Risks threats and vulnerabilities commonly found in the workstation domain

LAB # 1 Identifying Threats and Vulnerabilities in an IT Infrastructure

Step 4: Describe how risk can impact each of the seven domains of a typical IT infrastructure: User, Workstation, Local Area Network (LAN), Local Area Network-to-wide Network (LAN-to-WAN), Wide Area Network (WAN), Remote Access, and System/Application domain.

Risk is the probability or likelihood that a loss will occur. A loss can occur as a result of compromise to a business functions or assets. The risk that is posed by a User Domain can come in various forms; such as a user writing his/her password on a sticky note and sticking it on the monitor. Unbeknown to the user a malicious actor can log unto the network or domain using that person's credential to steal or launch a denial-of-service attack. This can cripple or bring down the entire network which can lead to loss of revenue. The risk that is posed to a Workstation Domain can be disastrous if it is not properly configured or setup by the system administrator. An improperly configured Workstation which allows users to plug in external devices like USB or cell phones can result in users infecting the Workstation with viruses or malwares that can lead to theft of Intellectual properties and or downloading of sensitive information. Likewise if the IT closet housing the switches, access points (AP), servers, etc are not physically secured properly that could be a risk associated to the Local Area Network (LAN) Domain. Someone can just walk into the IT closet and plug any device into the switch to gain access or unplug the switch(s) from the power supply to bring the network down. Regarding the LAN-to-WAN Domain, the risk that is posed here could be the firewall and access control list not configured right and allowing any traffic to come into the network (Deny All Accept by Exception). When the primary path or link that connects your entire network to the Service Provider (SP) is down and no backup route exists, that constitute a risk to the WAN Domain because you will lose connectivity to the rest of the world or Internet. The risk posed to the System/Application Domain could be that a critical update was released by a vendor to remediate a vulnerability that was discovered in the application and that critical update was not applied to the system. This leaves a hole in the system which can be exploited by an attacker. A typical example is the weak Diffie-Helman encryption vulnerability known as the Logjam attack which allows a man-in-middle attacker to downgrade TLS connection to a 512 bit key cryptography. Finally, for a Remote Access Domain the risked posed could be the machine that the remote user is connecting from does not have all the proper virus protection suites. Connecting from an infected machine can introduce all sorts of malware into the corporate network.

Risks, Threats, and Vulnerabilities

Primary Domain

Unauthorized access from public Internet

LAN-to-WAN, System/Application

Hackers penetrates IT infrastructure through modem bank

WAN, LAN-to-WAN, System/Application

Communication circuit outages

WAN, Users

Workstation operating system (OS) has known software vulnerability

Workstation, User

Denial of service attack on organization's email server

User, System/Application,

Remote communications from home office

Remote Access

Workstation browser has software vulnerability

User, Workstation,

Weak ingress/egress traffic filtering degrades performance

LAN-to-WAN, User

Wireless Local Area Network (WLAN) access points are needed for the LAN connectivity within a warehouse

LAN, User

Need to prevent rogue users from unauthorized WLAN access

LAN-to-WAN, LAN, Workstation

Doctor destroys data in application, deletes all files, and gain access to internal network

User, System/Application

Fire destroys primary data center

All domains will be affected

Intra-office romance gone bad

User

Loss of production data server

User, System/Application

Unauthorized access to organization-owned workstations

Workstation, LAN, LAN-to-WAN, System/Application

LAN server OS has a known software vulnerability

LAN, LAN-to-WAN, System/Application

Nurse downloads an unknown email attachment

User, Workstation

A technician inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers

User, Workstation

Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router

Remote Access, WAN, System/application

Step 6: In your Lab Report file, complete the table from the previous step by identifying which of the seven domains of a typical IT infrastructure will be most impacted by each item in the table's left-hand column and explain why.

As a healthcare institution the availability (of the CIA triad) of critical applications and data for doctors and nurses to use in diagnosing and treating patients is very important. For this assignment, all the risks, threats and vulnerabilities that have been identified in the table posed a serious problem to all the domains; but the one that will be impacted most would be the System/Application domain. The reason being that, all the critical applications that are needed to effectively treat a patient resides in this domain. Also, employee files with social security numbers, patient's information that contains Personal Identifiable Information (PIA) and Protected Health Information (PHI) resides in the system/application domain so if\when compromised can lead to a devastating outcome which can be costly in terms of lawsuit, loss of lives, loss of business and tarnishing of reputation and possible fines from the federal government.