This project was completed during my enrollment in the Google Cybersecurity Professional course. In this activity, I conducted a vulnerability assessment for a small business, evaluating the risks associated with a vulnerable information system and outlining a remediation plan. A vulnerability assessment is an internal review process for an organization’s security systems. As a cybersecurity analyst, my role involves assisting with vulnerability assessments to proactively prevent attacks within an organization.
Vulnerability Assessment Report
23rd January 2024
Table of contents
Open Table of contents
System Description
The server hardware comprises a robust CPU processor and 128GB of memory. It operates on the latest Linux operating system, hosting a MySQL database management system. The system is equipped with a stable network connection utilizing IPv4 addresses, ensuring interaction with other servers on the network. Security measures include SSL/TLS encrypted connections.
Scope
This vulnerability assessment focuses on the current access controls of the system. The assessment spans a three-month period, from February 2024 to April 2024. NIST SP 800-30 Rev. 1 is employed as a guide for risk analysis of the information system.
Purpose
The database server, a centralized system, stores and manages large volumes of data. It houses customer, campaign, and analytic data, crucial for tracking performance and tailoring marketing efforts. Securing the system is paramount due to its frequent use in marketing operations.
Risk Assessment
| Threat source | Threat event | Likelihood | Severity | Risk |
|---|---|---|---|---|
| Hacker | Obtain sensitive information via exfiltration | 3 | 3 | 9 |
| Employee | Disrupt mission-critical operations | 2 | 3 | 6 |
| Customer | Alter/Delete critical information | 1 | 3 | 3 |
Approach
Risk assessment considered the data storage and management procedures of the business. Potential threat sources and events were identified based on the likelihood of a security incident given the open access permissions of the information system. The severity of potential incidents was evaluated in relation to their impact on day-to-day operational needs.
Remediation Strategy
To ensure only authorized users access the database server, authentication, authorization, and auditing mechanisms will be implemented. This involves enforcing strong passwords, employing role-based access controls, and implementing multi-factor authentication to limit user privileges. Data in motion will be encrypted using TLS instead of SSL. Additionally, IP allow-listing to corporate offices will be established to prevent random internet users from connecting to the database.