Identifying Potential Risk, Response, Recovery

In this paper I extradite just been hired as an Information Security Engineer for a video game development comp all. I have previously place all of the say-so Threats, Vulnerabilities and Malicious Attacks for the videogame development confederacy. The CIO have reviewed my report and has at a time requested that I draft a report analyzing and assessing whatsoever potential Malicious Attacks, Vulnerabilities and Threats that may be carried out against the callers interlocking. I go out then choose a strategy for dealing with put on the line, such(prenominal) as easing, assignment, essay and avoidance.Next I impart develop controls that bequeath be engagementd to mitigate each risk. without delay lets beget by discourseing the threat of the Web/ FTP emcee, some servers, or hosts, must be open to the internet. Web servers atomic number 18 examples of such hosts. You motive whatsoever officer to be able to rag your web server- but you foolt want everyone to be a ble to get to your internal network (Fundamentals of Information Systems Security). The simple solution for this is just to isolate the host that is connected to the internet from the internal networks and then create a demilitarized zone.The risk mitigation for the Web/FTP, the FTP is very useful for working with remote corpses, or to move sends between systems. On the different hand the use of FTP across the internet or other untrusted networks, exposes you to certain protection risk. Your mark authority scheme might not provide enough auspices when you accept the FTP on your system. The next risk for FTP is a hacker ignore mount a denial of service onrush with your FTP server to disable user pro accommodate (FTP Security). This is usually take by repeatedly toilsome to logging on with the incorrect countersignature for a user pro commit, generally until the profile is disabled.This kind of attack will disable the profile if it reached the maximum sign on count of th ree. If the company use a FTP server logon exit program to forswear logon requests by any system user profile and those user profiles that the company designate will not be holded FTP access. Now we will discuss the NIDS, the primary purpose of a network-based intrusion detection system is to identify attackers trying to expose vulnerable network services. The NIDS bear respond to the attack or alert personnel, who can take the necessary and take a fl commit actions for this type of attack.NIDS allows administrator to respond to attacks with actions appropriate to their security policy. To properly discerp false alarm reduction strategies, it is necessary to quantify risk and the NIDS region in risk reduction. The NIDS uses two formulas, one formula assumes that risk is near equivalent to single loss expectancy. This formula for this quantification is SLE= (Asset Value x Exposure Factor) (Fundamentals of Information Systems Security). The next formula states that risk is equa l to ikon multiplied by threat. Risk= Exposure x Threat.This equation determines threat and the type of threat. For example on that point are threats of port scans, automated scans and sweeps, self-discipline of Service and Service attacks and compromises. Now we will move on to Windows 2008 supple Directory Domain Controllers (DC), because domain controllers provide critical services to their clients, it is crucial to pick at the risk of any disruption of these services that may be caused by malicious attacks. Antivirus Software can be used to mitigate the risk of malicious attacks in Windows 2008 Active Directory Domain Controllers.Make sure that you verify the antivirus package you select is confirmed to be compatible with your domain controllers. Do not use domain controller systems as general workstations. another(prenominal) way to prevent malicious attacks on domain controller systems is to not allow users to use domain controllers to surf the web or to perform any othe r activities that can allow the introduction of malicious code. Only allow browsing on sites that are known to be safe, this will be did strictly for the purpose of supporting server operation and maintenance.Another practice to bring through in mind is to make sure that all of the companys files, including the shared ones, should be ran against a virus scanning packet. This bring me to the file servers, have the potential to receive different viruses such as worms, trojan horse horses and logic bombs. To allow an end user to upload files to your website, is like porta another door for a malicious user to compromise your server (acunetix. com). File uploads are permitted in social network applications. File uploads are also allowed with blogging, e-banking sites and you tube.All of these network sites allow users the opportunity to efficiently share files with merged employees. Users are allowed to share files with corporate employees, through uploaded videos, pictures, avatars and many other types of files. The silk hat way to prevent malicious attacks through the companys file servers is to make sure that the file that is being uploaded is validated. This will prevent a hacker from uploading files with malicious codes that can lead to a server compromise. Another way to prevent a malicious attack on the file server is for the company to block all dangerous extensions.In cases like this, there would be a blacklist, the list will show the dangerous extensions and there access will be denied if the extension of file they are trying to upload is on this list. The stovepipe practices to follow when uploading files onto websites and web applications. The first risk mitigation in a file server is to estimate the coat of programs, files, and transaction. Then you will need to prevent deviation in size of it of the files as well as the amount of users that have access to the files. Now we will move forward the Wireless access point (WAP), this is the inter- group communication between a wired and radio receiver network.This is also a tuner security protocol designed to address and fix the known security issues in WEP. WAPs are radios, sending and receiving networking information over the air between wireless devices and the wired network wireless (Fundamentals of Information Systems Security). The best way to prevent malicious attacks on a WAP is to increase security. without delay WPA provides users with a higher level of assurance that their data will dwell protected by using Temporal Key Integrity protocol for data encryption.If the data is not encrypted then it is considered as fair game, because it would be very easy for anyone that have access to a radio to access this data. The mitigation risk for a Wireless access point is to make sure your engine room is updated. Failure to upgrade to newer, more advanced technologies could potentially impact productivity and lead to significant downtime, security vulnerabilities, and non -compliance issues. Older wireless technology do not support new features and functions that are proving to be so valuable.Next you will need to choose the right carrier, ensuring information is bulletproof within the supply chain, complying with all the latest government and retailer mandates and taking advantage of all the latest features and functions to save time and money can seem like a daunting task ( Wireless technology Migration Mitigating risk and increasing supply chain efficiency). Now we will discuss the 100- Desktop/Laptop computers, both of these computers are subject to viruses such as worms, hoaxes, Trojans and other security vulnerabilities.The best way to prevent these from occurring is to install and use a firewall. Always make sure you are installing and modify the latest critical security software. Add a virus software scanner, to allow the software to scan your computer for potential viruses. Next we will discuss the VOIP telephone system, this is one of th e newest technologies that is being rapidly embraced by the market place as an alternative to the traditional public switched telephone network. The malicious attacks that can occur with this system is denial of service, impersonation or spoofing or tollfraud.The best way to prevent this from happening is to add port security, lake herring secure access control server, DHCP Snooping, Cisco firewall solutions and intrusion prevention. Data get across can also be used to protect the voice duty over the wireless LANs. The risk mitigation for desktop/ laptop computer is as followed is to target malware with automated defenses. One of the first line of defenses for any PC or laptop is to block or eliminate viruses, worms, spyware, and other malware, including Trojan downloaders and keystroke loggers, both on endpoints and at the gateway.Deploy anti-malware and filtering software for all telecommunicate gateways, to prevent malware and spam from ever reaching the PCs. Next you would want to patch your vulnerabilities as quickly as possible, create a news to access your PC or laptop. To really maximize security in a minimal amount of time, as part of the acceptable use policy, prohibit users from installing unauthorized software on PCs or laptops (10 Ways to mitigate your security risk).