WGU SECURE NETWORK DESIGN
(D482) TASK 1 WESTERN
GOVERNORS UNIVERSITY
, Impact, risk, and likelihood of vulnerabilities:
• Company A:
o As shown on the risk assessment for Company A, the open ports are listed as the number 1
risk and are classified as having a high likelihood of occurring. Should this vulnerability be
exploited, the business would likely have severe consequences in all aspects of the CIA
triad. A threat actor utilizing port 3389 and gaining access to the system could access
confidential information held by the company and alter or delete it should they choose to.
This could result in both financial and reputational damage to the company.
o With the wireless access point no longer receiving updates from the vendor, it can fall
victim to a threat actor using any vulnerability that has been found since the last update of
the device. Even more concerning is that there is already a known vulnerability for the
wireless access point listed as a CVE on the NIST website. There is a very high likelihood
that this vulnerability would be taken advantage of by any threat actor that obtains
information about which device is being used by the company. The risk with this being
exploited is that the attacker can execute code on the device's firmware, causing it to restart
and resulting in a denial of service.
• Company B:
(D482) TASK 1 WESTERN
GOVERNORS UNIVERSITY
, Impact, risk, and likelihood of vulnerabilities:
• Company A:
o As shown on the risk assessment for Company A, the open ports are listed as the number 1
risk and are classified as having a high likelihood of occurring. Should this vulnerability be
exploited, the business would likely have severe consequences in all aspects of the CIA
triad. A threat actor utilizing port 3389 and gaining access to the system could access
confidential information held by the company and alter or delete it should they choose to.
This could result in both financial and reputational damage to the company.
o With the wireless access point no longer receiving updates from the vendor, it can fall
victim to a threat actor using any vulnerability that has been found since the last update of
the device. Even more concerning is that there is already a known vulnerability for the
wireless access point listed as a CVE on the NIST website. There is a very high likelihood
that this vulnerability would be taken advantage of by any threat actor that obtains
information about which device is being used by the company. The risk with this being
exploited is that the attacker can execute code on the device's firmware, causing it to restart
and resulting in a denial of service.
• Company B:
