Cyber_Course_1_Capstone_-_Part_III_-_Student_Template-__Rev_Aug_22.1
docx
keyboard_arrow_up
School
Strayer University *
*We aren’t endorsed by this school
Course
110
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
4
Uploaded by Chef_Water_Dugong8
Cybersecurity Course 1 Capstone- Part III Student Template
Part III- Performance and Security Recommendations
This part of the Capstone evaluates your ability to review a home network and make recommendations about issues such as IP addresses, network connections, wi-fi signals, passwords, and firewalls.
In the scenario below, you have agreed to help a friend assess their home network. They have asked you to review the network and then make any recommendations for improving performance and security. Upon talking with your friend and reviewing the network, you have made the following observations:
Observations
•
The house is a 2-story house that was built in the 1920’s with a lot of brick and stone, as well as plaster and lathe walls
•
The ISP currently provides service through cable. The ISP cable enters the house from the top floor
•
The ISP provides an all-in-one device that supports wi-fi and 4 wired ethernet ports for connecting devices. This device sits on the top floor.
•
You’ve identified a wi-fi network named “Smith-Family-Wireless"
•
The network consists of a mix of wireless devices including a laptop computer, tablet, smart phone, smart TV, video doorbell, and gaming console.
•
No devices currently have a wired connection
•
Your friend uses the laptop upstairs usually in one of the spare rooms, or down on the first floor
•
The gaming console is down in the basement, and your friend reports that it often loses connection.
•
Your friend reports that it is often difficult to get a good wi-fi or cellular signal in the basement, as well as at other points throughout the house.
•
Your friend gave you permission to log into the all-in-one device to review the wireless network and security settings. You recognized that the password to log into the device’s administration web page is the same as the password to get on the wi-fi.
•
You find that the wireless security is set to WEP
•
Your friend indicates that several applications and games they use require certain ports to be opened in the firewall. To accomplish this, the firewall protection level has been set to low.
Recommendations
After reviewing the network, you have identified several areas of improvement. For each of the following performance or security findings, please provide your recommendation(s) to improve or resolve the issue. Remember:
solving these problems sometimes requires trial and error. So,
you will sometimes need to provide more than one recommendation
to try to solve the problem. Recommendations should be specific and reasonable
. For example, a recommendation that does not include an explanation of why it might solve the problem is not specific. Additionally, calling someone for help or buying new equipment would not be considered a reasonable recommendation at this stage.
Sample Question and Answers
Here are some examples of answers that would be marked Yes (Passing)
or No (Not Passing) based on the criteria indicated in the question. This question and related answers are not part of the assessment.
Security Recommendation Sample Question: Please describe at least 1 specific and reasonable recommendation to address any security concerns related to the network’s SSID. Please describe what you would do
and why it might solve the problem.
Example of a Passing answers:
The answer is reasonable and specific, explaining why the solution might work
•
The SSID for the network is Smith-Family-Wireless. Changing the SSID for the network to a name that does not identify the family or the residence might help deter an attacker from targeting this particular person or family based on the network name.
Examples of Not Passing answers
: Please note the lack of specificity Not Passing Example 1
: The answer is not a specific and it d
oes not explain why this would work
•
Change the SSID
. Not Passing Example 2
: The answer is not a reasonable recommendation because it does not address the SSID issue directly and it could cause more issues for devices that can’t connect through a wired connection. •
Remove the wireless network
Assessment Questions Performance recommendations
Question #1: Your friend would like to install a media server on the network to store photos and
videos. The server will need a static IP address to make the connection more reliable. You know that 192.168.0.5 is an address that will work on the network, but you don’t want to use it if it is being used by another device. Please describe at least 1 specific and reasonable recommendation to determine if the address
is currently being used by another device. Please describe what you would do and why it might solve the problem.
1.First, we can try pining it. Not all the time this would be accurate since the option of ICMP message can be turned off on some devices and that may not work. Another simple approach
since we have the loggins of the ISP router, we can log in and verify all the IPs assigned to all the divices in the local LAN network.
Question #2:
Please describe at least 2 specific and reasonable recommendations for how you would work to improve performance with the poor wi-fi signal, particularly in the basement? Please describe what you would do and why it might solve the problem.
1.Since the source of the WiFi signal is located on the 2nd floor, the singanl propagation to the basement is attenuated due to distance and also it degradates due to many solid structures in the way. I would move the location of the modem from corner to corner on the scond floor just to bypass solid structure of the house. When signal is penetrating less solid objects in example: mirrors, plaster walls, brick or solid wood, it will help with propagation of signal to the basement devices. If the device is equipt with external antenas, I would point down towards the basement(unidirectional antenas); if the devide has the omnidirectional antena, I would verify that the modem is widely exposed and nothing is blocking it. 2. I would keep the farthest divices connect to 2.4 Ghz; I would scan the spectrum of this channel using a wifi analysing tool and select a channel that won't overlap with other signal in
the area; usually best channels I would pick from 1-13 it would be 1, 6 or 11. Keep the laptop and closer devices on 5G since the radius of 5G is for shorter distances. Question #3:
After going through all the best practices to make sure that the wireless signal in the house is performing adequately, you still have a Windows OS device that has symptoms of slow network performance. Other than taking steps to boost the wireless network signal, please
describe at least 2 specific and reasonable recommendations to troubleshoot the network connectivity on that device. Please describe what you would do and why it might solve the problem.
1.I would verify the level of incription that the All-in-One device is set to and match with the one is set on the Windows OS device. They must match elsewhere they will not communicate properly. I would change the encription to WPA3 if Wireless modem is equipped with and the OS device as well as the rest of the devices in the house. IF that is not an option, today WPA2-
PSK is widely used in SOHO networks. 2. If the Windows OS device is portable, I would get it closer to the wireless modem, and perform a speed test; if the throughput won't satify the bandwith of the service, I would verify if the lates FirmWare on the wireless NIC is up-to-date and upgrade it accordingly. Security recommendations
Question #4
: Describe at least 1 specific and reasonable recommendation
for how you could work to improve security related to the wi-fi password. Please describe what you would do and why it might solve the problem.
1.First, I will change the Router Admin password from default to containing at least 8 Characters, At least one Capital and lower case letter, one number and special character. Don't repeat the same characters more then 2 times. The Security Key MUST be different than
Router Admin password, and also must meet the same criteria as router admin passord. One last step I would enable HTTPS for router administration since this encypts the interactions
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
between the admin and the unit. Question #5:
Describe at least 1 specific and reasonable recommendation
for how you could work to improve security related to the wi-fi security. Please describe what you would do and why it might solve the problem.
1. WEP is not secured and can be easily cracked. I would change to WPA3, the latest released in 2018, it is much harder for an intruder to crack it. Depending on how many users there are,
I would bring up the idea of assigning static IPs for all his devices, and disabling the DHCP pool, in order to limit the amount of users thus eliminating the attacket to connect to the network, only negative factor it would be for adding new devices later on. One last thing I would do after I will change the SSID to a unique name that won't contain anything of my name and connecting all devices, is to hide the SSID. This will not pop up on nearby devices when someone with bad intention is nearby. Question #6:
Describe at least 1 specific and reasonable recommendation
for how you could improve security related to the firewall. Please describe what you would do and why it might solve the problem.
1. First of all, I will have the PING command turned off, in order to avoid Ping flood attack also
known by teardown attack where an intruder using Linux OS to increase the size of the packet
in order to flood the target unit. I will apply defence-in-depth startegy in order to keep his network maximum secured. I will run a scan on open ports and all known ports to be vulnerable, like telnet, FTP I will shut them down. At the network level, I will create an ACL list
in the router, to allow and deny certain traffic.