Add to collection(s) Add to saved
  1. No category
Uploaded by Lahiru Prasanna

Network

advertisement 
Pearson
Higher Nationals in
Computing
1.0 Assignment Brief (RQF)
Unit Learning Outcomes:
LO1 Examine Network Security principles, protocols and standards
LO2 Design a secure network for a corporate environment
LO3 Configure Network Security measures for the corporate Environment
LO4 Undertake the testing of a network using a Test Plan
Assignment Brief and Guidance:
Task 01 – Technical Information Report
Create a technical report which includes the following information. Your report will be considered
as a complete report ONLY if you include all of the following.
●
Discuss at least 02 Network Security Devices such as Firewalls, Routers etc... (Word Limit: 400 words
per device)
In here I’m going to discuss about firewall and routers. Basically, a firewall is security system that will
secure the network by implementing security rules on the firewall. This will block data packets based
on the security rules and this monitors network traffic which is incoming and outgoing. And this is act
as a guard on the computer entry point which we call as port where all the information is exchanging
with extremal devices. But at some point, this also will fail to manage threat from the other networks
as well. A firewall can be a software or a hardware. If we have both it will be better. A software Firewall
is an application which is mostly built in on the Operating system and regulate traffic by using port
numbers and applications. Physical network is a device were installed in between the network and the
gateway. The most common firewall type is packet filtering firewall. This is just examined packets on
the network and restrict them from parsing unless they wont match with any on define rules on the
firewall. What this does is just check the destination of the source and the source IP address. If the
packet matches with rules on the firewall, then it will grant permission to enter the network. There are
two types of categories are there and those are,
•
•
Stateful
Stateless
Stateless firewall examines packets individually of on another and lack context. This will make hackers to
easy target. Stateful firewall are more secure since it remembers information about previously transferred
packets. But still, those are not more secure they still provide a basic protection. When we look in to further, we
can find Next Generation Firewall and Proxy firewall. This is a combination of traditional firewall and enhanced
additional feature. This will provide feature such as encrypted traffic inspection, intrusion prevention system,
anti-virus and more features. This includes DPI (deep packet inspection). This will examine the data in the
packet itself and let users to more effectively identify and categorize or stop packet having malicious data. Proxy
firewall this filter network traffic on application level and act as intermediary in between two end systems. And
another one is NAT (Network address translation firewall). This will allow independent network address where
multiple devices will allow to connect to the internet by using a single IP address and this keeps individual IP
addresses Hidden. By doing this attacker can find the correct details on IP addresses.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
And SMLI (Stateful multilayer inspection firewall) this filters packet at the network and application layer.
Comparing them against know trusted packet.
And when we talk about Routers. As name meaning this is the device that will guid and direct network data.
And this also doing this by using packets that contains some kind of data. Such as files, communications and
web interactions. This will have several layers or sections one of the its layer carrying identification information
such as type, size, sender information/ data, most importantly the IP address on the destination. The router is
smart enough to read those layers and make it prioritizes the data and choose the best route to use for each
transmission. This is a common tool for modern network computing. This will connect people to the network
both local network and the Internet. And this is a very important device since by this device we it can be
connect to the internet, and start communication gathering information and learn new things and the
important one is collaborated each other outside the current place and this is more vital for a business. This also
provides security and most of them have embedded firewall and content filtering software that will provide
additional protection against the wan wanted content and malicious websites without having any harm on your
online experience. This is not just a device that you will connect to the internet. This will allow you to connect
hard drives and use them as fie sharing severs or printers that can then be accessed by anyone on the network.
There are many more router models are there such as,
•
Core Routers
These types of routers are mostly used by service providers like AT&T, Verizon, Vodafone, SLT Or Cloud
Providers Such as Amazon, Google, Microsoft. Since they provide maximum bandwidth to other
additional switches and routers. These types of routers can’t see on small business but will see on large
enterprise level company like if they have many employees working in carious building or location. If
so, they will use core routers as their part of network architecture.
•
Edge Routers
AKA gateway routers. these types of routers are used to optimize the bandwidth. This is design to
Distribute data to end user by connecting to other routers. These are usually not able to manage local
network fully of offer Wi-Fi. And mostly provides Ethernet ports and input to connect to the Internet
and / Or several outputs to connect additional routers. Gateway routers and modem are somewhat
interchangeable, So the latter term is no longer commonly used by the manufacturer of IT Profs.
