Recently the Chief Information Officer of our company Celtic Gamers Frontier Inc. (CGF) has read of an increase in the threat space regarding the electronic game industry and he is concerned with regards to our Companies overall architecture, and the risks to our Research and Development efforts and other Intellectual Property. He has tasked the company’s corporate information technology group to produce an information paper detailing the types of cyber threats and malware are being reported on the internet. They would also like the security group to give the company’s executive leadership a detailed report regarding the threats, vulnerabilities and the overall risks that may be present in our current corporate infrastructure. The security department for the organization is relatively small and short on resources so this task has been given to me to do the research and create an executive report detailing the current vulnerabilities, risks and threats and potential impact to our network should we have any security incidents. “Unfortunately, there are inherent risks to computer usage — hackers, viruses, worms, spyware, malware, unethical use of stolen passwords and credentials, unauthorized data removal by employees with USB flash drives, or servers crashing and bringing productivity to a halt” ("Cybersecurity," 2013) .
The CGF network is a typical office network composed of an external firewall with an external DMZ with public use servers, and internal firewall protecting the corporate network. The internal CGF network includes Microsoft Windows OS workstations and enterprise servers supporting: web, exchange, file, AD and FTP servers, additionally there are 100 workstations consisting of desktops and laptops, VOIP telephones and a wireless access point for corporate users. The overall corporate network architecture follows best industry practices by using a hierarchical topology and defense-in-depth placement of security tools. The security tools deployed to aid in the protection of the network consist of two (2) firewalls and one (1) Network Intrusion Detection System (IDS) that is monitoring the network traffic in the DMZ between the firewalls. The corporate routers are also running full Access Controls Lists (ACL) configured in accordance with CISCO’s best business practice guidance. Based off the current information that was given it is not possible to tell if there is antivirus software installed on all corporate assets. Additionally it is not clear what if any encryption and authentication method is used on the corporate Wireless Access Point (WAP). The corporate policies must be reviewed also to determine what the companies’ policies are with regards to the standard workstation software and application configurations, workstation and server security setting configurations, application updating, and new application testing and software change control management.

Researching the current threats to the various operating systems, applications and technologies that our company uses for everyday operations of the corporation there are some that present higher risks to the organization than others. There are also some technical controls that can be implemented to reduce the risk factors and help the company recover critical information should there be a security incident. The current threats seem to target the main asset to the company that is hardest to secure, the employees. The emerging threats can be categorized as: Browser attacks – Whether you use Windows, OS X, Linux, or any of the smart phone or tablet mobile platforms, or even a browser-equipped e-reader, the browser is the one application everyone has. Email and text messages containing links to malicious websites will become almost indistinguishable from legitimate communications. Watering-hole attacks - the adversaries or criminals will post malicious content on a webpage, and then lure users to visit the site and download malware to their systems which might be vulnerable to the exploit. Phishing and social networking attacks - Users frequently choose convenience and simplicity over security, and all too often fall prey to phishing schemes. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain attachments with embedded malware or links to websites that are infected with malware and often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. This allows the criminal to steal Personally Identifiable Information that they can use to create or open new credit cards. Data breaches - While traditional malware attacks such as automated exploits and worms are on the decline thanks to security advances, attackers will continue to target weak security on Internet-facing database systems in order to acquire thousands or millions of compromised records at once (Mediati, 2012). The CGF network was built using all the best known practices at the time, there are numerous items that present potential risks and points of interest that an adversary could leverage to gain access to our network and corporate propriety information. To start limiting the risk of our network being compromised I would recommend re-engineering several factors of the overall topology to improve the security control measures. I would start with the firewall pair of device and re-design their placement so that the external DMZ network is off of one of the external firewall’s interfaces to be able to provide some more granular control over what type of network traffic is allowed to reach these public facing servers. Additionally we could control if these servers are allowed to reach any internal corporate hosts. Next I would modify the IDS device that is monitoring our network; I would install additional devices to monitor the network traffic on the inside of the corporate network to be able our user traffic. Next, I would move the CGF WAP device to an interface off the internal firewall to control how this device is seen on the network and where on the network the wireless users are allowed to reach. The wireless access point configuration would be the next item that I would work on improving. The CGF wireless network will need to be protected with encryption protocols with the most secure algorithm available, which would be WPA2 encryption. This will limit the risk of the network being used by any users that are not corporate employees and not authorized to be on our network. Additionally, I would recommend an authentication method for validating wireless users on our corporate network. To keep the costs down I would recommend that we integrate some authentication methods on the WAP by leveraging the LDAP integration with the CGF active directory servers and leverage the authorized user accounts. The company would also benefit from the user of a corporate antivirus protection technology. This technology would be deployed to all of the CGF corporate IT assets provide a measure of malware protection and detection capabilities for the company. The last security improvement measure I would recommend the corporation design and run a user security training program that must be retaken annually. The company employees are the best security asset that we have and they are also the greatest risk to the company if they are not properly educated to the security risks that they could face in their daily duties. This training should include information regarding some of the newer or emerging threats that face all IT users in the corporate world as well as at home. This user training will be up to date as possible and present the threats and risks to the users and the corporation in the most useful perspective to our employees so that they will be the greatest security asset that we could have in the company.
The Celtic Gamers Frontier Inc. (CGF) corporate network was designed and implemented with the best business practices of the times in mind. Today’s corporate networks need to be able to change and improve their overall security posture to be able to deal with the ever changing threat scape that the internet presents to the organizations that are connected to the global internet as required by our modern business environment ("Security of the Internet and the Known Unknowns," 2012). There are weekly reports of penetrations and data thefts at some of the world’s most sensitive, important, and heavily guarded computer systems. There is good evidence that global interconnectedness combined with the proliferation of hacker tools means that today’s computer systems are actually less secure than equivalent systems a decade ago. This is why we must be continually on guard and constantly improve the security posture and controls of our corporate network. The overall risk to our corporate network is low but there are numerous areas that we can improve to further limit the risks, one is the overall network topology and improving the control measures and improve the access controls to a more granular level. The next is the wireless portion of the CGF network, it will need to be improved and secured better to limit the risks that having this type of access possess to the organization. The last and most important piece is our corporate employee security training and knowledge because the better educated our users are the lower the biggest risk to our company will be.

References
Cybersecurity. (2013). Smart Business Northern California, 6(8), , 10.
Mediati, N. (2012, Dec). 2013 in Security: The Threats to Watch Out For.. PC World, 30(12), 43-44.
Security of the Internet and the Known Unknowns. (2012). Communications of the ACM, 55(6), 35-37. doi:10.1145/2184319.2184332