C&A Assessment
Essay by 24 • November 28, 2010 • 5,266 Words (22 Pages) • 1,871 Views
Scope and Approach of Threat Assessment 4
EFIS Critical Concerns 4
Executive Overview 5
EFIS High Risk Threats by Category 6
Software Installation and Maintenance 7
Authorized Users 7
Outsider Attacks 8
Physical Threats 8
General Threat Background 8
Potential Attackers and Avenues of Attack 9
EFIS Specific Vulnerabilities 11
Asset Management Vulnerabilities 12
Customer Support Help Desk Vulnerabilities 12
Legacy System Access Vulnerabilities 13
E-mail Vulnerabilities 13
Network Vulnerabilities 14
Physical Security Vulnerabilities 15
Certifiers Recommendation 15
References 16
Appendix 17
1. PHE and HTI Analysis 17
2. EFIS Information Protection Policy (IPP) 19
3. Information Management Model (IMM) 21
4. System Identification Profile (SIP) 23
5. DIACAP Scorecard 25
6. Plan of Action and Milestones (POA&M) 28
The purpose of the assessment is to identify threats or potential attacks to the Department of Electronic Government, Electronic-Facilities Infrastructure System (EFIS) components to support security design decisions. This informatin is then used to judge the system’s Certification an accreditatin posture.
The outline for this paper is as follows: First, the scope and approach taken to identify security issues concerning the EFIS are presented. The general threats are then characterized, describing the types of damage, attackers, and avenues of attack. Vulnerabilities specific to the EFIS are then discussed. Finally, recommendations to mitigate the threats are presented and the C&A posture identified. It is assumed that if a reference to a control is mentioned in the issued case study, the threat and exposure was adaquately address within the case study or through further interviews or additional provided documentation not directly identified.
Scope and Approach of Threat Assessment
The approach taken in performing the threat assessment was to review the planned EFIS design as described in the presented documentation, and then determine potential threats based on comprehensive review and experience with similar functionality in other systems.
EFIS Critical Concerns
The executive overview focuses on the major security concerns of the EFIS; i.e., threats that might lead to a critical occurrence.
• Compromise of the EFIS system
• Unauthorized release of government data
• Application alteration
• Network or system break-in
Executive Overview
It is assumed that authorized users, to include those with high-trust and medium-trust, will use authorized workstations to perform their duties, and each will have its own local servers; however, system administration and help desk functions will be handled remotely.
Since the primary operational facility is located within an agency campus complex designed for sole purpose of runing computer systems, hardware and support, it is understood that physical acess to the building and contained resources are physically protected by fences and guards. Access is controlled by cardkey system, token technology, and receptionist coverage.
High-trust users and contractors who may have network connections to their own company sites will manage the Informatin Technology Systems (IT). This provides more entry points into the EFIS Network. Many of these connections will be inside the “network security perimeter.” The backbone network will be managed from the Central Management Facility. Powerful privileged users, high-trust users, will provide the system administration and help desk functions. Outsiders have several paths of attack: dial-in to the network or network component such as a router; via the Internet; or via contractor connections. The network will be attached to the Internet through a firewall.
It�s assumed that a firewall is in place, and is configured to allow all types of connections from inside the network outbound to the Internet, but does not allow inbound connections from the Internet to the network. The only inbound traffic allowed is electronic mail, including attachments. While this configuration should limit the ability of an internet user to launch direct attacks on the EFIS, this firewall configuration does introduce the possibility of two additional types of attacks:
• An outsider might send an e-mail attack or an attachment containing a computer virus
• An authorized user might retrieve an infected or contaminated document or program from a public source on the Internet
EFIS High Risk Threats by Category
The following describe EFIS specific high risk threats identified during this assessment. These threats have been organized based on the EFIS major functional elements.
• System Management and Administration
• Software Installation and Maintenance
• Customer Support Help Desk
• Authorized Users
• Outsider Attacks
• Physical Threats
The high-trust users pose the highest threat to the EFIS because of their high level of privileges. Simple errors such as data entry mistakes during account maintenance can lock authorized users out of their accounts. Such errors are
...
...