Hazard Vulnerability Assessment

In: Other Topics

Submitted By djessie0
Words 4007
Pages 17
The Philadelphia Water Department, Baxter Water Treatment Plant
Anthony Vega, Denise Youmans, Christopher Williams, Stephen Glenn, Darnell Jessie
Immaculata University
EPM 301

Report Summary
The purpose of this assessment is designed to look at the hazard vulnerability and exploitation potential surrounding The Philadelphia Water Department, Baxter Water Treatment Plant located at 9001 State Road in Philadelphia, Pa. The treatment plant must be prepared for every emergency when considering the safety of the community. This assessment is a detailed analysis of the possible catastrophic events that could occur in or near the water treatment plant and an inquisition into the possible contingency plans in the event that a catastrophe occurs. This assessment is designed to identify and assess hazards to which the Baxter Treatment Plant is ill-prepared to respond and strengthen these weak areas.

Methods
We, as a group, conducted site visits and surveys of the property. A point of contact was established within the Philadelphia Water Department, but the Water Department policies dictate that written approval for a site visit must be approved by higher level management. These policies and the limited amount of time in the accelerated semester did not allow us to complete an internal site visit.
As a contingency, we evaluated the site from the exterior. Physical surveillance was conducted allowing us to observe the visible security of the premises. The building is surrounded by a cyclone fence topped with barbed wire. Each of the entrances is secured by a motorized gate and a guard shack. The guard shacks did not appear to be occupied during the visits. The gates were activated by authorized personnel using magnetic key cards. Besides the lack of visible security guards, we noticed that there was a delay of 15-20 seconds prior to the gates closing. This…...

Similar Documents

Tennessee Hazard Assessment

...Hazard Assessment for Memphis, Tennessee Environmental Geology April 24, 2012 Hazard Assessment for Memphis, Tennessee A natural disaster is defined as any event or force of nature that has catastrophic consequences (“natural disaster”). The only reason that these events are considered to have catastrophic consequences is because people are negatively affected by these natural events. If people were not present during these events, they would not be considered catastrophic. The more people affected means the event would be considered more catastrophic. Tennessee is the 17th most populated state, with approximately 6.4 million residents (Infoplease.com). Within the state, Shelby county covers the most area, (755 square miles), and is also the most populated county, with approximately 927,644 people residing there (Infoplease.com). Shelby county includes the city of Memphis. Memphis is the most populated city within Tennessee with at least 645,000 residents (Infoplease.com). I have attached several maps in order to see different parts of the land. Map I shows where the county lines are located within Tennessee. You can also see where Memphis is located within the county. Map II shows the elevation levels of the state. As you can see in that map, Memphis is located within the lowest elevation levels of the state. Map III shows the rivers that run throughout the state. The main river that runs between the Tennessee, Arkansas, and Missouri borders is the Mississippi River.......

Words: 2182 - Pages: 9

Vulnerability Asses Vulnerability Assessment System Penetration and Analysis Testingsment System Penetration and Analysis Testing

...| Vulnerability Assessment System Penetration and Analysis Testing | |Memo | Internal Penetration Testing Tool and Purchase | | | | With the recent attack/hack on agency's network town police department authorities came to a decision to conduct a complete assessment on network vulnerabilities. The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level. In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration,......

Words: 1156 - Pages: 5

Lab 2 Performing a Vulnerability Assessment

...Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. Zenmap is the official GUI for the Nmap Security Scanner. It is a multi-platform, free and open-source application designed to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. This can be used for example to audit a network on a specific IP scheme. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? OpenVAS 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtain before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. It is sponsored by the office of Cybersecurity at the US Department of Homeland Security. The site is managed by the MITRE Corp. 5. Can Zenmap detect which operating systems are present on IP servers and workstations? Which option includes that scan? Yes, by using TCP/IP stack fingerprinting......

Words: 406 - Pages: 2

Vulnerability Assessment Scan

...Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and identify critical......

Words: 559 - Pages: 3

Lab 4 Performing a Vulnerability Assessment

...similar tools, are typically used during the scanning and vulnerability phase of the ethical hacking process 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? OpenVAS, and similar tools, perform vulnerability assessment of Unix, Windows, and network infrastructures and can perform a network discovery of devices, operating systems, applications, databases, and services running on those devices. These tools are typically used to complete the scanning and vulnerability assessment phase of the ethical hacking process once the network-mapping scan (that was in Part 1 of this lab) is completed. Conducting a vulnerability scan on entire subnets can be noisy (making them easily detected) and time-consuming. You can limit the breadth and scope of the scan by specifying the hosts you want to scan in a simple text file. 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtained before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. CVE is co-sponsored by the office of......

