Embed Size (px)
Citation preview
PosterCorpRisk Assessment
Web/Database/File Servers
Team: Ognjen, Vasil, Georgi, Morten10-11-2011
Overview
• System Characterization• Threat Identification• Vulnerability Identification• Control analysis• Likelihood Determination• Impact Analysis• Risk Determination• Control Recommendations• Results Documentation• Questions
System Characterization• Software• Linux OS based• Apache 2 web server• MySQL database server• Samba file server
• System users• Employees and
administrators
• System mission• Provides login system• Provides wiki for
company• Allows sharing files
• Data & information• User credentials,
personal information;• Files and web data/info
• System & Data crit.• Medium/High
• System & Data sens.• Medium/High
Threat identificationThreat-Source Motivation Threat Actions
• Hacker, Cracker • Challange• Ego
• Hacking• SQL Injection• Denial of service
• Computer Criminal • Destruction• Money
• System intrusion• Information bribery• Denial of service• SQL Injection
• User / administrator • Lack of experience•Unintentional misuse;
• Misconfiguration• Damaging system
Vulnerability IdentificationVulnerability Threat-Source Threat Action
• Unpatched software
• Hacker, Cracker• Computer
Criminal
• Denial of service• Obtain
unauthorized access
• Misconfiguration • User / administrator
• Hacker, Cracker• Computer
Criminal
• Damage the system• Obtain
unauthorized access
• Damage/delete files
Control Analysis
Vulnerability Current control• Unpatched software •Automatic updates (OS
feature, necessary confirmation)
• Misplacement or misconfiguration
Authentication required
Likelihood Determination
Vulnerability Threat-Source Likelihood level• Unpatched software • Hacker, Cracker
• Computer Criminal
• Low• Medium
• Misplacement or misconfiguration
• User / administrator
• Hacker, Cracker• Computer
Criminal
• High
• Medium• Low
Impact Analysis
Vulnerability Threat-Source Impact• Unpatched software • Hacker, Cracker
• Computer Criminal• High• High
• Misplacement or misconfiguration
• User / administrator
• Hacker, Cracker• Computer Criminal
• High
• High• High
Vulnerability Threat-Source Value & Risk• Unpatched software • Hacker, Cracker
• Computer Criminal• 10 = Low• 50 = Medium
• Misplacement or misconfiguration
• User / administrator
• Hacker, Cracker• Computer Criminal
• 100 = High
• 50 = Medium• 10 = Low
Risk Determination
Control Recommendations
•Require more sequre credentials (authentication)•Usage of Firewall and Antivirus
software• Host an IDS/IPS for detecting
intrusions and attacks (not mandatoy)• Regular scheduled updates• Implementation of security policies
Results Documentation
After going through the steps metioned above, as a conclusion the following actions have to be taken in consideration: • Improve php scripts (not mandatory)• Regular backups of the data• Keep up to date the software (regular automatic and
manual updates)• Check list on sp 800-44 (improve security)• Shares must be set up to require credentials• Possibly implement Firewall and Antivirus software• Run IDS/IPS on the host machine for detecting intrusions
and attacks (not mandatoy)
