Network Vulnerability Assessment: A Case Study

Improved Essays
Vulnerability assessment as related to IT environment is any flaw or weakness in the network infrastructure’s defenses that could be exploited in order to create an impact on the network. When it comes to network architectures vulnerability is a security weakness and mostly it is not being seen as a security threat. Protecting and defending a network successfully requires an effective system architecture security. Plus organization, network engineers and administrators must have policies, guidelines and follow through with the vulnerability assessment process. A successful defense will require effective information security architecture with that vulnerability assessment.
With the constant advancement in knowledge, programs, and technology
…show more content…
A Vulnerability Assessment needs to be completed to identify weaknesses in the network security configuration in order to suggest changes. We must keep in mind that documentation on how the network systems are configured is critical for the recovery process during a penetrating testing. Vulnerability Assessments are designed to identify network weaknesses and help coming with security improvements and remedies.
Penetration testing is a testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it. (Kim, D. & Solomon, Michael 2014, page 486). A vulnerability assessment is one of the steps for penetration testing. Without penetration testing, an organization will not know how vulnerable its network is, where its vulnerabilities lie within the network, and what types of damages these vulnerabilities could cause in the network.
With penetrating testing you have companies hire a third party to find ways to exploit or explore their companies own security weaknesses, defenses and vulnerabilities. After the penetrating testing the third party can turn around advice the companies on ways to increase their security, by preventing the finding weaknesses, and eliminates those threats and
…show more content…
Wireless: Attempt to gain access to the wireless servers and workstation and also gain unauthorized access.
Remote access: using generic password or user ID to gain unauthorized systems access.
Users’ education in conjunction with scenario-based training is the best defense against Social Engineering attacks. Organization must implement an education program with invigorate network and physical security measures to protect its systems. Also with the use of scenario-based training users of the network can learn how to properly answer or respond to social engineering threats or attacks. The after action analysis of such event will allow security administration and information assurance personnel revise and implement new training strategies and procedures as well as modify existing security

Related Documents

  • Improved Essays

    • Custom implementation of authorization and authentication schemes should not be implemented unless they are tested properly [ ]. • Back up policies such as Continuous Data Protection (CDP) should be implemented in order to avoid issues with data recovery in case of a sudden attack [96]. • Additionally, they should be aware if the virtual network infrastructure used by the cloud provider is secured and the various security procedures implemented to ensure the same [25]. Paper [] discusses security challenges in IaaS and discusses identity/access management and multifactor authentication techniques in Amazon Web Service (AWS) cloud. In case of PaaS and SaaS model cloud provider has a responsibility to provide good level of security .Following aspects related to security must be considered.…

    • 745 Words
    • 3 Pages
    Improved Essays
  • Great Essays

    Risk Analysis Assignment

    • 1273 Words
    • 6 Pages

    (d) threats A threat can be determined as a result of a risk analysis. In computer security, a threat refers to anything that contains the potential to cause extreme harm to a computer system. If a threat exists it does not mean that something will happen, it simply means that something has the potential to cause serious damage. (e) vulnerabilities A vulnerability is a weakness to the security of a system that allows for serious harm when an attacker has the skills and tools to exploit that weakness. Part 2 Exercises - Risk Analysis Write a brief but complete answer for each of these.…

    • 1273 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    I will pass policies that show employees how to construct strong passwords to log in to the system such as P0c0nt@s2132, in which shows not only letters but upper case, symbols, and numbers. As well as, a secret question and password must be provided to provide reassurance that the person logging in is who they say they are. Next would be to have the right and updated anti-virus and malware protections. This will help detect threats that enter the system. Locking your network and applying wired networks, which involves plugging into physical outlets or hacking modem ports.…

    • 700 Words
    • 3 Pages
    Improved Essays
  • Great Essays

    Security Countermeasures

    • 1615 Words
    • 7 Pages

    Subsequently, attacks against switches, routers, and networks may have serious consequences on the efficiency in addition to control functions of the power system. These attacks can take the form of network interference through the injection of ad-hoc crafted streams of packets designed to flood the network. Another form is single implementation vulnerability in which the goal is to exploit an irregularity of a particular model of network devices caused by implementation errors. Fortunately, the known threats or possible threats are considered in creating countermeasures (López, Setola, & Wolthusen, 2012, p. 224-226). Countermeasures are unequivocally essential to maintain control of the power systems.…

    • 1615 Words
    • 7 Pages
    Great Essays
  • Improved Essays

    However, mere detection does not provide the comprehensive analysis of the threats. Additional information such the origin and the intention of the threat are equally important. Moreover, a bigger attack could be preceded by small sniffing attacks to gauge the weakness in the security. Effective monitoring tools should be capable of detecting these forms of attacks, analyzing their intent and determine the scope of damage that could be caused in case of a security breach. Attacks such as DDoS (Distributed Denial of Service) target servers by sending large numbers of connection requests within a short span of time, which renders the server unresponsive.…

    • 810 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    Security Life Cycle

    • 1189 Words
    • 5 Pages

    Lastly, a security review is done, where the security measures are explained in terms of the end client’s stances and what and how the product is setup to withstand attacks in the future (Howard, 2005). The final phase is watching out for new vulnerabilities and implementing fixes patches and updates in a timely matter to alleviate future compromises. Also in this phase, reports are created of errors that have occurred and prevention of new errors from rising. The web server attack can cause harm to an organizations name and brand. The consequences can be website damage and destruction, compromised information, alteration of data (users ' personal data), and web server infringement.…

    • 1189 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Both firewalls and intrusion detection systems are used to monitor network traffic and implement network security policies. Research these technologies and determine how they are similar and how they differ. Are both needed? Explain your answer in a short paper. Firewall From a definition standpoint, a firewall is a hardware or software used in a networked environment to block unauthorized access by individuals while permitting authorized communications to and from the user.…

    • 711 Words
    • 3 Pages
    Improved Essays
  • Decent Essays

    M1 Unit 3 Risk Analysis

    • 1198 Words
    • 5 Pages

    The requirements will give the businesses what they want to uphold their security. The controls in the security process are measures that are taken in advance to defend a computer system from any encounter with threats or risks. R8: The relationship between assets and boundaries in a business is that the assets are secured by the boundaries. When these boundaries have open spots to expose they are called vulnerabilities. Therefore, threat agents will try to use their attacks to reveal those assets to expose the sensitive information that they are looking for.…

    • 1198 Words
    • 5 Pages
    Decent Essays
  • Great Essays

    Information technology experts should install antivirus software that will detect threats to the system. Supervisors should conduct network monitoring to identify areas of risk. Security officers should ensure that only people with approval access the control room. Once the management approves the mechanism of putting a firewall in place, implementation through the use of security codes and key cards for high level authorized personnel (Johnson, 2014). Workers will get training on ways of using the system and detecting threat to ensure that there is no loop hole for data manipulation.…

    • 1257 Words
    • 6 Pages
    Great Essays
  • Decent Essays

    Penetration tests assesses the overall security. It is the process of attempting to gain access to resources without knowledge of specific user names, their passwords, or other normal means of access (similar to what an attacker would do). The big different between a penetration tester and an attacker basically is permission. A penetration tester will already have some permissions (such as an normal user account) in place from the owner or managers of the computing resources that are to be tested. From here, the pen tester will attempt to gain additional accesses.…

    • 460 Words
    • 2 Pages
    Decent Essays