Harry and Mae's Asset identification and analysis Tangible assets Description (1- low, 5 -high) Buildings(serv er room) The building is surrounded by a Perimeter fence The entire building is shielded against electromagnetic radiation has an outer set of vault doors and an inner door that is equipped with a biometric scanner The interior of the room is equipped with fire, water, motion sensors, and cameras Smart card access points used by employees for allowing access in and out of the buildings Alarms Climate controls Installed with sensor and video feeds from the campus that are centrally controlled by a staff of three people all the time 5 has three layers innermost layer consists of consists of two Cisco Nexus 7000 switches populated with M1-Series 8-port fiber optic switches that provide fully redundant 10Gbit connectivity between servers, to the Internet, and to the second layer second layer consists of a 10Gbit dual fiber ring that provides connectivity between the core network and 2 Cisco Catalyst 4928 10Gbit layer 3 switches located in each building on campus The third layer consists of Gigabit copper local area networks that connect computers and Power over Ethernet (PoE) phones with Cisco 2060-S PoE switches that are located in communication closets in close proximity to their users layers 1 and 2 are fully redundant The company has more than 400 Dell OptiPlex 380 workstations with Windows 7 installed All the workstations are also installed with Symantec Endpoint Protection All computers are Microsoft Windows 7 machines with Norton Antivirus software installed All employees uses user names and passwords to log into the system 5 Wired network infrastructure Campus workstations Asset Value 4 Intangible assets Description Asset Value (1-low, 5high) Internet Servers Active Directory Domain Security appliances Cle The company is supplied with 100Mbps up fiber connection to the campus on a fully redundant dual fiber ring with two fiber pairs by Comcast Business Services Off campus new restaurants are supplied high speed Internet connection by a local provider, a Network Address Translation (NAT) firewall device that consists of a wireless access point The company's headquarter has 200TByte Hewlett Packard SAN which provide storage for 10 HP ProLiant DL380 G7 servers where the company hosts redundant virtual servers for their domain controllers, Inventory Tracking System, Point of Sale system, accounting system, payment processing system, email system, Web site with database support for active content, Windows Routing and Remote Access Server for VPN connections, authentication services, and database management systems The company uses a single ADD for the entire campus It has been configured using default setting except for the password history and complexity requirements that have been disabled The network of the campus consist of two Sonic Wall NSA 4500 Firewall Security Appliances which link the internet provider to the core network The two appliances are configured to enable all traffic in both directions and are capable of up to 1500VPN connections each The campus also has two Barracuda Spam & Virus Firewall 600 appliances that are located on the core network, and all mail traffic is forwarded through them. 4 5 3 4 Harry and Mae's vulnerabilities and potential threats Asset Value Campus workstations 4 Servers 5 Vulnerability Security appliances 5 Threat relaxed password rules The company uses a Web front end for all of its applications and workstations are capable of accessing them using Microsoft's Internet Explorer No antivirus software are installed on any of the virtual servers hosting the company's vast systems such as ITS, POS, DBMS, etc. The Web servers and Email servers with a public IP address There are no firewalls on the external connections web pages to the Web server using File Transfer Protocol The two Sonic Wall NSA 4500 Firewall Security Appliances devices are configured to allow all traffic in both directions Wireless connectivity wireless system has been configured to provide open Threat ranking 4 data may be lost when updating the web data can be accessed by any unauthorized person using the workstation 4 Worms attack Viruses attack Trojan horse attack When using FTP, servers can be spoofed to send data to a random port on unintended computer When using FTP, credentials(user names and passwords ) are send in clear text 2 Enabling all traffic both directions may make users bypass gateway level security in place within the company infrastructure Also, ISPs that implement DNS hijacking break name resolution of private addresses with a all traffic directions privilege escalation 2 access without logon capability Building(ser ver room) 5 The 3 security staffs are not monitored and they do not report to any authority Machines compromise Alarms have no passwords Action Directory Domain Wired network infrastructur e 3 5 the company uses a single directory domain in the entire campus Layer 3 doesn't provide redundant connections The security staff may be compromised by an outsider who want to get access in the building False alarms that may lead to Legal liability 2 risk of schema master is greatly increased Unreliable network connection when the third layer is used 1 1