Vulnerabilities and Mitigations

Description

Please identify at least one security architecture, configuration, and/or policy vulnerabilities in the organization scenario presented below. Your discussion should be professionally and clearly stated as if you were explaining the issue to mid- or senior-level management. In your discussion you should identify the issue and suggest potential mitigations and/or policy changes to reduce the risk to the organization. In total your discussion should not exceed 4 paragraphs, so scope what you want to tackle and how appropriately. At a minimum I expect 2 paragraphs in order to identify and mitigate one issue.

For full credit you must also respond to one other student’s discussion in a civil and substantive form. If you agree, offer additional insights or observations that you may have. If you disagree, offer reasons why you think an alternative mitigation may be more effective or appropriate or if you believe the referenced vulnerability is not an issue please explain why.

Scenario:

You have recently been hired by a medium-sized organization to assist them in revising their information security policies and practices. In your initial review of the organization’s IT assets you document that their employees work on Windows-based client machines. These Windows clients are managed by a Windows Server running an Active Directory Domain Controller, providing authentication, configuration management, logging, and patch management for all the connected clients. Users have the local admin privileges on their clients in order to be able to install and maintain the software each department needs to perform their business functions.

The organization operates an internal intranet web server and file server hosted on a Linux server. This web server contains multiple websites, serving the employee’s needs for internal hosting of documents, wiki’s, customer records, accounting documents and records, HR documents, and leadership strategy planning documents and activities. Employees are able to SSH into the web server to update web pages for their departments, add or remove files, and add new webpages as needed. The web server and MySQL database run with the context of root. The Samba file sharing server runs with the context of Samba with each user who accesses the file share authenticating to the service with their Windows credentials which the Samba service then verifies with the Windows Domain Controller. The server logs the Apache web access and error activity locally to /var/log/apache and the IT department pulls the logs once per week for review.

The marketing and sales department employees travel frequently and are issued laptops so they can carry marketing presentations and generate sales estimates and reports. Since they work untethered from the organization Intranet they tend to copy a lot of files off the Intranet server before they travel so they have a local copy of things they may need. When they return from their business trip they either email themselves files they want to load back onto the Intranet or they use USB thumb drives to copy files from the laptop onto their desktop systems at the office.