vulnerability Assessment The aim of vulnerability analysis/assessment is to identify a prioritized set of threats that are relevant to a particular system for a specific set of users and applications

vulnerability Assessment

The aim of vulnerability analysis/assessment is to identify a prioritized set of threats that are relevant to aparticular system for a specific set of users and applications under a specific set of conditions. Thepractice often yields one or more threat matrix(ces), each of which tabulates both general (top-level) andapplication/user specific (lower-level) threats.

In order to limit the workload of this homework, you are asked to complete the following threat matrixfor your scanned network. Note that the threats posted by different users and applications used on these subnets might be quite different. Only twoapplications, Electronic Mail (Email) and Web Browsing, are to be considered in the vulnerabilityanalysis of each subnet. Depending on the subnet, just check your users and the applications scanned on the virtual network. For the sake of simplicity, we assume that only the members will use the network you have created.

After performing the vulnerability analysis, you are asked to determine the security services that shouldbe employed in order to protect the entire network. The service selectionprocess should be conducted by identifying the security services that are necessary to countermandindividual threats mentioned in the threat matrices, and then collate these services according to their typesand deployment sites. The results of this process shall be a short list of basic security services(confidentiality, integrity, authentication, access control, non-repudiation and audit) to be employed oneach subnet with respect to different user groups and applications.Again, to limit the workload, you are asked to select security services necessary to protect network. The list of security services that shall be deployed at the hosts, the servers and the gateway router of the network should be provided. Each service should bequalified by the place it shall be deployed and the application(s) it tries to protect.