BASF Networking Remote Access Methods Question
I’m working on a networking question and need guidance to help me learn.
Scenario:
You work for a PR and marketing company that handles highly sensitive information for its high-profile clients. Client records are stored in a database and file system hosted on your private corporate network. As well as client records, this includes media such as photos and videos. Most remote client communications and data transfers take place using a one-to-one encrypted messaging app, but you also accommodate some clients who prefer to use email. A high percentage of your staff work remotely, accessing data and services over a VPN. You are reviewing your security procedures in the light of some high-profile hacks of celebrity data. At this point, you want to understand the attack surface and attack vectors by which your private network could be compromised.
Questions:
1. What remote access methods could an attacker exploit?
2. Focusing on email, think of how email is processed as it is sent by a remote user and received by your company. Give 1 possible attack vector for each level of adversary capability.
3. What comes next in the chain of processing incoming email, and what attack vectors can adversaries exploit?
4. What countermeasures can be deployed or each email attack vector?
