Two Vulnerabilities in QWD’s Network Design Pose a Threat to QWD’s Future

Submitted to: Dean Farwood
SE571 Principle of Information Security and Privacy
Keller Graduate School of Management
Submitted: January 23, 2011

Table of Contents Executive Summary 3 Company Overview 3 Company Vulnerabilities 4 Corporate Website accessible to customers should be on its own web server in a Demilitarized Zone (DMZ). 4 Microsoft SharePoint can potentially allow Remote Code Execution. 5 Works Cited 7

Executive Summary
Purpose of this report is to inform of the possible threat that faces Quality Web Design (QWD) as it continues to improve it services to its customers and provide additional accommodation to its employees to meet and exceed the client’s needs in order to meet strategic goals. QWD specializes in Web site and Web content design for all types of businesses. With well over 250,000 proprietary images and graphic design that will enhance most web site’s appeal, QWD is poised to be the number one global leading brand in Web site and Web content design. Yet, two vulnerabilities in QWD’s network design seem to pose a security threat to QWD’s future leadership and competitiveness that must be address before exploited. First, customers are given access to the corporate website such design poses a security risk since the corporate intranet is hosted on the same web server. Should web server come under attack and be infected with a malware this can potentially disrupt business operation and damage existing relations with existing and potential customers. It can also damage QWD’s existing reputation and corporate stance that can have long lasting effects. Second, Microsoft SharePoint, an integrated server application and content management software, must be maintained by ensuring that security updates and patches are applied. Not doing so can put QDW