CYB_420_Module_4_Project_1_Walter_Lawrence
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
420
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
9
Uploaded by ChiefFlowerDinosaur25
Walter Lawrence
Southern New Hampshire University
CYB 420: Enterprise Security
Professor Perkins
Project One
November 16, 2023
As a security technician the ACME company has asked me to investigate their security
and see what changes or vulnerabilities the system has and to fix them. I will be reviewing three
risk domains. They are People, Process, and Technology. Currently with my review so far there
are many vulnerabilities in this company that should be fixed. Some have to do with how the
employees access the work network, some include the physical way the server room and servers
are stored, and others include how the network is laid out now and how it can be changed.
After
they follow this process and assessment, they should be ok security wise. The first domain I will
start with is the people risk domain.
Vulnerabilities and ways to resolve issues in the People Domain
In the people risk domain there are a few vulnerabilities that I can see are present. The
first vulnerability is authentication/credentials, and the second vulnerability would be remote
employees. For the first vulnerability, each employee uses a computer and accessing the network
and sharing credentials is not a secure way to log in as everyone would then have access to other
employees’ information. To fix this, we will need to implement security control. The security
control we will be implementing unique passwords as well as a password standard. Each
employee will be given a unique username and password that follows the password policy. Each
username will be assigned security groups that will allow each person to only access areas where
they are supposed to be. This will employ least privilege. For example, an IT person will not be
able to access the HR department and vice versa HR will not have the clearance to access the IT
department. The next part of the security control we will implement is a password requirement.
This requirement will be a minimum of 8 characters in length and will need to include an
uppercase letter, lowercase letter, number, and special character, as well as this will not be
allowed to include any personal info like DOB, name, or SSN (N-Able, 2023). Having this
policy set will make it harder for a hacker to be able to use employee’s credentials or make it
harder for other employees to guess each other’s passwords. This policy will also force the user
to change the password every 30 days.
The second vulnerability would be remote employees. Many employees work from home
or travel and work from hotels. Most of these wireless connections can be unsecure which when
work documents are accessed makes it a lot easier for a hacker to steal the data. To stop this from
happening the security control we will be implementing is VPN use. The VPN will allow the
employees to remotely connect to the network securely and make it harder for a hacker to steal
the data as the VPN will mask the IP address (Hoffman & Lewis, 2023). Using a VPN will also
stop unauthorized users from stealing data over free Wi-Fi as well.
If we can implement, train, and use this control for every employee whether they are new
hires or have been with the company for 20 years it helps to eliminate any sort of possibility of a
breach. Many ways hackers will try to get into the network or steal data is by trying to guess
passwords by a brute force attack. A brute force attack by using multiple computers in many
ways to try and crack or guess the password using different combinations (
What Is a Brute Force
Attack? | Definition, Types & How It Works
, n.d.). If Acme can utilize our suggestions, it makes
it tougher for a hacker to steal the password as we require it to be more complex. Using a VPN is
also a way to not only mask your connection but keep it private which in turn eliminates the
possibility of a hacker to connect to your computer and steal your data when you are remote. The
one way that we will not allow employees to work remotely is if they do not have secure
internet. If they are trying to work from a coffee shop with free Wi-Fi the VPN will not allow the
connection to be made. If the controls are followed it will not only keep the company safe but
make it harder for a hacker to steal data.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Vulnerabilities and ways to resolve issues in the Process Domain
The second domain is the process domain. In this domain the two vulnerabilities are
physical layout of the building and network configuration. For the physical layout ACME
currently has the public records server on the main floor of the building where it can be accessed
by anyone. This is a major security issue and needs an immediate security policy implemented.
The implementation policy we are going to set is to make sure that all IT equipment, including
servers that host all important backups or documents will be in one room separate from where
the employees are. That means the public records server will be moved into the IT
equipment/server room which will be behind a locked door (technology section will go over this
more in depth). Having the server behind a locked door will not only keep the machine and data
protected from physical damage, but it also will also keep it safe from anyone who wanted to try
and hook up to it to steal data. It also helps to keep the server safe from any type of physical
damage.
The second vulnerability in the process domain is the layout and configuration of the
network. With the current layout of the network any person can easily breach the network from
anywhere or allow guest users to access confidential data that they are not supposed to see. The
security implementation we will be pushing out is network segmentation. Having network
segment as a security control focus this will allow ACME to have one network mainly for
employees and a second network for guest users. They also can segment a network out for each
department so only those department employees can access that network making it harder for
others to access the data and hackers to access as well. Having a segmented network will allow
all internal data to be separated from the other network or if they wanted to have a separate
network for all employees and a separate network for the servers and backup data this would be
acceptable as well. Having this option would help to keep the data safe especially if an
employee’s credentials are hacked then the hacker would have no way to access the other
network due to that being separate than what the employee’s credentials are allowed to use.
Another control that could be used is an auto lock feature or MFA authentication on the network.
Each time the employee connects to the network or logins they need to authenticate and if they
fail to authenticate within 15 seconds the account will auto disable. This helps to keep the
network safe and secure as well.
