Introduction
This paper describes seven threats to a network belonging to a fictitious marketing company in Kansas City, Missouri. These threats are based on different IT infrastructure domains. The detail of these threats explains the possible outcomes and endeavors to point out “what is the worst that can happen” from that threat.
Threats
The first threat area is the user domain. The user domain consists of the actual users, or people, in the company, including subcontractors, vendors, and regular employees. A user may have access to sensitive data, or perhaps data that is not properly restricted. The worst that can happen in this scenario is theft of sensitive company information, like proposed marketing campaigns, or perhaps publishing …show more content…
A potential issue here would be misconfiguration of a firewall, either allowing something out that should not be able to get out, or allowing something in that shouldn’t be able to pass the firewall. The biggest danger here would be access to unauthorized systems by users on the LAN, or for users on other parts of the network or the Internet to have access directly to the local network. The worst that could happen would be the download of malicious files like viruses and trojans, or allowing someone access to you network that shouldn’t be able to access …show more content…
The threat here (though as an internal WAN link it would be a fringe possibility) would be a man in the middle attack. This would involve someone hijacking connections or decrypting encrypted traffic as it passes through from site to site. The worst that could happen would be access to the encrypted data, assuming it is valuable. The sixth threat area is the remote access domain, which is what allows connectivity to the office network from a remote location, such as a user’s home. The most likely scenario would be a remote access solution that is missing critical patches which allow access into the network without proper credentials, or to bring down the remote access system so that no one could access the office remotely. The worst that could happen would be an unknown entity looking around on your network, or that everyone would have to drive into the office to work if the remote access connection was
This paper describes seven threats to a network belonging to a fictitious marketing company in Kansas City, Missouri. These threats are based on different IT infrastructure domains. The detail of these threats explains the possible outcomes and endeavors to point out “what is the worst that can happen” from that threat.
Threats
The first threat area is the user domain. The user domain consists of the actual users, or people, in the company, including subcontractors, vendors, and regular employees. A user may have access to sensitive data, or perhaps data that is not properly restricted. The worst that can happen in this scenario is theft of sensitive company information, like proposed marketing campaigns, or perhaps publishing …show more content…
A potential issue here would be misconfiguration of a firewall, either allowing something out that should not be able to get out, or allowing something in that shouldn’t be able to pass the firewall. The biggest danger here would be access to unauthorized systems by users on the LAN, or for users on other parts of the network or the Internet to have access directly to the local network. The worst that could happen would be the download of malicious files like viruses and trojans, or allowing someone access to you network that shouldn’t be able to access …show more content…
The threat here (though as an internal WAN link it would be a fringe possibility) would be a man in the middle attack. This would involve someone hijacking connections or decrypting encrypted traffic as it passes through from site to site. The worst that could happen would be access to the encrypted data, assuming it is valuable. The sixth threat area is the remote access domain, which is what allows connectivity to the office network from a remote location, such as a user’s home. The most likely scenario would be a remote access solution that is missing critical patches which allow access into the network without proper credentials, or to bring down the remote access system so that no one could access the office remotely. The worst that could happen would be an unknown entity looking around on your network, or that everyone would have to drive into the office to work if the remote access connection was