The accounting firm's network has several vulnerabilities that could allow unauthorized access to sensitive data. The key vulnerabilities include the wireless router using default passwords and no encryption, lack of network monitoring to detect rogue access points, and inadequate security practices for email access. Recommendations include enabling strong encryption on the wireless router, changing default passwords, installing a network monitoring tool, and implementing email security measures. The personal iPad used by the owner also poses a risk if lost or stolen. Overall network security needs to be improved to protect customer and employee data.
Part 1You have been recently hired as a network security analyst.docx
1. Part 1
You have been recently hired as a network security analyst for a
small accounting firm. The firm realizes that it needs help to
secure its network and customers' data. With your background
and skills, the firm is looking to you to provide guidance. In
addition to helping the firm secure its network, the firm
requires that you obtain your CompTIA Security+ certification
within 60 days of being hired.
In addition to the owner, who serves as the overall business
manager, there are about 20 people on staff:
➢ 10 accountants
➢ 3 administrative support specialists
➢ 1 vice president
➢ 1 financial manager
➢ 2 interns
There is also one IT support technician on staff, who has basic
computer hardware and networking knowledge. He has
requested that the firm create a website, hosted internally, so
that new customers can get information about the firm. This will
be important to remember as you complete your final project.
The firm has a simple network. There are 20 computers and two
multipurpose printers. All computers and printers are connected
wirelessly to a NETGEAR MR814 device. This router is
connected to a Motorola SB3100 cable modem. Staff email
accounts are set up through the company’s Internet provider.
Employees use a combination of Microsoft Outlook and
standard web browsers to access their e-mail. The owner uses
his personal iPad during work hours to check and respond to
email messages.
Prior to your hiring, the firm hired a network cabling contractor
to run Cat 6 cables from the central wiring closet to all offices
and cubicles. The firm wants to move away from using wireless
as the primary network connection, but wants to keep wireless
access for customers coming to the building. The technician
2. who did the wiring mentioned to your supervisor that he should
look into setting up a Windows Server domain to manage user
access, instead of the current peer-to-peer network. He also
recommended that the firm invest in a managed switch and a
firewall, and look into having some backups. The internal IT
support technician agreed with these recommendations but
needs your help to implement them.
You’ve been asked to assess the current vulnerabilities and
provide a recommendation to the firm’s owner on how to better
secure the network infrastructure. Now that you are aware of the
firm’s history, your assessment and recommendation should
provide specifics about the network security settings that must
be implemented and the equipment that must be procured,
installed, and configured. The firm’s owner has a basic
understanding of computing, so it is important that you explain
the technical issues in layman's terms.
In this learning demonstration, you will use TestOut Security
Pro to help you understand how to identify and assess network
infrastructure and pass the CompTIA Security+ certification. In
order to identify your strengths and weaknesses, you will first
complete the practice exam that will prepare you for the
certification. The learning materials within LabSim will help
you understand the types of vulnerabilities within a network and
how to address them. As you step through each set of activities,
you will submit a Vulnerabilities Assessment and
Recommendation Document in three parts. Use the results of the
certification practice exam you took at the beginning of the
class to help guide you on which areas within LabSim you
should pay closer attention. You must complete all online labs
in LabSim; these are the activities with the computer mouse
icon. Some of the other areas in LabSim are optional. You can
complete any or all of those if you feel you need to learn more
about the topics.
This section should include areas where network security could
pose security problems. Explain why these vulnerabilities could
3. be exploited and what the implications are if they are not
addressed. In this section, you do not need to provide specific
recommendations on how to mitigate these issues.
Part2
This section should include specific recommendations based on
the vulnerabilities identified in the previous section. These
would include procuring new equipment or systems, and you
should explain why these systems or equipment are needed.
Cognizant that the firm only has a NETGEAR wireless router,
you should determine what else is needed. The firm has Cat 6
cable running from each work area to the central wiring closet.
But those cables are just hanging from the ceiling now. The
technician has recommended implementing a managed switch, a
firewall, and a Windows domain, as well as setting up some
backups (note: this could mean many things). Research
appropriate equipment and provide guidance on the setup as
appropriate for the business.
Part 3
This should include end-user specific recommendations such as
the need for a specific application on the end-user’s computer
or a specific training or best practice that the user must employ.
Again, explain why these are necessary and provide the specific
configuration information as needed.
1
Network Vulnerability
Part 1
Prepared by
4. Edwige Kouassi
To
Prof: Roger Seeholzer
Network Vulnerabilities Assessment and Recommendations
Introduction
Today network security is a big concern for many organizations.
Today, one of the biggest security challenges is the level of
sophistication of attacks. Attackers are using common internet
tools and protocols to carry out attacks [1]. This makes it
difficult to distinguish between an attack and a legitimate
traffic. Vulnerability is caused by insufficient protection of
sensitive data and network and an attacker can exploit the
weakness to access sensitive information [2].
This report is an analysis of network vulnerability of a small
accounting firm. The firm has 21 workers, including the owner.
