Assessing System Vulnerabilities and Risk Security Assessment Report Paper Prepare a Security Assessment Report (SAR) with the following sections: Purpose

Assessing System Vulnerabilities and Risk Security Assessment Report Paper Prepare a Security Assessment Report (SAR) with the following sections:

Purpose
Organization
Scope
Methodology
Data
Results
Findings

The attached file already has all components of the paper. I need to:

– Reword or rewrite the attached file.

– No plagiarism

– Keep the headings and context

No passive voice Running head: ASSESSING SYSTEM VULNERABILITIES AND RISK
Assessing System Vulnerabilities and Risk
Security Assessment Report
1
ASSESSING SYSTEM VULNERABILITIES AND RISK
2
Security Assessment Report
Purpose
The purpose of this Security Assessment Report (SAR) is to incorporate network security
and physical security to analyze the overall risk to the data. The need to protect critical
infrastructures demands a comprehensive systematic evaluation of risks and a carefully planned
application of countermeasures to improve the overall organizational security. This analysis
includes any past intrusions through the computer network or physically, and it also includes any
know or potential threats. An adversary will take advantage and exploit a systems weakness in an
attempt to compromise the system before mitigation measures are available or in place. This
assessment will prioritize which of the risks deserves the highest allocation of resources and
what systems are most affected by the risks.
Organization
Banner Health Care is a non-profit organization that owns and operates acute-care
hospitals in the United States. It is based out of Phoenix, Arizona and operates 28 hospitals
across 6 states; Alaska, California, Colorado, Nebraska, Nevada, and Wyoming. The health care
system is the largest employer in Arizona and one of the largest in the United States with over
50,000 employees. It supports a comprehensive range of services including, Alzheimer’s,
bariatric surgery, behavioral health, burn, cancer, emergency care, heart care, home care,
hospice, insurance and Medicare, maternity, medical imaging, neurosciences and stroke,
orthopedics, pediatrics, physician practices, poison and drug information, rehabilitation,
research, sleep centers, surgical care, transplant, urgent and same day care, and women’s health
services.
ASSESSING SYSTEM VULNERABILITIES AND RISK
3
Banner Health Care recently converted to using virtualization for the majority of their
servers. Virtualization refers to the creation of a virtual resource that allows users to create
multiple simulated environments from a single system (Rouse, 2016). The software that is
needed to create and run the virtual machines (VMs) is called Hypervisor, also known as Virtual
Machine Manger (VMM). The sole purpose of Hypervisor is to allow multiple machines to share
a single hardware platform. It gives the owner the ability to split one system into multiple VMs
that are more secure (Garrison, 2016). The VMs depend on hypervisor to separate the operating
system (OS) from the hardware and distribute as needed, such that each OS appears to have its
own processor, memory, and other hardware resources. The VMs that are controlled by the
hypervisor are called Guest OS, and the physical hardware equipped with hypervisor is called the
Host.
Banner Health Care uses a distributed enterprise network infrastructure (Figure 1) that
encompasses Local Area Networks (LANs), Wide Area Networks (WANs), and Wireless Local
Area Networks (WLANs). A LAN is a group of computers and associated devices that share a
common communications line or wireless link to a server. LANs are very useful when it comes
to sharing resources within in a specific geographic area. Banner Health Care utilizes separate
LANs within each of its medical buildings ensuring that the respective medical staff are
connected. A WAN is a network that exists over a large area that connects smaller networks
including LANs. The main hospital for Banner Health Care in Arizona is their largest campus,
and it requires its own WAN. A WLAN operates in the same manner as a LAN, expect it is
wireless. As Banner Health Care moves forward with becoming a “smart” medical facility it is
incorporating WLANs to support all of the new wireless technology. This will allow the medical
staff to move around within their building while staying connected to the network.
ASSESSING SYSTEM VULNERABILITIES AND RISK
4
Figure 1
Scope
In order to get a better assessment of the vulnerabilities that Banner Health Care faces its
networks were recently scanned. The results from this scan will provide the IT administrative
staff the details on what needs to be addressed. Network security is a top priority for Banner
Health Care, especially with the constant increase in cyber security breaches within the medical
field. Not having situational awareness of their own network can lead to having unknown
vulnerabilities, potentially giving an adversary access to the patients protected health information
(PHI).
Methodology
There are numerous tools available that can be used in order to assess for vulnerabilities
within a system. These same tools can be used by either the IT personnel who are scanning their
network in order to secure it, or an adversary who is trying it identify any weakness with the
ASSESSING SYSTEM VULNERABILITIES AND RISK
5
intent to breach the network. For the security assessment of Banner Health Care’s information
systems, the following network monitoring tools were applied, Wireshark and Network Mapper
(Nmap). Wireshark is a protocol analyzer and is used to evaluate the structure of different