This process domain is an important step in counteracting issues or attempts at a data
breach. With segmenting the network, it not only keeps the network running smoothly for
internal employees, but it also allows for a backup option in case one network goes down or has
a breach and everything can be moved over, or you can have the server on one network and the
computers on the other to keep any sort of possible data breach away from the servers. This will
be a very beneficial way for the company to avoid attacks. With MFA this is most important as
it’s an extra layer of security that makes it harder for a hacker to get through the network.
Vulnerabilities and ways to resolve issues in Technology Domain
The third risk domain would be technology. Two vulnerabilities that would fall under the
technology domain would be door lock or biometric locks and unauthorized software and access
from outside organization. The first vulnerability is lack of door locks. Having equipment like
servers and confidential information, the doors need to be locked. We also will make sure to
include a thermostat to keep the room cool, motion sensors with a keypad to turn the sensor off
an on when entering and exiting, as well as another set of RFID and biometric locks on the
inside. Once an employee enters the server room the door will auto lock forcing them to use
keycard and biometrics to exit as well. The security control we will implement will be door locks
that either use biometrics or RFID/keycard locks. Having both locks will also have the least
privilege tied int into it. For certain areas only IT employees can access the server room and will
need to use both biometrics and a key card. This will help to keep the server room locked up
tightly. Other rooms will just use a key card and only the employees who are allowed in that
room will be provided with a key card.
The second vulnerability is unauthorized software or access to networks. Having
unauthorized software and access can be a big way for viruses or malware to sneak into the
system and cause a huge network breach or worse data loss. The security control we will
implement for this would be to have Anti-virus software installed on every single computer and
server in the company. This software will help detect if a virus, malware, or ransomware is
visible on a computer or network. The anti-virus software also will help to block and remove the
possible virus in the background or alert the IT department if the computer or network is
infected, allowing them to act quickly. This is where a backup or segmented network helps as if a
computer is infected or network, they can shut the network down, move it over to the other
network, and build a new network to move the computers back. If a computer is infected, they
can easily wipe and reload the machine. Another control we would use on the network is a
firewall. The firewall will help in being able to determine if incoming traffic is safe or not. If
there is safe traffic from software, emails, or website browsing it will allow the site or action
through. If the traffic is not safe, then the firewall will block that access and the sites will not be
allowed through (
What Is a Firewall?
2023). Using these two controls will be a very helpful way
to keep the network and devices secure.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Implementing the controls in the technology domain will be very helpful. These controls
will not only stop attacks from happening, but also losing very expensive equipment. If we can
eliminate any unwanted access in the server room by using least privilege which is just a matter
of only letting an IT person in the room or someone who has the clearance then it will cut down
on others that could be posing as an employee but really an inside hacker (CyberArk Software,
2023). Utilizing least privilege by far is the best approach in helping to keep data safe as well as
the equipment. If we Acme can also make sure to have the correct security like sprinklers,
sensors, and locks then the room and equipment would be safe from harm.
The way to balance the implementation control between simple fixes and organizational
concerns would be to have a plan mapped out of each possible issue. If it’s a password issue it
could be a matter of a person forgetting it which is a simple fix. Whereas if a network is down or
a vulnerability is found with a scan then that could have downtime, unless you have a segmented
network setup already then it can be switched over to keep data safe until the downed network is
fixed. Having a plan set is the best way to resolve it as well as making sure that all employees go
through some sort of training on how to tell of an issue so they can help as well.
Infrastructure Diagram
My diagram that I have shown will show how the network should be setup physically in
the office as well as how the server room should be with utilizing door locks, thermostat to keep
the room cool, segmented network for each separate department. Not shown in the diagram
would be the people process of authentication and VPN use as that is tied to the servers and
domain controllers for their servers.
I believe that if ACME follows through with what I suggested in the briefing from the
vulnerabilities that were found I believe that they can help to keep their network, data, and
employees safe from any sort of attack or data breach. The more we can safeguard the network
and each employee the better that Acme as a company will be and can hire more people as well
as in take more clients to expand the company to be bigger. Having a big company can be
challenging to keep safe, however as long as this plan is followed it can take on any size
company no matter how big or small.
Sources
Hoffman, C., & Lewis, N. (2023, February 18).
What is a VPN, and why would I need one?
How-To Geek. https://www.howtogeek.com/133680/htg-explains-what-is-a-vpn/
What is a firewall?
(2023, October 6). Cisco.
https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html
N-Able. (2023, April 5).
NIST Password Guidelines
. N-able. https://www.n-able.com/blog/nist-
password-standards
CyberArk Software. (2023, May 17).
What is Least Privilege? Principle of Least Privilege
Definition
. CyberArk. https://www.cyberark.com/what-is/least-privilege/
What is a Brute Force Attack? | Definition, Types & How It Works
. (n.d.). Fortinet.
https://www.fortinet.com/resources/cyberglossary/brute-force-attack#:~:text=A%20brute
%20force%20attack%20is,and%20organizations'%20systems%20and%20networks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help