Student Assessment Tasks 520 Final
Student Assessment Tasks 520 Final
Student Assessment Tasks 520 Final
SCENARIO:
A leading software testing firm TestSoft has approached your team for development
of a security plan for them. They have submitted their organizational information
policy and requirements. Following points were highlighted by the analyst:
All the equipment must be kept well protected from unauthorized physical access.
A powerful SPAM filter must be used to filter out SPAM on the company’s email
system.
All users within the domain must use the same copy of anti-virus that is managed
through the anti-virus server.
Sensitive information must be stored in a file and the file must be protected from
unauthorized access
Proper filtering applications must be used to protect from the malware coming from
the internet.
All employees are subjected to moderate password policies
Some employees often need to access the organization network remotely; the
communication taking place in such scenario must be strictly private.
The wired and wireless LANs must be secured appropriately.
All computers and servers must be updated regularly. The updates must be kept in a
testing phase for a 14-day period and then applied on the servers.
Appropriate hardening measures must be taken for the SQL server along with other
servers
Web server architecture must be designed in a way to protect it from the outside
hackers.
A general policy regarding the account disabling and deletion.
Part A
Client Mohan
I hope you're well.
The team has developed a series of questions in order to have clarity on the client's
requirements for the development of the project.
1. What objectives does the company have with the implementation, updating and
design and implementation of IT systems?
2. How do the IT infrastructure components work? And What are the challenges facing
enterprise IT asset management?
3. What are the business needs and priorities of the company regarding the design and
implementation of authentication solutions?
4. What expectations and benefits are expected by the company in the new
implementation of the system?
5. Currently, what tools does the company handle in terms of encryption and the
software tools it currently handles?
6. They require a high security standard for access management and information
control?
7. Control tools and periodic updates and testing phases in systems and security?
8. What security controls do they currently handle and if they have presented any failure
in those controls?
9. They will need the development of security policies and internal controls with account
creation and deletion?
ICTNWK520
Project Design
Executive Summary:
This document provided as an annex to a security plan that aims to reduce the
security risks that the company may have our security plan.
This document is the one that we will deliver to our clients in a first contact with the
company to know the requirements:
Table of Contents:
Introduction
Permission letter from IT Manager
Letter seeking permission
Security Plan
Discussions
This project is drafted with character to comply with the conditions of the company
Gather evidence to demonstrate consistent performance under varying network
industry conditions and includes access to Specifications that guarantee the security
of ICTs, probability, frequency and severity of direct and indirect damage,
guaranteeing the proper use of the ICT system risk analysis tools and methodologies
with an ICT environment where there are fewer security risks managing existing
organizational security policies under the experience of the organizational company
for growth and good management of technological resources
The documents that are presented below, collect all the data and
characteristics studies and research that have been obtained as a result of the
calculations; interviews conducted by the company interviews developed in the
corresponding annexes, and that allow to mark the guidelines for the
materialization of the works and installations security systems, training management
of the resources that are projected in the realization of the project
From: [email protected]
As you requested for the organization network access permission to test and prepare a
security plan, I am happy to approve and assist you for any further help requires from my
end
Regards
Mohan Ganavarapu.
Security Plan
Discussions:
Company
personnel,
network
connection High Moderate High IT Manager
services,
servers and
other
computer
tools that
allow the
proper
functioning of
the company.
Identify
different risks
and Medium Insignificant Medium
vulnerabilities IT Manager
those viruses,
malware, and
software and
hardware
failures that
have already
occurred, and
also those
that may
occur more
easily in the
future
Guarantee
that the
company will Medium Insignificant Medium IT Security
be able to
remain
operational
and
functional
during the
occurrence of
the security
eventuality
The
personnel of
the computer low Insignificant low
area of the Manager
company RRHH
must be kept
in constant
training, so
that it can
provide the
best care and
effectiveness
in the event
of any mishap
in this area,
Company
personnel, network
connection
services, servers Juan Saldarriaga 15/08/2022
and other High
computer tools
that allow the
proper functioning
of the company.