network protocols. It has the ability to capture and display live data for both Linux and Windows
operating systems. Wireshark can be used to troubleshoot a network by capturing live traffic
while it is being processed and then it analyzes the results, identifying any potential issues
(Zimbio, 2017). Nmap is used for scanning networks to discover hosts and services on both
Linux and Windows operating systems, creating a map of the network. Some of the key
capabilities are finding open ports, determining the OS, and identifying what firewall is being
utilized (Shrivastava, 2013). Upon completion of the scan Nmap produces a list of files with
detailed information for each specific file within.
Data Results and Findings
Wireshark was utilized to identify any vulnerabilities within Banner Health Care’s
network, the following files were analyzed: HTTP, MySQL, OSPF, Gmail, and Telnet. The data
retrieved from the files that were scanned is annotated below.
HTTP:
•
Source IP: 192.168.1.140 – Destination IP: 174.143.213.184
•
Protocols: TCP and HTTP.
•
Source Port 57678 – Destination Port 80
•
Source MAC Address: 00:1d:60:b3:01:84 – Destination MAC Address:
00:26:62:2f:47:87
ASSESSING SYSTEM VULNERABILITIES AND RISK
6
MySQL:
•
Source IP: 192.168.0.254 – Destination IP: 192.168.0.254 (same IP)
•
Protocols: TCP and MySQl
•
Source Port 56162 – Destination Port 3306
•
Key Discoveries: Port 3306 is exploited by two known threats Nemog and W32.Spybot.
Nemog is a Backdoor Trojan horse that allows an infected computer to be used as an
email relay and HTTP proxy (Hayashi, 2007). W32.Spybot is a worm that spreads using
the Kazaa file-sharing network and mIRC. This worm can also spead to computers that
are compromised by common backdoor Trojan horses and on networks protected by
weak passwords (Knowles, 2018).
ASSESSING SYSTEM VULNERABILITIES AND RISK
OSPF:
•
Communicated via Source IP: 10.0.0.2 – Destination IP: 224.0.0.5
•
Protocols: OSPF
•
Source Port: Wireshark did not identify the source or destination ports
•
Source MAC Address: c0:01:0f:78:00:00 – Destination MAC Address:
01:00:5e:00:00:05
•
Key Discoveries: The user name and password is revealed within the text.
7
ASSESSING SYSTEM VULNERABILITIES AND RISK
Gmail:
•
Communicated via Source IP: 192.168.1.101 – Destination IP: 178.123.13.120
•
Protocols: TCP, SSL, ARP, DHCPv6, DNS
•
Source Port 42559 – Destination Port 26895
•
Source MAC Address: 00:14:0b:33:33:27 – Destination MAC Address:
d0:7a:b5:96:cd:0a
•
Key Discoveries: The source port and destination port are both unassigned UDP ports.
8
ASSESSING SYSTEM VULNERABILITIES AND RISK
9
Telnet:
•
Communicated via Source IP: 192.168.1.140 – Destination IP: 192.168.1.194
•
Protocols: TCP
•
Source Port 56760 – Destination Port 23
•
Source MAC Address: 00:1d:60:b3:01:84 – Destination MAC Address:
00:13:c6:00:55:a5
•
Key Discoveries: Port 23 is extremely vulnerable, Telent sends its data completely
unmasked in clear text (Greer, 2017). As seen in packets 15 and 32 below, the user name
and password is revealed.
ASSESSING SYSTEM VULNERABILITIES AND RISK
10
The final portion of the security assessment was to perform a port scan in order to
identify what ports are open and to determine how vulnerable they were. Nmap was utilized
to execute a scan for open ports and OS Fingerprinting on the WINTGT01 and NIXTGT01
systems. The first scan on WINTGT01 identified 14 ports that were open, seven of those
ports were “unknown”. Having 14 ports open to the internet is not recommend, it makes
those ports susceptible to being hacked. Port 5357, Web Services for Devices (WSDAPI) has
known vulnerabilities that can be exploited. The second scan on NIXTGT01 only identified
two ports being open, port 22 and 4000. Both ports are recommend to be closed, especially
port 4000 due to the amount of known threat associated to this port.
ASSESSING SYSTEM VULNERABILITIES AND RISK
11
Conclusions
The threat to the cyber realm will never disappear as long as the technology continues to
become more advanced. Adversaries are always perfecting their methods when it comes to
exploiting new technology. There are procedures that can be set in place to assist Banner
Health Care to reduce the probability of being breached. Ensuring that the hardware and
software with in Banner Health Care is up to date and relevant is a key factor. This security
assessment exposed numerous vulnerabilities within the Banner Health Care network. There
are ports that need to be closed to ensure the security of the network. It is also recommended
that the IT personnel regularly scan their network utilizing Wireshark and Nmap to identify
issues before it becomes an incident.
ASSESSING SYSTEM VULNERABILITIES AND RISK
12
References
Garrison, J (2016) what is a Virtual Machine Hypervisor. Retrieved from
https://www.howtogeek.com/66734/htg-explains-what-is-a-hypervisor/
Greer, D (2017) Securing risky network ports. Retrieved from
https://www.csoonline.com/article/3191531/network-security/securing-risky-networkports.html
Hayashi, K (2017) Backdoor.Nemog. Retrieved from
https://www.symantec.com/security-center/writeup/2004-081610-2414-99
Knowles, D (2018) W32.Spybot.Worm. Retrieved from
https://www.symantec.com/security-center/writeup/2003-053013-5943-99
Rouse, M (2016) Virtualization how-tos. Retrieved from
https://searchservervirtualization.techtarget.com/definition/virtualization
Shrivastava, T (2013) Nmap Commands for Linux Systems/Network Administrators.
Retrieved from https://www.tecmint.com/nmap-command-examples/
Zimbo, J (2017) What is Wireshark? Retrieved from https://infosecaddicts.com/whats-wireshark/

Purchase answer to see full
attachment