Risk Analysis Life Cycle

1. Identify the Risk: Determine your assets and identify threats that are likely to attack those assets.
2. Assess the Risks: Determine the asset value. Produce a risk matrix to determine which risk is greater given the company’s environment. 
3. Develop Risk Management Plan: Set-up policies, procedures, and backup recovery plans. 
4. Implement Risk Management Actions: Put your policies and procedures in writing, do training and awareness with other employees. 
5. Re-evaluate the Risks: Every 6-months review your risks and policies and make sure they are still relevant. Determine what risk is most likely to still be compromised.

Knock, Knock Let Me In

Do you know who is trying to get in to your network. Someone is always knocking at your door. The doors of the network is called ports. Anyone working on my network should have a fairly good understanding and knowledge of why a port is open, and if they do not have a good reason for it to be open then close it. Port knocking provides a stealthy method of authentication and information transfer to a networked machine that has no open ports. Some basic functionality needs to be provided with any port knocking implementation:

1. A way to monitor the firewall log file needs to be devised. 
2. A method to extract the sequences of ports from the log file and translate their payload into usable information. 
3. Once the information is obtained from the sequence, the implementation must provide some way to manipulate the firewall rules.

Port knocking sounds like a great solution when it comes to monitoring closed ports on a firewall, but it does come with a few disadvantages. You have to use client script in order to perform the knocks. This script should be kept a secret and on a removable media such as a USB drive. A number of ports need to be allocated for exclusive use by the system. Any system that manipulates firewall rules in an automated fashion requires careful implementation.

Risk Assessment Necessary Evil

This week I have been learning about doing risk assessment in order to inform how much companies would actually lose if the company lost equipment or data. I learned it is tough in coming up with all that could go wrong and with what is of value within a company that I need to take into account.

The hardest part of the "assessment" is assigning a numerical value. You have to think of the employee worth, and the amount of time that goes into the assessment. You also have to think of the time that it takes to replace the data and information that may be compromised if a system fails.

Will you be able to cover quickly? Remember that the longer your system and network may be down the longer you will be not satisfying customers' needs. You have to be prepared. Make the necessary backups, images, have the necessary disks. Do you have extra computer parts in case your system blows up? Are the backup and recovery procedures written down and are the staff prepared on how to implement those procedures. These are the questions to ask.

Systems should be operational within an hour. If it is not then something is wrong with your recovery procedure. The quicker you can get back to work the better. I know there are some extreme instances where that will not be possible, but that also needs to be taken into account.

As always leave me a comment about anything I say, and remember stay secure out there.