Blumenstein_E_CST610_Project_4.edited (1)

docx

School

University of Maryland *

*We aren’t endorsed by this school

Course

610

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

13

Uploaded by afeeblemind

Report
CST 610 Project 4 Cyberspace and Cybersecurity Foundations Technical Controls Report for FICBank Prepared By: Elliott Blumenstein Version 1.0
CST610 Page ii Table of Contents Table of Contents ....................................................................................................................... ii 1. Executive Summary .......................................................................................................... 3 2. Technical Control Scope ................................................................................................... 3 3. Technical Control Implementation Details ....................................................................... 3 4. Test and Evaluation Methodology .................................................................................... 3 5. T&E Findings .................................................................................................................... 3 6. Conclusion ......................................................................................................................... 3
CSTC610 Page 3 1. Executive Summary The advancement of technology has improved society significantly. However, with the rise comes the risks. Technical controls are a necessity for any company. FICBank is looking to determine what technical controls would be the most appropriate. The technical scope will contain cybersecurity measures for installing firewalls and Intrusion Detection systems, data protection, and access controls, among other criteria. We will have an area to ensure security, compliance, and efficiency. We will use three controls now, and as audits continue, the cybersecurity team could increase those controls. 2. Technical Control Scope FICBank hired us to do a complete information technology workup of their internal systems. We wrote several reports, which included a security assessment report, a security monitoring data analysis, and a security event and incident report. After writing those reports, security controls should be implemented on the network. FICBank's CEO requested that we determine what security controls should be applied. The existing network infrastructure that FICBank has is in Figure 1. The map includes firewalls, routers, numerous servers, workstations, and IP Phones. We will discuss the technical scope of FICBank. System Services/Application Figure 1: FICBank’s network architecture
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CSTC610 Page 4 CodeMeter Runtime Web application: Used for software licensing and protection X-Server Domain Server Cipher Suites Set of cryptographic algorithms; create keys and encrypt information Splunk-free detection system Intrusion Detection System: The infrastructure monitoring tool runs on the remote host and is protected using default administrator credentials. SSH Secure Shell MSRPC Microsoft Remote Procedure Call NETBIOS-SSN Network BIOS Session Service MICROSOFT-DS Used by Server Message Block; network protocol used in Windows networks for sharing resources over a network. SENTINELSRM Software license protection system VMRDP Virtual Machine Remote Desktop Protocol MS-WBT-SERVER Microsoft Web-Based Terminal Server VNC-HTTP Virtual Network Computing remote desktop protocol for use over HTTP VNC Virtual Network Computing HTTP-ALT Alternate HTTP port 1. Cybersecurity measures: a. Install an Intrusion Detection system to monitor and protect FICBank's network from unauthorized access from the internet, which the FICBank architecture map has the firewall set up. Also, ensure that there is a firewall specific for IP phones. b. Ensure port security is on all servers, including MAC address filtering and limiting the number of MAC addresses to ports. c. Ensure anti-virus and antimalware software is installed on all workstations. d. Conduct cybersecurity audits and vulnerability tests to identify and reduce potential risks. 2. Data Protection and Privacy:
CSTC610 Page 5 a. Encrypt sensitive data on all servers that have customer information is located. b. Implement strong encryption for voice traffic and data at both communication ends. c. Implement data privacy policies in compliance with relevant regulations (like GDPR, if applicable). d. Secure data backup and disaster recovery procedures to prevent data loss and ensure business continuity. Also, ensure that the backup server's hardware is plugged into battery backups in case of a power outage. 3. Access Controls: a. Robust authentication mechanisms, including multi-factor authentication, to control access to point-of-sale machines, workstations, and the domain controller. b. Implement authentication for accessing the IP phone system’s administrative interface. c. Role-based access controls ensure employees have only the necessary access rights to perform their duties. d. Regularly review and update access rights when employees change roles or leave the bank. 4. Regular Updates and Patch Management a. Keep network software (ex. CodeMeter Runtime), web application, network server, IP phone software, and hardware updated with the latest patches and firmware updates. 5. Compliance with Banking Regulations: a. Compliance with financial regulations such as Basel III, Sarbanes-Oxley Act, or
CSTC610 Page 6 local banking regulations. b. Regular reporting and audits to demonstrate compliance with these regulations. 6. Network Management and Monitoring: a. Daily monitoring of network traffic to detect and respond to unusual activities that could indicate a security threat. b. Monitor network traffic for unusual activities on specific ports. c. Regular updates and patches to network infrastructure to address security vulnerabilities. d. Restrict access to ports that are not in use or only give access to specific personnel. 7. Employee Training and Awareness: a. Conduct employee training programs on cybersecurity practices and awareness of phishing and other social engineering attacks. b. Policies and procedures for reporting security incidents on field and office workstations. 8. Customer-facing Technologies: a. Secure online banking platforms with robust authentication methods. b. Implementation of secure mobile banking apps with regular updates for security enhancements. 9. Incident Response Plan: a. Create an incident response plan to address and mitigate the impact of security breaches or data loss incidents. b. 3. Technical Control Implementation Details
