Computer and Network Security Analysis

Report of The Analysis and Attack Strategy
Information on the Organization
Bain & Company is a global management consultancy that has its headquarters in Boston. The company offers advice to private, public, and non-profit organizations across the world. Bain & Company advises leaders on marketing, strategy, operations, IT, and organization. Since it is a consultancy organization it has access to sensitive information from the organization that it consults for stored in its company servers. This information ranges from financial records, human resource records, the structure of the organizations, and IT systems used by the organizations. All these are valuable information and records that can be attractive to attackers. Therefore, there is a need to ensure that the information and records are stored securely and there is no possibility of an attack. Records like employee Social Security Numbers, bank information, and place of residence can be used for identity theft. Sensitive information like passwords or systems being used could be valuable as such information would make it easy for an attacker. With information regarding the systems, they can easily plot how to attack an organization by conducting their own background tests before launching the actual attack. Access credentials are also stored on the servers. The credentials would make it easy for an attack to be launched against any of the companies that Bain consults for. Employee records can also be used to impersonate a particular employee in order for the attacker to gain physical access to the organization's servers or network (Gibson, 2014). While Bain servers are relatively secure, there are some vulnerabilities that have been discovered and this makes the company vulnerable to external attacks.
In addition to the above-mentioned information, one is also able to access records pertaining to the systems being used within the organizations that Bain currently consults for. The security measures that are implemented within other organizations can also be accessed from within the organization. Bain servers also hold information regarding the network systems and this information could be vital for launching an attack. Considering that the company does IT consultancy for other organizations, it needs to understand the kind of systems that are in place within the organization in order for it to offer its services. This information will include diagrams and images that are stored within the company's servers for ease of access. However, without proper security, this information could be used by an attacker to plot or attack the organization. The security measures in place at the organizations it consults for are also stored on its servers. This information is vital to an attacker as it gives them a layout of the land before they can launch an attack. Security recommendations that have been proposed and implemented by an organization are used by the company for reference purposes. This means that this information has to be stored on its servers to ensure that other employees can easily access this information. However, storing this information on its servers would mean that any attacker who gains access to Bain's servers would find a treasure trove of information.
Information Gathering Tools
TCP Port Scan with Nmap
Network ports are considered to be the entry points for a machine connected to the internet. Any service that listens to a port has the ability to receive data from a client application, process the data, and send a response back. Malicious clients have the ability to exploit vulnerabilities in the server code for them to gain access to sensitive data (Pfleeger & Pfleeger, 2012). It is also possible to execute malicious code remotely on the machine. Scanning of pots is done to determine the available network entry ports for a target machine or system. One can make use of TCP port scan to establish the ports that are open in order to launch an attack. It is also possible to determine the presence of a firewall and establish if the firewall is blocking traffic or filtering the traffic. Using TCP port scan one can also determine if a firewall has been properly configured, which would make it easy for an attack.
This tool was used to scan for vulnerable open ports in the company's network, by using their external IP address. Once the scan was complete, a list of all the available ports was provided and one could then launch a DoS attack. We then attempted to test if the target was vulnerable for a DoS attack. This would allow us to plot our plan of attack. The response of our attempt was that the target machine was vulnerable and it was possible to launch a DoS attack.
Network Vulnerability Scan with OpenVAS
OpenVAS scanner is a vulnerability assessment system that detects security issues in all manner of network devices and servers. This tool saves time from having to manually scan large networks for vulnerabilities. When listening devices are discovered they are tested for any known vulnerabilities and misconfigurations. The results are then presented in a report with detailed information about each vulnerability discovered. It is this reason that makes this tool quite effective for hackers as it can offer them information that could be vital when they are planning an attack. Since it eliminates the need for having to perform a manual analysis it makes it easy for them to scan large networks and they can get the results easily. Identifying vulnerabilities gives attackers an opportunity to determine how best they can attack an organization based on the vulnerabilities that they have discovered. Using this tool attacker are able to gauge how vulnerable a network is and they can then determine the best way to exploit these vulnerabilities.
This tool was mainly used to establish how vulnerable the network for the organization was and to determine the best course of action for an intruder or attacker. Scanning the network offered us an opportunity to see where the network is most vulnerable. Once we determined the vulnerability we went ahead and launched our plan of attack, which was to listen in and send malicious code to the network devices. This was aimed at gaining access to the servers in order to retrieve the files that we deemed vital.
