Free Essay

Vulnerability Assessment Penetration Analysis

In: Computers and Technology

Submitted By planetlane
Words 972
Pages 4
Vulnerability Assessment Penetration Analysis

A. Memo For Record: IDS upgrade or replacement

Summary of Events: The health care clinic’s network security appliance (combined router/firewall/wireless access point) was hacked and passwords were cracked. Configuration changes to this device opened the network to a Denial-of-Service (DoS) attack. The result of this attack prevented access to patient records and insurance claims as part of their daily routine. The network Intrusion Detection System (IDS) sensor had been previously disabled because of degradation of network performance caused by the device. No advanced notification of system degradation caused by the DoS attack was identified until employees were unable to use the network to perform the jobs.

IDS Definition: Network IDS is part of the external boundary protection and monitoring system.
Threats to the network from external sources are identified and reported using a management console.
With the sensor disabled attacks against the network can be accomplished undetected and reduce response time. “An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSs.” An Intrusion Detection Protection System (IDPS) combines the functions of IDS and IPS into a single hardware/software application package. Sensors can be configured as passive and/or active. A passive IDPS sensor will look at traffic but cannot block or prevent attacks. An active IDPS sensor is designed to inspect all traffic and has to capability to block traffic hence respond to active attacks.

Denial-of-Service Defined: “A denial-of-service (DoS) is an action that prevents or impairs the authorized use of network, systems, or applications by exhausting resources such as central processing units (CPUs), memory, bandwidth, and disk space.” The hacker modified the firewall/router configuration allowed otherwise block addresses, protocols, and traffic. Allowing them to pass through the network security boundary and use up vital resources.

Recommendations: Upgrade existing IDS system verses replacement with a state of the art IDPS sensor. The current sensor was disabled because it was unable to actively filter traffic on the network without causing degradation. Normal causes of this is older equipment not capable of processing traffic fast enough to avoid degradation. Second limitation to IDS it only has the ability to monitor traffic and alert employee of an attack.

New IDPS sensors provide minimal to no degradation to network traffic and can be used as both active and passive device at the same time. In addition to monitoring traffic an IDPS sensor is capable of reacting to events in real time. All the features of an IDS sensor are present with the addition of automated attack responses and anomaly detection. State-of-the-art IDPS sensors use real-time daily definition updates and database threat comparisons to identify attacks. Like anti-virus programs that automate the process of definition updates, IDPS sensors use a similar process to keep the threat database current. Management applications automate the alerting and reporting process to aid in vulnerability assessments and real-time responses to threats. Baseline thresholds can be adjusted and configured to network specific needs rather than cookie cutter one configuration fits all methodology.

The recommendation would be to identify a costing solution for both an upgrade to the existing IDS sensor and the replacement cost for a IDPS. Short term solution is to get the IDS working and project a
IDPS solution as needed and budget allows.

Incident Prevention: In this case a working IDS system could have alerted key staff of an on-going
DoS attack. Steps to harden existing Router/Firewall devices to prevent password cracking will need to be implemented. A Vulnerability Assessment (VA) needs to be completed to identify weaknesses in the current network security configuration and suggest changes. A check list needs to be created that identifies the process of responding to a DoS attack.

VA should clearly establish Internet Service Provider (ISP) procedures that should be followed to request assistance during DoS attacks. Examine IDS or IDPS sensor configuration, alerting, and reporting processes. Network staff notification via email or phone during attacks using IDPS should be covered. Baseline system configurations, network usage, and log file audit processes should be reviewed. Use Internet health monitoring using known websites that provide statistics on latency. Create checklists on how to respond to attacks such as, DoS and have them in paper form for use during attacks. A crash book or continuity folder that provides all these items in one location that provides network topography, administrative password lists, configuration diagrams, emergency contact information, and established checklists/procedures should be included.

