Identify Potential Weaknesses from the Aircraft Solutions
Executive Summary
The purpose of the report is to assist Aircraft Solutions (AS) in indentifying the most significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the firewall configuration, virtualization of their hardware assets and defining security policy regarding the timeliness of firewall configuration and updates.
Identify Potential Weaknesses from the Aircraft Solutions
Company Overview
Aircraft Solutions, headquarters located in San Diego, California develop and fabricate products and services for companies in the electronic, commercial, defense and aerospace industries. AS is made up of two (2) different divisions, the Commercial Division and the Defense Division. The Commercial Division is located in Chula Vista, CA and the Defense Division is located in Santa Ana, CA. AS company strategy is to offer low cost design and computer aided modeling packages to companies and assists them through the lifecycle of their product in an effort to save money for the consumer while profiting from their business.
Vulnerabilities
Hardware Vulnerabilities
The hardware infrastructure of the AS Headquarters in San Diego, California had been identified during our recent security assessment as being a potential security weakness to the company's overall information systems security infrastructure. The system hardware infrastructure comprises of
Five (5) Individual Servers
One (1) Switch
Two (2) Routers
One (1) Firewall
The hardware area of concern was the lack of Firewalls being used to protect the company's network against intrusion and the networks hardware design and architecture.
The firewall configuration at AS San Diego is improperly configured to meet the security needs of the company. The main area of concern was that of the firewall located between AS Main Router and the Router to DD. The security assessment revealed that DD Santa Ana has direct access without firewall authentication to AS San Diego's network.
“Misconfigured network gear represents a major security threat. It's estimated that 65% of cyber attacks exploit misconfigured systems” (Marsan, 2009).
Policy Vulnerabilities
Our analysis of the AS San Diego Headquarters Information System Security Policy identified a severe weakness. AS's security policy identifies that all firewalls and routers rules are evaluated every two years. Industry standard for firewall re-evaluation is on average 12 months or less depending on the state of the Firewall's. According to Microsoft "The only periodic maintenance required is the replacement of the licenses for the firewall engines on the management station every 12 months, depending on the environmental conditions within the data center" (Northrup, 2012) or as soon as a new patch is released by the software manufacturer.
Recommended Solution - Hardware
Virtualization is the creation of a virtual computer system, rather than having actual IT assets. As a recommendation for AS's firewall misconfiguration and overall hardware footprint, it's recommended that AS invest in their future and virtualizes their IT infrastructure.
The benefits of virtualization are tremendous, from a security perspective there are several benefits that really ...