1.

Network Risk Evaluation

The purpose of this document is to list all network security risks and help the reader determine
where the greatest threats lie on their network. The reader should list their opinion of the severity
of each threat and how common they believe it to be on their network. Then the number of times
per month that this threat has materialized should be listed.

There are several main items to consider when listing threats and their ability to threaten the
network. These include:

1. The threat such as virus, spyware, worms, computer hack and others.
2. The computer type - This will be one of server, desktop, mainframe, or laptop.
3. The entry method - Describes the transport mechanism the threat used to enter the network
whether it was the DMZ or trusted network. this could be carried physically in, through
email, through a browser such as typical adware or spyware infections, or through a
firewall.
4. The infected Zone - The zone the infected computer was in. It should be noted whether the
infection spread and what zones it spread to, but there is no place in the table for this. If
spreading happened, the item should be stared or numbered with an incident explaination
at the bottom of the sheet.
5. The perceived threat severity
6. How common or often the threat is realized on the network.
7. Occurrences per month. This should be the actual average number of occurrences in the
last 6 to 12 months.

Compromise of client computers

1. Hostile software through email borne viruses into client computers

2. Unauthorized user installed program - Users bringing their own programs into the network
on disks or memory sticks
3. Hostile software through user web browser due to misconfiguration and/or software
vulnerability.

Compromise of server computers:

1. Threats from compromised client computers.

2. Attacks through vulnerable applications.
3. Attacks through vulnerabilities in services such as web server and mail services.
4. Attacks through operating system vulnerabilities.
5. Attacks due to misconfiguration of services or system such as allowing relaying on mail
server allowing spam to be sent, not locking down Internet Information Server (IIS)
leaving it vulnerable, or leaving default administrator accounts with default passwords set.

Items to consider:

1. Consider where all systems lie on the network and where traffic is limited between
 different areas. Include firewalls and routers along with descriptions or lists of permitted
and disallowed traffic.
2. Consider where the most security violations have occurred both in type such as virus and
the type of computer infected.
1. Consider whether the servers should be in a network zone seperate from the client
computers if client computers are compromised more often, statistically, than other
groups of computers (such as servers in the DMZ).