logo

Manage Network and Data Integrity

18 Pages2078 Words261 Views
   

Added on  2023-04-21

About This Document

This audit report results to security audit of Comtech Company. The evaluation of hardware and software has been conducted so as to identify weaknesses which can be misused by attackers. The results of this security assessment audit report will lead to the implementation of basic IT security within the organization.

Manage Network and Data Integrity

   Added on 2023-04-21

ShareRelated Documents
Running head: MANAGE NETWORK AND DATA INTERITY
ICTNWK403: MANAGE NETWORK AND DATA INTERGITY
(Student’s Name)
(Institutional Affiliation)
(Date)
Manage Network and Data Integrity_1
MANAGE NETWORK AND DATA INTEGRITY 2
Executive summary
This audit report results to security audit of Comtech Company. The evaluation of
hardware and software has been conducted so as to identify weaknesses which can be misused
by attackers. The results of this security assessment audit report will lead to the implementation
of basic IT security within the organization.
Assessment 1: Project
Introduction
Comtech is an IT based company located in Melbourne. The company is involved in the
provision of professional IT services and support. The company has been operating since 2000
with various branches in Australia. The company has about twenty computers, two modems, and
two printers. As a system asset auditor, I will prepare an IT asset audit record for the company
which will comprise of a list of software and hardware.
Major security issues
The first line of defense for an organization is a firewall which has to be properly set with
separation between database servers and web servers known as DMZ network zone (Blanc &
Cotton, 2014).
List of hardware
Web-server
The security risk is very high considering the many web attacks. Some of the attacks
include SQL injections
Manage Network and Data Integrity_2
MANAGE NETWORK AND DATA INTEGRITY 3
DNS server
The security risk is very high as several IIS installation display very severe security
patches like MDAC RDS weaknesses, various ISAPI filters, and IIS/FrontPage extensions
vulnerabilities
Computers
The security risk is medium
Routers
The security risk is high due as routers sit in between a firewall and a switch.
Switches
The security risk is very low where logging is not implemented considering the limited switches
features.
SMTP server
The security risk is very high where malicious users or employees are able to send
unsolicited mail to 3rd parties using what is known as mail.Acme.com
SQL server
The security risk for this hardware is medium. An organization needs to remove all
employee users who are within the local admin group who don’t need to have the local admin
rights. One can also remove the built-in administrator group on the SL server (Odom, 2009).
List of software
File system software
The security risk is very high where the company is required not to allow world-writable
files particularly those owned by the root. One is also required to look for suspicious SGID and
Manage Network and Data Integrity_3
MANAGE NETWORK AND DATA INTEGRITY 4
SUID files. In addition, one is supposed to occasionally monitor the organization file system for
the various file types.
Windows operating system
The security risk is very high and one is supposed to always keep the Windows operating
system up to date on the latest security patches. In addition, an organization is required to
analyze the various file permissions and rights to make sure that the appropriate permissions are
applied (Kurose & Ross, 2016).
Anti-virus software
Kaspersky’s anti-virus software ought to be installed in both the windows server and all
the user computers. On the windows server, the anti-virus needs to be configured in such a way
that the server software is able to download the anti-virus definitions on a regular basis.
The recommended processes so as to prevent anti-virus problems
The organization need to run corporate standard
The company need to never open macros or any files attached to an email from untrusted,
suspicious or unknown sources
The company need to delete junk, spam, and chain email without forwarding, in with
Comtech Company
Always scan USB drives or any other external drive before opening it on both user
computers
The organization ought to periodically check lab anti-virus and the recommended
processes (CiscoNetworkingAcademy, 2014).
Network security policy
User account and password policies
Manage Network and Data Integrity_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Assignment | Cyber Security
|23
|2174
|14

Network Design Proposal for XYZ Retails
|15
|873
|395

Anti-Virus and NMAP Scans PDF
|10
|1148
|73

Visor Network Redesign Structure Analysis
|6
|689
|31

Assignment on Cyber Security 2022
|7
|712
|26

Security and Risk Management in Banking Industry
|12
|2320
|54