As a part of the IT professional team here at Yieldmore, we notice that the User domain is the weakest of all seven. User’s also known as employees who are responsible for the IT assets they use. Users may often open/download emails that could be infected, and browse numerous websites that could contain viruses. A way to avoid this at the current time and possibly in the future is to train users on proper security awareness and to make sure that strict policy violations are enforced.
The workstation needs to have anti-virus/firewall software as well as password protection enabling and malicious code policies. With the software installed, up to date, and running properly; this prevent the entering of worms, natural disasters, and Trojan horses from entering the network. If not installed properly the anti-virus software might not detect the viruses entering and this could result in a loss of confidential data. Yieldmore organization’s network will be better protected and the likelihood of the organization system infected with any viruses would be limited.
Being on a small network in a LAN all devices such as hubs, routers, etc. these devices should be in a protected secured place such as; wiring closets or data centers. A firewall needs to be set in place on the LAN; this will allow the filtering of data. Without doing so all devices can be at great risk for SYN attack, and spoofing. All data needs to have the proper physical address with proper access controls, having not take this in consideration will allow unauthorized access.
IP addresses can be accessed from anywhere in the world making attackers vulnerable to them. When an IP address is found, they move fast to capture it. Downloading malicious software and having unnecessary ports open on the firewall will allow attackers to intrude to the internal network from the internet. For the LAN-WAN strict disabling ping, port scanning, and applying monitoring controls for intrusion detection on all exterior IP devices inside the LAN-WAN domain. This could be improved by using encryption, VPN tunneling for secure IP communication for end-to-end, and scanning all types of emails attachments for antivirus and malicious software at the LAN-WAN domain point. This is needed so that attackers couldn’t possibly enter through the network.
Overseeing, assumptions or a lack of doing work properly is one of the biggest threats to the WAN, in terms of compliance regulations. The WAN is prone to DOS/DDOS attacks, it is best to use an (FTP) file transfer protocol so that the organizations server would be able to upload secretly. Having agreements set in place such as (SLA’s) service level