CASE Study: Remote Access Attacks
Above is the Quick Finance Company network diagram. The company is a small business and does not invest much in security protection. System 1000 hosts a customer database as well as employee payroll systems. The company Web server has been defaced twice this month and the VPN server has suffered from session hijacking and Denial-of-Service (DOS) attacks twice last year. The company does not enforce a password policy and does not have a dedicated security professional.
1. Analyze the Quick Finance Company Network Diagram and describe the assumptions you will need to make in order to identify vulnerabilities and recommend mitigation techniques as there is no further information from this company. The company does not wish to release any security related information per company policy.
2. Analyze the above case and network diagram, and describe how each access point is protected or unprotected.
3. Evaluate and describe the vulnerabilities of the Quick Finance Company’s network based on the network design.
4.Rank the top three (3) most likely network-based attacks in the order they are likely to occur and suggest countermeasures for each.
5. Recommend mitigation procedures to reduce or eliminate business interruptions.
6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA.
The specific course learning outcomes associated with this assignment are:
• Describe the details and the importance of application security models and their implementation from a management perspective.
• Explain access control methods and attacks.
• Compare and contrast network-based attacks and countermeasures.
• Evaluate potential situations of business interruption and the planning necessary to mitigate the threats involved.
• Use technology and information resources to research issues in security management.
• Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions.