That the fallback method is an older system or

This preview shows page 32 - 33 out of 95 pages.

that the fallback method is an older system or communication method that is susceptible to attack.3.5Assess and mitigate the vulnerabilities of security architectures, designsand solution elementsThis section represents the vulnerabilities present in a plethora of technologies in an environment. You should feelcomfortable reviewing an IT environment, spotting the vulnerabilities and proposing solutions to mitigate them. To do this,you need to understand the types of vulnerabilities often present in an environment and be familiar with mitigation options.Client-based systems.Client computers are the most attacked entry point. An attacker tries to gain access to aclient computer, often through a phishing attack. Once a client computer is compromised, the attacker can launchattacks from the client computer, where detection is more difficult compared to attacks originating from theinternet. Productivity software (word processors, spreadsheet applications) and browsers are constant sources ofvulnerabilities. Even fully patched client computers are at risk due to phishing and social engineering attacks. Tomitigate client-based issues, you should run a full suite of security software on each client computer, including anti-virus, anti-malware, anti-spyware and a host-based firewall.Server-based systems.While attackers often target client computer initially, their goal is often gaining access to aserver, from which they can gain access to large amounts of data and potentially every other device on the network.To mitigate the risk of server-based attacks (whether attacking a server or attacking from a server), you shouldpatch servers regularly — within days of new patches being released, and even sooner for patches for remote codeexecution vulnerabilities. In addition, you should use a hardened operating system image for all server builds. Last,you should use a host-based firewall to watch for suspicious traffic going to or from servers.Database systems.Databases often store a company’s most important and sensitive data, such as credit cardtransactions, employees’ personally identifiable information, customer lists, and confidential supplier and pricinginformation. Attackers, even those with low-level access to a database, might try to use inference and aggregationto obtain confidential information. Attackers might also use valid database transactions to work through data usingdata mining and data analytics.Cryptographic systems.The goal of a well-implemented cryptographic system is to make a compromise too time-consuming (such as 5,000 years) or too expensive (such as millions of dollars). Each component has vulnerabilities:Software.Software is used to encrypt and decrypt data. It can be a standalone application with a graphicalinterface, or software built into the operating system or other software. As with any software, there aresometimes bugs or other issues, so regular patching is important.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 95 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
N/A

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture