Riordan Manufacturing Enterprise Security Analysis
Riordan Manfacturing Enterprise Security Analysis CMGT/430 Version 3 October 31, 2011 Dave Perkins Riordan Manufacturing Enterprise Security Analysis Riordan Manufacturing has offices in 4 locations. The corporate office is located in San Jose California. The review of all locations revealed that each location utilized Windows based products for processing of email. Below are the findings of server equipment at the various locations.
1) San Jose, CA a. Windows Exchange Server 2) Pontiac, MI a. Windows NT Exchange Server 3) Albany, GA a. Windows NT Exchange Server ) Hangzhou, China a. Windows Exchange Server There are multiple vulnerabilities related to the Windows Exchange Servers that need to be address prior to establishing an enterprise security policy. Although all locations are capable of sending and receiving e-mail, they are very susceptible to attack from outside sources.
Recommendations to correct the problems associated with the Windows Exchange Server include upgrading to the latest Exchange Server, inclusion in enterprise wide backup plans, and adherence to government regulations regarding e-mail archiving and retention.Risks versus Vulnerabilities Matrix An assessment of Riordan Manufacturing E-mail Exchange Servers identified high impact vulnerabilities. If these vulnerabilities are not address they can hinder the speed of e-mail delivery and could also cause a denial of service (DoS) to users. AssetProbabilityImpactSecurity LevelMitigation Windows Exchange Server (E-Mail)HighHighHighKeep up-to-date on patches for software and the underlying operating system; Install safeguards at various points of entry into the server; Upgrade to latest up-to-date version of Exchange Server.Windows NT Exchange Server (E-Mail)HighHighHighUse NTFS file system; Review all files to eliminate unnecessary shares; Add share permissions to shares to prevent anonymous access; Apply anti-virus solution that scan SMTP traffic at the gateway; Upgrade to latest up-to-date version of Exchange Server. Client MediumHighHighConfigure a Group Policy to apply consistent settings to Operating Systems.
Hardening NT can apply consistent settings to Windows NT clients.The Risks versus Vulnerabilities Matrix for Riordan Manufacturing Company identified vulnerabilities related to the Windows Exchange Servers prior to establishment of enterprise security policy. The Matrix also identified threats that could be listed as probable and would have high impact to security if not addressed. These vulnerabilities if not acted upon can allow an unauthorized hacker to remotely get into the network and execute arbitrary code. The code can give system privileges or privileges to those of a user. The user can be an administrator and if so, the attacker can take full control of the system.
A denial of service (DoS) can also be administered that will disrupt users. In order to eliminate or reduce these threats of high impact risks, it is recommended that the following precautions be implemented for the e-mail servers. First, administrators should keep patches current and up to date in order to guard against viruses, worms, and possible intrusion. Improve the file system of the Windows NT Server to NTFS. This enhancement incorporates the access control list (ACL) for files and directories.
NTFS verifies the appropriate authorization before a process is allowed to access a file.It also supports active directory that would allow a system to join a domain. Add share permissions to shares to prevent anonymous access and apply anti-virus solutions that scan SMTP traffic at the gateway. The recommendations are ones that should be implemented as soon as possible to secure the system and for the protection of data until all locations can be updated to the latest version of Exchange server that offers more reliability and security. References http://www. us-cert.
gov/cas/techalerts/TA05-284A. html http://msdn. Microsoft. com/en-us/library/ms913208(v=winembedded. 5).