•
Distribution Routers
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
This will receive data from the gateway through a wired connection and sends it to end users most
probably through Wi-Fi.
●
Examine the following network security protocols (200 words each)
o FTPs
The definition is File Transfer Protocol Secure is an advanced extension on the traditional file
transfer protocol and it supports LTS (Transport Layer Security) while the new one support SSL
(Secure Socket Layer). This will allow transfer files by encrypting through algorithms such as
AES. This uses many security methods to connect with other servers and verify authentication
by using various security and encryption strategies. There are few faults are there and one on
them is it is difficult to connecting through highly secure firewalls. For implicit and explicit
connection types, FTPS uses numerous port identifiers, necessitating the opening of additional
ports each time a file transfer request or directory listing is entered. If suitable risk
management methods are not in place, an overflow of port requests might put a system at
danger. We just know now that the FTPS is more secure than FTP and its more reliable and
flexible than FTP. FTPS is a secure file transfer protocol that enables organizations to securely
interact with their trading partners, users, and customers. FTPS is used to send and receive
files, and applications that support it, such as client certificates and server identities, are used
to authenticate them. Nowadays it is very important to use secure.
o
HTTPs
This is also something like above. This is also an upgraded version on a traditional HTTP. The
name is Hypertext transfer protocol secure. And this is the secure version of HTTP where the
primary protocol used to send data between a browser and a website. This is encrypted in
order to increase security of data transfer. This is particularly important when users transmit
sensitive data, such as by logging into a bank account, email service, or health insurance
provider. Any website, especially those that require login credentials, should use HTTPS. In
modern web browsers such as Chrome, websites that do not use HTTPS are marked
differently than those that are. Look for a green padlock in the URL bar to signify the webpage
is secure. HTTPS uses an encryption protocol to encrypt communications. The protocol is
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
called Transport Layer Security (TLS), although formerly it was known as Secure Sockets Layer
(SSL). This protocol secures communications by using what’s known as an asymmetric public
key infrastructure. This type of security system uses two different keys to encrypt
communications between two parties: and one of them is,
The private key - this key is controlled by the owner of a website and it’s kept, as the reader
may have speculated, private. This key lives on a web server and is used to decrypt
information encrypted by the public key.
And Other one is,
The public key - this key is available to everyone who wants to interact with the server in a
way that’s secure. Information that’s encrypted by the public key can only be decrypted by
the private key.
o
POP3
POP3(Post office protocol 3). This is used to receive mail most commonly over the internet.
What this does is it is used to received emails from remote server and then send to local
client. This is one way client server protocol where email is held on the email server which was
received previously. The 3 represent to the third vision of the original Post Office Protocol.
The receiver or mail client can eventually download their mail from the server using
OPO3.This will allow client to read mail offline since the mail can be downloaded locally.
This can be like store and forward service. This is a most popular service. And even Outlook
also including this. And this can be configured on the Microsoft Outlook as well by providing
user name and the password. Even the POP3 is built in to the standard internet browsers such
as IE, Firefox, Chrome, Edge, etc, User can check their email without using an email client. This
is working by default using two ports and those are, and this is a huge advantage for users
port 110: default, non-encrypted port; and
port 995: should be used when the user needs to connect using POP3 securely.
o
SMTP
SMTP (Simple Mail Transfer Protocol) This is a protocol where it uses to send, receive, relay
outgoing mail in between receivers and the senders. This is like other applications and this
provides a service to other applications withing a network. This is a very important part since
without SMTP server the email would not be able to its destination. Once the user press or
initiate send mail the mail will convert in to a string format and then it will send to the SMTP
Server. SMTP server has ability to process that code and pass on the message.it will be lost in
translation unless the SMTP server was not there. And this is doing the verification process as
well like the outgoing email is an active source or protect inbox by safeguarding from
illegitimate email. And the mail will be back to SMTP sender if it can’t be delivered.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Common SPTP Servers Providers,
Technically This is same as another normal server. This is Process and prepare data to send to
another server. And this is not necessarily on a machine. it is constantly running in anticipation
of sending new email. This is a very important process of emails configuration as well.
●
Compare and contrast any two of the above network security protocols.
Since these both protocol supports stateless Both HTTP and FTP can easily maintain multiple sessions.
When we talk about FTP this has stateful control connections, So FTP server maintains its state
information like a session like user’s current directory. The FTP needs to grant user permission to
exchange information successfully whereas with HTTP is not a mandatory thing.
