Aircraft Solutions

Aircraft Solutions (AS)
Security Overview 
Introduction 
Aircraft Solutions is a well respected equipment and component fabrication company who 
provides a full spectrum design and implementation solutions to several industries which
 includes; electronics, aerospace, commercial and the defense sectors. Aircraft Solutions employs 
a range of highly qualified professionals and houses an immense production plant, with an 
overall goal of providing high-quality solutions to accommodate specifications from a wide
range of customer demands.

The following report is a security assessment on Aircraft Solutions
and the primary objective in this assessment is to identify the existence of vulnerabilities present 
within the global context of Aircraft Solutions' operations. An evaluation of the associated 
threats will be deduced, accompanied by the exposed weaknesses. This will be followed by an
analysis of the degree of risk present. Finally, there will be a focus on the consideration of the
 consequences resulting from revealing of potential threats.

 Assessment 
Hardware and policy will be the main focus of this investigation. It will be narrowed down more 
to hardware issues.

It is very curious that there is no firewall implemented between the
commercial division and the Internet. The Defense Department must be routed through
Headquarters, but the Commercial department is connected straight to the Internet. This is a
significant vulnerability. The second weakness that will be examined is the security policy
stating router and firewall rule sets should be evaluated every two years. Such a time span
between rule-set evaluations is also a substantial liability to the continued and unimpeded
 success of the organization. Further elaboration of the identified security vulnerabilities is 
presented.



Hardware Vulnerabilities:

The issue pertaining to Aircraft Solution's hardware weakness is that of the lack of adequate
 protection implemented between its Commercial Division and the rest of the world, connected to 
the Internet. In one view of AS's network infrastructure, it even appears as though the CD must
transmit through the Internet in order to connect to Headquarters. The fact remains in either case 
that there is a significant increase of this division of AS operations to outside threat. The threat
here is characterized by the inability of the CD to filter web traffic, which is effectively
 equivalent to inviting the world in to see everything there is to see. (Northrop, T. 2010) In this 
case, this might include AS's commercial client's confidential information, classified divisional
 statistics pertaining to budgets, deadlines, or contracts, confidential employee information, etc.
The vulnerability is the absence of a firewall. The threat is an open exposure to the uncertainties
 of the Internet, to any number of automated or personalized attacks or attempts to exploit
 company vital statistics and/or confidential or classified data. To help illustrate the risks of such a 
threat occurring, a typical Risk Matrix, which is commonly used by a number of companies and 
organizations, to include the military, will be utilized. This matrix was borrowed from the
 Scottish Government's, Risk Management website.
 Because the possible consequences of the threat of company infiltration by malicious parties 
could result in not only devastating company-wide data leak but also the potential of client data
 exploitation, modification, or even blackmail, the potential consequences would be marked 
'Extreme'. Because the likelihood is not only possible, but quite feasible between likely and 

certain (optimistically), this brings the level of risk to a near state of emergency, being 
characterized