Identifying Risks

Previous page
Table of content
Next page

Because security resources will always be limited in some manner, it is important to determine what resources are present that may need securing. Then you need to determine the threat level of exposure that each resource creates and plan your network defenses accordingly . Previously, we discussed how to protect resources and assets; now we'll look at how to identify the risks that affect them. In this section, we cover the following methods of identifying risks: asset identification, risk and threat assessment, and vulnerabilities.

Asset Identification

Before you can determine which resources are most in need of protection, it is important to properly document all available resources. For the purpose of our discussion, the term resource can refer to a physical item (such as a server or piece of networking equipment), a logical object (such as a Web site or financial report), or even a business procedure (such as a distribution strategy or marketing scheme). Sales demographics , trade secrets, customer data, and even payroll information could be considered sensitive resources within an organization.

Risk Assessment

After assets have been identified, you need to determine which of these assets are more important than the others and which assets pose significant security risks. During the process of risk assessment, it is necessary to review many areas, such as the following:

  • Methods of access

  • Authentication schemes

  • Audit policies

  • Hiring and release procedures

  • Isolated services that may provide a single point of failure or avenue of compromise

  • Data or services requiring special backup or automatic failover support

graphics/note_icon.gif

Risk assessment should include planning against both external and internal threats. An insider familiar with an organization's procedures can pose a very dangerous risk to network security.


Threat Assessment

During a risk assessment, it is important to identify potential threats and document standard response policies for each. Threats may include the following:

  • Direct access attempts

  • Automated cracking agents

  • Viral agents, including worms and Trojan horses

  • Released or dissatisfied employees

  • Denial of service attacks or overloaded capacity on critical services

  • Hardware or software failure, including facility- related issues such as power or plumbing failures

Vulnerabilities

After you have identified all sensitive assets and performed a detailed risk assessment, it is necessary to review potential vulnerabilities and take actions to harden each based on its relative worth and level of exposure. Evaluations should include an assessment of the relative risk to an organization's operations, the ease of defense or recovery, and the relative popularity and complexity of the potential form of attack.

Many automated vulnerability-scanning tools are available for various platforms. These may be used to perform regular assessments of your network; however, because of the constant discovery of new vulnerabilities, it is also very important to include a review of newly discovered vulnerabilities as part of your standard operating procedures.

graphics/note_icon.gif

Online resources such as those provided by the SANS Institute and the BUGTRAQ lists are good examples of the resources available to network administrators responsible for watching for new vulnerabilities.


When you're performing an analysis of potential vulnerabilities, several possible steps may be taken:

  • Blind testing Performing an audit from outside using no prior knowledge of an organization's network or procedures.

  • Knowledgeable testing Performing an audit using known details on the infrastructure and current business practices.

  • Internet service testing Attempting penetration using common exploits accessible through the Internet.

  • Dial-up service testing Performing a penetration attempt against an organization's remote access servers through war-dialing and other modes of dial-up access attempts.

  • Infrastructure testing Evaluating protocols used as well as the subjective user perception of operational parameters. Users may sometimes note obscure or unnecessarily complex configurations that might be exploited.

  • Network testing Evaluating distributed resources, replication architecture, and critical services, such as DNS or DHCP, along with firewall and IDS configuration settings.

  • Application testing Evaluating homegrown and store-bought applications. This is necessary to ensure end-to-end security.


Previous page
Table of content
Next page
Security+ Exam Cram 2 (Exam SYO-101)
Security+ Certification Exam Cram 2 (Exam Cram SYO-101)
ISBN: 0789729105
EAN: 2147483647
Year: 2005
Pages: 162
Authors: Kirk Hausman, Diane Barrett, Martin Weiss, Ed Tittel
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Managing Enterprise Systems with the Windows Script Host
MySQL Cookbook
101 Microsoft Visual Basic .NET Applications
Programming Microsoft ASP.NET 3.5
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy