CYB_230_Project_3_Joshua_Crowley

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

230

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

5

Uploaded by ColonelOryx2298

Report
Joshua Crowley Southern New Hampshire University CYB230 – Operating System Security Professor Jennings-Roche Project 3 - Network System Security Plan Recommendation
I have been asked to review the IT systems at Helios Health Insurance to look for key issues that may be present both from a hardware and software perspective. My focus here is on the Confidentiality of the network. I have been provided a network topology map, as well as the key security infrastructure used by this business. During my review of the system, I have noticed quite a few potential risks that could have large impacts on the security of this business. As this business handles Health Insurance, there is a drastic need for some changes to help ensure the safety, confidentiality, and protection of your client’s information. Please bear in mind that these issues were identified with HIPAA and HITECH in mind to help maintain business compliance. From a quick overview, there is an identifiable issue with the network configuration. The printers, copiers and scanners are connected to a network switch which is a correct configuration for quick speeds. This switch is then connected to the main router, but prior to that, it connects to a wireless access point (WAP). This poses a severe potential breach. Anyone who connects to the WAP may be able to access the printing management area and see personal documents being printed or manage the printing queue themselves. This is compounded by the concept that the Wi-Fi is open. This would allow anyone within Wi-Fi range to connect without an issue and have complete access to the main router, which is connected to end users, the security cluster and printing management all of which are not behind a firewall. This is a confidentiality nightmare, as it poses a large risk to tons of client’s personal information as well as employee’s data that might be managed through the server cluster. This data breach potential is also an issue when considering the current software used. The hard drives being utilized are not encrypted. This causes major concern as an unencrypted hard drive can lead to massive data breaches and information loss. It is essential that encryption software is used to protect your clients and personal employee data from potential breaches.
Hardware Deficiency remediation. For the identified WAP security issue, I would pose two methods to counteract this. My first suggestion would be the removal of the WAP. Since the entire network is connected for a hardwire application and hardwire offers more bandwidth and speed, I would suggest the removal of this WAP. This will eliminate the potential security threat that exists, as well as eliminate the possibility of someone using that identified weakness in the future. It will also help with network management, as it is one less area to maintain, control and ensure is secure. Overall, this would be the best approach should the Wi-Fi be deemed unnecessary in this location. If the WAP is a requirement, we can enhance the defenses of it to ensure it meets security compliance. My first step here would be to directly connect the printing switch to the main switch and add an additional ethernet connection for the WAP. This will ensure that the printing management cannot be directly accessed via the WAP. Next, we would want to adjust the security on the Wi-Fi. Utilizing no password will result in countless security breaches. This would need to be updated to current security standards and utilize at least WPA2 for security. This is not fully secure, but a much better solution than no password. Additionally, I would suggest creating a guest network for users who might want to use it, inside the building. This will allow for Wi-Fi usage, but no direct connection back to the main router. Guest network offers isolation which is a good way to protect confidential information. Finally, I would add a firewall between the WAP and the main switch, as this will help ensure the best protection for the entirety of the business. Where the firewall is currently situated only offers a benefit to the system administrators.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Software Deficiency Remediation. For the identified software and encrypted drives issue I would recommend Two solutions as well. My first suggestion is investing in encryption software. The utilization of something such as BitLocker can be the difference between massive information leaks, and well protected clients. Having an unencrypted hard drive means anyone who gets exposed to something like a Phishing attack or a keylogger trojan, can have all the information from their hard drive removed or copied over, or even deleted. This can result not only in massive information loss for the company, but things like health claim scams and fake claims being issued for a covered client. Whereas if you encrypt the hard drives being used, even if the information is lost or stolen, it can be virtually useless to the person who takes it. We would want to implement encryption software for all the computers utilizing hard drives, including the servers. This will help immensely with security needs and compliance. The second suggestion I have would be to turn to an encrypted cloud-based solution such as Proton Drive. This implementation would require that everyone work off the cloud-based storage and not store locally. This can be extremely useful in two ways. First, the cloud-based storage offers one location where your employees can work and store information and share across the business without needing to send the file via email or carry it to a desk. This will help with efficiency and confidentiality as there are less points of potential intrusion. Secondly, cloud- based storage comes with encryption and its own security method and team. This will alleviate some of the IT needs when it comes to reviewing breaches, cloning hard drives, and re- encrypting them as more people join the company. Since you have remote users, this will also help with the integration of their workflow. This would be my preferred method due to the multiple benefits it offers.
In summation, both the hardware and software based remediations will help defend and secure your business and clients. I would recommend implementing these ASAP as the risk factor here is quite large. If any help is needed with the implementation or design, I will be happy to assist. Thank you for allowing me to review and make suggestions regarding your company’s security.

Related Documents

Week 7 and 8 Discussions.docx
traceability-matrix-template (1).xlsx
CYB_300_4-4_Milestone_Joshua_Minnick.docx
CYB_300_5-2_Milestone_Joshua_Minnick.docx
CYB_300_4-4_Milestone_Evaluation_Joshua_Minnick.docx
Joshua Crowley IT 202 Project One Site Survey Project.docx
CYB 230 Module Two Lab Worksheet_Joshua Crowley (1).docx
CYB 230 Module Five Lab Worksheet Joshua Crowley.docx
CYB 230 Module Four Lab Worksheet Joshua Crowley (1).docx
IT 200 Project One Technology Hardware and Software.docx
IT 200 Network Configuration Model.docx
Project 7 GIS.docx