Computer and Network Security Analysis

Open, View, and/or
Download this Document

Total Length: 2033 words ( 7 double-spaced pages)

Total Sources: 7

Page 1 of 7

Report of The Analysis and Attack Strategy

Information on the Organization

Bain & Company is a global management consultancy that has its headquarters in Boston. The company offers advice to private, public, and non-profit organizations across the world. Bain & Company advises leaders on marketing, strategy, operations, IT, and organization. Since it is a consultancy organization it has access to sensitive information from the organization that it consults for stored in its company servers. This information ranges from financial records, human resource records, the structure of the organizations, and IT systems used by the organizations. All these are valuable information and records that can be attractive to attackers. Therefore, there is a need to ensure that the information and records are stored securely and there is no possibility of an attack. Records like employee Social Security Numbers, bank information, and place of residence can be used for identity theft. Sensitive information like passwords or systems being used could be valuable as such information would make it easy for an attacker. With information regarding the systems, they can easily plot how to attack an organization by conducting their own background tests before launching the actual attack. Access credentials are also stored on the servers. The credentials would make it easy for an attack to be launched against any of the companies that Bain consults for. Employee records can also be used to impersonate a particular employee in order for the attacker to gain physical access to the organization's servers or network (Gibson, 2014). While Bain servers are relatively secure, there are some vulnerabilities that have been discovered and this makes the company vulnerable to external attacks.

In addition to the above-mentioned information, one is also able to access records pertaining to the systems being used within the organizations that Bain currently consults for. The security measures that are implemented within other organizations can also be accessed from within the organization. Bain servers also hold information regarding the network systems and this information could be vital for launching an attack. Considering that the company does IT consultancy for other organizations, it needs to understand the kind of systems that are in place within the organization in order for it to offer its services. This information will include diagrams and images that are stored within the company's servers for ease of access. However, without proper security, this information could be used by an attacker to plot or attack the organization. The security measures in place at the organizations it consults for are also stored on its servers. This information is vital to an attacker as it gives them a layout of the land before they can launch an attack. Security recommendations that have been proposed and implemented by an organization are used by the company for reference purposes. This means that this information has to be stored on its servers to ensure that other employees can easily access this information.

Stuck Writing Your "Computer and Network Security Analysis" ?

View All Our Example Computer and Network Security Analysis

Have A Custom Example Essay Written

However, storing this information on its servers would mean that any attacker who gains access to Bain's servers would find a treasure trove of information.

Information Gathering Tools

TCP Port Scan with Nmap

Network ports are considered to be the entry points for a machine connected to the internet. Any service that listens to a port has the ability to receive data from a client application, process the data, and send a response back. Malicious clients have the ability to exploit vulnerabilities in the server code for them to gain access to sensitive data (Pfleeger & Pfleeger, 2012). It is also possible to execute malicious code remotely on the machine. Scanning of pots is done to determine the available network entry ports for a target machine or system. One can make use of TCP port scan to establish the ports that are open in order to launch an attack. It is also possible to determine the presence of a firewall and establish if the firewall is blocking traffic or filtering the traffic. Using TCP port scan one can also determine if a firewall has been properly configured, which would make it easy for an attack.

This tool was used to scan for vulnerable open ports in the company's network, by using their external IP address. Once the scan was complete, a list of all the available ports was provided and one could then launch a DoS attack. We then attempted to test if the target was vulnerable for a DoS attack. This would allow us to plot our plan of attack. The response of our attempt was that the target machine was vulnerable and it was possible to launch a DoS attack.

Network Vulnerability Scan with OpenVAS

OpenVAS scanner is a vulnerability assessment system that detects security issues in all manner of network devices and servers. This tool saves time from having to manually scan large networks for vulnerabilities. When listening devices are discovered they are tested for any known vulnerabilities and misconfigurations. The results are then presented in a report with detailed information about each vulnerability discovered. It is this reason that makes this tool quite effective for hackers as it can offer them information that could be vital when they are planning an attack. Since it eliminates the need for having to perform a manual analysis it makes it easy for them to scan large networks and they can get the results easily. Identifying vulnerabilities gives attackers an opportunity to determine how best they can attack an organization based on the vulnerabilities that they have discovered. Using this tool attacker are able to gauge how vulnerable a network is and they can then determine the best way to exploit these vulnerabilities.

This….....

Show More ⇣

     Open the full completed essay and source list


OR

     Order a one-of-a-kind custom essay on this topic


sample essay writing service

Cite This Resource:

Latest APA Format (6th edition)

Copy Reference
"Computer And Network Security Analysis" (2018, November 20) Retrieved April 27, 2024, from
https://www.aceyourpaper.com/essays/computer-network-security-analysis-2172748

Latest MLA Format (8th edition)

Copy Reference
"Computer And Network Security Analysis" 20 November 2018. Web.27 April. 2024. <
https://www.aceyourpaper.com/essays/computer-network-security-analysis-2172748>

Latest Chicago Format (16th edition)

Copy Reference
"Computer And Network Security Analysis", 20 November 2018, Accessed.27 April. 2024,
https://www.aceyourpaper.com/essays/computer-network-security-analysis-2172748
   

Open, View, and/or
Download this Document
order custom essay example