u08a1 Encryption Vulnerabilities _.xlsx file_

Document Sample
u08a1 Encryption Vulnerabilities _.xlsx file_ Powered By Docstoc
					                                                                                        Vulnerabilities                                             Controls, tools, and strategies                                                  Impact to Ted's Tremendous Toys
                                                                                        Weaknesses in an information system, system security        The management, operational, and technical controls (i.e., safeguards or
                                                                                        procedures, internal controls, or implementation that       countermeasures) prescribed for an information system to protect the
                                                                                        could be exploited or triggered by a threat source (NIST,   confidentiality, integrity, and availability of the system and its information
                                                                                        2010).                                                      (NIST, 2010).

u08a1 Encryption

People                                                                      Employees   Privacy and confidentiality of the                          Access to system services should be restricted to legitimate users.              Ted's currently has a Windows-based single-domain network, with a domain server located on each
                                                                                        data/information                                                                                                                             of the three floors his company occupies with office and warehouse staff. Although there are no
                                                                                                                                                    To prevent eavesdropping, communication within and between the system and        formal access controls currently in place, it would be wise to consider leveraging the domain
                                                                                                                                                    other users should be encrypted to ensure it is kept both private and            servers to authenticate users.
                                                                                                                                                                                                                                     The out-of-date 802.11b wireless network used by the warehouse staff should be redesigned with
                                                                                                                                                    Control access to systems and accounts (User ID/password combos, tokens or       newer 802.11 technologies that offer WPA2 encryption and additional access controls to prevent
                                                                                                                                                    smart cards).                                                                    accidental or intentional backdoor access to the main network.

                                                                                                                                                    Use encryption schemes (WPA2, IPsec, Hashing, SSL, AES, etc.) to prevent         Remote access also needs to be protected against unauthorized access, which requires
                                                                                                                                                    unauthorized access to the data or messages in transit                           consideration of a Virtual Private Network (VPN) using encryption from the remote user to the main
                                                                                                                                                                                                                                     network. An upgrade or repalcement of existing Cisco routers and Firewalls may be required to
                                                                                                                                                    Use Layer 2 tunneling protocols (L2TP) to provide secure connections between     activate this needed feature.
                                                                                                                                                    LAN Servers and remote clients.
                                                                            Customers   Integrity of the data                                       Message Authentication Code (using hashing algorithms) and Digital               Without existing security controls, Ted's has no way of verifying that communications including
                                                                                                                                                    Signatures                                                                       messages and files are genuine and unaltered. Use of Message Authentication Code ensures the
                                                                                                                                                                                                                                     integrity of the message contents. Digital signatures go one step further in providing authentication
                                                                                                                                                    To preserve the integrity of messages sent over the network, messages can        and nonrepudiation.
                                                                                                                                                    be digitally signed by the sender or by using the message authentication code
                                                                                                                                                    (MAC). The code is produced by hashing on both the original message and a
                                                                                                                                                    shared secret key. MAC is computationally less expensive than digital
                                                                                                                                                    signature. So MAC is preferred if nonrepudiation is not needed. (Zhao, 2008)

                                                                            Neighbors   Authentication of the source and Non-                       Digital Signatures and PKI 2-key infrastructure                                  With no system in place to authenticate electronic communications that may include sales orders,
                                                                                        repudiation                                                                                                                                  Ted's cannot be certain that such communications are genuine, much less from who they say they
                                                                                                                                                    The repudiation threat can be mitigated by using the digital signature           are from. Nonrepudiation from the use of digital signatures or a PKI 2-key system ensures that the
                                                                                                                                                    technique. The digital signature is produced by first hashing the message to      data is from who it says it is from.
                                                                                                                                                    be sent using a secure hash function, such as SHA1, and then by encrypting
                                                                                                                                                    the hash using the sender’s private key (Zhao, 2008).

                                                                            Guests      Access Control                                              To control what information an authenticated user can access or modify, all      Ted's is vulernable due to the use of shared user accounts that do not require passwords to access
                                                                                                                                                    requests from the user should be mediated by an authorization process. The       the system.
                                                                                                                                                    user’s requests can contain an authorization token (issued by the information    A password policy should be implemented that includes a 90-day reset.
                                                                                                                                                    system) to indicate the user’s role and privilege to help determine what         Accounts with too many priveleges.
                                                                                                                                                    permission can be granted to the user. It is wise to grant the user the least
                                                                                                                                                    privilege possible. (Zhao, 2008)

Next to the product or service an organization is known for, the value of
their business information may be the most important asset that
requires security and protection. As a medium-sized toy manufacturer,
Ted's Tremendous Toys is doing greater than $7-million dollars in annual
revenue with a relatively small workforce.

Even without e-commerce, the company has a lot of potential exposure
to liabilities from unauthorized access (intrusion) to its data and
systems, including the leaking of proprietary information to competitors
or stock manipulators, personal information on employees, customer
information, private financal information and transactions, and even
damage to critical systems (that store the data) from natural disaster,
vandalism (physical, as well as virtual with malware), or hackers that
could interrupt systems involved in the manufacturing, warehousing,
accounting and order processing, and delivery of the product to the
actual buyer.

Shared By:
liamei12345 liamei12345 http://