Aircraft Solution Essays

Aircraft Solution Essays Aircraft Solution Essay Aircraft Solution Essay Aircraft Solutions is a well respected equipment and component fabrication company who ? provides a full spectrum design and implementation solutions to several industries which? includes; electronics, aerospace, commercial and the defense sectors. Aircraft Solutions employs ? a range of highly qualified professionals and houses an immense production plant, with an ? overall goal of providing high-quality solutions to accommodate specifications from a wide? range of customer demands. The following report is a security assessment on Aircraft Solutions? nd the primary objective in this assessment is to identify the existence of vulnerabilities present ? within the global context of Aircraft Solutions’ operations. An evaluation of the associated ? threats will be deduced, accompanied by the exposed weaknesses. This will be followed by an? analysis of the degree of risk present. Finally, there will be a focus on the consideration of the? consequences resulting from revealing of po tential threats. Assessment ? Hardware and policy will be the main focus of this investigation. It will be narrowed down more ? o hardware issues. It is very curious that there is no firewall implemented between the? commercial division and the Internet. The Defense Department must be routed through? Headquarters, but the Commercial department is connected straight to the Internet. This is a? significant vulnerability. The second weakness that will be examined is the security policy? stating router and firewall rule sets should be evaluated every two years. Such a time span? between rule-set evaluations is also a substantial liability to the continued and unimpeded? success of the organization. Further elaboration of the identified security vulnerabilities is ? presented. Hardware Vulnerabilities: The issue pertaining to Aircraft Solution’s hardware weakness is that of the lack of adequate? protection implemented between its Commercial Division and the rest of the world, connected to ? the Internet. In one view of AS’s network infrastructure, it even appears as though the CD must? transmit through the Internet in order to connect to Headquarters. The fact remains in either case ? that there is a significant increase of this division of AS operations to outside threat. The threat? ere is characterized by the inability of the CD to filter web traffic, which is effectively? equivalent to inviting the world in to see everything there is to see. (Northrop, T. 2010) In this ? case, this might include AS’s commercial client’s confidential information, classified divisional? statistics pertaining to budgets, deadlines, or contracts, confidential employee information, etc.? The vulnerability is the absence of a firewall. The threat is an open exposure to the uncertainties? of the Internet, to any number of automated or personalized attacks or attempts to exploit? ompany vital statistics and/or confidential or classified data. To help illustrate the risks of such a ? threat occurring, a typical Risk Matrix, which is commonly used by a number of companies and ? organizations, to include the military, will be utilized. This matrix was borrowed from the? Scottish Government’s, Risk Management website.? Because the possible consequences of the threat of company infiltration by malicious parties ? could result in not only devastating company-wide data leak but also the potential of client data? xploitation, modification, or even blackmail, the potential consequences would be marked ? ‘Extreme’. Because the likelihood is not only possible, but quite feasible between likely and certain (optimistically), this brings the level of risk to a near state of emergency, being ? characterized in the chart either by orange or red.? A possible worst-case scenario might involve a company’s data being hi-jacked. The severity of ? the event would be factored by all of the client’s data being exposed. This could lead to possible ? tampering with of client orders. Client devastation is to be expected on these kinds of situations. ?Information could be sold to a rival organization, which could then effectively be used to gain? considerable competitive advantage over AS. Several events could occur in these situations, it ? includes, either a tremendous loss of monetary assets and depleted of reputation, or worse yet,? the data could be exploited in such a way as to be manipulated for years undetected, leading to? countless losses on all fronts. Policy Vulnerability ?The vulnerability in company policy exists in its security directive stating ule sets for routers? and firewalls be evaluated at intervals of two years. Obviously, a lot can happen in two years to ? warrant a much more frequent evaluation timeline. There are many vendors who specialize in? constant rule-set monitoring, like RedSeal. net, which prevent the exploitation of vulnerabilities ? caused by outdated security configurations.? There is no definitive and quantitative rule for th e frequency of evaluation of rule-sets should be? conducted. Certain measurable changes within the company’s infrastructure should be expected? o change as a result of responding to economy situations and sales fluctuations. This should also ? be applied to rule-sets for router and firewall security configurations. Leaving rule-sets stagnant? for two years presents the risk of improperly configured security configurations for firewalls and ? routers due to the natural evolution of the company’s assets and network infrastructure. As a? result, the potential exists for malicious programming initiated by hackers to exploit these out? dated rule-sets, which could lead to disaster. Outdated rule-sets, with a little imagination, could? e likened to a bank that accumulated too much money to keep in their vault, and as a result,? decided to store it in the lobby instead. Perhaps not as blatantly drastic, but out dated rule sets? would potentially dictate the wrong rules at the wrong time for the wrong reason. The likelihood? of this vulnerability being exploited by hackers isn’t at first glance as high as the risk present in ? the last example, because there isn’t any way to know how much the company would change in ? two years. Feasibly, if there were no changes, than two years may suffice, but if one thing has? een consistent throughout the ages, it is change. If indeed significant change within two years? can be assumed, then the vulnerability grows with time, as does the company’s exposure to? threat, and the chances of such vulnerabilities being exploited would logically agree with a? ‘possible-to-likely’ rating on the risk matrix. The consequences of these potential vulnerabilities? being exploited could be numerous and severe, or it could amount to a disgruntled ex-employee? causing harm through unexpired access rights. In the worst case scenario, an intelligent IT ? mployee alerts a group of malicious persons of the weakness, and then the opportun e time is? waited for, when the most damage to the company, and/or benefit to the hacker might be caused.? This could amount to forced resignations, lost contracts, lawsuits, lost monetary assets, public ? image, and a shrunken client base, in short, disaster.?