Skip to content

Firewall breached. What else is now at risk?

 

The firewall breach has a ripple effect on multiple components within the system, as well as controls you selected for Cyber.  Each control within Cyber has a different risk score based on weights and priorities, calculations that exceed the functionality of SIEM and Log Aggregation.  Cyber Accountability is the complete view of the system (hardware, software in your environment) that includes understanding all of the risks, cumulatively for all impacted components.  BAP uniquely analyzes the impact to all of the controls in the policy to provide an accurate representation of the health of your Cyber cyber controls and policies. BAP provides Accountable Security.  Please contact info@bapsolution.com for additional whitepapers.

The following lists potential controls that may be impacted by the firewall breach.  The list is dependent upon your environment.

Controls related to Access Control impacted by the Firewall breach

Control Security Control Objective Potential impact to environment
AC-2(6) Account management – dynamic privilege management Modification of the account privilege management will have a cascade impact on all systems
AC-2(7) Account management – rule-based schemes Modification of the account privilege management will have a cascade impact on all systems
AC-3 Access enforcement Modification of the account privilege management will have a cascade impact on all systems
AC-3(3) Access enforcement – mandatory access control Modification of the account privilege management will have a cascade impact on all systems
AC-3(4) Access enforcement – discretionary access control Modification of the account privilege management will have a cascade impact on all systems
AC-3(5) Access enforcement – security relevant information The access control system risk score increases as a result of the firewall penetration.  Modification to the rules established may place sensitive, relevant security information at risk.
AC-3(7) Access enforcement – role-based access control Modification of the account privilege management will have a cascade impact on all systems
AC-3(8) Access enforcement – revocation of access authorizations Unauthorized access to the revocation/authorization objectives for the organization can create unwanted and unknown access to sensitive information
AC-3(10) Access enforcement – audited override of access control mechanisms Change the audit logging and the environment will be difficult to know who is doing what on the system
AC-4(15) Information flow enforcement – detection of unsanctioned information Altering the parameters as a result of unauthorized access may disable desired information flow enforcement
AC-17 Remote access Unauthorized users may be granted remote access to the system
AC-18 Wireless access Modification to the wireless security can find rogue devices within the system
AC-19 Access control for mobile devices With the growing amount of data on mobile devices, unauthorized access may create a substantial impact
AC-20 Use of external information systems Modification to controls to prevent external information systems may lead to the loss of sensitive data

Controls related to Audit, Maintenance, Configuration and Identity that are impacted by the Firewall breach

Control Security Control Objective Potential impact to environment
AU-9(4) Protection of audit information – axis by subset of privileged users Change the audit logging and the environment will be difficult to know who is doing what on the system
AU-13 Monitoring for information disclosure Monitoring can be disabled when a threat is present
CM-6(2) Configuration settings – respond to unauthorized changes safeguards can be modified by unauthorized users as a result of the security breach
CM-7(4) Least functionality – unauthorized software and blacklisting authorized software application list is modified to allow haCyberul applications in the environment
CM-8(3) Information system component inventory – automated unauthorized component detection Component inventory can be modified to include haCyberul components to the environment
IA-2(12) Identification and authentication (organizational users) – acceptance of PIV credentials PIV credentials can be modified by unauthorized individual
IA-12 Identity proofing User identity information can be falsely modified
IR-4 Incident handling HaCyberul incidents can be silenced and ignored creating risk to the environment
MA-5(1) Maintenance personnel – individuals without appropriate access Personnel security clearances can be modified by unauthorized access
MA-5(2) Maintenance personnel – security clearances for classified systems Access to classified systems can be granted to unauthorized individuals
MP-2 Media access Rogue media restrictions and safeguards can be disabled
MP-4(2) Media storage – automated restricted access Access to media storage areas can be granted by unauthorized individuals

 

Controls related to Physical Access, Program Management, Risk Assessment, System and Communication Protection that are impacted by the Firewall breach

Control Security Control Objective Potential impact to environment
PE-2 Physical access authorizations Contractors and employees can be given physical access without proper authorization
PE-2(1) Physical access authorizations – access by position and role Positions and roles can be modified to allow for unauthorized access
PE-3 Physical access control Physical access authentication, verification audit logs can be modified without proper authority
PE-3(1) Physical access control – information system access Physical access authorization to facility and systems can be modified by unauthorized individual
PE-5 Access control for output devices Unauthorized individuals can be given access to obtain sensitive information output
PE-8 Visitor access records Visitor record logs can be changed by an unauthorized individual
PM-27 Individual access control Privacy act system of records checkpoints can be altered by unauthorized individuals
PS-6(2) Access agreements – classified information requiring special protection Access to classified information can be modified by unauthorized individual
RA-5(5) Vulnerability scanning – privileged access Vulnerability scanning result can be modified and present risk
SC-4 Information in shared resources Information sharing access can be modified by unauthorized individual
SC-5(1) Denial of service protection – restrict internal users Provide the ability for individuals to launch denial of service attacks against other systems
SC-7(3) Boundary protection – access points Boundary protection and access points can be modified by unauthorized individual

Categories

Security

%d bloggers like this: