Csec 610

Jacket-X Corporation’s Threat Assessment and Vulnerability Analysis: Web-Site Ethical Hacking Analysis

University of Maryland University College

CSEC 610

Professor:

Jacket-X

Introduction

Jacket-X specializes in the development, production, and marketing of specialized jackets for the waste disposal industry. It also undertakes the development of new gloves designs at a research laboratory in close proximity to a large university. There warehousing and manufacturing facilities are located in different parts of the country.

Jacket-X has been experiencing some internal challenges particularly with its payroll and IT systems. There have been calls for vulnerability assessments on its payroll process and also its network system. Concerns are expressed about unauthorized access to its network. A senior executive careless act of connecting an infected laptop to the company’s network has raised serious concerns about the security of the network.

Group three was charged with the task of analyzing and reporting on the threats and vulnerabilities of Jacket-X network and to recommend countermeasures.

Pay Roll Process Vulnerabilities:

An analysis of the Jacket-X payroll process has uncovered a number of weaknesses. These vulnerabilities are security flaws in the system that could lead to an attack. It is important to test for vulnerabilities to ensure the maintenance of ongoing security. Supervisors at Jacket-X being able to change submitted timecard is a major weakness in the payroll process, also payroll specialists who validate payroll data within the system are the same persons who follow up and rectify errors in the payroll data. Another vulnerability identified is with the payroll administrator being able to roll back generated payroll without it being recorded and kept as part of the audit trail.

The areas of major concern are the paycheck generation and direct deposit. The person that runs the system that generates pay checks is also the one who...