Pssst… we can write an original essay just for you.
Any subject. Any type of essay.
We’ll even meet a 3-hour deadline.Get your price
121 writers online
The current risk assessment for GFI’s network architecture and control measures has left the network in a highly exposed state. The network does not have the ability to monitor and filter the network traffic, thus making network devices and data open to attacks such as malware, denial of services (DoS) and packet sniffing. These are the recommendations are being made to harden the network and mitigate risk.
The risk assessment will also have recommendations for improving security, identifying the source of intrusions, reducing network latency, the implementation of personal mobile devices, security complications over a wireless network, and cloud computing security.
Global Finance, Inc. (GFI) is a financial company that manages accounts across Canada, the United States, and Mexico. GFI specializes in financial management, loan application approval, wholesale loan processing, and investment of money management for their customers. In 2013, there was an attack that resulted in the breach of the oracle database and the follow up virus attacked that shut down key IT functions this resulted in customers losing their confidentiality and integrity in GFI. GFI ended up paying their clients a large sum of money because of the loss of data confidentiality.
In 2014, another attack happened that affected GFI’s network for seven days, Oracle and email severs were shut down. From this attack the company love $1,700,00 and the faith of the customers data being protected. Another incident that happened was a financial consultant working for GFI left his laptop unattended and it was stolen. The laptop contained client’s financials and the company had to pay out to their clients for damages. In 2015, a lap top was found with network sniffer software under a desk. From the number of cyber-attacks that GFI is a company that needs an increase of information security maturity not only for their network but for the employees to be educated about protecting their work belongings as well.
The plan is to examine GFI’s current network that connects the various departments, allows remote connections from satellite offices and connects the network with the internal trusted computing base (TCB) network. Then to create a risk assessment that will include recommendations for improving security, identifying the source of intrusions, reducing network latency, the implementation of personal mobile devices, security complications over a wireless network, and cloud computing security.
The National Institute of Standards and Technology (NIST) SP 800-30 was used to develop the risk assessment framework to identify, evaluate and mitigate risk posed to GFI’s information security that affects the confidentiality, integrity and availability of its information. In the National Institute of Standards and Technology Special Publication 800-30 (2012) it is stated that: The NIST model has a 4-step process for their risk management process, the steps are listed below with an explanation.
The first component purpose is to produce a risk management strategy that addresses how organizations intend to assess risk, respond to risk, and monitor risk. The risk management strategy establishes a foundation for managing risk and delineates the boundaries for risk-based decisions within organizations. The purpose of the risk assessment component is to identify threats to organizations, vulnerabilities internal and external to organizations, and potential threats that could exploit vulnerabilities. The purpose of the risk response component is to provide a response to risk in accordance with the organizational risk frame by developing alternative plan of action for responding to risk.
The purpose of the risk monitoring component is to verify that planned risk responses are implemented, and information security requirements derived from and traceable to organizational missions/business functions, federal legislation, directives, regulations, policies, standards, and guidelines are satisfied. (p. 4)DataData was collected to have a more accurate view of GFI’s IT architecture, identify past, current and possible threats. To conduct a business impact analysis more information was collected to determine the effect of how certain Information was collected prior to the analysis and assessment phase however further information was conducted throughout the process to refine information or expand on requirements.
Qualitative and quantitative questionnaires were sent out to team leaders through-out the company to prioritize current operations and identify possible risks. Detailed questionnaires were sent out for further information. Additional questionnaires were sent to all employees within the organization to have a deeper understanding of the organization. Interviews of key leadership, identified key team personnel and personnel identified through questionnaires was conducted throughout the process. (Harris, 2013) Review of Cyber-attacksA review of past and current documents was conducted to include reviews of past security breaches such as the 2013 Oracle database attack, 2014 network attack and loss of company property, 2015 breach of security, and IT security logs.
