Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified.
In order to validate the assets and devices on the organization’s network, run scans using security and vulnerability assessment analysis tools such as MBSA, OpenVAS, Nmap, or NESSUS depending on the operating systems of your organization’s networks. Live network traffic can also be sampled and scanned using Wireshark (we do this in step 7) on either the Linux or Windows systems. Wireshark allows you to inspect all OSI Layers of traffic information. Click the following link to read more about these network monitoring tools: Tools to Monitor and Analyze Network Activities.
Provide the report as part of the SAR.
Review the information captured in these two links message and protocols and Transmission Control Protocol/Internet Protocol (TCP/IP), and identify any security communication, message and protocols, or security data transport methods used such as (TCP/IP), SSL, and others. Make note of this, as it should be mentioned in your reports.
Step 4: Identifying Security Issues
You have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization’s network in a SAR.
Now it’s time to identify the security issues in your organization’s networks. You have already used password cracking tools to crack weak and vulnerable passwords. Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization?
Step 5: Firewalls and Encryption
Next, examine these resources on firewalls and auditing–RDBMS related to the use of the Relational Database Management System (i.e., the database system and data) RDBMS. Also review these resources related to access control.
Determine the role of firewalls and encryption, and auditing – RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems.
Reflect any weaknesses found in the network and information system diagrams previously created, as well as in the developing SAR.
Step 6: Threat Identification
You know of the weaknesses in your organization’s network and information system. Now you will determine various known threats to the organization’s network architecture and IT assets.
Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization?
- IP address spoofing/cache poisoning attacks
- denial of service attacks (DoS)
- packet analysis/sniffing
- session hijacking attacks
- distributed denial of service attacks
In identifying the different threats, complete the following tasks:
- Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization.
- Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified.
- Also discuss the value of using access control, database transaction and firewall log files.
- Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization’s networks.
Include these in the SAR.