Vulnerability Assessment Planning
For this assignment, you will need to develop a vulnerability assessment plan. The concepts needed to complete this assignment are found in your reading assignment and in the unit lesson, but you can draw on all of the lessons thus far in this course.
Choose one of the following businesses:
• e-commerce retailer,
• a retailer with his/her own credit card,
• a money transfer/loan company, or
• a personal prescription/medical supply home delivery service.
Be sure that you address the following in your plan:
1. Provide a list of at least five different hosts pertinent to the business that you chose.
2. For each host chosen, describe how it will be assessed and what threats to the host are being assessed. (Also, describe the circumstances surrounding the threats, such as when and how often).
3. Explain your reasoning for choosing a specific assessment for each host.
4. Describe the format that your vulnerability assessment plan would be delivered in, and describe who will receive and review the results.
Host Hardening
As Boyle and Panko (2015) note, "any device with an IP address is a host" (p. 365). Of course, this means any device with an IP address can be on the network and can be affected by malware. Our vulnerable hosts include workstations, clients, servers, routers, and firewalls. Host hardening refers to the practices IT security takes to protect various hosts. The problem is that how you protect these hosts is different depending on the host. There are some basic rules that apply to almost any device or software though. These rules include the following:
• keep up to date with regards to vendor updates, patches, and service packs;
• back up your server and database hosts;
• follow best practices with regards to access control;
• encrypt sensitive data; and
• keep an eye on your audit logs for suspicious activity.
Another topic that has not been discussed thus far involves the use of security baselines. How will you know that something is amiss on a server if you do not know what was occurring yesterday or last week? Baselines are the norm when dealing with performance issues. Using baselines in this manner will help you diagnose why your database has slowed. In the area of security, baselines can help you make sure you have the correct security settings.
As you can imagine, it is up to IT professionals to determine potential vulnerabilities within organizations. Vulnerabilities tend to be associated with weaknesses in applications or software, but the term can be used to describe any weakness in systems or hosts on the network. The patches that we have read about here on numerous occasions can fix vulnerabilities. Service packs are used as patches for database servers.
Another hardening tactic is to make sure that your users and groups are managed correctly. In Windows servers, there are users and groups. Only appropriate active directory accounts should be added to the administrator group. This also ties in with allowing users only the access they need and assigning appropriate permissions. So, not only are there database permissions, there are also Windows permissions. This applies to other operating systems such as Unix as well. As mentioned previously, organizationshave a strong password policy. This is also part of hardening the hosts.
Title
Periodically, IT professionals need to test for vulnerabilities. This is because it is hard to make sure that you have every protection covered. Testing for vulnerabilities is just another way to protect your systems. For example, there vulnerability testing software is available. When the IT professional installs this software on a server, it will run calculated attacks against the chosen servers and then provide reports of the results. The IT professional can then review the report and correct the vulnerabilities. This is definitely a topic for more advanced understanding.
Beyond vulnerability testing, an IT security manager must deal with other important areas. One example involves the creation of an intrusion response process. The first step is detection. We have discussed intrusion detection systems (IDS) earlier in this course. According to Boyle and Panko (2015), IDS is "software and hardware that captures suspicious network and host activity data in event logs" (p. 548). This means that someone has to be looking at the logs and receiving alerts. If an organization does detect an intrusion, what is the process for handling the incident? The IT security person must analyze the event first. Is it really an intrusion? If so, then the intrusion must be handled.
What exactly does handling an incident mean? It really depends on the intrusion, but the IT manager and professionals should have procedures in place for handling detected intrusions. Is the intruder still poking around or are they long gone with valuable, sensitive data? The remedy depends on many factors. It is important to note that part of incident response involves a list of people to notify. There is also a business continuity consideration. What if the incident involves an attack that could cause the system to grind to a halt? Imagine if your business involves a power company, an oil refinery, or a nuclear plant! Even something that seems odd may be a potential cause for concern.
Business continuity involves planning for potential disruptions in business. Therefore, part of incident response may very well involve notification of a business continuity team for evaluation. Disaster recovery (DR) is part of business continuity. If something happens, regardless of what it is, then we need to be able to recover the data. This could be an attack by hackers, or something as simple as a malfunctioning server. Regardless, we need to be able to "failover" our servers to our DR servers. This is all under the umbrella of business continuity.
It should also be mentioned that one of the benefits of business continuity management (BCM) is the fact that under disaster conditions, people cannot be expected to think clearly. Organizations should have a plan for dealing with emergencies. The first concern is employee safety; but, in an IT emergency, we do not have to worry about employee safety. The next step in our plan is to communicate with the business and to consult with our plan that is designed to ensure that business continues and that there is minimal business loss. It is very important that all of this information is stored in a safe place so that any person who is deemed responsible can get access to the call list.
As you can see, in this course, we start with concepts at a granular level and build on them so that you can see the end result, which involves protecting stakeholders and the business itself. All of these concepts are interrelated and serve to provide for a more secure corporate environment.
Reference
Boyle, R. J., & Panko, R. R. (2015). Corporate computer security (4th ed.). Upper Saddle River, NJ: Pearson.