3. System Characterization
• Software
• Linux OS based
• Apache 2 web server
• MySQL database server
• Samba file server
• System users
• Employees and
administrators
• System mission
• Provides login system
• Provides wiki for
company
• Allows sharing files
• Data & information
• User credentials,
personal information;
• Files and web
data/info
• System & Data crit.
• Medium/High
• System & Data sens.
• Medium/High
4. Threat identification
Threat-Source Motivation Threat Actions
• Hacker, Cracker • Challange
• Ego
• Hacking
• SQL Injection
• Denial of service
• Computer Criminal • Destruction
• Money
• System intrusion
• Information bribery
• Denial of service
• SQL Injection
• User / administrator • Lack of
experience
•Unintentional
misuse;
• Misconfiguration
• Damaging system
5. Vulnerability Identification
Vulnerability Threat-Source Threat Action
• Unpatched
software
• Hacker, Cracker
• Computer
Criminal
• Denial of service
• Obtain
unauthorized
access
• Misconfiguration • User /
administrator
• Hacker, Cracker
• Computer
Criminal
• Damage the system
• Obtain
unauthorized
access
• Damage/delete
files
6. Control Analysis
Vulnerability Current control
• Unpatched software •Automatic updates (OS
feature, necessary
confirmation)
• Misplacement or
misconfiguration
Authentication required
7. Likelihood Determination
Vulnerability Threat-Source Likelihood level
• Unpatched
software
• Hacker, Cracker
• Computer
Criminal
• Low
• Medium
• Misplacement or
misconfiguration
• User /
administrator
• Hacker, Cracker
• Computer
Criminal
• High
• Medium
• Low
8. Impact Analysis
Vulnerability Threat-Source Impact
• Unpatched software • Hacker, Cracker
• Computer Criminal
• High
• High
• Misplacement or
misconfiguration
• User /
administrator
• Hacker, Cracker
• Computer Criminal
• High
• High
• High
9. Vulnerability Threat-Source Value & Risk
• Unpatched software • Hacker, Cracker
• Computer Criminal
• 10 = Low
• 50 = Medium
• Misplacement or
misconfiguration
• User /
administrator
• Hacker, Cracker
• Computer Criminal
• 100 = High
• 50 = Medium
• 10 = Low
Risk Determination
10. Control Recommendations
•Require more sequre credentials
(authentication)
•Usage of Firewall and Antivirus
software
• Host an IDS/IPS for detecting
intrusions and attacks (not mandatoy)
• Regular scheduled updates
•Implementation of security policies
11. Results Documentation
After going through the steps metioned above, as a
conclusion the following actions have to be taken in
consideration:
• Improve php scripts (not mandatory)
• Regular backups of the data
• Keep up to date the software (regular automatic and
manual updates)
• Check list on sp 800-44 (improve security)
• Shares must be set up to require credentials
• Possibly implement Firewall and Antivirus software
• Run IDS/IPS on the host machine for detecting
intrusions and attacks (not mandatoy)