Conclusion: Having a plan on how to respond to problems or attacks against the companies network is the key. Documentation of how the systems are configured is critical to this process. Vulnerability
Assessments are designed to identify weaknesses and help to improve network security. A review of the system configurations, processes, and logs will help to determine threats and the associated risks to company assets. An IDS/IDPS sensor is a valuable device that works in conjunction with firewall, router, antivirus applications, and authentication/access lists (ACLs) to provide network security. Establishing checklists and/or procedures on how to respond to attacks, such as DoS are extremely important.
Hardening of equipment, password management, disaster recovery procedures, and restoral processes should be included in a comprehensive VA report. After a significant event or attack a review of these processes and procedures should analysis the effectiveness of this plan. Network security is best performed by providing layers of protection that work together to protect the network and associated

Similar Documents

Premium Essay

Web Server Vulnerability Analysis

...1. What vulnerabilities where found? 1.1. Outdated software 1.2. Configuration files shown to guest users 1.3. Non sanitized data shown in URL strings using (GET/POST Methods) 1.4. Setup files/folders found in web documents 1.5. DDoS using low level http attack methods to fill ports 1.6. Folder indexing enabled 2. What risk do they create? 2.1. Security risks/vulnerabilities/exploits are released to public 2.2. Able to identify services to attack 2.3. Injection 2.4. Recreation or modifying current configurations 2.5. Deny service to normal users, black hole the IP 2.6. Listing of all files even hidden ones 3. How could they be remediated? 3.1. Upgrade update regularly 3.2. Move outside of htdocs or limit access/file permissions 3.3. Fix source code 3.4. Do not list folders in the robots.txt file, and do not link over to the folders see 3.6 3.5. Firewall icmp and other protacal’s not used for web 3.6. Change in the web service configuration or create an index.html or default “dummy” file 4. What practices should be used to prevent similar vulnerabilities? 4.1. Keep up to date software and use methods when coding to prevent attacks. Test the server for vulnerabilities weekly. Configure the web services using best practices. 5. What protective measure could be used if applications or servers could not be fixed? 5.1. Firewall/hardware 5.2. Proxy services 5.3. 3rd party monitoring solution such as Cloudflaretm...

Words: 257 - Pages: 2

Free Essay

Assessment Tool Analysis

...Assessment Tool Analysis Dorcas NUR/440 March 26, 2012 Vicki Clithero Assessment Tool Analysis Assessment is an important aspect of nursing care; it is the first phase of the nursing process. Assessment involves gathering information or data about and related to the patient. Data collected include physiological, psychological, environmental, sociocultural, economical, spiritual, developmental history of the patient. Data may be objective or subjective. Objective data refer to the measurable and observable signs, e.g. the patient’s facial expression, gait, pulse rate, heart rate, blood pressure, color, warmth, etc. Subjective data are obtained from the patient; and they are the patient’s account of his or her feelings, needs, and strength. Data are obtained by physical examination and by interviewing the patient, family, friends, and other health care providers. Assessment tools are used during the assessment phase of the nursing process to identify areas of actual or potential problems that need further exploring; they are developed to pinpoint areas of health issues with the aim of promoting, improving, and maintaining the health of the individual. The three assessment tools chosen for this paper are: Social Support Questionnaire, Beck Depression Inventory, and Perceived Stress Scale. Social Support Questionnaire Social Support Questionnaire (SSQ) is an assessment tool that measures individual evaluation of social support that may be available to them in......

Words: 1450 - Pages: 6

Premium Essay

Hazard Vulnerability Assessment

...The Philadelphia Water Department, Baxter Water Treatment Plant Anthony Vega, Denise Youmans, Christopher Williams, Stephen Glenn, Darnell Jessie Immaculata University EPM 301 Report Summary The purpose of this assessment is designed to look at the hazard vulnerability and exploitation potential surrounding The Philadelphia Water Department, Baxter Water Treatment Plant located at 9001 State Road in Philadelphia, Pa. The treatment plant must be prepared for every emergency when considering the safety of the community. This assessment is a detailed analysis of the possible catastrophic events that could occur in or near the water treatment plant and an inquisition into the possible contingency plans in the event that a catastrophe occurs. This assessment is designed to identify and assess hazards to which the Baxter Treatment Plant is ill-prepared to respond and strengthen these weak areas. Methods We, as a group, conducted site visits and surveys of the property. A point of contact was established within the Philadelphia Water Department, but the Water Department policies dictate that written approval for a site visit must be approved by higher level management. These policies and the limited amount of time in the accelerated semester did not allow us to complete an internal site visit. As a contingency, we evaluated the site from the exterior. Physical surveillance was conducted allowing us to observe the visible security of the premises. The building is......