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CSTC610 Page 7 Control 001 Type: Preventative System: Cloud Computing (EC2AMAZ-O8AHUB0), 10.138.9.167, Windows Application or Service: CodeMeter Runtime, 7.1 Implementation Procedure: Upgrade to CodeMeter 7.10a (7.10.4196.501) or later. Secure the application with a strong password and change the default admin credentials. Implement network-level controls to restrict access to the CodeMeter service to authorized devices only. Regularly check for and apply updates from the vendor. Control 002 Type: Detective System: IDS Software (Splunk-free detection system), 10.138.9.167, Windows Application or Service: Splunk Free, version not provided. Implementation Procedure: Install Splunk Free or update to the latest version. Configure to monitor critical system logs and network traffic. Set up alerts for any suspicious activities that may indicate an attack. Establish a process for regular review of the intrusion detection system logs. Control 003 Type: Recovery System: Remote Desktop Server (Domain Server), 10.138.9.167, Windows Application or Service: X-Server, 2016. Implementation Procedure: Configure X-Server to restrict access to this port.
CSTC610 Page 8 Set up system snapshots and backup configurations. Document a recovery plan in the event of service disruption. 4. Test and Evaluation Plan Control 001 Test procedure: Verify that the installed version of CodeMeter Runtime is the latest by checking the version number. Attempt to access the CodeMeter service with default admin credentials to ensure they have been changed. Test network-level controls by attempting to access the service from an unauthorized device. Control 002 Test procedure: Validate that Splunk Free is operational by checking the service status. Review configuration to ensure it is monitoring the correct logs and network traffic. Assess the log review process to ensure it is conducted at set intervals. Control 003 Test procedure: Ensure the Domain Server is only accessible via SSH by attempting an unencrypted connection. Verify that system snapshots and backups are being created by checking the backup logs and timestamps.
CSTC610 Page 9 5. Test and Evaluation Findings Control 001 Test Outcomes: A. We noticed critical and high vulnerabilities when the first vulnerability scan was done (Figure 2). Some of which needed to have software (CodeMeter) patched or updated. B. After updating those programs, critical and high vulnerabilities decreased significantly (Figure 3). Figure 2. First Vulnerability Scan Figure 3. Second Vulnerability Scan
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CSTC610 Page 10 Control 002 Test Outcomes: A. In the Apache files, we can see in Figure 4 that the shellshock vulnerability was exploited. With an HTTP status code of 200, we know that a response request was successful. B. After updating the IDS software, we see in Figure 5 that no exploitation detection means that the Splunk system was up to date, network traffic was monitored effectively, and exploitation was caught early. Screen Shot: Figure 4- NotePadPlus++ snip of the shellshock vulnerability
CSTC610 Page 11 Figure 5- Using the Spyder program no shellshock vulnerability was detected. Control 3 Test Outcomes: A. Figure 2 shows a critical vulnerability in the X11 server (Domain Server) that accepts connection anywhere, as shown in Figure 6. B. Figure 3 shows no critical vulnerabilities. This is due to restricting the port to only accepting who is authorized to that server. Figure 6- Vulnerability description.
CSTC610 Page 12 Conclusion 1. Considering what was needed for this report. The cybersecurity team believed it took more work to determine what was required in the technical scope. However, reflecting on previous reports using a layered approach to FICBank's security allowed the best response to any irregularities in the system. 2. Our team was able to create controls that were necessary as a start. The specific details of each control implantation allowed FICBank to commit to security at both the application and network levels. Also, by addressing preventative and detective controls, the bank could prevent attacks and identify and respond to any security incident. 3. Using Control 02 to specify if shellshock vulnerability occurred allowed FICBank to understand the importance of detective controls in identifying potential security breaches. The ability to detect or not detect such attempts speaks to the effectiveness of the Splunk configuration and its role in the bank's overall security strategy. 4. It is important to note that while the technical controls implemented provide robust security, the landscape of cyber threats is constantly evolving. FICBank should continue to monitor, review, and adjust its security measures to adapt to new threats and technological and regulatory changes. One of the most critical aspects that FICBank needs to consider is investing in multifactor authentication to ensure that there systems are protected. Regular audits and revisions of the incident response plan will also be essential to maintain a high level of security readiness.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CSTC610 Page 13

Related Documents

CSS321_JoshuaGardner_IP5.docx
Module 4 Mini Case 2.docx
CYS103 WK 1 CIA TRIAD ASSIGMNMENT CYS 103.docx
Blumenstein_E_CST610_Project_3 (1) (2).docx
ElliottBlumenstein_CST610_Project_1_SARS (2).docx
BlumensteinElliott_CST610_Project2 (3).docx
Blumenstein_E_CST610_Project_4.docx
Blumenstein_E_CST610_Project_3.docx
Module_3.2.docx
Module_2.2.docx
Module 7_1.docx
Week 5 Discussion.docx