Network Risk Evaluation

The purpose of this document is to list all network security risks and help the reader determine where the greatest threats lie on their network. The reader should list their opinion of the severity of each threat and how common they believe it to be on their network. Then the number of times per month that this threat has materialized should be listed.

There are several main items to consider when listing threats and their ability to threaten the network. These include:

  1. The threat such as virus, spyware, worms, computer hack and others.
  2. The computer type - This will be one of server, desktop, mainframe, or laptop.
  3. The entry method - Describes the transport mechanism the threat used to enter the network whether it was the DMZ or trusted network. this could be carried physically in, through email, through a browser such as typical adware or spyware infections, or through a firewall.
  4. The infected Zone - The zone the infected computer was in. It should be noted whether the infection spread and what zones it spread to, but there is no place in the table for this. If spreading happened, the item should be stared or numbered with an incident explaination at the bottom of the sheet.
  5. The perceived threat severity
  6. How common or often the threat is realized on the network.
  7. Occurrences per month. This should be the actual average number of occurrences in the last 6 to 12 months.

Compromise of client computers

  1. Hostile software through email borne viruses into client computers
  2. Unauthorized user installed program - Users bringing their own programs into the network on disks or memory sticks
  3. Hostile software through user web browser due to misconfiguration and/or software vulnerability.

Compromise of server computers:

  1. Threats from compromised client computers.
  2. Attacks through vulnerable applications.
  3. Attacks through vulnerabilities in services such as web server and mail services.
  4. Attacks through operating system vulnerabilities.
  5. Attacks due to misconfiguration of services or system such as allowing relaying on mail server allowing spam to be sent, not locking down Internet Information Server (IIS) leaving it vulnerable, or leaving default administrator accounts with default passwords set.

Items to consider:

  1. Consider where all systems lie on the network and where traffic is limited between different areas. Include firewalls and routers along with descriptions or lists of permitted and disallowed traffic.
  2. Consider where the most security violations have occurred both in type such as virus and the type of computer infected.
    1. Consider whether the servers should be in a network zone seperate from the client computers if client computers are compromised more often, statistically, than other groups of computers (such as servers in the DMZ).