Identify different
risks and
vulnerabilities Medium Juan Saldarriaga 15/08/2022
those viruses,
malware, and
software and
hardware failures
that have already
occurred, and also
those that may
occur more easily
in the future
The personnel of
the computer area
of the company Low Nestor Vincent 15/09/2022
must be kept in
constant training,
so that it can
provide the best
care and
effectiveness in the
event of any
mishap in this
area,
Security on company Plan for incoming devices and how you will
devices with confidential protect them.
information and Use encrypted and authenticated connections
documents when possible.
Plan to rotate access passwords, access keys,
and authentication credentials.
Security Measures:
keep each and every one of the current security policies updated in the
knowledge of the entire company
Track communications made to stakeholders in cases data security breach.
Carry out random reviews of the content of the different notifications that are
send to affected stakeholders.
Keep proof of the entire procedure in case, in the future, the interested party
He decided to sue the company.
10. Application of a proper SPAM, Anti-virus, Firewall, IDS and data encryption
software.
Application type Uses Example
We will make available three solutions to protect wireless LAN encryption and
authentication: Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2),
and Virtual Private Networking (VPN) connection.
WPA and WPA2: These Wi-Fi Alliance standards-based security certifications for
large and growing enterprise LANs and small or home offices provide mutual
authentication to verify individual users and advanced encryption
VPN: provides effective security for users who access the network wirelessly while
traveling or away from their offices.
The ones that we definitely have to avoid. These are behaviours and practices
that can put systems and information at risk, such as opening suspicious files or
links, sharing passwords, or using open Wi-Fi networks.
The ones that definitely what we have to do always, to maintain a correct level of
protection and security. For example:
Encrypt sensitive files
Implement backups
Use passwords and renew them regularly
Use VPN
Install anti-virus and anti-malware software
Information privacy, and its protection against access by unauthorized persons
such as hackers.
Data integrity, and its protection against corruption due to media failure or
deletion.
Availability of services, against internal or external technical failures.
Access control access privileges to users we can ensure the confidentiality and
availability of information; but, in addition, we can:
That only authorized persons may access certain resources (systems, equipment,
programs, applications, databases, networks, etc...) due to their work functions.
They allow us to identify and audit the accesses made, apply internal security
controls.
Document the access procedures to the different applications that process
personal data.
In short, control access from different aspects: network, systems and applications.
The activities in this phase of security testing procedures for are the following:
1. Run the tests
2. The chosen tests are executed with the selected and configured tools according
to the characterization of the applications in question. While the tests are running,
the tools show reports on the vulnerabilities found along the way.
3. Register vulnerabilities
4. Once the activity of executing the tests is finished, the reports with the
vulnerabilities detected in the applications are generated. These vulnerabilities are
saved for later analysis and to evaluate with the development team their impact on
the system.
5. Evaluate report results
6. The tester generates a description of the vulnerabilities detected to discuss with
programmers or system development team members. The impact, type of
vulnerability and a possible solution recommendation are analysed
15. Recommendation / suggestion
Teams that have only the minimum necessary to carry out their tasks are less
likely to fall victim to an attack. Installation of applications and other programs
should be done only if necessary the identification of systems, as well as
operational, technical and security management controls; as well as the
company's human resource requirements such as required personnel, required
skills and available personnel to carry out business security practices.
Make use of controls such as antivirus and antimalware; different types of firewall;
intrusion detection and prevention systems; black and white lists (whitelisting and
blacklisting); update management software, Therefore, tests must be carried out
on the systems and controls to verify that they are still useful. They can be
penetration tests or a search for vulnerabilities in the systems to correct the risk in
an appropriate way risk assessment and management; preparing an inventory of
assets and applications; the actions to be taken in the event of an incident; time
objectives such as RTO and RPO; the maximum terms to maintain continuity in
the event of a failure such as WRT, MTD and MTPD; countermeasures to different
threats,
16. References:
Section 1
1 Which of the following is a set of voluntary standards governing encryption?
B PKCS
Public Key Cryptography Standards is a set of voluntary standards for public
key cryptography. This set of standards is coordinated by RSA.
