Executive Summary 3
Company Overview 3
Vulnerabilities 3
Hardware Vulnerabilities 3
Policy Vulnerabilities 6
Recommended Solution - Hardware 7
Impact on Business Processes 10
Recommended Solution – Policy 10
Impact on Business Processes 11
Budget 11
Summary 11
References 13
Executive Summary
The purpose of the report is to assist Aircraft Solutions (AS) in indentifying the most significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the firewall configuration, virtualization of their hardware assets and defining security policy regarding the timeliness of firewall configuration and updates.
Company Overview
Aircraft Solutions, headquarters located in San Diego, California develop and fabricate products and services for companies in the electronic, commercial, defense and aerospace industries. AS is made up of two (2) different divisions, the Commercial Division and the Defense Division. The Commercial Division is located in Chula Vista, CA and the Defense Division is located in Santa Ana, CA. AS company strategy is to offer low cost design and computer aided modeling packages to companies and assists them through the lifecycle of their product in an effort to save money for the consumer while profiting from their business.
Vulnerabilities
Hardware Vulnerabilities
The hardware infrastructure of the AS Headquarters in San Diego, California had been identified during our recent security assessment as being a potential security weakness to the company's overall information systems security infrastructure.
The system hardware infrastructure comprises of
Five (5) Individual Servers
One (1) Switch
Two (2) Routers
One (1) Firewall
The hardware area of concern was the lack of Firewalls being used to
References: (n.d.). Retrieved 04 04, 2011, from Amazon : http://www.amazon.com/Dell-PowerEdge-R710-Server-48GB/dp/B0037S9MTM (n.d.). Retrieved 04 04, 2011, from Dell: www.dell.com Bevis, J. (2007, July 12). Security Threats Statistics - Resources. Retrieved March 19, 2011, from InfoSecAlways.com: http://infosecalways.com/2007/07/12/security-threat-statistics-resources/ Halski Systems. (n.d.). Retrieved 04 04, 2011, from http://www.halski.com/p-66-cisco-catalyst-3750-emi-switch-24-ports.php Infinity Microsystems. (n.d.). Retrieved 04 04, 2011, from http://www.infinity-micro.com/ProdDisplay1.asp Marsan, C. D. (2009, June 9). Hidden Threat on Corporate Nets: Misconfigured Gear. Retrieved April 4, 2011, from CIO: http://www.cio.com/article/494522/Hidden_Threat_on_Corporate_Nets_Misconfigured_Gear Northrup, T. (n.d.). Security TechCenter. Retrieved March 18, 2011, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc700820.aspx TWA Communications. (n.d.). Retrieved 04 03, 2011, from http://www.twacomm.com/catalog/model_7206VXR.htm?pid=1000&utm_source=fgl&utm_medium=prodlist&utm_term=7206VXR