2.2 Performing vulnerability assessments
Vulnerability assessments are conducted to secure computer networks from attacks. Administrators usually consider patching and deploying antivirus. Vulnerability assessments should be set to run constantly to alert the administrator of any change that may be detected on the network to ensure network security protection (Carabott 2011). Performing a successful vulnerability assessment for the company requires support from administration, a formal methodology and assessment tools (Perry nd).
2.2.1 Vulnerability assessment steps
In performing vulnerability assessment, the following steps will be considered:
184.108.40.206 Identify and understand your business
The first step in vulnerability assessment is the identification and understanding of business processes in the company. The most critical and sensitive business processes such as compliance, customer privacy, competitive position, etc. must be identified by representatives from different sections of the company such as Information Technology (IT), business units, finance and legal section (Orde & Poarch 2012).
220.127.116.11 Pinpoint the applications and data that underlie business processes
After identifying the most critical and sensitive business processes, applications and data that underlie business processes must be identified (Orde & Poarch 2012). Applications and data that underlie business processes at the Insurance company includes Windows XP, Microsoft Office 2000, Adobe Reader, Java, SSL, MD5, RSA, Google Drive, Base64 string and Ubuntu Web server with MySQL 3.23 back end. Rouse (2006) refers to this step as the defining and classifying network or system resources.
18.104.22.168 Find hidden data sources
Hidden data sources should be identified and those include mobile devices such as Smartphones, tablets and desktop PCs. It is necessary to understand data flows between mobile devices, data center applications and storage. Users of mobile devices who access and share corporate applications and data must also be identified in order to understand the available data sources (Orde & Poarch 2012). Data sources such as Google Drive must also be identified as a file sharing system.
22.214.171.124 Determine what hardware underlies applications and data
Layers of company infrastructure must be known in order to identify the physical and virtual servers running critical applications. Data storage devices must also be identified as they are vulnerable to attacks (Orde & Poarch 2012). Applications such as Ubuntu Server 7.1, Apache version 2.2.12 that is running on company systems must be known. Rouse (2006) refers to this step as assigning relative levels of importance to the resources.
126.96.36.199 Map the network infrastructure that connects the hardware
Routers and other network devices that the applications and hardware infrastructure depend on for faster and secure performance must be identified (Orde & Poarch 2012). Since users at Dynamics Insurance company are allowed...