Question Details

[solution] »

I need your help.

Attached is the requirements of my assignment (Assignment 2).  This assig

Brief item decscription

Answer Download

Item details:

I need your help.

Attached is the requirements of my assignment (Assignment 2).  This assignment is based on the findings that I found in Assignment 1, which is attached as well.  Assignment 1, which is attached, lists the findings and in Assignment 2 I'm supposed to provide more details regarding mitigating the potential risk, response and recovery.

Running head: IDENTIFYING RISKS Identifying Potential Malicious Attacks, Threats, and Vulnerabilities


Ashley M. Davis


Strayer University


Dr. Michael Cianciotta


CIS333: Network Security Fundamentals


August 2, 2016 1 IDENTIFYING RISKS 2 Identifying Potential Malicious Attacks, Threats, and Vulnerabilities




The demand for information security is always real. As long as there is data or hardware


hosting that data, there will be a need to secure it. This security varies from program to protocol


suites protecting from each side of access to this data. Identifying potential malicious attacks,


threats, and vulnerabilities can be like searching for a needle in a haystack. As an Information


Security Engineer for a videogame development company, the first task with the organization is


to identify and draft a report identifying potential malicious attacks, threats, and vulnerabilities.


In this informative look three (3) specific potential malicious attacks and/or threats will be


analyzed that could be carried out against the network and organization; detailed potential impact


of the three (3) selected malicious attacks will be explained; the security controls that I would


consider implementing in order to protect against the selected potential malicious attacks will be


proposed; and three (3) potential concerns for data loss and data theft that may exist in the


documented network will be analyzed. Let?s begin with analyzing the network for specific


malicious threats.


Analysis of Specific Malicious Threats


In analyzing specific potential malicious attacks, threats, and vulnerabilities on the


diagram network of this organization, a few things become obvious as an Information Security


Engineer. Without knowing the configuration that exists on these network servers and devices,


the possibility of potential threats can be speculated. In this network diagram the Wireless


Access Point should have data encryption running on it. The Web and FTP servers should have


FTP and IIS running over SSL on them, and there should be an Intrusion Protection System (IPS)


running on this network. In addition, there should also be SSL/TLS running on the Email Server


as well.


Without encryption, the Wireless Access Point transmits clear text over open air ways


rendering data available to everyone in the vicinity of that access point. This is the default IDENTIFYING RISKS 3 configuration of the Wireless Access Point and should be configured for wireless encryption to


remove that vulnerability. Most of the new wireless access points have the new encryption


standard, which is WEP2 [Cas]. This standard is the second generation of Wired Equivalency


Privacy. It was found that the first generation was able to be cracked in less than a minute [Cas].


This new standard uses the Advanced Encryption Standard, which is AES [Cas].


Intrusion Detection Systems are systems that monitor, analyze and report occurring


attacks on computer networks [Jad12]. It analyzes whole packets while looking for known


events based on log messages. Although it exposes possible vulnerabilities and threats, it still


leaves the potential for those vulnerabilities to become attacks, because it does not perform any


actions to mitigate those vulnerabilities. All findings must be manually mitigated in order to


avoid conceivable attacks. The error in this as it pertains to an IDS is that Information Security


Engineers may view the logs too late and the attack may have already begun. A denial of service


(DoS) attack may be an example of an attack that need immediate attention. Denial of Service


attacks may have already occurred because there have been no actions done to prevent the attack.


This denial of service attack prevents authorized users from accessing a resources temporarily or


permanently (Kim & Solomon, 2014). That?s why having an Intrusion Prevention System (IPS)


in place is a better solution.


The FTP server needs SSL or SSH to secure connections (SRT, n.d.). FTP by itself


utilizes an authentication method between client and server. However, after the authentication is


successful, through a series of synchronized commands controlled by the Command


Connection/Control Connection, a common port is established called the data connection,


whereby files are transferred (SRT, n.d.). When this connection is made it is vulnerable to a


man-in-the-middle attacker, where an attacker can intercept messages between the client and the


server before allowing then to go to the intended destination [Kim14]. In order to secure this, we IDENTIFYING RISKS 4 must apply SSL. Over the years, extensions have been included, allowing secure connections for


FTP. Those secure connections include industry standard 2048 bit TLS?an upgrade of the


previous 1024 bit SSL version (SRT, n.d.). This allows encryption for both the Control and Data


Connections to both man-in-the-middle attackers (SRT, n.d.).


The Web server also needs to be secure on the internet. The calamity in utilizing a web


server opens up denials of service (DoS) and distributed denials of service (DDoS). The DDoS


attack is where a hacker can install tools or agents on hosts [McD13]. This tool or agent to a


master that communicates with a number of possible agents the exist across the network


[McD13]. These agents will eventually attack a specific host or service to bring it down. SSL


and SSH are a complement to one another, as they securely connect client and server and


transmit individual messages securely, they do not prevent DoS and DDoS attacks. According to, ?there are no effective ways to prevent being the victim of a DoS or DDoS attack


[McD13].? However, there are things that can be done to lessen the vulnerability of attack: 1)


Install and maintain anti-virus software, 2) Install a firewall, and configure it restricting inbound


and outbound traffic, and 3) follow best practices for distributing your email address [McD13].


Also, applying email filters will help in the management of unsolicited traffic [McD13].




In conclusion, it must be declared that there are many other possibilities of security flaws


in the network diagram, but three have been identified along with the detail of their effect, along


with how the finding can be mitigated with a fix to eliminate or reduced the vulnerability. Along


with having a remedy or mitigation, identifying risks is a one-time occurrence, but it is a 24-7


mission that does not stop with couple finding per device. What is found today is only for today.


There might be something else found with the same device tomorrow. IDENTIFYING RISKS 5 References


Casey, B. (2015). Top 3 Wi-Fi Security Vulnerabilities. Technopedia. Retrieved from


Jadiodoleslamy, H. (2012). Weakness, vulnerabilities, and elusion strategies against intrusion


detection systems. International Journal of Computer Science & Engineering Survey, 3,


16. doi:10.5121/ijcses.2012.3402


Kim, D. & Solomon, M. (2014). Fundamentals of Information Systems Security: Second Edition.


Burlington, MA: Jones & Bartlett Learning.


McDowell, M. (2013). Security tip (ST04-015): Understanding denial-of-service attacks. USCERT. Retrieved from


SRT. (n.d.). What?s the Difference? FTP, SFTP, and FTP/S. Retrieved from




Notice: Undefined index: payment_status in /home/aceyourh/ on line 248

About this question:

This question was answered on: Oct 14, 2020

PRICE: $20 (18.37 KB)

Buy this answer for only: $20

This attachment is locked

We have a ready expert answer for this paper which you can use for in-depth understanding, research editing or paraphrasing. You can buy it or order for a fresh, original and plagiarism-free copy (Deadline assured. Flexible pricing. TurnItIn Report provided)

Pay using PayPal (No PayPal account Required) or your credit card. All your purchases are securely protected by PayPal.

Notice: Undefined variable: ip_country in /home/aceyourh/ on line 456

Need a similar solution fast, written anew from scratch? Place your own custom order

We have top-notch tutors who can help you with your essay at a reasonable cost and then you can simply use that essay as a template to build your own arguments. This we believe is a better way of understanding a problem and makes use of the efficiency of time of the student. New solution orders are original solutions and precise to your writing instruction requirements. Place a New Order using the button below.

Order Now