Tuesday, September 3, 2019
I am hired as an Information Security Engineer for a videogame development company. The organization network structure is given in the diagram. I was notified that malicious activities are taking place in the network structure. They can effect protection of the intellectual property and highly sensitive data maintained by the organization. I am assigned to resolve these issues that arise in the network structure. In this document I will analyze and assess potential malicious attacks and threats that may be carried out against the network along with potential vulnerabilities that may exist in the documented network. Also I will tell the potential impact of all malicious attacks & threats and identified vulnerabilities to the network and the organization. Malicious attacks and threats to network are attacks that can be done by exploiters and hackers to get into network and steal the network information. There are different types of malicious attacks. Passive attacks look for encrypted data and perform algorithms to decrypt. They can enter the hole where encrypted data is being decrypted or look for clear passwords. In an active attack attacker bypasses or break into secured network. They can use viruses, Trojan horses, stealers, exploits or bugs (1). They can penetrate the network system to steal data or to change data or to shut down the system. A distributed attack requires that the adversary introduce code, such as a Trojan horse or back-door program, to a Ã¢â¬Å"trustedÃ¢â¬ component or software that will later be distributed to many other companies; users Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious code such as a bac... ...nd Routing protocols. Operating system weaknesses includes operating system vulnerabilities like not updating the operating system. Configuration weaknesses include unsecured user accounts, System accounts with easily guessed passwords, Misconfigured Internet services, unsecured default settings of the software products, and misconfigured network equipmentÃ¢â¬â¢s. Security Policy Weaknesses include lack of written security policy, poorly chosen or default passwords, inadequate monitoring and auditing, unapproved applications installation (Rufi, 2007). Mail Servers are other targets in which hackers want to gain access to network resources. Companies that access e-mail from the Internet, especially, are potential targets (Rampat). Threats can be performed to the network when attackers take advantage of the vulnerabilities and it has a negative impact on the network.