Network Security Assessment
VerifiedAdded on 2019/09/22
|9
|1749
|483
Report
AI Summary
The assignment content is about a Network Security Assessment that involves identifying vulnerabilities, threats, and weaknesses in a network. The assessment uses various tools and methods to collect information, including physical inventory, automated discovery/collection, and manual review. The findings indicate several security concerns, such as weak or default passwords, insecure wireless networks, and lack of encryption for data transfer over public and MPLS networks. Additionally, the report highlights issues with intrusion prevention systems (IPS) signatures not being active, no security device monitoring and log management software, and weak defenses at layer 2 switching network. The assessment provides recommendations to improve the network's overall security posture.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Network Security Assessment
Part – 1
Vulnerabilities Assessment
Part – 1
Vulnerabilities Assessment
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Introduction
The purpose of this document is to provide an overview of the areas of network security and
vulnerabilities of the network and the devices connected to the network.
This process involves performing an in depth threat and risk assessment on all the different areas
and network component to determine which of the areas are needed to be hardened for security.
This will be done by using various tools and methods for the assessment. The final report will be
including the areas which are needed to be hardened and what vulnerabilities are associated with
that system and what steps and measures are needed to be applied in order to remove or mitigate
such network security vulnerabilities.
Information Collection Techniques
The Network Security Assessment Team used the following information collection techniques
and tools to gain and collect information and understanding of the network and server
vulnerabilities:
Information was collected through physical inventory:
Hardware
Software
Data and information
The purpose of this document is to provide an overview of the areas of network security and
vulnerabilities of the network and the devices connected to the network.
This process involves performing an in depth threat and risk assessment on all the different areas
and network component to determine which of the areas are needed to be hardened for security.
This will be done by using various tools and methods for the assessment. The final report will be
including the areas which are needed to be hardened and what vulnerabilities are associated with
that system and what steps and measures are needed to be applied in order to remove or mitigate
such network security vulnerabilities.
Information Collection Techniques
The Network Security Assessment Team used the following information collection techniques
and tools to gain and collect information and understanding of the network and server
vulnerabilities:
Information was collected through physical inventory:
Hardware
Software
Data and information
The following automated discovery/collection tools were used on the servers to collect technical
information:
Network Mapper (NMAP)
Nessus Vulnerability Scanner
Personal observation
Manual inspection
Access control permissions
Wireless Leakage
Intrusion Detection testing
Firewall testing
Identification of potential threats that could adversely impact systems or data’s Confidentiality,
Integrity, and/or Availability (CIA).
Identification of vulnerabilities discovered
Estimation of the likelihood that threats would/could exploit identified vulnerabilities
Assess the impact to the systems and / or data’s CIA if a threat were to exploit a given
vulnerability.
Identification of ports and access open for non - authorized personal
Perimeter security check for firewall rules.
System checks for necessary protection software and unauthorized access
Policy for data protection
Terminology and Clarifications
information:
Network Mapper (NMAP)
Nessus Vulnerability Scanner
Personal observation
Manual inspection
Access control permissions
Wireless Leakage
Intrusion Detection testing
Firewall testing
Identification of potential threats that could adversely impact systems or data’s Confidentiality,
Integrity, and/or Availability (CIA).
Identification of vulnerabilities discovered
Estimation of the likelihood that threats would/could exploit identified vulnerabilities
Assess the impact to the systems and / or data’s CIA if a threat were to exploit a given
vulnerability.
Identification of ports and access open for non - authorized personal
Perimeter security check for firewall rules.
System checks for necessary protection software and unauthorized access
Policy for data protection
Terminology and Clarifications
The reports we have presented uses a variety of terms related to the field of cyber security.
The terms, listed below, are particularly important.
• Attack: A malicious act that attempts to collect, disrupt, deny, degrade or destroy information
system resources or the information itself.
• Incident: A security event that compromises the integrity, confidentiality, or availability of an
information asset.
• Breach: Compromise of security that leads to the accidental or unlawful destruction, loss,
alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise
processed.
• Disclosure: A breach for which it was confirmed that data was actually disclosed (not just
exposed) to an unauthorized party.
Findings and Analysis.
The terms, listed below, are particularly important.
• Attack: A malicious act that attempts to collect, disrupt, deny, degrade or destroy information
system resources or the information itself.
• Incident: A security event that compromises the integrity, confidentiality, or availability of an
information asset.
• Breach: Compromise of security that leads to the accidental or unlawful destruction, loss,
alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise
processed.
• Disclosure: A breach for which it was confirmed that data was actually disclosed (not just
exposed) to an unauthorized party.
Findings and Analysis.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Missing patches
After analysis of the systems found that the windows and other softwares did not have the latest
security patches installed. This is a severe vulnerability as an attacker or a rogue insider would
only need one old patch, or a missing patch on a server that has some flaws or which permits an
unauthenticated or unauthorized user or attacker to command prompt or other backdoor path into
the web or network environment. We surely need to be careful when applying patches to servers
this includes checking for patches in a timed manner or schedule but also not to apply patches
that are old. Like some patches are even 10 years old in some cases. This makes is a severe
vulnerability as the attacker would already know the problem, security issue or flaw with the
patch and it just makes it easy for him in order to attack the system as the knowledge of the
outdated system is openly available and common knowledge among the security personals.
