1

Week 1 Assignment: Identifying Threats and Vulnerabilities in an IT Infrastructure

Name
Institutional Affiliation
Course
Instructor
Date
 2

Week 1 Assignment: Identifying Threats and Vulnerabilities in an IT Infrastructure

The information about risks and vulnerabilities concerning an IT system is essential for

protecting the organization’s assets and ensuring its operational resilience. It splits the entire IT

environment into the seven which can be deemed a reasonable approach to risk management.

The report discusses risks and threats in relation to the various domains, the potential impacts of

these risks and threats and possible countermeasures to these risks.

User Domain

The User Domain comprising of individuals using the IT system is held to be the most

vulnerable. Other risks include negligence which results to, use of weak passwords, unauthorized

use of personal USB, susceptibility to social engineering among others (Malatji et al., 2022). For

example, they may use a simple password or fall prey to phishing in which they receive genuine

e-mails from a spoofed address, hence providing the attacker a chance to penetrate the system.

Phishing, for example, and other social engineering techniques work on the basis of deception,

luring the users into typing specific commands or allowing access.

Workstation Domain

The Workstation Domain includes all computers and devices belonging to the employees.

Some threats in the domain are unsecured operating systems, vulnerability exploitation and lack

of security applications. An identified weakness arising from a workstation OS or application can

be exploited to unleash cyber-attacks that could result in malware penetration or data exfiltration.

For instance, if antivirus is not installed or under the wrong settings, a workstation can become a

medium for malware to infiltrate the network (Daughety et al., 2021). Furthermore, there are

issues with the physical hardware where a hard drive for example may crash leading to loss of

data. Some of the control measures entail making sure all systems are updated from time to time,
 3

applying patches to any system that is at risk, and installing endpoint security solutions across

the organizational systems (Berdik et al., 2021).

LAN Domain

The LAN Domain is responsible for networking all internal devices in an organization.

Specific threats are unauthorized access, inadequate encryption of transmitted information and

lack of proper monitoring of the network traffic. Inadequate group policies or the application of

old policies can allow hackers or malicious insiders to access critical systems and data that are

essential to the company (da Rochaet al., 2021). An example is when antivirus or encryption is

not properly set and data at rest or in transit are open to interception. A malicious individual can

take advantage of the loopholes to steal essential business information or interfere with the

network. To minimize these risks, organizations should ensure that they have appropriate RBAC

in place, frequently audit access rights and leverage appropriate encryption methods to safeguard

data exchange.

LAN-to-WAN Domain

The LAN-to-WAN domain is also known as the access or edge domain, which is

responsible for interfacing the internal network with other systems as well as the internet. This

domain is more exposed to such risks as Data-Driven IoS attacks, improperly configured

firewalls, and data leakage (Kanoi et al., 2022). TCP port or a non-existent patch on a firewall as

a window through which the attacker can gain access to the network and cause immense havoc

can be easily exploited by an attacker. For instance, an organization can present a scenario where

the systems of the organization are targeted and they become unreachable by users. Inadequate

IDPS presents a vulnerability and reduces the ability to counter such types of attacks, making

them unlikely (Kure et al., 2022). Some avoidable measures are the provision of a suitable
 4

firewall and the establishment of an IDS and vulnerability scan to identify the point of entry into

a website. An attacker could capitalize on a fault in the server OS or application and delete

information, extort money, or assume full control over the resources. For example, a DDoS

attack that was aimed at an email server can cause certain channels of communication to stop

working hence disrupting the flow of business. Like in other domains, databases in such domains

can be threatened by malware that is introduced into the system.

WAN Domain

It is a network of LANs that are connected over a large geographical area. The WAN

Domain covers all communications outside the local network using the internet or other wide-

area connections. The domain is inherently vulnerable to external threats, including MITM, DNS

spoofing, and eavesdropping. The data transmitted without encryption protocols is at risk as a

hacker can access and intercept important information (Kanoi et al., 2022). For instance, if the

ISP that an organization is subscribed to has a problem, the organization's operations could be

affected. Furthermore, the hackers can easily penetrate the internal network through the open

protocols or unprotected ports. Inadequate group policies or the application of old policies can

allow hackers or malicious insiders to access critical systems and data that are essential to the

firm. An example is when antivirus or encryption is not properly set and data at rest or in transit

are open to interception. A malicious individual can take advantage of the loopholes to steal

essential business information or interfere with the network.

Moreover, security is another area that must be given due attention by organizations;

mechanisms like using Virtual private networks (VPNs) to ensure encrypted information is in

transit need to be adopted (Daughety et al., 2021). Furthermore, having multiple ISPs with

backup lines can help avoid disruptions in the primary service connection
 5

Remote Access Domain

Remote Access Domain has become more important with the emergence of telework.