Angry IP Scanner
Angry IP Scanner is a fast port and IP address scanner. The tool is able to scan IP addresses in any range as well as any port. The tool allows a hacker or attacker to scan a given network in order for them to gather information regarding the active hosts, the ports that accept connections, and other information. Angry IP can also be used to determine any open ports on a given network that an attacker can then go ahead and attempt to gains access to. This tool allows attackers an easy access to network information and it is fast in the performance of this scanning. It is possible to gather further information regarding a particular IP address by making use of plugins. The tool increases its scanning speed by using a multithreaded approach (Johnson, 2014). This means that each scanned IP address has a separate scanning thread.
We used this tool to establish the open ports within the company’s network and to also determine further information regarding the devices that are connected on the network. Since the tool has the ability to determine information like computer name, the user currently logged to windows and the workgroup we could easily mimic or attempt to crack the password for most of the users. The information we received using this tool was beneficial in hacking a particular device as it is able to retrieve the most essential information. Password cracking can be done using another tool once the username and host have been identified.
The attacks that would mostly work in our case would be scanning ports within the network. This will give the attacker an easy opportunity to identify vulnerable ports and devices that they can exploit to their advantage. For instance, one can use Angry IP Scanner to identify the devices that are on the network and the devices that have open ports. This way the attacker will then exploit these devices by checking for their access credentials or using brute force to gain access (Northcutt, Winters, Frederick, Zeltser, & Ritchey, 2002). Since the tool is able to offer NetBIOS information it becomes easy for an attacker to make use of brute force to determine the password. Once they are in, the attacker can then use the computer or device to access the organization's network and servers. This way the firewall or other access prevention measures will not flag the access as being dangerous as it is coming from within the organization's network and the device is amongst the organization’s devices. This will allow the attacker to retrieve as much information as they would like.
Social Engineering and Physical Security Attacks
Sending employees malicious links and purporting them to come from another employee was the easiest way of using social engineering. This method works because most employees will not suspect something that comes from their coworker (Holden, 2003). They trust they are being sent something genuine and they can submit information on the malicious link without questioning anything. This way an attacker can easily get information that they can then use to launch a companywide attack.
Physical security attack method that would most work is by posing to be an employee of the company that manages the company's servers. Dressing in a branded attire of the actual company and requesting to be given access to the servers since people will believe you are a genuine person (Bejtlich & Ranum, 2006).
Securing the Vulnerabilities
The best method for preventing any network attack is by frequently using tools for network port scanning to identify any open ports or vulnerabilities. This way one can be able to seal all the vulnerabilities before an attacker finds them and exploits the vulnerabilities. Frequently scanning of ports and devices will also ensure that there are no devices that are insecure on the network or that can be used to gain access to the network. Firewalls should also be properly configured to ensure that port scanning does not yield any desired results. One can direct suspected connections to a secure area that dupes the attacker into thinking they have gained access to the network. The secure area can then be used to get information regarding the attacker by reverse engineering. This way the attacker can be apprehended and charged with malicious intent. The organization should also train its employees to always be on the alert especially with any link that seems genuine and is requesting for sensitive information. It would be best for employees to personally type the URL of the genuine website instead of using the link they might have received via email. Being always on the lookout for anything that might seem to be genuine should also be taught to the employees. This will be beneficial in the prevention of physical attacks. One can easily purchase a t-shirt with a company and logo of any company online. Therefore, they can easily pretend to be an employee of a particular company in order for them to access the company's servers (Kruegel, Valeur, & Vigna, 2004). Employees should also be trained to doubt any person who claims to be someone else and they should conduct a background check before they give the individual any access.


References
Bejtlich, R., & Ranum, M. J. (2006). Extrusion detection: security monitoring for internal intrusions. Boston, Massachusetts: Addison-Wesley.
Gibson, D. (2014). Managing Risk in Information Systems. Burlington, Massachusetts: Jones & Bartlett Learning.
Holden, G. (2003). Guide To Firewalls and Network Security: Intrusion Detection and VPNs. Thomson-Course Technology.
Johnson, R. (2014). Security Policies and Implementation Issues. Burlington, Massachusetts: Jones & Bartlett Learning.
Kruegel, C., Valeur, F., & Vigna, G. (2004). Intrusion detection and correlation: challenges and solutions (Vol. 14). New York: Springer Science & Business Media.
Northcutt, S., Winters, S., Frederick, K., Zeltser, L., & Ritchey, R. W. (2002). Inside network perimeter security: The definitive guide to firewalls, VPNs, routers, and intrusion detection systems. Indianapolis, IN: Pearson Education.
Pfleeger, C. P., & Pfleeger, S. L. (2012). Analyzing Computer Security: A Threat/vulnerability/countermeasure Approach. Upper Saddle River, New Jersey: Prentice Hall.