Words: 4007 - Pages: 17

Free Essay

Vulnerability Asses Vulnerability Assessment System Penetration and Analysis Testingsment System Penetration and Analysis Testing

...| Vulnerability Assessment System Penetration and Analysis Testing | |Memo | Internal Penetration Testing Tool and Purchase | | | | With the recent attack/hack on agency's network town police department authorities came to a decision to conduct a complete assessment on network vulnerabilities. The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level. In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration,......

Words: 1156 - Pages: 5

Premium Essay

Penetration Testing

...Penertation testing Methodology 2.1 Penetration test plans 2.2 NIST penertation testing documentation 2.3 Web application penertation testing 2.4 E-commerece penertation testing 2.5 Network penetration testing 2.6 Common tools and applications for peneration testing 7 2.7 Black box testing, grey box testing, Black/grey box testing 2.8 Social engineering testing 7 3. Test Plan 15 3.1 Task 3.1 Reporting 3.1 Schedule 3.2 Limitation of Liability 3.3 End of Testing 3.1 Unanswered Questions 10 3.4 Signatures 8 3.1 Authorization Letter 8 4. Conclusion 11 5. Bibiography 11 Acronyms 22 Appendix A – Test Case Procedures 23 Abstract This document is a proposal with a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This proposal provides an understanding of penetration testing. It discusses the benefits, the strategies and the mythology of conducting penetration testing. The mythology of penetration testing includes three phases: test preparation, test and test analysis. Key Words: Security Testing, Vulnerability Assessment, Penetration Testing, Web Application Penetration Testing. What is a Penetration test? Penetration tests are a great way to identify vulnerabilities that exists in a system or Network that......

Words: 1995 - Pages: 8

Premium Essay

Assessment Tool Analysis

...Assessment Tool Analysis Paper Assessment tools are created to help nurses provide competent nursing care for each unique patient. Assessment is an essential part from the nursing process throughout which nurses collect details about the patient and family to create a care plan. “Assessment involves collecting information about person’s circumstances and needs, and making sense of that information in order to decide what support, treatment or care to provide” (Slater & McCormack, 2005). In order for nurses to make sound clinical decisions, the nurse needs the information gathered from assessment. This paper will analysis three assessment tools used in healthcare, they are the Dysfunctional Attitude Scale, Perceived Stress Scale, and the Coping Resources Inventory for Stress Scale. These assessment tools can be used and applied to a wide range of ages and vulnerable populations. Having a better understanding on how the patient perceives themselves, the nurse is able to develop a plan of care to address the body, mind, and spirit. Dysfunctional Attitude Scale The first assessment tool is the Dysfunctional Attitude Scale (DAS). This test measures many different areas of the personality such as approval, achievement, perfectionism, entitlement, omnipotence, and autonomy (DeGraaf, Roelofs, & Huibers, 2009). The main measure is of dysfunctional attitude which is a sign of depression. As a nurse this is a valuable tool to help find depressive symptoms in a patient. By......

Words: 1205 - Pages: 5

Free Essay

Vulnerability Analysis

...Over the past twelve months Microsoft has announced several vulnerabilities. Some of them included Microsoft Security Advisory (MSA) 3009008, MSA 3010060, MSA 2982792, MSA 2977292, and MSA 2974294. MSA 3009008 is a vulnerability in SSL 3.0. This vulnerability could allow information disclosure, meaning a man in the middle attack would be effective. It was first published in October 2014 then later updated in December 2014. Next we have MSA 3010060 could cause Microsoft OLE (Object Link & Embedding) to allow remote code execution. This is technically not a privilege escalation vulnerability; the exploitation of this vulnerability runs at the privileges of the logged on user. The mitigation for this vulnerability is to turn on UAC (user account control) and log in as a normal user and us the “run as” command. This vulnerability is classified as critical and needs to be patched right away. Microsoft Security Advisory 2982792 talks about improperly signed certificates. It was published July 10, 2014 and updated on July 17, 2014. An improperly signed certificate could allow for website spoofing. To mitigate this issue is to turn off the automatic updating of root certificates. The extensible authentication protocol (EAP) was compromised this year. MSA 2977292 covered all the details on this vulnerability. This compromise would allow encrypted traffic to be read in clear text during a man in the middle attack. The new guide to implementing the higher version......

Words: 296 - Pages: 2

Free Essay

Vulnerability Assessment Scan

...Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and identify critical......