Many Issues incurred by FTP will fixes by HTTP. HTTP provide more overhead and metadata while FTP
doesn’t provide them. FTP can use non-standard ports, which can make difficulties when it comes to
the firewall level. Especially if you use SSL (secure sockets layer), While HTTP is very well-known port
and simple to manage firewall rules. HTTP supports the data connection and use to Transmission
Control Protocol and runs on TCP port 80.FTP supports both data connection and control connection
and use to Transmission Control Protocol and runs on TCP port 20 and TCP port 21
●
Discuss different cryptographic types of Network Security
Cryptographic is kind of securing data when it passes over the internet. Like securing the data and both
communication through few codes So only the destination person knows regarding the actual
information transmitted. To be Clear the name also represents the meaning of this. crypt refers to
hidden to write. In cryptography It will Encode information, it follows mathematical hypotheses as
well as few calculations. And this describes as algorithms. Once the data encoded the man in the
middle cannot read those records. Most companies follow this methodology, those are
Privacy
Expect intend individuals’ other parties should not able to know the transmitted data.
Reliability
The data should directly go to the receiver. By not modifying in storage
Non-repudiation
The user doesn’t have ability to deny it in later phase once the data has transmitted
Authentication
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
The Receiver and Sender needs to circumstantial their own identities about the transmitted and
received data.
There are three types of Cryptography are there Those are
Symmetric Key Cryptography
In here Sender and receiver only use a single key to encrypt and decrypt the message. The frequent
kind of cryptography used in this method is Advance Encryption System. This is much quicker and well
streamlined. Few types of Symmetric cryptography are follows.
• Block
• Block cipher
• DES (Data Encryption System)
• RC2
• IDEA
• Blowfish
• Stream cipher
Asymmetric Key Cryptography
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
This also named as public cryptography. It follows a protected mothed in information transmission.
And this is not like above one, this uses couple of keys for both encryption and decryption process. And
the pattern is a private key stored with each person where a public key is shared in the network, SO the
message can transmit through the public key across the network. Few types of Asymmetric key
cryptography are
• RSA
• DSA
• PKCs
• Elliptic curve techniques
Hash Function
The algorithms are Taking the arbitrary length of the message as the input and delivering a fixed length
of the output. This one doesn’t need a key since it functions in a one-way scenario.
Few of the functionalities of the hash are
•
•
•
•
●
Message Digest 5 (MD5)
RIPEMD
Whirlpool
SHA (Secure hash Algorithm)
Discuss what is meant by Quality of Service (QoS) in Relation to Network Security Configuration.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Quality of Service (QoS) is a group of technologies that operate together on a network to ensure that
high-priority applications and traffic are reliably delivered even when network capacity is constrained. This is
accomplished through QoS technologies, which provide differentiated handling and capacity allocation to
certain network traffic flows.
Task 02 – Aliki’s Bank Network
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Content
Security Proposal for Aliki’s Bank Network Infrastructure
•
•
•
•
•
•
•
•
Why is network security important?
The importance of cyber security in banking
What is the current state of the Aliki’s bank network?
Findings and Recommendations
Gaps in the current landscape
AWS VPC and Citrix Cloud landscape proposal
What are AWS VPC (Virtual Private Cloud)?
What is virtualization?
Why is network security important?
No matter how little or large your business is, network security is one of the most crucial factors to consider
when working over the internet, LAN, or other methods. While no network is resistant to attacks, a reliable and
effective network security solution is critical for safeguarding client data.
A solid network security solution can enable enterprises in reducing the danger of data theft and destruction.
Your workstations will be safeguarded from malicious programs because of network security. It also assures the
safety of shared information.
Massive traffic can cause chaos on the system's stability and expose weaknesses. Network security significantly
improves reliability by reducing slowness and downtimes by continuously monitoring any fraudulent activity
that could compromise the system. things go wrong in networks that affect people and businesses? Being
hacked on your network can put you out of business.
This usually entails the introduction of false information into the system. Hackers employ a variety of strategies,
including this one. Your company's consistency may be brought into question, and customers may feel misled, if
the wrong information is planted. One of the consequences of poor network security solutions is the loss of
intellectual property.
The majority of network attacks can cause a network to fail. Due to the prolonged downtime, your business
would be unable to conduct any transactions, resulting in income loss. The longer the network is down, the
more revenue is lost, and your organization will appear untrustworthy and lose credibility.