There are too many incidents and attacks which occur due to the advantage and criminal hackers
and cyber criminals take for the exploit on an unprotected and outdated unpatched system.
Misconfigured firewall rules and policies.
After analyzing the network requirements and the public servers. And then evaluating the policy
for the firewall, found that Firewall was not properly configured for the rules that should be
present as per the network requirements for securing the inside network. As the firewall had
misconfigured for rules that should have been updated as per new network requirements time to
time. As it had some rules that would not be able to stop the traffic coming from the outside or
external network because it had been allowed by the firewall and there were no policies to stop
unwanted traffic which may cause an unauthorized personal to access the internal network by
After analysis of the systems found that the windows and other softwares did not have the latest
security patches installed. This is a severe vulnerability as an attacker or a rogue insider would
only need one old patch, or a missing patch on a server that has some flaws or which permits an
unauthenticated or unauthorized user or attacker to command prompt or other backdoor path into
the web or network environment. We surely need to be careful when applying patches to servers
this includes checking for patches in a timed manner or schedule but also not to apply patches
that are old. Like some patches are even 10 years old in some cases. This makes is a severe
vulnerability as the attacker would already know the problem, security issue or flaw with the
patch and it just makes it easy for him in order to attack the system as the knowledge of the
outdated system is openly available and common knowledge among the security personals.
There are too many incidents and attacks which occur due to the advantage and criminal hackers
and cyber criminals take for the exploit on an unprotected and outdated unpatched system.
Misconfigured firewall rules and policies.
After analyzing the network requirements and the public servers. And then evaluating the policy
for the firewall, found that Firewall was not properly configured for the rules that should be
present as per the network requirements for securing the inside network. As the firewall had
misconfigured for rules that should have been updated as per new network requirements time to
time. As it had some rules that would not be able to stop the traffic coming from the outside or
external network because it had been allowed by the firewall and there were no policies to stop
unwanted traffic which may cause an unauthorized personal to access the internal network by
those ports and policies which should have been blocked by the firewall. And the servers were
not protected as anyone could have taken control of the servers by remotely accessing the server
by those unwanted open ports.
Open USB access on ports.
This is serious concern as USB ports should be block as it can cause unwanted an malicious
software to be installed or infect the system with virus. This may then lead to damage or leak of
the exclusive and confidential information. The rogue inside user may also use these ports to
plant a malicious virus or software that may trigger unwanted traffic and corrupt other nearby
systems which are present on the network. USB drives are also one of the most common ways
and techniques by which a network can get infected from inside a firewall.
Weak or default passwords
Passwords are the first line of defense against an attacker as it stops the attacker or unauthorized
personal to administer the device or system. The weak or default passwords which are easy to
guess can cause serious damage as the user can have unlimited access to the device by logging in
to the device and can manipulate any security policy or steal any data. The password must be
kept secret and should be according to the password policy for example containing alphanumeric
and special characters. On servers it may cause even more damage as systems or servers are
susceptible to attacks like SQL injections, Dictionary attacks and Brute force attacks
Insecure Wireless Network
not protected as anyone could have taken control of the servers by remotely accessing the server
by those unwanted open ports.
Open USB access on ports.
This is serious concern as USB ports should be block as it can cause unwanted an malicious
software to be installed or infect the system with virus. This may then lead to damage or leak of
the exclusive and confidential information. The rogue inside user may also use these ports to
plant a malicious virus or software that may trigger unwanted traffic and corrupt other nearby
systems which are present on the network. USB drives are also one of the most common ways
and techniques by which a network can get infected from inside a firewall.
Weak or default passwords
Passwords are the first line of defense against an attacker as it stops the attacker or unauthorized
personal to administer the device or system. The weak or default passwords which are easy to
guess can cause serious damage as the user can have unlimited access to the device by logging in
to the device and can manipulate any security policy or steal any data. The password must be
kept secret and should be according to the password policy for example containing alphanumeric
and special characters. On servers it may cause even more damage as systems or servers are
susceptible to attacks like SQL injections, Dictionary attacks and Brute force attacks
Insecure Wireless Network
After analysis found that the wireless network is not secure and has many flaws and
vulnerabilities that are susceptible to attacks, which can lead to access the network by the
attacker. This may also lead to network access without proper authentication and may cause the
other devices on the network to get infected. The wireless network was configured for WEP
which is not secure as per today's technology. The attackers’ only need to guess or determine the
WEP key associated with the wireless controller and can lead to network access as this process
can be done in seconds. Once the attacker or unauthorized personal had determined the WEP
key, he can get into the network not only can effect or attack others but will be able to monitor
the traffic or can take advantage and get the administrator's role and change current settings
which may disrupt the whole network. There were also Rogue access points which were detected
in the network, a rogue access point is the wireless access point which installed without any
explicit permission or authorization of the member of network administration team. It creates the
potential for various attacks like the man in the middle attack where the security of a network has
breached. To avoid the installation of the rogue access points, the network administration team
monitors the network for the newly installed access points with the help of wireless intrusion
prevention system (IPS) which will help detect changes in a radio spectrum which indicate the if
any new access point is operational and installed. Most of these systems will take automatic
countermeasures by identifying a rogue and redirecting the traffic away from that.
