Scenario
You are a newly hired cybersecurity analyst for an e-commerce company. The company stores information on a remote database server, since many of the employees work remotely from locations all around the world. Employees of the company regularly query data from the server to find potential customers. The database has been open to the public since the company’s launch three years ago. As a cybersecurity professional, you recognize that keeping the database server open to the public is a serious vulnerability.
You are tasked with completing a vulnerability assessment of the situation to communicate the potential risks to decision makers at the company. You must create a written report that explains how the vulnerable server is a risk to business operations and how it can be secured.
System description
The server hardware consists of a powerful CPU processor and 128GB of memory. It runs on the latest version of Linux operating system and hosts a MySQL database management system. It is configured with a stable network connection using IPv4 addresses and interacts with other servers on the network. Security measures include SSL/TLS encrypted connections.
Scope
The scope of this vulnerability assessment relates to the current access controls of the system. The assessment will cover a period of three months, from June 20XX to August 20XX. NIST SP 800-30 Rev. 1 is used to guide the risk analysis of the information system.
Assignment: Vulnerability Assessment Report
Purpose
The server houses personally identifiable information (PII) which the company uses to find potential customers. Currently, the server is open to the public. This presents a serious security issue, since attackers may steal customer data or disable the server entirely, which could halt business operations and cause financial loss.
Risk assessment
| Threat Source | Threat Event | Likelihood | Severity | Risk |
|---|---|---|---|---|
| Customer | Alter/Delete critical information | 1 | 3 | 3 |
| Employee | Disrupt mission-critical operations | 2 | 3 | 6 |
| Hacker | Obtain sensitive information | 3 | 3 | 9 |
Approach
Risks measured considered the data storage and management procedures of the business. Potential threat sources and events were determined using the likelihood of a security incident given the open access permissions of the information system. The severity of potential incidents were weighed against the impact on day-to-day operational needs.
Remediation strategy
We recommend implementing authentication, authorization, and auditing mechanisms to ensure that only authorized users access the database server. This includes using strong passwords, role-based access controls, and multi-factor authentication to limit user privileges.
We also recommend encryption of data in motion using TLS instead of SSL, which is deprecated.