3 An Internet server interfaces with TCP/IP at which layer of the DOD model?
c The Process layer interfaces with applications and encapsulates traffic through
the Host-to-Host or Transport layer, the Internet layer, and the Network Access
layer
4 You want to establish a network connection between two LANs using the Internet.
Which technology would best accomplish that for you?
B L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that can be used
between LANs. L2TP isnt secure, and you should use IPSec with it to provide
data security
5 Which design concept limits access to systems from outside users while protecting
users and systems inside the LAN?
A DMZ (demilitarized zone) is an area in a network that allows restrictive access
to untrusted users and isolates the internal network from access by external
users and systems. It does so by using routers and firewalls to limit access to
sensitive network resources.
7 What is the process of making an operating system secure from attack called?
A Hardening
11 Which of the following would provide additional security to an Internet web server?
C . Changing the default port for traffic to 443
16 The process of verifying the steps taken to maintain the integrity of evidence is called
what?
B Chain of custody ensures that each step taken with evidence is documented
and accounted for from the point of collection. Chain of custody is the Who,
What, When, Where, and Why of evidence storage
17 Which system would you install to provide active protection and notification of security
problems in a network connected to the Internet?
A IPS intrusion prevention system (IPS) provides active monitoring and rule-based
responses to unusual activities on a network. A firewall, for example, provides
passive security by preventing access from unauthorized traffic. If the firewall
were compromised, the IPS would notify you based on rules that it’s designed to
implement
18 What type of program exists primarily to propagate and spread itself to other
systems?
D Worm is designed to multiply and propagate. Worms may carry viruses that
cause system destruction, but that isn’t their primary mission
20 Which access control method is primarily concerned with the role that individuals have
in the organization?
C RBAC Role-based access control (RBAC) is primarily concerned with providing
access to systems that a user needs based on the user’s role in the
organization
Section 2
The difference between a security plan and a security policy? A security policy
identifies the rules that will be followed to maintain security in a system, while
a security plan details how those rules will be implemented. A security policy
is generally included within a security plan. A security plan might be as simple
as a verbal statement from the highest-level management that all accounts on
a system must be protected by the use of a password.
Firewall is a device and/or a software that stands between a local network and
the Internet, and filters traffic that might be harmful.
An Intrusion Detection System (IDS) is a software or hardware device installed
on the network (NIDS) or host (HIDS) to detect and report intrusion attempts
to the network.
This category includes one-time password tokens (OTP tokens), key fobs,
smartphones with OTP apps, employee ID cards and SIM cards.
Inherence factors include any biological traits the user has that are confirmed
for log in. This category includes the scope of biometrics such as retina scans,
iris scans, fingerprint scans, finger vein scans, facial recognition, voice
recognition, hand geometry and even earlobe geometry
Section 3
Historically, more often than not, effective security came at the expense of
usability. And usability came at the expense of security. Many continue to go
by the notion that there is no way to achieve both effective security and
usability simultaneously. It just does not wor
DMZ Network is a perimeter network that protects and adds an extra layer
of security to an organization’s internal local-area network from untrusted
traffic. A common DMZ is a subnetwork that sits between the public internet
and private networks
These servers and resources are isolated and given limited access to the
LAN to ensure they can be accessed via the internet but the internal LAN
cannot. As a result, a DMZ approach makes it more difficult for a hacker to
gain direct access to an organization’s data and internal servers via the
internet
There are two general methods of DoS attacks: flooding services or crashing
services. Flood attacks occur when the system receives too much traffic for the
server to buffer, causing them to slow down and eventually stop. Popular flood
attacks include:
Buffer overflow attacks –
DoS attack.
Worm,
Root kits,
XSS,
MITM