FYT2
2164 words
9 pages
Private Investigators LLCControls and Countermeasures
Private Investigators Limited Liability Company (LLC) has a small office with one server and six workstations. This LLC partnership hosts its own website that allows clients to log in and enter case information. An evaluation of the network and security configuration to determine threats and weakness to the existing system has been completed. A list of the top five associated threats for the Server, Workstations, and Website are outlined below. The following memo discusses the likelihood of the threats occurrence and recommended security controls and countermeasures that should be used to mitigate these threats.
Shown illustrated below are network drawings of the current …show more content…
Configuration Management: Unauthorized access to administration interfaces, unauthorized access to configuration stores, retrieval of clear text configuration data, lack of individual accountability over privileged process and service accounts.
5. Session Management: Session hijacking, session replay, Man-in-the-Middle attacks are common techniques to utilize session data to take-over, eavesdrop, or capture session information on users. These attacks allow replay of user sessions, impersonation of users, and more importantly leads to identify theft.
File:FYT2_Task1
By Thomas A. Groshong Sr
Page 3 of 7
Private Investigators LLC
Controls and Countermeasures
File:FYT2_Task1
By Thomas A. Groshong Sr
Page 4 of 7
Private Investigators LLC
Controls and Countermeasures
B1.
Likelihood of Threats
The indications that the Private Investigators LLC’s Local Area Network (LAN) has been compromised are very high. Without keeping computer systems such as workstation, servers, and/or websites properly patched and up-to-date to fix flaws in OS or application software, damage to these systems has occurred. The lack of virus scanning software leaves these systems vulnerable to attack, compromise, and take-over. The fact that users are complaining of sluggish behavior, adware (advertisements) pop-ups appear without using the internet, and the message
“You’ve been hacked” are all strong indicators that all of the LLC’s computers have