The importance of cyber security in banking
For hundreds of years, the banking industry has been under threat. The first was the actual theft of funds. Then
there was the issue of computer fraud. Hacking into servers to steal a customer's personally identifiable
information is now a common occurrence, in addition to cyber fraud (PII). hence cyber security in banking
sector is absolutely vital.
Because most people and businesses conduct their business online, the risk of a data breach grows every day.
This is why a greater emphasis is being placed on examining the role of cyber security in banking processes.
There are three current concerns linked with online banking.
●
More risks posed by smartphone apps — More people are using smartphone apps to access their bank
accounts. Because most of these people have little or no security, the risk of being attacked is substantially
higher. To prevent unauthorized activities, banking software solutions are needed at the endpoint.
●
Breach of privacy at third-party companies — Hackers have turned to shared banking systems and
third-party networks to get access as banks' cyber security has improved. If these aren't as well-protected as the
bank, the attackers will have little trouble breaking in.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
●
Risk of Cryptocurrency hacking is becoming more common — Hacks have escalated in the growing
realm of cryptocurrencies, in addition to traditional assets. Because the banking industry is confused how to
apply cyber security software in an ever-changing environment, attackers have a better chance of stealing large
sums of money. Especially when the number changes quickly.
What is the current state of the Aliki’s bank network?
As you can see in the above high-level network diagram Aliki’s Bank core banking and digital banking application
workloads running in the AWS private cloud instance and some other mission critical workloads such as main file
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
server active directory is hosted in the Aliki’s Ho server farm. Apart from those all 70 branches are connected thru
the SLT MPLS. As per to this we can identify below major security gaps in the above network.
Risk
Observation
Ratin
g
It was observed that all High
internal user’s core banking
and publicly opened digital
banking traffic
currently
communicating via same
path (deferent subnets but
still it would be a kind of a
risk) which is connected
perimeter firewall to SLT
MPLS and AWS.
It
was
observed
that High
Currently Digital banking
customer
loggings
and
internal vpn users have no
multifactor
authentication
mechanism.
It was observed that the
security of MPLS solutions
are totally in the hands of the
High
user. There are no any
inherent security features
offered by the MPLS provider.
It
was
observed
that High
Insufficient endpoint security
measurements
in
the
Internal user’s endpoints
virus guard is a legacy one. It
depending on the signature
base DB. 0day attacks and
Modern ransomware attacks
can breach these AVs. and
Modern ransomware attacks
can breach these AVs.
Impact
In a loss of MPLS
connectivity.
Outside
digital
banking
customers
will
unable to logging
their
online
accounts.
Recommendation
It is recommended to host digital
banking application instance to in
hybrid cloud solution such as AWS VPC.
It would be more secure and provide
high availability when compared to
current design. also, it will accessible to
online banking customers to via direct
internet instead of using HO network
path.
Hackers can easily
compromise
customer
accounts.
It is recommended to configure
multifactor mechanism in the digital
banking customer loggings and
internal vpn users as well.
when happening
in some kind of
internal breach,
could affect all
across
the
network
These legacy virus
guards depending
on the signature
base DB. 0day
attacks
and
Modern
ransomware
attacks
can
breach these AVs.
It is recommended to implement VDI
solution such as Cirtix or SD WAN
solution instead of legacy and costly
MPLS.
It is recommended to get NGAV (next
generation anti-virus) solution Such as
CrowdStrike, Sentinelone. They are not
depending on the signature data base.
There are working on the behavior
base analysis. the behavior base
analysis.
Apart from the network security concern we can identify the below Disadvantages of MPLS
LAN as well.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
1.Maintenance
Even if MPLS is handled by carriers and the demand on network administration is reduced, maintenance still
necessitates a significant amount of effort.
All of the basic maintenance work, in particular, cannot be done directly. An ISP is required to carry out the
maintenance. Due to some speed constraints and technological intricacies of the ISP, this is not an easy operation.
2. Control
MPLS also falls short when it comes to network control. The service provider is solely responsible for the setting.
Dynamic routing is the only control the user has over MPLS.
3. Deployment
In MPLS, deployment is a huge issue. The process can be complicated if the offices are located in separate places.
Linking all of the locations often takes a long time, even months.
4. Accessibility
MPLS isn't well-suited to cloud-based applications. It's designed specifically for point-to-point communication. As
we are running our core banking and digital banking workloads in AWS this will another concern when its needs
to improve.
