Remote Access Attacks for bruce wayne
angedeyegnyc69
remote_access_attack.docxCase Study 4: Remote Access Attacks
Quick Finance Company Network Diagram
Above is the Quick Finance Company network diagram. The company is a small business and does not invest much in security protection. System 1000 hosts a customer database as well as employee payroll systems. The company Web server has been defaced twice this month and the VPN server has suffered from session hijacking and Denial-of-Service (DOS) attacks twice last year. The company does not enforce a password policy and does not have a dedicated security professional.
Write a five to eight (5-8) page paper in which you:
1. Analyze the Quick Finance Company Network Diagram and describe the assumptions you will need to make in order to identify vulnerabilities and recommend mitigation techniques as there is no further information from this company. The company does not wish to release any security related information per company policy.
2. Analyze the above case and network diagram, and describe how each access point is protected or unprotected.
3. Evaluate and describe the vulnerabilities of the Quick Finance Company’s network based on the network design.
4. Rank the top three (3) most likely network-based attacks in the order they are likely to occur and suggest countermeasures for each.
5. Recommend mitigation procedures to reduce or eliminate business interruptions.
6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
· Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
· Describe the details and the importance of application security models and their implementation from a management perspective.
· Explain access control methods and attacks.
· Compare and contrast network-based attacks and countermeasures.
· Evaluate potential situations of business interruption and the planning necessary to mitigate the threats involved.
· Use technology and information resources to research issues in security management.
· Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.
|
Points: 100 |
Case Study 4: Remote Access Attacks |
|||
|
Criteria |
Unacceptable Below 70% F |
Fair 70-79% C |
Proficient 80-89% B |
Exemplary 90-100% A |
|
1. Analyze the Quick Finance Company Network Diagram and describe the assumptions you will need to make in order to identify vulnerabilities and recommend mitigation techniques as there is no further information from this company. Weight: 15% |
Did not submit or incompletely analyzed the Quick Finance Company Network Diagram; did not submit or incompletely described the assumptions you will need to make in order to identify vulnerabilities and did not submit or incompletely recommended mitigation techniques as there is no further information from this company. |
Partially analyzed the Quick Finance Company Network Diagram; partially described the assumptions you will need to make in order to identify vulnerabilities and partially recommended mitigation techniques as there is no further information from this company. |
Satisfactorily analyzed the Quick Finance Company Network Diagram; satisfactorily described the assumptions you will need to make in order to identify vulnerabilities and satisfactorily recommended mitigation techniques as there is no further information from this company. |
Thoroughly analyzed the Quick Finance Company Network Diagram; thoroughly described the assumptions you will need to make in order to identify vulnerabilities and thoroughly recommended mitigation techniques as there is no further information from this company. |
|
2. Analyze the above case and network diagram, and describe how each access point is protected or unprotected. Weight: 15% |
Did not submit or incompletely analyzed the above case and network diagram; did not submit or incompletely described how each access point is protected or unprotected. |
Partially analyzed the above case and network diagram; partially described how each access point is protected or unprotected. |
Satisfactorily analyzed the above case and network diagram; satisfactorily described how each access point is protected or unprotected. |
Thoroughly analyzed the above case and network diagram; thoroughly described how each access point is protected or unprotected. |
|
3. Evaluate and describe the vulnerabilities of the Quick Finance Company’s network based on the network design. Weight: 20% |
Did not submit or incompletely evaluated and described the vulnerabilities of the Quick Finance Company’s network based on the network design. |
Partially evaluated and described the vulnerabilities of the Quick Finance Company’s network based on the network design. |
Satisfactorily evaluated and described the vulnerabilities of the Quick Finance Company’s network based on the network design. |
Thoroughly evaluated and described the vulnerabilities of the Quick Finance Company’s network based on the network design. |
|
4. Rank the top three (3) most likely network- based attacks in the order they are likely to occur and suggest countermeasures for each. Weight: 20% |
Did not submit or incompletely ranked the top three (3) most likely network- based attacks in the order they are likely to occur; did not submit or incompletely suggested countermeasures for each. |
Partially ranked the top three (3) most likely network-based attacks in the order they are likely to occur; partially suggested countermeasures for each. |
Satisfactorily ranked the top three (3) most likely network- based attacks in the order they are likely to occur; satisfactorily suggested countermeasures for each. |
Thoroughly ranked the top three (3) most likely network- based attacks in the order they are likely to occur; thoroughly suggested countermeasures for each. |
|
5. Recommend mitigation procedures to reduce or eliminate business interruptions. Weight: 15% |
Did not submit or incompletely recommended mitigation procedures to reduce or eliminate business interruptions. |
Partially recommended mitigation procedures to reduce or eliminate business interruptions. |
Satisfactorily recommended mitigation procedures to reduce or eliminate business interruptions. |
Thoroughly recommended mitigation procedures to reduce or eliminate business interruptions. |
|
6. 3 references Weight: 5% |
No references provided |
Does not meet the required number of references; some or all references poor quality choices. |
Meets number of required references; all references high quality choices. |
Exceeds number of required references; all references high quality choices. |
|
7. Clarity, writing mechanics, and formatting requirements Weight: 10% |
More than 6 errors present |
5-6 errors present |
3-4 errors present |
0-2 errors present |
Ethernet
Ethernet
Ethernet
Ethernet
40 Windows PCs
10-Terminals
Router
8-DISK
DRIVES
System 1000
VPN Server
RADIUS SERVER
Firewall
Firewall
WEB ServerIDS Monitor
3-CISCO IDS Sensors
30-Windows PC
BLDG 2
2-File Servers
UNIX SYSTEM V
28-Windows PC
BLDG 4
Remote Tape Library
ROOM 10
TAPE
LIBRARY
10-Terminals
BLDG 3
4-Windows PC
4-Tape drive
Main Bldg
Ethernet
IBM Compatible
Terminal server
Router
Data
IBM Compatible
Server
Firewall
Tape drive
40 Windows PCs
10-Terminals
8-DISK DRIVES
System 1000
VPN Server
Main Bldg
RADIUS SERVER
WEB Server
IDS Monitor
3-CISCO IDS Sensors
30-Windows PC
BLDG 2
2-File Servers UNIX SYSTEM V
28-Windows PC
BLDG 4
Remote Tape Library ROOM 10
TAPE LIBRARY
10-Terminals
BLDG 3
4-Windows PC
4-Tape drive
