Remote Access Attacks Quick Finance Company Network Diagram

Remote Access Analyze the Quick Finance Company Network Diagram and describe the assumptions you will need to make in order to identify vulnerabilities and recommend mitigation techniques as there is no further information from this company. The company does not wish to release any security related information per company policy. The basic assumptions that must be made include: a lack of effective monitoring / coordination, the inability to deal with problems and not adapting security protocols to changing techniques.

These presumptions are important, as they are showing how the firm is failing to acknowledge critical issues and develop procedures / solutions for addressing them. To mitigate these challenges, the firm must engage in a number of practices. The most notable include: training staff members about the significance of strong security procedures, enforcing password compliance, hiring an IT manager who can monitor the database for potential breaches, working with outside consultants who can test / identify vulnerabilities and actively understanding / adapting with the changing tactics utilized by hackers.

These areas will enable Quick Finance to create a network diagram that is responding to potential threats and address them before a major security breach occurs. It is at this point, when their customer information will be protected from these kinds of issues in the future. (Jackson, 2010) (Pool, 2012) (Wang, 2009) Analyze the above case and network diagram, and describe how each access point is protected or unprotected. Key access points are not protected anywhere. This is because the firm's password policy is not enforced.

To make matters worse, there is no full time security professional to monitor and implement these provisions. This makes it difficult for the firm to continually update passwords and firewalls. When this happens, hackers can take advantage of these weaknesses in order to gain access to the large amounts of information inside the firm's database. (Jackson, 2010) (Pool, 2012) (Wang, 2009) Each of these points is unprotected, by failing to update security protocols. Over the course of time, this makes them ineffective in dealing with critical challenges.

Moreover, the lack of enforcing password policy makes it easy for anyone to mirror the keystrokes of employees and gain access to them. (Jackson, 2010) (Pool, 2012) (Wang, 2009) Evaluate and describe the vulnerabilities of the Quick Finance Company's network based on the network design. Like what was stated previously, Quick Finance's network is obsolete. This is because there is no security professional to recommend changes and upgrades to these protocols. This means that the firewall could easily be breached with hackers disabling one or a combination of them.

When this happens, they have access to large amounts of information and can easily go through any database of their choosing. (Jackson, 2010) (Pool, 2012) (Wang, 2009) Moreover, there are no procedures or systems to identify when a breach is occurring. This makes it difficult to determine what is happening and the long-term effects they will have on the company's systems. It is at this point, when the firm will become a bigger target. This is based upon a number of individuals who are engaging in session high jacking and DOS attacks.

(Jackson, 2010) (Pool, 2012) (Wang, 2009) Rank the top three (3) most likely network-based attacks in the order they are likely to occur and suggest countermeasures for each. Three of the most common attacks that Quick Finance is vulnerable to include: password based assaults, eavesdropping and denial of service (DOS) breaches. Password based incidents will occur with hackers figuring out one or a combination of the various passwords and using them to gain access to the firm's databases.

Eavesdropping is when an individual can monitor the communication that is taking place between the company, its customers and financial institutions. A DOS is where someone can obtain access to the firm's databases by locking out authorized users. In each of these situations, they have the ability to go through the company's files and look at some of their most sensitive data. (Jackson, 2010) (Pool, 2012) (Wang, 2009) A possible countermeasure for password based incidents is to continually have everyone change their passwords and make them more difficult to guess.

Eavesdropping can be reduced by using encryption technology to restrict someone from monitoring communications. DOS attacks could be mitigated by improving firewall protections and looking for specific activities from unauthorized users. (Jackson, 2010) (Pool, 2012) (Wang, 2009) Recommend mitigation procedures to reduce or eliminate business interruptions. The best way to prevent any kind of disruptions is to have.