Mini-Case 1 - Bellmont State Bank
Mini-Case 1: Belmont State Bank – Chapter 11
Risk Assessment
Belmont State Bank, with their current computer system is virtually wide open for an attack from external or internal sources because of their password requirements. That is the first thing that jumped out when reading the scenario. This is probably the easiest type of password there is to crack. And if not the easiest, it is certainly one of the easiest. It would probably take less than one minute for even an inexperienced hacker to crack a four (4) digit numeric password. Belmont State Bank should require at least a 6 to 8 digit password containing upper-case and lower-case letters, at least 1 number, and at least 1 special character. (Vanin, 2012)
The next concern is the dial-up network that causes significant alarm when concerned with the security of the networks. There are severe limitations to the security of dial-up networking. In today’s security processes it either requires excessive time in terms of hours to download the updates provided by AV vendors. It is much more difficult to have an effective firewall in place because the dial-up services are very unlikely to be routed through a router. A dial-up connection is generally exposed to the world once the connection to the Internet is complete. Finally, if there is an infection with the dial-up device it is usually very much more difficult to detect and clean than a broadband device. (Morales, 2006)
The potential problems of the Multi-vendor networks comes into play with the Banks use of the variety of client computers and ATM they have in service. Is there really a problem with security when using or including a variety of vendor’s equipment, computers, servers, routers, etc., in the network? There may not be a problem but it must be considered in any risk assessment. The following questions need to be considered when choosing between multi-vendor or single vendor networks:
1. How important is having a single vendor to your
Risk Assessment
Belmont State Bank, with their current computer system is virtually wide open for an attack from external or internal sources because of their password requirements. That is the first thing that jumped out when reading the scenario. This is probably the easiest type of password there is to crack. And if not the easiest, it is certainly one of the easiest. It would probably take less than one minute for even an inexperienced hacker to crack a four (4) digit numeric password. Belmont State Bank should require at least a 6 to 8 digit password containing upper-case and lower-case letters, at least 1 number, and at least 1 special character. (Vanin, 2012)
The next concern is the dial-up network that causes significant alarm when concerned with the security of the networks. There are severe limitations to the security of dial-up networking. In today’s security processes it either requires excessive time in terms of hours to download the updates provided by AV vendors. It is much more difficult to have an effective firewall in place because the dial-up services are very unlikely to be routed through a router. A dial-up connection is generally exposed to the world once the connection to the Internet is complete. Finally, if there is an infection with the dial-up device it is usually very much more difficult to detect and clean than a broadband device. (Morales, 2006)
The potential problems of the Multi-vendor networks comes into play with the Banks use of the variety of client computers and ATM they have in service. Is there really a problem with security when using or including a variety of vendor’s equipment, computers, servers, routers, etc., in the network? There may not be a problem but it must be considered in any risk assessment. The following questions need to be considered when choosing between multi-vendor or single vendor networks:
1. How important is having a single vendor to your
References: Cisco. (n.d.). Switches. Retrieved October 21, 2012, from Cisco.com: http://www.cisco.com/en/US/products/hw/switches/index.html?POSITION=SEM&COUNTRY_SITE=us&CAMPAIGN=HN&CREATIVE=Network+Systems+-+Brand_Switches&REFERRING_SITE=Google&KEYWORD=cisco+switches_B|mkwid_s34pgdBcJ_15869791875_0v0xx7y7d0 Dataprobe. (n.d.). Automatic and Remote Controlled A/B Switches. Retrieved October 21, 2012, from Dataprobe.com: http://dataprobe.com/redundancy_switch.html?source=googleAB&gclid=CJGi6LKNk7MCFUqoPAodxFoA4g Optics, A. (n.d.). Your Cisco GBIC SFP XFP XENPAK Source. Retrieved October 21, 2012, from ADVANTAGE OPTICS: http://www.advantageoptics.com/