GFI’s current network infrastructure is as stated in the following:
Based on data collection, past attacks are from outside hackers are a big threat to GFI. If a hacker is determined to steal information for financial gain information to be sold or to commit fraud. Possible attacks a hacker could do on the company are sniffing, malware, phishing, Dos attacks, MITM
Network Topology Perimeter Traffic. At GFI there are no methods being used to secure the perimeter of the network from untrusted network traffic such as traffic from the unsecure internet. Network devices such as the border (core) routers and distribution routers remain unsecure in an unprotected state. This exposes the routers and the network to attack vectors. Logical Segregation. The network topology does not currently support a high level of logical separation or logical grouping of devices. A high level of unfiltered internal network traffic results in devices within the network being on even levels of access. Being on even levels give untrusted devices access more trusted areas of the network. TCB Access. Though the TCB remains on a physically separated subnet, there is currently no means to filter or control incoming and outgoing network traffic to the TCB. This exposes every component within the TCB to include the critical Oracle database to possible outside attacks and also from unauthorized access from other entities within the network.
The VPN Gateway device is located on the border of the network topology and is open leaving it exposed it to possible attack vectors. Current tunneling protocols being implemented is allowing data transactions from the satellite office through the VPN to the GFI internal database to be transmitted in an unencrypted manner. Hackers may engage in packet sniffing to capture data packets containing sensitive information such as username and passwords. The remote access server (RAS) is also located on the border of the topology open to possible compromise with no security such as a firewall. The RAS server job is to authenticate and provide remote access to remote users, this could pose a security vulnerability to potential attacks and malware.
The GFI currently does not manage an employee’s IT profile within the company which results in lack of centralized governance and vulnerabilities such as: · Passwords: there is no method to enforce password policies such as complexity, password history and account lockout polices.
Global Finance employees gain access to the network using a wireless access point (WAP) that exposes GFI to several security risks. There are risks such as rouge access points, denial of service (DoS), configuration problems, and passive capturing. Rouge access points: “A rogue access point, also called rogue AP, is any Wi-Fi access point that is installed on a network but is not authorized for operation on that network, and is not under the management of the network administrator” (Beal, 2018). This type of attack allows a hacker capture data that is being transmitted from the rouge access point. A hacker would be able to collect a company’s and clients information.
Denial of service: “is a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic” (Beal, 2018). Configuration problems: would be if an inexperienced user set up devices with no security, weak passphrases, and weak security deployments. Passive capturing: “is performed by simply getting within range of a target wireless LAN and then listening and capturing data. This information can be used for a number of things including attempting to break existing security settings and analyzing non-secured traffic” (Wilkins, 2011).
Within Goal Finance they have implemented a system where employees are given access high enough to complete their work this has resulted in a vulnerability for the company. This kind of policy leaves the confidential information of the company and their clients and the network open to attackers. The inability to monitor user access control levels give hackers the ability to gain entry to a user’s account and take confidential information or upload viruses to be exploited later. VulnerabilitiesIntegrity of Transmitted Data. Global Finance plans to operate over a wireless network and will need to send/receive sensitive information. At this time the company is not using any methods to ensure transmitted data has not been interfered with. The company plans to use offer their services online which means that important information will be sent over online and open to attacks.
Global Finance currently does not train end users on threats and proper security procedures. End users are not currently being trained on recognition of social engineering and phishing attacks. Nor are they currently trained in how to recognize or react to a possible data breach. This lack of training exposes GFI’s network to possible threats such as malware that are introduced through end user actions.
Global finance has some security measures to secure the building but there is little to none physical security measures to secure the data center. This is leaving the data center open to theft or damage of sensitive information. Other physical threats are being able to access computers and servers directly to upload viruses or download data is a significant threat to the confidentiality of GFI’s information.
GFI has an anti-virus software that provides a level of protection against malware and other cyber-attacks. While the anti-virus software is from a well-respected there are no measures in place to make sure it has the latest security updates, but also ensure all the systems receive the updates.
The implementation of VLANs switches separates the network for all the departments, accounting, loan, customer services, management, credit, and finance. This controls the networks data flow however this does not protect against possible attacks. Each department is not protected against possible harmful attacks coming from the internet or from a compromised network.
The control measures being used to manage account identities is being controlled through manual means. This has brought up the issue of orphan accounts and unauthorized access being granted.
Authentication for remote access through VPN or through RAS is currently employing outdated protocols to include using unencrypted data transmission.
To export a reference to this article please select a referencing style below:
Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.
Your essay sample has been sent.
Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.Order now
Are you interested in getting a customized paper?Check it out!