Risk factors attributed to teleworking include insecure connections, the use of personal devices,

and malware propagation by employees accessing the organization’s systems from other

locations. One risk, for instance, is users’ connection to the corporate network through insecure

Wi-Fi or VPNs with inadequate encryption. Some of the consequences of such vulnerabilities are

restricted access to other information or data. Malware could spread from personal devices to the

official network. In addition, some of the control measures are providing company-owned and

pre-configured devices for remote access, enforcing the organization’s VPN use,and enforcing

MFA to enhance login security (K final et al., 2022).

System/Application Domain

The domain entails programs and central processing units involved in data manipulation,

storage and transmission. It is open to various risks including SQL injection attacks, zero-day

exploits and unpatched applications. An attacker could take advantage of a flaw in the server OS

or application and delete information, extort money, or assume full control over the resources

(Malatji, Marnewick, & Von Solms, 2022). For instance, a DDoS attack that was aimed at an

email server can cause certain channels of communication to stop working hence disrupting the

flow of business. Like in other domains, databases in such domains can be threatened by

malware that is introduced into the system (Kure, Islam, & Mouratidis, 2022). Organizations

should ensure they update their systems frequently and patch them often, perform vulnerability

scans, and use application firewalls to minimize risks in this domain

Conclusion
 6

Conclusively, the consideration of threats and vulnerabilities in the domains of an IT

infrastructure leads to the identification of key risks and the subsequent formulation of mitigation

strategies. All these domains are interrelated and therefore stress the need to give a

comprehensive approach to IT security as each of these domains affects the degree of security of

the infrastructure. Therefore, the information about risks and vulnerabilities concerning an IT

system is essential for protecting the organization’s assets and ensuring its operational resilience.

The seven aspects can be deemed a reasonable tactic to risk management. As such, through the

establishment of strong security practices and policies, investing in effective solutions and

promoting organizational security consciousness, organizations can protect against or minimize

various risks and ensure business continuity.

 7

IT Infrastructure Threats and Vulnerabilities

Risks, Threats, and Primary Domain Impacted Explanation

Vulnerabilities

Weak passwords or password User Domain Increases the likelihood of

reuse unauthorized access to

systems.

Malware introduced via USB Workstation Domain Spreads infections throughout

device the network.

Misconfigured network LAN Domain Grants unauthorized access to

access controls sensitive internal systems.

Insecure firewall LAN-to-WAN Domain Allows external attackers to

configurations infiltrate the internal network.

DNS spoofing WAN Domain Redirects users to malicious

websites, exposing data.

Unsecured VPN connections Remote Access Domain Enables attackers to

eavesdrop on sensitive

communications.

SQL injection attack System/Application Domain Allows unauthorized access

to databases and potential

data breaches.
 8

References
Berdik, D., Otoum, S., Schmidt, N., Porter, D., & Jararweh, Y. (2021). A survey on blockchain

for information systems management and security. Information Processing &

Management, 58(1), 102397.https://doi.org/10.1016/j.ipm.2020.102397

da Rocha, B. C., de Melo, L. P., & de Sousa, R. T. (2021, November). Preventing APT attacks

on LAN networks with connected IoT devices using a zero trust-based security model. In

2021 Workshop on Communication Networks and Power Systems (WCNPS) (pp. 1-6).

IEEE. DOI: 10.1109/WCNPS53648.2021.9626270

Daughety, N., Pendleton, M., Xu, S., Njilla, L., & Franco, J. (2021, November). vCDS: A

virtualized cross domain solution architecture. In MILCOM 2021-2021 IEEE Military

Communications Conference (MILCOM) (pp. 61-68). IEEE.

DOI: 10.1109/MILCOM52596.2021.9652903

Kanoi, L., Koh, V., Lim, A., Yamada, S., & Dove, M. R. (2022). ‘What is infrastructure? What

does it do?’: anthropological perspectives on the workings of infrastructure

(s). Environmental Research: Infrastructure and Sustainability, 2(1), 012002.

https://iopscience.iop.org/article/10.1088/2634-4505/ac4429/meta

Kure, H. I., Islam, S., & Mouratidis, H. (2022). An integrated cyber security risk management

framework and risk predication for the critical infrastructure protection. Neural

Computing and Applications, 34(18), 15241-15271. DOIhttps://doi.org/10.1007/s00521-

022-06959-2

Malatji, M., Marnewick, A. L., & Von Solms, S. (2022). Cybersecurity capabilities for critical

infrastructure resilience. Information & Computer Security, 30(2), 255-

279.https://doi.org/10.1108/ICS-06-2021-0091