So, considering all the above security concerns and difficulty in the MPLS-based WAN. I would like to suggest
below hybrid cloud concept provided by AWS VPC (virtual privet cloud) and Citrix landscape. I hope this
collaborated network scenario will full fill our all requirements sharply. In this scenario, 90% of the infrastructure
will be situated in the cloud landscape. On-premises infrastructure investment and maintenance cost almost 0 in
this. But Initial investment will be a kind of big figure. It is the only downside I see here.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
What is AWS VPC (Virtual Private Cloud)?
Amazon Virtual Private Cloud (VPC) assists a company or individual by providing virtual cloud space for business
integration.
With AWS VPC, we can fully manage our virtual network infrastructure, including defining our own IP address
range, creating subnets, and configuring route tables and network gateways. These features are extremely useful
for integrating organizations like us. As you can see above all mission-critical workloads can be hosted in this
private subnet. So this will allow digital banking outside user can reach only its app server instance only. Ondemand we can reduce or increase the resources as per the current requirement.
What is Citrix virtualization / virtual desktop infrastructure?
It refers to the process of creating a virtual environment for a desktop or mobile device in order to provide
storage, network, hardware, and server virtualization while retaining quality and allowing
users to transition between many operating systems (Windows 7 to Windows 10, Linux). This provides users with
the flexibility to work productively regardless of their location , allowing them to access their files, apps, and
desktops while ensuring the security of our business - all at a cheaper, predictable cost than distributed
infrastructure.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
The best part is here with help of Citrix VDI solution we can remove our entire MPLS WAN and we will require
only ILL connection (for HO and metro branches) or a broadband connection (for the mini remote branch office).
network. apart from that wfh users can also connect this securely using the Citrix client. As we faced a global
pandemic situation like we had last year this will help a lot.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Task 03 – Test Plan for Aliki’s Network
External Penetration Test
Penetration testing is one of the ways for safeguarding network before a cyber-attack strikes. The main
objective of a penetration test is to detect organization’s security flaws. Penetration testing could be used to
evaluate a company's security policy, adherence to compliance standards, staff security awareness, and ability
to detect and respond to security problems. The goal of this penetration test is to find security flaws in your
system and fix them so that system is safe from cyberattacks.
☐
Planning and Reconnaissance
Initializing the scope
Initiate the project plan for execute
Passive Information Gathering
Active Information Gathering
☐
☐
☐
Scanning the Network
Port Scanning
Service Enumeration
Check exposed credentials
1d
1d
Fingerprinting
1d
Vulnerability Assessment
Initiate Automated Vulnerability Assessment (Using recommended tools)
Duration
2d
Initiate Manual Vulnerability Assessment
5d
Exploitation
Initiate Manual Exploitation
Initiate Post Exploitation/Lateral Movements
Final Analysis and Review
Double checking the results
☐
1d
1d
1d
Duration
1d
Initiate Automated Exploitation (Using recommended tools)
☐
Duration
1d
Utilizing the results
Summary of Critical Findings
Duration
5d
7d
3d
Duration
2d
Duration
1d
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Observation
It was
observed
that the
some host
are
accessible
through
remote
desktop
service.
Risk
Rating
High
Impact
Recommendation
Access to RDP
services can
provide an
attacker with
the ability to
make a
machine or
network
resource
unavailable to
its intended
users by
temporarily or
indefinitely
disrupting(locki
ng) services.
Also, It is
possible for an
attacker to gain
reliable and
additional
information
about the
server such as
login user
names. This
may lead to a
successful
system
compromisatio
n by conducting
further
exploitations.
Recommendati
on
It is
recommended
It is recommended to
disable RDP protocol, block
the tcp/3389 port if it is not
in use or to restrict the
access by allowing
connections only with
Network Level
Authentication (NLA). NLA
enforces authentication to
the network before
establishing the RDP
connection.
Refer:
https://docs.microsoft.com
/en-us/windowsserver/remote/remotedesktopservices/clients/remotedesktop-allow-access
Supporting informa
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
to disable RDP
protocol, block
the tcp/3389
port if it is not.
It was
observed
that sensitive
information
such as user
credentials
are sent over
clear text.
High
This flaw
exposes an
individual user’s
data and can
lead to account
theft. If the
adversary
intercepts an
admin account,
the entire site
could be
exposed. Poor
SSL setup can
also facilitate
phishing and
MITM attacks.