Words: 466 - Pages: 2

L.A. Hazard Assessment

...has high infrastructure which increases hazards associated with earthquakes. There are many factors that lead to the current knowledge of past, current, and future earthquakes occurrences. We are better able to understand where and why earthquakes are likely to occur and to be proactive to their hazards. Los Angeles is located approximately 60 miles from the largest and most active fault line in the United States. The San Andreas Fault line is the boundary between the Pacific Plate and the North American Plate. These tectonic plates slide past each other breaking rock, creating shaking and seismic waves in every direction. This shaking is what we know as earthquakes and the seismic waves are how they are rated based on severity. The L.A. area is located where slip rate of the plates is well known. The slip rates of the San Andreas Fault is calculated by its size and the rate that one plate moves compared to the other. The soft soil and near surface materials have low wave velocity which create more shaking as compared to hard rock. Observing the shear wave velocity can assist in estimating potential seismic activity. Energy released from slipping rocks on the fault line can travel many miles. The location at which this slip occurs is known as the focus and epicenter is directly above the focus on the earth’s surface. Earthquakes can create aftershocks that can produce more earthquakes for several months. Earthquake shaking hazards can be calculated based on earthquake......

Words: 633 - Pages: 3

Lab #2: Performing a Vulnerability Assessment

...Lab #2 – Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating......

Words: 307 - Pages: 2

Vulnerability Assessment

...Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? 5. Can Zenmap detect which operating systems are present on IP......

Words: 297 - Pages: 2

Vulnerability-Assessment

... Chapter 1 Vulnerability Assessment Solutions in this Chapter: I What Is a Vulnerability Assessment? I Automated Assessments I Two Approaches I Realistic Expectations Summary Solutions Fast Track Frequently Asked Questions 1 285_NSS_01.qxd 2 8/10/04 10:40 AM Page 2 Chapter 1 • Vulnerability Assessment Introduction In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Operating systems, applications, and network protocols have grown so complex over the last decade that it takes a dedicated security administrator to keep even a relatively small network shielded from attack. Each technical advance brings wave after wave of security holes. A new protocol might result in dozens of actual implementations, each of which could contain exploitable programming errors. Logic errors, vendor-installed backdoors, and default configurations plague everything from modern operating systems to the simplest print server.Yesterday’s viruses seem positively tame compared to the highly optimized Internet worms that continuously assault every system attached to the global Internet. To combat these attacks, a network administrator needs the appropriate tools and knowledge to identify vulnerable systems and resolve their security problems before they can be exploited. One of the most powerful tools available today is the vulnerability assessment, and this......

Words: 9203 - Pages: 37

Hazards & Vulnerability

...Hazard & Vulnerability of Dhaka City 5 page ■ Dhaka City Population Area Urbanization River ■ Recent few incidents case study ■ Historical Hazard ■ Analysis and severity of hazards & vulnerability Bangladesh is a unitary, independent and sovereign Republic known as the People’s Republic of Bangladesh. Bangladesh emerged as an independent country on March 26, 1971. The war of liberation ended on 16 December 1971 with the victory of Bangladesh forces and the surrender of the occupying Pakistani Army in Dhaka, the capital of Bangladesh. From its beginning as a small city with a few thousand people, Dhaka actually experienced dramatic turns upward and today it has become one of the fastest growing mega cities of the world. Its existence as a major urban agglomeration has been consistent over a period of 400 years. Even the most developed cities in the world today cannot boast 400 years of uninterrupted and organised existence that Dhaka does as a historic city. In the 16th century during the reign of Mughal Emperor Akbar it was a thana or military outpost having a population of only 3000 people with an area of 2 km² (UNEP, 2005). Then turning Dhaka into a capital city of the eastern province in 1608 by Subedar Islam Khan was epoch making. Since then Dhaka has experienced actual urbanisation and trends of development. Area Dhaka is located in central Bangladesh at 23°42′0″N 90°22′30″E, on the eastern banks of the Buriganga River. The...

Words: 4332 - Pages: 18

Cis 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices

...CIS 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices Click Link Below To Buy: http://hwcampus.com/shop/cis527-assignment-2-assets-risk-management/ Week 6 There are multiple ways to bring threats and vulnerabilities to light. Common practices and lessons learned can help us explore for known or common threats, but how does an organization with a unique or highly unusual setup discover its vulnerabilities? Many organizations turn to ethical hackers. Write a four to five (4-5) page paper in which you: Describe common tools and techniques for identifying and analyzing threats and vulnerabilities. Critique the practice of offering rewards for discovering vulnerabilities. Explain the risks of challenging individuals to exploit vulnerabilities in your systems. Give your opinion on the formation of ethical hackers. Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the......

