Identifying Potential malicious Attacks
Tiffany Kearse
Identifying Potential Malicious Attacks, Threats and Vulnerabilities
CIS/333
Robert Whale
November 2, 2014
With any network organization you want to make sure that you keep on top of vulnerabilities of anything that reaches out to the internet. Computers and servers that touch the internet are ones that must be scanned. As a company you have to make sure that you configure the security settings for the operating system, internet browser and security software. As a company you also want to set personal security policies for online behavior. There also needs to be an antivirus installed on the network like Norton or Symantec which blocks threats targeting the vulnerabilities. With the firewalls you want to configure them in the reputable internet security program to block unsolicited request communication. Email server needs to be sure that spam doesn’t get through the network. The ways that spam works is unwanted email messages get solicited to a large number of recipients.
Spam should be a major concern in your infrastructure since it can be used to deliver email which can include Trojan horses, viruses, worms’ spyware and targeted attacks aimed specifically in obtaining sensitive and personal identification information. Microsoft Outlook has some known security risks. However, “most of the security configurations would be set on the Exchange server and passed down to all client. With the organization running Windows 2008 domain controllers with an integrated Active Directory and an Exchange server for email functions, there are risks associated specifically to those types of operating systems. If you do not keep on top of the systems and do the necessary protocols, you may be at risk.
The security controls that I would consider implementing are physical computer security policies such as physical access controls, computer security management and policies, and contingency disaster and recovery plans and tests. For
Identifying Potential Malicious Attacks, Threats and Vulnerabilities
CIS/333
Robert Whale
November 2, 2014
With any network organization you want to make sure that you keep on top of vulnerabilities of anything that reaches out to the internet. Computers and servers that touch the internet are ones that must be scanned. As a company you have to make sure that you configure the security settings for the operating system, internet browser and security software. As a company you also want to set personal security policies for online behavior. There also needs to be an antivirus installed on the network like Norton or Symantec which blocks threats targeting the vulnerabilities. With the firewalls you want to configure them in the reputable internet security program to block unsolicited request communication. Email server needs to be sure that spam doesn’t get through the network. The ways that spam works is unwanted email messages get solicited to a large number of recipients.
Spam should be a major concern in your infrastructure since it can be used to deliver email which can include Trojan horses, viruses, worms’ spyware and targeted attacks aimed specifically in obtaining sensitive and personal identification information. Microsoft Outlook has some known security risks. However, “most of the security configurations would be set on the Exchange server and passed down to all client. With the organization running Windows 2008 domain controllers with an integrated Active Directory and an Exchange server for email functions, there are risks associated specifically to those types of operating systems. If you do not keep on top of the systems and do the necessary protocols, you may be at risk.
The security controls that I would consider implementing are physical computer security policies such as physical access controls, computer security management and policies, and contingency disaster and recovery plans and tests. For
References: Kim, D., & Solomon, M. (2013). Fundamentals of information systems security (2nd ed.). Sudbury, MA: Jones and Bartlett. http://malwarelist.net/2014/11/02/serious-vulnerability-in-sony-playstation-network/ http://www.syndicateinfo.com/data-loss-and-data-theft/