S.A. Goss- Sow
Unit 2 Assignment 1
A security breach has been identified and the SMB server was accessed by an unauthorized user. The security breach is a violation of the CIA (confidentiality, integrity, availability) security principles and was caused by the SMB server being accessed by an unauthorized user due to a security hole that was detected by the server software manufacturer the previous day. The security patch will not be available for three days. In addition it will be at least one week to download, test, and install the patch. It is also important to explore the device(s) that were targeted by the attack. In this instance it was the SMB server. The SMB server utilizes an application layer network protocol, which can run atop the session layer. It provides shared access to files, printers, serial ports, workstations, laptops, desktops, and provides a client/server relationship throughout the network. In calculating a WoV, four actions are generally used. The four parts would be the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. The time between each of these areas is divided into 3 risk areas. During the time from discovery to disclosure only a closed group is aware of the vulnerability which range from researchers/ vendors working to identify vulnerabilities within their software or hackers of different levels. This is a Black Risk due to the vulnerability is a security risk. A Grey Risk is the time from disclosure to the time during which the user of the software waits for the vendor to issue a patch. We call the risk exposure during this period the Gray Risk because the public is aware of this risk but has not yet received correction from the software vendor. Through the information provided in the disclosure of the vulnerability the organization can assess the individual risk and might implement a workaround until a patch is available. A White Risk is the time from patch availability to patch implementation....
Please join StudyMode to read the full document