Words: 280 - Pages: 2

Cis 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices

...CIS 527 Assignment 3 Threats, Vulnerability, and Exploits Assessment Practices Click Link Below To Buy: http://hwcampus.com/shop/cis527-assignment-2-assets-risk-management/ Week 6 There are multiple ways to bring threats and vulnerabilities to light. Common practices and lessons learned can help us explore for known or common threats, but how does an organization with a unique or highly unusual setup discover its vulnerabilities? Many organizations turn to ethical hackers. Write a four to five (4-5) page paper in which you: Describe common tools and techniques for identifying and analyzing threats and vulnerabilities. Critique the practice of offering rewards for discovering vulnerabilities. Explain the risks of challenging individuals to exploit vulnerabilities in your systems. Give your opinion on the formation of ethical hackers. Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the......

Words: 280 - Pages: 2

Vulnerability Assessment

...about techniques used against them and the systems they use. (Tipton, H. & Krause, M., (2007)) C. Simulated vulnerability test using Social Engineering Social engineering attacks have four generally recognized phases. The ‘preparation’ phase is where information is gained, either by chatting up employees, dumpster diving, internet research, or fake job applications/interviews that can be leveraged for intimate information about the target or to develop a rapport with people associated with the target. The ‘pre-attack’ phase takes this information and develops it into a plan of attack, laying out the objectives of the attack and the methods used. The ‘attack phase’ is where individuals are compromised, either directly or remotely, and whatever objectives for the hack are met. The ‘post attack’ phase is dedicated to controlling the aftermath of the attack or turning the objectives of the attack into vectors for further exploitation. (Janczewski & Colarik, 2007) A vulnerability assessment should take care to include each phase of an SE attack so that all correctable deficiencies are found. The first phase of an SE attack is reconnaissance, so a vulnerability assessment should be done on the company’s website. Internet searches of sites like Google and LinkedIn should be done to see what information is already ‘out there’. During this phase of the assessment a physical check of the security of the building should also be performed. Fences, employee access, service......

Words: 1868 - Pages: 8

Penetration Test vs. Vulnerability Assessment

...Penetration Test vs. Vulnerability Assessment Ø Penetration testing ensures you that your network will not be penetrated by malicious users. Ø Vulnerability Assessment gives an organization the ability to identify potentials for intrusion to their network. Ø Penetration test are more intrusive Reason for Assessement Ø Identify the vulnerability Ø Quantify the vulnerability Ø Prioritizing the vulnerability Internal vs. External Ø Internal assessment shows the vulnerabilities that employees or anyone with access to the internal network and exploit them. Ø External assessments shows the vulnerabilities from someone without direct access to the internal network. Window of Vulnerability Ø Unknown Window of Vulnerability Ø Known Window of Vulnerability Risk Ø Vulnerability Ø Attacks Ø Threats Ø Exposure Risk = Vulnerability x Attacks x Threats x Exposure Risk of Internal Assessment Ø Can’t be truly objective Ø Fair and impartial assessment Management is force to deal with the “fox in the Hen House” problem Steps 1-3 to an Successful Assessment • Understand the consequences • Document Management buy-in • Develop manageable objectives Step 4-6 to an Successful Assessment • Determine method • Plan for disruptions • Develop an assessment in a impactful, yet understandable, way. Qualified and Experienced outside Third Party. Ø Protect yourself with an contract Ø Breadth of experience Ø Currency with the latest......

Words: 255 - Pages: 2

Vulnerability Assessment Penetration Analysis

...Vulnerability Assessment Penetration Analysis A. Memo For Record: IDS upgrade or replacement Summary of Events: The health care clinic’s network security appliance (combined router/firewall/wireless access point) was hacked and passwords were cracked. Configuration changes to this device opened the network to a Denial-of-Service (DoS) attack. The result of this attack prevented access to patient records and insurance claims as part of their daily routine. The network Intrusion Detection System (IDS) sensor had been previously disabled because of degradation of network performance caused by the device. No advanced notification of system degradation caused by the DoS attack was identified until employees were unable to use the network to perform the jobs. IDS Definition: Network IDS is part of the external boundary protection and monitoring system. Threats to the network from external sources are identified and reported using a management console. With the sensor disabled attacks against the network can be accomplished undetected and reduce response time. “An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to...

Words: 972 - Pages: 4

Effect of Electronic Communication on Interpersonal Communication | Exquisite Chinese handmade jade bowls | डाउनलोड APK