System Description
The server hardware consists of a powerful CPU processor and 128GB of memory. It runs on the latest version of Linux operating system and hosts a MySQL database management system. It is configured with a stable network connection using IPv4 addresses and interacts with other servers on the network. Security measures include SSL/TLS encrypted connections.
Scope
The scope of this vulnerability assessment relates to the current access controls of the system. The assessment will cover a period of three months, from June 20XX to August 20XX. NIST SP 800-30 Rev. 1 is used to guide the risk analysis of the information system.
Purpose
The database is used for finding potential customers of the business. In other words, it is the source of growth. The data in the database must be protected from unauthorized use, modification, or loss. Once the data is lost, it means not only losing the potential loss of revenue but also losing customer reputations, facing regulatory fines and lawsuits. Through this vulnerability assessment, we will find potential threats and vulnerabilities in the database server.
Risk Assessment
| Threat source | Threat event | Likelihood | Severity | Risk |
|---|---|---|---|---|
| Employee | Alter/Delete critical information | 2 | 3 | 6 |
| Hacker | Perform reconnaissance and surveillance of organization | 2 | 3 | 6 |
| Competitor | Conduct Denial of Service attacks | 1 | 3 | 3 |
Approach
Risks considered the data storage and management methods of the business. The likelihood of a threat occurrence and the impact of these potential events were weighed against the risks to day-to-day operational needs.
Since the database server is accessible from the internet, any authorized or unauthorized users can access it. For authorized threat sources, the current or former employees can be major threat sources. They have knowledge of the information and system, they can cause significant damage to the business by altering or deleting critical information.
For unauthorized threat sources, hackers and competitors are major actors. Once the hackers perform reconnaissance and surveillance, the threat of exploiting known or unknown vulnerabilities of the database server will be magnified.
Since the database is facing the internet, competitors can easily take advantage of it. They can perform DoS attacks even if they are not able to obtain the system’s privilege.
Remediation Strategy
First, it is important having a backup of the database, in order to detect alternation or deletion by authorized actors, including internal staff.
At the same time, we should minimize the attack surface by implementing a firewall and limiting the access source to employees is necessary. Another remediation strategy is to segment the network and close the database connection from the internet. For remote employees access, we should use VPN in this case.