Words: 559 - Pages: 3

Premium Essay


... Chapter 1 Vulnerability Assessment Solutions in this Chapter: I What Is a Vulnerability Assessment? I Automated Assessments I Two Approaches I Realistic Expectations Summary Solutions Fast Track Frequently Asked Questions 1 285_NSS_01.qxd 2 8/10/04 10:40 AM Page 2 Chapter 1 • Vulnerability Assessment Introduction In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Operating systems, applications, and network protocols have grown so complex over the last decade that it takes a dedicated security administrator to keep even a relatively small network shielded from attack. Each technical advance brings wave after wave of security holes. A new protocol might result in dozens of actual implementations, each of which could contain exploitable programming errors. Logic errors, vendor-installed backdoors, and default configurations plague everything from modern operating systems to the simplest print server.Yesterday’s viruses seem positively tame compared to the highly optimized Internet worms that continuously assault every system attached to the global Internet. To combat these attacks, a network administrator needs the appropriate tools and knowledge to identify vulnerable systems and resolve their security problems before they can be exploited. One of the most powerful tools available today is the vulnerability assessment, and this......

Words: 9203 - Pages: 37

Premium Essay

Vulnerability Assessment

...multi-dimensional password, IP scanning, or outright packet refusal (at the router) because of traffic from an outside source. Those physical hardware solutions need to be monitored on their own to avoid being compromised and affording another avenue of attack, but the combination of both active security and training work together to make single pieces of information that are usually sought by a social engineer almost useless. Date retention policies identify how data is stored, protected and or/destroyed. Addressing how your data lives, and eventually dies, and the responsibilities of personnel at all levels with regards to how data is handled prevents one of the easiest methods in a social engineers arsenal. Combining this training with an analysis of how data is classified helps determine what security level is adequate for different kinds of information. PII (Personally Identifiable Information) or HIPAA data, financial records, may require federally mandated special handling, while Research and Development documents might require specific practices that detail proper handling, and by whom. A labeling program that correctly and easily identifies data makes that data more difficult to conceal or access, especially if paired with proper training of staff of the different levels of authorization required for the possession or access of that data. Policies that outline physical access to data must also be addressed to help prevent social engineering. Employees......

Words: 1868 - Pages: 8

Premium Essay

Assessment Tools Analysis

...Assessment Tools Analysis Cindy Hall NUR/440 August 15, 2011 Dee Martinez Assessment Tools Analysis Assessing physical measures of patients can often be a difficult task. However, there are several assessment tools available to health care professionals to guide them in providing the best patient care possible. Along with proper assessment tools, Watson’s theory of human caring plays an important role in the integration of the mind, body, and spirit dimensions of each patient. This paper will state three assessment tools that evaluate a patient’s physical measures, describe each tool and the population for which it may be useful, and state data about each tool. Such data may include cost, length, ease in using the tool, for what population it is best designed, and the validity of the information. A description of how each tool enhances the assessment phase of the nursing process and affects the quality of health care delivered by the nurse will be discussed. Each of these tools will be applied to a chosen vulnerable population researched from the Vulnerable Population and Self-awareness paper. The vulnerable population I researched consisted of the elder population. Mrs. James was my subject. She is a 65-year-old widow who lives alone. She has become socially isolated with little to no support system. She has two sons who live out of state and very rarely keeps in contact with them. She does not work and has limited savings. Currently she relies on social...

Words: 1527 - Pages: 7

Premium Essay

An Analysis of the Vark Assessment Tool

...Running head: AN ANALYSIS OF THE VARK An Analysis of the VARK Assessment Tool Rebecca Milakovich Grand Canyon University: NUR429V December 16th, 2011 An Analysis of the VARK Assessment Tool Do you know how you learn best? There are many different ways to learn something new but do you know which one would benefit you the most? The VARK analysis tool can help you find the answer to that question. VARK stands for Visual, Aural/Auditory, Read/Write, and Kinesthetic which are the four categories of learning preferences. The online VARK questionnaire is free and consists of 16 questions that are based on real-life situations that users can easily answer and relate to. Users are able to check more than one answer to each question if more than one answer applies to them. After finishing the questions, the user is provided with a score in each of the 4 categories. If a person scores high in more than one area they are considered multi modal and are flexible in their learning styles (VARK, n.d.). The website then provides several study strategies for each learning preference that users can implement to improve their learning. The website cautions that “The results indicate a 'rule of thumb' and should not be rigidly applied. Remember that the questionnaire is not intended to 'box' respondents into a mindset that they have been 'diagnosed'. Rather, it is designed to initiate discussion about, and reflection upon, learning preferences” (VARK, n.d.) The author of......

