Aircraft Solutions
Essay by phenriqu • August 22, 2013 • Case Study • 1,090 Words (5 Pages) • 1,677 Views
Aircraft Solutions (AS) Security Overview Introduction Aircraft Solutions is a well respected equipment and component fabrication company who provides a full spectrum design and implementation solutions to several industries which includes; electronics, aerospace, commercial and the defense sectors. Aircraft Solutions employs a range of highly qualified professionals and houses an immense production plant, with an overall goal of providing high-quality solutions to accommodate specifications from a wide range of customer demands.
The following report is a security assessment on Aircraft Solutions and the primary objective in this assessment is to identify the existence of vulnerabilities present within the global context of Aircraft Solutions' operations. An evaluation of the associated threats will be deduced, accompanied by the exposed weaknesses. This will be followed by an analysis of the degree of risk present. Finally, there will be a focus on the consideration of the consequences resulting from revealing of potential threats. Assessment Hardware and policy will be the main focus of this investigation. It will be narrowed down more to hardware issues.
It is very curious that there is no firewall implemented between the commercial division and the Internet. The Defense Department must be routed through Headquarters, but the Commercial department is connected straight to the Internet. This is a significant vulnerability. The second weakness that will be examined is the security policy stating router and firewall rule sets should be evaluated every two years. Such a time span between rule-set evaluations is also a substantial liability to the continued and unimpeded success of the organization. Further elaboration of the identified security vulnerabilities is presented.
Hardware Vulnerabilities:
The issue pertaining to Aircraft Solution's hardware weakness is that of the lack of adequate protection implemented between its Commercial Division and the rest of the world, connected to the Internet. In one view of AS's network infrastructure, it even appears as though the CD must transmit through the Internet in order to connect to Headquarters. The fact remains in either case that there is a significant increase of this division of AS operations to outside threat. The threat here is characterized by the inability of the CD to filter web traffic, which is effectively equivalent to inviting the world in to see everything there is to see. (Northrop, T. 2010) In this case, this might include AS's commercial client's confidential information, classified divisional statistics pertaining to budgets, deadlines, or contracts, confidential employee information, etc. The vulnerability is the absence of a firewall. The threat is an open exposure to the uncertainties of the Internet, to any number of automated or personalized attacks or attempts to exploit company vital statistics and/or confidential or classified data. To help illustrate the risks of such a threat occurring, a typical Risk Matrix, which is commonly used by a number of companies and organizations, to include the military, will be utilized. This matrix was borrowed from the Scottish Government's, Risk Management website. Because the possible consequences of the threat of company infiltration by malicious parties could result in not only devastating company-wide data leak but also the potential of client data exploitation, modification, or even blackmail, the potential consequences would be marked 'Extreme'. Because the likelihood is not only possible, but quite feasible between likely and certain (optimistically), this brings the level of risk to a near state of emergency, being characterized
...
...