Threats, Vulnerabilities And Risks

1673 WordsNov 24, 20147 Pages
3 Threats, Vulnerabilities and Risks 3.1 Vulnerabilities According to Rufi (2006) the vulnerabilities in any network are divided into three primary weaknesses; technology vulnerabilities, configuration vulnerabilities and security policy vulnerabilities. However, the company’s network suffers from a number vulnerabilities that fall under these three primary weaknesses and other kinds of vulnerabilities includes: • Technology vulnerabilities: according to Rufi (2006) TCP/IP protocols are naturally insecure, including HTTP, FTP and SMTP. The company run different versions of operating system on their servers and computers and all versions of Windows operating system have security problems that must be addressed. All equipment in the…show more content…
Here are the possible threats and risks for the company. Threats which divided to three types: • Host threats includes: Viruses, Trojan horses, and worms, footprinting, profiling, password cracking, denial of service, unauthorized access. • Application Threats includes: buffer overflows, cross-site scripting, SQL injection, canonicalization. • Network Threats includes: Information gathering, Spoofing, Session hijacking, Denial of service Risks there are many risks that the company is facing including: diversionary tactics, malware, rogue security software, malicious spyware, computer worm, phishing, Rootkit, Spam. 3.3 Threat agents and Countermeasures • Threat agents and Countermeasures on the light of owner and asset The owner of the company imposes protection and defense countermeasures on the asset to protect it, from any loss, exploitation, abuse or damage that can happen from the threat agent which in its turn is trying to increase the threats on the asset. The goal of the countermeasures is to decrease the number of vulnerabilities of the system. Here are some of the threat agents and the countermeasures related to them. • Sniffing: can be reduced by using effective physical security and encrypting all communications. • Spoofing: filtering. • Denial of service: keeping the service packs up-date, Use the (IDS)
Open Document