MITM attacks
may enable
attackers to
easily observe
It is recommended to apply
SSL/TLS to transport
channels that the web
application will use to
transmit sensitive
information, session
tokens, or other sensitive
data to a backend API or
web service.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
username,
password
information. At
a minimum,
interception of
sensitive data
through a
communication
channel will
result in a
privacy
violation. The
violation of a
user’s
confidentiality
may result in
identity theft,
fraud and
reputational
damage.
During the
test it was
observed
that Aliki's
Banks does
not centrally
collect and
review the
logs
High
Without
collecting and
reviewing logs
form the
Servers,
Network
devices, user
computers and
Applications
Aliki's Banks will
not be able to
identify
potential
security
incidents.
It is recommended to
collect and review the logs
from the Servers, Network
devices, user computers
and Applications.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
During the
test the
following
gaps were
observed in
the
Vulnerability
management
process.
1. It was
observed
that Aliki's
Banks did
not have a
formalized
server
hardening
process.
2. It was
noted during
the test that
a
Vulnerability
assessment
is yet to be
conducted
for the
business
critical
applications.
3. During the
test it was
observed
that Aliki's
Banks does
to have an
approved
software list.
High
Without a
proper threat
and
Vulnerability
management
process Aliki's
Banks will be
exposed to
cyber attackers
which could
result in a data
breach or
disruption to
business
operations.
It is recommended to
ensure that Procedures for
Threat and Vulnerability
management are created
and practiced to ensure the
security of the network and
Information. It is also
recommended do ensure
that this procedure
includes topics such as
Server Hardening,
Approved software list,
Approved operating
systems and Vulnerability
assessments.
1. The lack of a
formalized
server
hardening
process could
result in a
Security
misconfiguratio
n which could
expose the
server to
attackers.
Security
misconfiguratio
n is a
vulnerability
simply defined
as failing to
implement all
the security
controls for a
server. It should
be noted that
Security
Misconfiguratio
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Additionally
it was
observed
that Aliki's
Banks also
uses
freeware
such as Any
desk which
could
contain
vulnerabilitie
s.
Without a list
of software
used in the
network the
organization
will be
unaware of
the threats
posed by
Application
vulnerabilitie
s.
Additionally
the lack of
testing for
known
vulnerabilitie
s and not
following
proper
security
procedures
to secure
business
critical assets
could have
the same
n was listed as
one for the top
ten
vulnerabilities
by OWASP in
both 2019 and
2017.
2. Without
conducting a
Vulnerability
assessment for
the Critical
business
applications
Aliki's Banks will
not be able to
identify the
vulnerabilities
in the
application.
3. Without an
approved Aliki's
Banks will not
be able to
identify and
ensure the
security
compliance of
all the
applications
used. The
approved
software list will
help Aliki's
Banks to track
the software
used in the
network and
their versions.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
effect. It
should be
noted that
since the
users are
working
from home
and they still
have the
facility to
connect to
the internal
network any
compromise
on these
nodes could
expose the
network to
attackers.
The risk of
these nodes
being
compromise
d also
increases
since the
house of an
end user or
the home
network of
an end user
does not
provide the
same level of
protection as
the cooperate
environment
does.
Having this
information will
also help Aliki's
Banks to
eliminate the
usage of some
applications
which would
reduce the
attack surface
for an attacker.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
During the
test the
following
gaps were
observed in
the Anti-virus
management
portal.
1. It was
observed
that some
user
computers
had
outdated
Anti-virus
clients. It was
informed
that this was
due to the
upgrade
however
without the
latest
version the
Anti-virus
client will not
detect the
latest
threats.
Without the
updated Antivirus clients
Aliki's Banks will
not be able
ensure that the
end points are
protected
against the
latest security
threats.
High
It is recommended do
ensure that all the devices
have the updated Antivirus agent and it is also
recommended to ensure
that Malware is cleaned
from the computer once it
is identified and
Quarantined.
If the malware
is not cleaned
from the laptop
there is a
potential for an
attacker to gain
access to the
device through
another
method and
execute the
malware.
2. During the
test it was
observed
that even
though
Malware has
been
identified
and
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
quarantined
by the Antivirus
software it
was not
cleaned from
the devices.
Any gaps in
the Anti-virus
management
process
could lead to
the endpoint
exposed to a
malware
attack and if
the end
point is
compromise
d it could
lead to an
intrusion
into the
network. It
should be
noted that
since the
users are
working
from home
the potential
of an
endpoint
being
compromise
d is higher.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
It was
observed
that real
time patch
monitoring is
not available
for the end
user
computing.
