Internet content filter
The risks associated with the large capacity of USB drives and their concealable nature
The security costs associated with securing the USB drives over time
The cost associated with distributing a large volume of the USB pens
The security risks associated with combining USB drives and cell phones on a network
Operating system incompatibility
Large storage capacity
Potential for software introduction
A qualitative measurement of risk and impact
A survey of annual loss, potential threats and asset value
A quantitative measurement of risk, impact and asset value
An absolute measurement of threats
To detect network intrusions from external attackers
To detect integrity degradations to network attached storage
To detect host intrusions from external networks
To detect availability degradations caused by attackers
To report the results of the assessment to the users
To ensure all threats are mitigated
To ensure all vulnerabilities are eliminated
To ensure risk mitigation activities are implemented
Disable unneeded services
Use group policies
Implement open source alternatives.
Use default installations.
Use a strong firewall.
Block inbound access to port 80
Apply all system patches
Use input validation
Install remote control software
Apply all service packs.
A piece of malicious code that can spread on its own
A piece of malicious code that is concealed from all detection
A piece of malicious code that executes based on an event or date
A piece of malicious code that exploits a race condition
The attacker has to create their own zero day attack for privilege escalation
The attacker must already have physical access to the system.
The attacker must use arootkit in conjunction with privilege escalation.
The attacker must have already gained entry into the system
Network attached storage
Install a CCTV system
Use security templates
Implement a biometric system.
Disable USB drives.
Apply all security patches to workstations
Apply security templates enterprisewidE.
Apply group policy management techniques.
To analyze the various network traffic with protocol analyzers
To centralize the patch management of network servers
To isolate the various network services and roles
To implement additional network services at a lower cost
To allow wireless usage
To minimize weak encryption
To mitigate data emanation
To find rogue access points
Time of day restrictions
Separation of duties
Access control lists
Group policy implementation
Use of logical tokens
Password policy enforcement
Access control lists
Usernames and password
Security ID badges
Certificate revocation list