The following steps can help identify potential attack vectors in a network.
Step 1. Identify vulnerabilities, threats, potential attack vectors, and their potential impact on the network
and performance.
Step 2. Categorize each threat by criticality??”that is, how much damage an attack of this nature could
cause and the likelihood of occurrence. For example, assign a number between 1 and 10 for
criticality, with 10 being the most severe.
Step 3. Using the following formula, calculate the assumed risk by dividing the criticality by the chance of
occurrence:
Assumed Risk = Criticality / Likelihood
Step 4. Identify an appropriate technique or technology to mitigate each threat. Each threat has specific
mitigation techniques with varied options. Choose the solution wisely, understanding its pros and
cons.
Step 5. Repeat from Step 1 as you move on. Making only one pass through this process can potentially
leave the network vulnerable to other unidentified risks and attacks.
There are no magic knobs, silver bullets, or super vendor technology features that will solve all security
problems.
The fundamental law of the Internet drives the design of security into the network and how to respond to
security incidents.
Pages:
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355