Given below is an issue that you have identified as an issue in a retail company: Assume the organization is a typical retailer with a corporate network installation. Store networks are connected to the backend servers via the POS machines. Network administrators use Telnet to access the network and network passwords never expire. Administrators should only access the network internally. Complete a risk qualification for this organization and identify the following: Vulnerability: Threats (threat actor and activity): Severity: Likelihood: Sensitivity: Solution According to the above corporate network infrastructure, the following risks can be found in terms of security & Risk Management: Vulnerability: As authentication credentials and all the commands are sent to the network device in cleartext format, it could allow for eavesdropping or manipulation of data in transit between the user and the network device. Threat: It\'s a kind of internal abuse.A savvy insider could interpret and steal sensitive information or credentials of an authorized administrator as it traverses the network. Severity: Payment card information traverses these n/w devices between the point of sale system (in the stores) and back-end servers (corporate data centers). If they can get access to the n/w device, they can have the full control or access to view any of this sensitive data. Likelihood: Although it is possible to view any data in a Telnet session, it is not trivial to sniff traffic on a switched network. The attacker would need to be in the path of the communication between the network device and the administrator, or the attacker would need to exploit a vulnerability on another network device in the path. Additionally, the attacker would need some knowledge of the network device technology in order to capture and view data traversing the network device after gaining access. The probability of the attacker gaining access once the credentials have been stolen is further reduced by the use of Access Control Lists (ACLs) on the network device to limit Telnet connections to certain source IP addresses used by network administrator’s workstations. Given that the password never expires and is therefore likely not ever to be changed, the chance of interception and successful exploitation increases over time. The attack vector with the most the highest probability of success would be from the store network. Sensitivity: A breach of this sort would require the organization to publicly report the incident, costing the company over $500,000 directly in the form of fines and lawsuits and also indirectly when approximately 10% of clients switch their business to a competitor..