Words: 949 - Pages: 4

Premium Essay


...conduct vulnerability assessments is of the upmost importance if a company or organization has information that is confidential or vital in nature. The need to conduct penetration testing should be an ongoing task for organizations as new technologies emerge. Even with security measures in place hackers continue to find ways around the roadblocks which are put in place to secure our networks. Just this month alone the Federal Bureau of Investigation’s network was compromised as a hacker was able to penetrate the emails of one of the organization’s special agents (Brito, 2012). The FBI has some of the most sophisticated computer security measures in place known to man and if their systems can be hacked I assure you that no one is safe. In order to properly examine a computer network for vulnerabilities a company’s information systems manager needs to determine whether such testing can be completed in house or should be outsourced to a penetration testing contractor. It is my belief that penetration testing is best left to contractors whose sole function is in conducting these types of tests, as they are better equipped with the tools and knowledge needed to get an accurate overview of a business network. However, penetration testing should be completed periodically by a business internal IT staff as they can apply updates to prevent vulnerabilities throughout the year and can assist a third party vendor in getting the best snapshot of a network’s vulnerabilities. ......

Words: 1998 - Pages: 8

Premium Essay

Business Analysis - Solution Assessment

...BASA module assignment PART 1 – SOLUTION ASSESSMENT 1. Case study The following is a fictitious case study of a central bank that intends to either develop a real-time gross settlement (RTGS) system for the settlement of large-value, interbank payments in the country in-house, or purchase an off-the-shelf solution. The example used in this case study is an evaluation of a vendor’s reply to a request for proposal. 2. Assess proposed solution 2.1 Assess the value delivered by the proposed solution(s) or the actual proposal The acceptance criteria were compiled during internal requirement elicitation work sessions with representatives from the different departments in the bank. These criteria were then weighted based on importance. Number | Acceptance criteria | Weight | Compliance rating |   | Weight x compliance rating |   |   |   | Vendor A | Vendor B | In-house | Vendor A | Vendor B | In-house | 1 | Application software product requirements | | | | | | | | 1.1 | All settlement shall be prefunded | 20 | 3 | 3 | 2 | 60 | 60 | 40 | 1.2 | The system shall provide for different settlement options | 30 | 1 | 3 | 1 | 20 | 60 | 20 | 1.3 | The system shall facilitate intraday credit extension against collateral | 10 | 2 | 3 | 1 | 40 | 60 | 20 | 1.4 | The system shall be able to interface with existing back-office systems | 5 | 2 | 2 | 3 | 40 | 40 | 60 | 1.5 | Settlement should be final and irrevocable | 3 | 3 | 1 | 3 | 60 | 20 | 60 | ......

Words: 2801 - Pages: 12

Premium Essay

Penetration Test vs. Vulnerability Assessment

...Penetration Test vs. Vulnerability Assessment Ø Penetration testing ensures you that your network will not be penetrated by malicious users. Ø Vulnerability Assessment gives an organization the ability to identify potentials for intrusion to their network. Ø Penetration test are more intrusive Reason for Assessement Ø Identify the vulnerability Ø Quantify the vulnerability Ø Prioritizing the vulnerability Internal vs. External Ø Internal assessment shows the vulnerabilities that employees or anyone with access to the internal network and exploit them. Ø External assessments shows the vulnerabilities from someone without direct access to the internal network. Window of Vulnerability Ø Unknown Window of Vulnerability Ø Known Window of Vulnerability Risk Ø Vulnerability Ø Attacks Ø Threats Ø Exposure Risk = Vulnerability x Attacks x Threats x Exposure Risk of Internal Assessment Ø Can’t be truly objective Ø Fair and impartial assessment Management is force to deal with the “fox in the Hen House” problem Steps 1-3 to an Successful Assessment • Understand the consequences • Document Management buy-in • Develop manageable objectives Step 4-6 to an Successful Assessment • Determine method • Plan for disruptions • Develop an assessment in a impactful, yet understandable, way. Qualified and Experienced outside Third Party. Ø Protect yourself with an contract Ø Breadth of experience Ø Currency with the latest......

Words: 255 - Pages: 2