Gaps in the
patch
management
process
could leave
the endpoint
vulnerable to
known
vulnerabilitie
s which can
be exploited
by an
attacker
easily while
working
from home.
Without the
ability to
monitor the
patch
compliance in
real time Aliki's
Banks will not
be able to
ensure that all
the devices has
received the
patches.
It is recommended to
ensure that Aliki's Banks
can monitor the patch
compliance status of all the
user computers in real
time, it is further
recommended that Aliki's
Banks conduct such
monitoring to ensure that
all the devices have
received the latest patches.
High
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
During the
test it was
observed
that the VPN
used by
Aliki's Banks
users does
not have two
factor
authenticatio
n. Which
would mean
that an
attacker can
easily steal
the VPN
credentials,
configure a
malicious
connection
and use it to
connect to
the network
while the
user is
working
from home.
It should laps
be noted
that the
security on
the home
network of a
user may not
be as good
as the
security in a
co-operate
network.
Mediu
m
The lack of two
factor
authentication
for VPN
connectivity
would mean
that if an
attacker is able
to obtain a
computer the
attacker will be
able to easily
connect to the
network.
It is recommended that
Aliki's Banks use two factor
authentication for VPN
connectivity.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
During this security check we notified file server firewall was disabled. As an immediate
action we have enabled and configured windows firewall wall with below configurations.
1.These options are intended to keep your device safe in most network situations. The
default Block behavior for Inbound connections.
2. we have change file server default RDP port 3389 to 3377 as security percussion.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
3. we have defined file server accessing in IP subnet in the file server. This will prevent
the unnecessary accessing attempts via remote networks.
References
1. Firewall defined - https://www.forcepoint.com/cyber-edu/firewall
2. How Firewalls Work - https://computer.howstuffworks.com/firewall.htm
3. What is a Router? - https://www.cisco.com/c/en/us/solutions/small-business/resourcecenter/networking/what-is-a-router.html#~how-does-a-router-work
4. FTPS - https://www.precisely.com/glossary/ftps
5. What is HTTPS - https://www.cloudflare.com/learning/ssl/what-is-https/
6. POP3 - https://whatis.techtarget.com/definition/POP3-Post-Office-Protocol-3
7. SMTP - https://sendgrid.com/blog/what-is-an-smtp-server/
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Learning Outcomes and Assessment Criteria:
Learning Outcome
LO1 Examine Network
Security principles,
protocols and
standards
LO2 Design a secure
network for a
corporate environment
Pass
P1 Discuss the
different types of
Network Security
devices.
P2 Examine Network
Security protocols.
P3 Investigate the
purpose and
requirements of a
secure network
according to a given
scenario.
P4 Determine which
network hardware and
software to use in this
network.
LO3 Configure
Network Security
measures for the
corporate environment
P5 Configure Network
Security for your
network.
P6 Discuss different
cryptographic types of
Network Security.
P7 Create a Test Plan
for your network.
LO4 Undertake the
testing of a network
using a Test Plan
P8 Comprehensively
test your network
using the devised Test
Plan.
Merit
Distinction
M1 Compare and
contrast at least two
major Network Security
protocols.
M2 Create a design of a
secure network
according to a given
scenario.
M3 Provide Network
Security configuration
scripts/files/screenshots
with comments.
M4 Provide scripts/files/
screenshots of the
testing of your network.
M5 Make some
improvement
recommendations
LO1 & LO2
D1 Discuss, using
examples, the
importance of Network
Security.
D2 Discuss what is
meant by Quality of
Service (QoS) in
relation to Network
Security configuration.
D3 Critically evaluate
the design, planning,
configuration and
testing of your
network.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
** Please note that this Result will be Provisional till the ISV Process & IV Process is Completed.
Londontec City Campus
Page PAGE \* Arabic \* MERGEFORMAT 2 of NUMPAGES \* Arabic \* MERGEFORMAT 8
Related documents
We Are….
We Are….
LING 566 Summary of Students Projects 3_11_2015
LING 566 Summary of Students Projects 3_11_2015
Class Debate #1
Class Debate #1
9680/5 ARABIC PAPER 5 Prose OCTOBER/NOVEMBER SESSION 2002
9680/5 ARABIC PAPER 5 Prose OCTOBER/NOVEMBER SESSION 2002
Download
advertisement