Aircraft Solutions

Security Assessment and Recommendations

Submitted by: Zephan H. Keatley Submitted to: Professor Robert Krell SE571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted on: July 28, 2013

Table of Contents
Aircraft Solutions ............................................................................................................. i Security Assessment and Recommendations ................................................................... i Company Overview ............................................................................................................ 1 Security Vulnerabilities ...................................................................................................... 1 Hardware Vulnerability .............................................................................................. 1 Policy Vulnerability .................................................................................................... 3 Works Cited .......................................................................Error! Bookmark not defined.

Company Overview
Aircraft Solutions (AS) designs and fabricates component products and services for their clients in the electronics, commercial, defense and aerospace industries. AS employees a large and skilled workforce of design engineers, programmers, machinist, assembly personnel. The company utilizes automated equipment in order to increase their production and reduce overall costs. By doing this, they are able to offer cost efficient design and modeling packages to their customers helping them to reduce their overall developmental cost which in turn has helped them to establish long term relationships plenty of repeat business. Aircraft Solutions consists of two separate divisions, the Commercial Division (CD) and the Defense Division (DD). They are located in Chula Vista, California and Santa Ana, California respectively.

Security Vulnerabilities
Hardware Vulnerability

Aircraft Solutions current hardware setup effectively leaves the companys and their clients information vulnerable to prying eyes. The current hardware network setup is only being protected by a firewall, two routers and a switch. Should someone gain access to the system, they may be able to easily gain access to information in several key areas such as human resources, accounting, and or the database. This information could vary from an employees social security number, to proprietary company or client information. The crimes could range from identity theft to corporate espionage and the losses could range from thousands of dollars, all the way to millions and beyond. Firewalls are a good

Firewall Strengths: 1. Helping to enforce security and safety policies of an organization. 2. Restricting access to specified services. Access can even be granted selectively based on authentication functionality. 3. Their singularity of purpose which means that companies need not make any compromises between usability and security. 4. Its appraisal capacity which results in an organization getting to know and monitor all the traffic that sifts through their networks. 5. Being a notification system which can alert people concerned about specific events. Firewall Weaknesses: 1. An inability to fend off attacks from within the system that it is meant to protect. This could take the form of people granting unauthorized access to other users within the network or social engineering assaults or even an authorized user intent on mala fide use of the network. 2. It can only stop the intrusions from the traffic that actually passes through them. 3. It cannot circumvent poorly structured security policies or bad administrative practices. For instance, if a company has a very loosely knit policy on security and over-permissive rules, then a firewall cannot protect data or the network.

Figure A-1 (Operational Strength & Weaknesses of Firewalls , 2013)

start for hardware security however, they have strengths and weaknesses and should not be counted on as a full proof measure or means of security (see figure A-1). Currently Aircraft Solutions only updates the firewall and router rule sets every two years which leaves the company vulnerable in that anyone who would gain access or be given access would have it for a long period of time. All of the servers for AS are currently backed up onsite which could create a problem should a natural disaster, fire, flood, or perhaps even theft of the devices occur. Whether the motive is one of revenge, money or just proving that it can be done, all of the

hardware related issues have a high probability of occurring in todays world and must be addressed in order to avoid a loss of data, money and clients. Policy Vulnerability

The current security policy allows numerous people to have access to the system, possibly even those who do not or should not have access to said information. In order fot the policies and procedures for Aircraft Solutions to be effective, they need to be updated on an annual basis in order to keep up with the ever changing and evolving threats that abound. A security policy extends to more than just the technical infrastructure; every organization's last line of defense in protecting its information from unauthorized access is its employees. Therefore, many believe organizational policy should dictate the need to educate employees about how to protect the organization's information assets. (IT security policy management: Effective polices to mitigate threats, 2013)

References:
IT security policy management: Effective polices to mitigate threats. (2013). Retrieved 07 28, 2013, from SearchSecurity: http://searchsecurity.techtarget.com/tutorial/ITsecurity-policy-management-Effective-polices-to-mitigate-threats Operational Strength & Weaknesses of Firewalls . (2013). Retrieved 07 28, 2013, from Certificationkits.com: http://www.certificationkits.com/cisco-certification/CCNASecurity-Operational-Strength-Weaknesses-ofFirewalls.html#sthash.mcZSM9PR.dpuf