conclusion: This paper outlines the traditional event approach to crisis management, which focuses toincident response like what to do when a crisis happen and what to prepare. Then discuss the new process approach, which reshapes crisis management within of management activity. Four point has been given in a way forward for optimal effectiveness, 1. Proactively addressing underlying systematic causes of potential crises, 2. Establishing effective mechanisms to recognize and respond to red flags. 3. Properly identifying stakeholders and their perspectives. 4. Implementation systematic organization learning and unlearning. PREPARED BY: eximikoyan