Security Overview

(Aircraft Solutions)

including the electronics. hardware. providing full spectrum design and implementation solutions to multiple industries. with an overall goal of providing high-quality solutions to accommodate specifications from a wide range of customer demands. consideration of the consequences resulting from the unfolding of potential threats will be given due attention. careful consideration has narrowed my focus down to the areas of hardware and policy. This is a significant vulnerability. Further elaboration of the identified security vulnerabilities is presented below. The Defense Department must be routed through Headquarters. Such a time span between rule-set evaluations is also a substantial liability to the continued and unimpeded success of the organization. and defense sectors. commercial. followed by an analysis of the degree of risk present. i. My primary objective in this assessment is to identify the existence of vulnerabilities present within the global context of AS operations. an evaluation of the associated threats will be deduced. Lastly. I find it very curious that there is no firewall implemented between the commercial division and the Internet. . but the Commercial department is connected straight to the Internet. More specifically. a well respected equipment and component fabrication company. software.e. and policy. The second weakness I have pinpointed is the security policy stating router and firewall rulesets should be evaluated every two years. in the area of hardware.Introduction The following report concerns a security assessment of Aircraft Solutions (AS). Assessment Of the three given areas of potential investigation pertaining to AS. To accompany the exposed weaknesses. Aircraft Solutions employs a range of highly qualified professionals and houses an immense production plant. aerospace.

. etc. (Northrop. T. to include the military. The threat is an open exposure to the uncertainties of the Internet. confidential employee information. to any number of automated or personalized attacks or attempts to exploit company vital statistics and/or confidential or classified data. I’ll utilize the typical Risk Matrix. The vulnerability is the absence of a firewall. classified divisional statistics pertaining to budgets. which is effectively equivalent to inviting the world in to see everything there is to see. This matrix was borrowed from the Scottish Government’s. deadlines. The fact remains in either case that there is a significant increase of this division of AS operations to outside threat. To help illustrate the risks of such a threat occurring. Risk Management website. this might include AS’s commercial client’s confidential information. or contracts. connected to the Internet. 2010) In this case. which is commonly used by a number of companies and organizations. The threat here is characterized by the inability of the CD to filter web traffic. it even appears as though the CD must transmit through the Internet in order to connect to Headquarters. In one view of AS’s network infrastructure.Hardware Vulnerabilities The issue pertaining to Aircraft Solution’s hardware weakness is that of the lack of adequate protection implemented between its Commercial Division and the rest of the world.

. modification.Because the possible consequences of the threat of company infiltration by malicious parties could result in not only devastating company-wide data leak but also the potential of client data exploitation. the potential consequences would be marked ‘Extreme’. this brings the level of risk to a near state of emergency. where all of the company’s data were hi-jacked. Because the likelihood is not only possible. There are many vendors who specialize in constant rule-set monitoring. the severity of the event would be factored by all of the client’s data being exposed. which could lead to the possible tampering with of client orders. or worse yet. or even blackmail. The information could be sold to a rival organization. Of the associated likely consequences of a worst-case scenario. the data could be exploited in such a way as to be manipulated for years undetected. like RedSeal. a lot can happen in two years to warrant a much more frequent evaluation timeline. Policy Vulnerability The vulnerability in company policy exists in its security directive stating rulesets for routers and firewalls be evaluated at intervals of two years. being characterized in the chart either by orange or red.net. which prevent the exploitation of vulnerabilities caused by outdated security configurations. which could then effectively be used to gain considerable competitive advantage over AS. which would then naturally lead to devastation for the clients as well. Obviously. until such a time as either a tremendous loss of monetary assets and reputation were lost. leading to countless losses on all fronts. but quite feasible between likely and certain (optimistically). which would likely be cause for continue suffering.

expansion. The consequences of these potential vulnerabilities being exploited could be numerous and severe. an intelligent IT employee alerts a group of malicious persons of the weakness. but out dated rule sets would potentially dictate the wrong rules at the wrong time for the wrong reason. could be likened to a bank that accumulated too much money to keep in their vault. disaster. lost contracts. if there were no changes.I was unable to find a definitive and quantitative rule for exactly how frequent the evaluation of rule-sets should be conducted. with a little imagination. then the vulnerability grows with time. lost monetary assets. because there isn’t any way to know how much the company would change in two years. The likelihood of this vulnerability being exploited by hackers isn’t at first glance as high as the risk present in the last example. and as a result. certain measurable changes within the company’s infrastructure should be expected to change. but if one thing has been consistent throughout the ages. lawsuits. As a result. . when the most damage to the company. in short. and/or benefit to the hacker might be caused. In the worst case scenario. and then the opportune time is waited for. and the chances of such vulnerabilities being exploited would logically agree with a ‘possible-to-likely’ rating on the risk matrix. the potential exists for malicious programming initiated by hackers to exploit these out dated rule-sets. Leaving rule-sets stagnant for two years presents the risk of improperly configured security configurations for firewalls and routers due to the natural evolution of the company’s assets and network infrastructure. If indeed significant change within two years can be assumed. Outdated rule-sets. and so too should the rule-sets for router and firewall security configurations. as does the company’s exposure to threat. but in consideration to the natural contractions a company undergoes in response to sales fluctuations and the economy. This could amount to forced resignations. than two years may suffice. and a shrunken client base. public image. which could lead to disaster. it is change. decided to store it in the lobby instead. or they could amount to a disgruntled ex-employee causing harm through unexpired access rights. Perhaps not as blatantly drastic. or any number of factors bearing influence upon the organization. Feasibly.

Firewalls. http://www. Microsoft/Technet.net/solutions/ .net.References Northrop. Retrieved November 14th. Risk Matrix.aspx#XSLTsection12312112020 The Scottish Government: Model for Organizational Risk Management. (2010).bing. 2010 from. T.scotland. Security Assurance/Cyber Defense Consultants. Retrieved Nov 14th 2010 From.uk %2FResource%2FImg%2F247049%2F0072144. http://technet. Retrieved Nov 14th 2010 from.microsoft.gov.redseal.gif RedSeal. http://www.com/images/search? q=risk+assessment+matrix&FORM=IGRE&qpvt=risk+assessment+matrix#focal=5d e8da492dccb1ee1ee75004bd8e9c0f&furl=http%3A%2F%2Fwww.com/enus/library/cc700820.

Sign up to vote on this title
UsefulNot useful