Intrusion Prevention System (IPS) Signatures not Active.
vulnerabilities that are susceptible to attacks, which can lead to access the network by the
attacker. This may also lead to network access without proper authentication and may cause the
other devices on the network to get infected. The wireless network was configured for WEP
which is not secure as per today's technology. The attackers’ only need to guess or determine the
WEP key associated with the wireless controller and can lead to network access as this process
can be done in seconds. Once the attacker or unauthorized personal had determined the WEP
key, he can get into the network not only can effect or attack others but will be able to monitor
the traffic or can take advantage and get the administrator's role and change current settings
which may disrupt the whole network. There were also Rogue access points which were detected
in the network, a rogue access point is the wireless access point which installed without any
explicit permission or authorization of the member of network administration team. It creates the
potential for various attacks like the man in the middle attack where the security of a network has
breached. To avoid the installation of the rogue access points, the network administration team
monitors the network for the newly installed access points with the help of wireless intrusion
prevention system (IPS) which will help detect changes in a radio spectrum which indicate the if
any new access point is operational and installed. Most of these systems will take automatic
countermeasures by identifying a rogue and redirecting the traffic away from that.
Intrusion Prevention System (IPS) Signatures not Active.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Found that the IPS was not configured for some of the new types of attacks and hence was not
able to detect attacks and network intrusions. There were no signatures present in the database as
the IPS had not been updated in a long time and was not being monitored properly for new
attacks and intrusions. Also some of the important and severe attack signatures are disabled and
may lead to passing of attacks undetected.
Insecure DATA flow over Public and MPLS network
The DATA transfer over the MPLS connections between sites at different locations was mot
encrypted and the data was plain text. Hence can be viewed by anyone. This may lead to a
successful man in the middle attack, if the attacker gains access to the data traffic he will be able
to view all the files and data which is transmitted as well as received. And the data flow over the
Public Internet via VPN was using a very basic encryption which is susceptible to brute force
and key guess attacks and can easily be decrypted. Also there were no hashing mechanisms to
ensure integrity of the DATA over the network. The DATA if changed may will not dropped and
will be accepted as good data but in reality the data will be changed and will cause loss of
information moreover wrong information and corruption of DATA.
No Security Device Monitoring and log management software
The company network lacks a security monitoring device and workstation equipped with
monitoring tools to collect and gather data from the network to provide a platform for quick
assistance and countermeasure if any security breach is detected by the security devices.
Currently the systems have to be logged in separately to ensure the proper working and to detect
the anomaly in the network. There are no SNMP management stations to show the status of the
devices connected to the network to provide real-time monitoring.
able to detect attacks and network intrusions. There were no signatures present in the database as
the IPS had not been updated in a long time and was not being monitored properly for new
attacks and intrusions. Also some of the important and severe attack signatures are disabled and
may lead to passing of attacks undetected.
Insecure DATA flow over Public and MPLS network
The DATA transfer over the MPLS connections between sites at different locations was mot
encrypted and the data was plain text. Hence can be viewed by anyone. This may lead to a
successful man in the middle attack, if the attacker gains access to the data traffic he will be able
to view all the files and data which is transmitted as well as received. And the data flow over the
Public Internet via VPN was using a very basic encryption which is susceptible to brute force
and key guess attacks and can easily be decrypted. Also there were no hashing mechanisms to
ensure integrity of the DATA over the network. The DATA if changed may will not dropped and
will be accepted as good data but in reality the data will be changed and will cause loss of
information moreover wrong information and corruption of DATA.
No Security Device Monitoring and log management software
The company network lacks a security monitoring device and workstation equipped with
monitoring tools to collect and gather data from the network to provide a platform for quick
assistance and countermeasure if any security breach is detected by the security devices.
Currently the systems have to be logged in separately to ensure the proper working and to detect
the anomaly in the network. There are no SNMP management stations to show the status of the
devices connected to the network to provide real-time monitoring.
Weak Defenses as Layer 2 switching network
The network security at the layer 2 or LAN switching level is not secured with appropriate
security measure such as PORT Security, Authentication of PC’s by 802.1x authentication to
provide network access to the device. The devices are capable and have this feature and it is
recommenced to configures such defences to avoid unauthorized network access to the user with
the use of authentication.
The network security at the layer 2 or LAN switching level is not secured with appropriate
security measure such as PORT Security, Authentication of PC’s by 802.1x authentication to
provide network access to the device. The devices are capable and have this feature and it is
recommenced to configures such defences to avoid unauthorized network access to the user with
the use of authentication.
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.