Out of the 21, 10 are accountants, 3 are administrative
assistants, 1 vice president, 1 financial manager, 2 interns, and
1 manager, who is also the owner. The company has 20
computers and two multi-purpose printers. The manager uses his
personal iPad to read and responds to emails. The firm’s
network is simple and all computers are connected to the
internet via a wireless NETGEAR MT814 device.
A sketch of the current network setup
5. The Identified Vulnerabilities
Router: Wireless routers can be an ideal target for network
hackers. The accounting firm’s network uses a NETGEAR
MR814 router that is connected to a Motorola SB3100 cable
modem. The router has the following vulnerabilities:
· Denial of service (DoS) attack: Happens when attackers
bombard a target resource with unauthorized requests, which
makes the resource to become unavailable to the authorized
users. Comment by Roger Seeholzer: Source? Comment by
Edwige Kouassi:
· Network injections: In this case, an attacker can inject
networking re-configuration codes, which might affect the
router and other intelligent networking devices. Comment by
Roger Seeholzer: Source
· Default passwords or weak passwords: Leaving the default
password of the router unchanged provides a perfect point of
network infiltration. Similarly, weak password for the firm’s
router can be risky and vulnerable to hackers. Comment by
Roger Seeholzer: Was it found or are you just saying this?
Access Points:
· The firm’s wireless network is not limited or controlled to
have physical boundary, which would prevent accidental
associations.
· Rogue access points: Comment by Roger Seeholzer: What
about this? Why have you listed rogue access points?
· Eavesdropping: Hackers can try to listen and to collect data
between nodes in the wireless network. Comment by Roger
Seeholzer: How is this done? Did you find this to be happening
here?
· Mac spoofing: Hackers can listen to the traffic of the network
and try to identify the MAC addresses of privileged
workstations. Comment by Roger Seeholzer: Did you find any
spoofed addresses on the wireless network (while reviewing
router logs)?
· Default shared keys: Comment by Roger Seeholzer: What is
thius here for? How does it apply to your vulnerability
6. assessment?
Network Configurations:
· Lack of network monitoring: There is no network monitoring
device that is installed in the firm’s network that can detect
rogue access points. This is a risk as intruders can infiltrate the
network without detection. Comment by Roger Seeholzer:
Did you check from an office laptop to see if there were any
additional access points?
· Inadequate network encryption standards: In the firm’s
network, there is no encryption, such as the AES that is backed
by WPA2, mechanism that has been implemented. Comment by
Roger Seeholzer: Did the MR 814 have WEP enabled?
· Application vulnerabilities: Hackers try to find weaknesses in
the configuration of client’s workstation applications, such as
browsers, in executing some arbitrary code, or embed Trojan
horses that can crash the system.
· Emails are a good form of communication. However, if not
filtered well and security measures put in place, they can be a
target for infiltration. The organization use of standard browsers
and outlook to access their emails without a security layer is a
risk to the security of the firm.
iPad:
· The iPad is prone to theft or loss, particularly given that it’s a
personal device and the owner walks around with it. In case that
happens, the firm’s sensitive information might be accessed by
other unauthorized people.
· The iPad can also be compromised and provide a way of
accessing network resources by hackers.
Employees:
· The organization has several employees and can be a source of
internal security breach.
· The IT support staff is not well versed with high security
measures. This can be an easy target of exploiting the internet.
Recommendations Comment by Roger Seeholzer: Your
recommendations should line up with the sequence you have
7. identified for vulnerabilities. Up above you separated sections
by identifying where each applied, but here it is just a list.
For each identified vulnerability, you should have a quick fix
that would/will address the problem. I see nothing here of how
to address the iPad, email, physical security, cable modem, and
peer to peer networking
· One way the firm can secure its network is through
encryption. In most cases, routers and access points have an
inbuiltin encryption technique [3]. Turning on AES supported
WPA2 that is protected by a strong pre-shared key can be
effective.
· Default passwords are universal for the same device. It is
imperative for the firm to changed passwords rather than use
defaults.
· Implementing signal hiding mechanisms can be ideal.
Identifying and locating wireless networks is the initial stage of
attackers’ interception. That can be achieved by turning off the
service set identifier (SSID) broadcasting by access points or by
assigning secret names to the SSIDs.
· Restricting or reducing the signal strength of the firm’s
wireless network in such a way that it only covers the premises
and the required area can be a good step in preventing
unauthorized access.
· Installing a network monitoring tool can be important in order
to identify any intrusion.
References
8. [1] O. Awodele et l., (2012). “Vulnerabilities in network
infrastructures and prevention/containment measures,” in
InSITE, Montreal, Canada, 54-67.
[2] Cisco. ( 2015, November 20). Cisco networking services
sensitive information disclosure vulnerability [Online].
Available:
http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-
20151120-ns.html.
[3] M. Choi et al., “Wireless network security: Vulnerabilities,
threats and countermeasures,” IJMUE, vol. 3, no. 3, pp 77-86,
July, 2008.