Findings Summary
·
Default settings are currently being used
throughout the network on various devices making it easy for hackers to break
into network devices and capture information such as customer data, usernames
and passwords. It also makes it easy for
hackers to establish user accounts and create privileges for themselves that
allow them to have full access to the network or that particular device.
·
Company wireless network is not password
protected making it easy for hackers to compromise network and capture
information being shared across network.
This includes the capturing of usernames and passwords.
·
Firewalls are not enabled making it easy for
hackers to obtain reported information from malicious software that may be
installed on the network without sending an alarm or alert. Traffic is allowed to flow in both
directions.
·
Signature files are not being updated to filter
e-mails. Virus firewall will only
capture e-mail according to old files and any new threats will not be
captured. This opens the network up to
malicious software and viruses.
·
No password restrictions. This allows users to create easy and simple
passwords that can easily be cracked by brute force or that can be easily
guessed. Uses are also writing passwords
down making it easy for other employees, janitors, or visitors to login and
compromised the system.
·
Virus software not currently being used on
virtual servers.
·
Access card data is being stored on the server
that’s not protected. If server was
compromised hackers can create fake access card accounts to gain access to the
building. This in return will create a
physical breach which could not only case harm to data but employees as
well.
·
Public IP address being used on servers making
them accessible to those outside the network.
·
FTP server being used by employees to transfer
files from outside and inside the company.
This makes it easy for employees to steal files from work or bring in
malicious software or viruses to be distributed across the network.
