SlideShare a Scribd company logo

Part 1You have been recently hired as a network security analyst.docx

Download as DOCX, PDF
D
danhaley45372

The accounting firm's network has several vulnerabilities that could allow unauthorized access to sensitive data. The key vulnerabilities include the wireless router using default passwords and no encryption, lack of network monitoring to detect rogue access points, and inadequate security practices for email access. Recommendations include enabling strong encryption on the wireless router, changing default passwords, installing a network monitoring tool, and implementing email security measures. The personal iPad used by the owner also poses a risk if lost or stolen. Overall network security needs to be improved to protect customer and employee data.

Education
1 of 8
Part 1 You have been recently hired as a network security analyst for a small accounting firm. The firm realizes that it needs help to secure its network and customers' data. With your background and skills, the firm is looking to you to provide guidance. In addition to helping the firm secure its network, the firm requires that you obtain your CompTIA Security+ certification within 60 days of being hired. In addition to the owner, who serves as the overall business manager, there are about 20 people on staff: ➢ 10 accountants ➢ 3 administrative support specialists ➢ 1 vice president ➢ 1 financial manager ➢ 2 interns There is also one IT support technician on staff, who has basic computer hardware and networking knowledge. He has requested that the firm create a website, hosted internally, so that new customers can get information about the firm. This will be important to remember as you complete your final project. The firm has a simple network. There are 20 computers and two multipurpose printers. All computers and printers are connected wirelessly to a NETGEAR MR814 device. This router is connected to a Motorola SB3100 cable modem. Staff email accounts are set up through the company’s Internet provider. Employees use a combination of Microsoft Outlook and standard web browsers to access their e-mail. The owner uses his personal iPad during work hours to check and respond to email messages. Prior to your hiring, the firm hired a network cabling contractor to run Cat 6 cables from the central wiring closet to all offices and cubicles. The firm wants to move away from using wireless as the primary network connection, but wants to keep wireless access for customers coming to the building. The technician
who did the wiring mentioned to your supervisor that he should look into setting up a Windows Server domain to manage user access, instead of the current peer-to-peer network. He also recommended that the firm invest in a managed switch and a firewall, and look into having some backups. The internal IT support technician agreed with these recommendations but needs your help to implement them. You’ve been asked to assess the current vulnerabilities and provide a recommendation to the firm’s owner on how to better secure the network infrastructure. Now that you are aware of the firm’s history, your assessment and recommendation should provide specifics about the network security settings that must be implemented and the equipment that must be procured, installed, and configured. The firm’s owner has a basic understanding of computing, so it is important that you explain the technical issues in layman's terms. In this learning demonstration, you will use TestOut Security Pro to help you understand how to identify and assess network infrastructure and pass the CompTIA Security+ certification. In order to identify your strengths and weaknesses, you will first complete the practice exam that will prepare you for the certification. The learning materials within LabSim will help you understand the types of vulnerabilities within a network and how to address them. As you step through each set of activities, you will submit a Vulnerabilities Assessment and Recommendation Document in three parts. Use the results of the certification practice exam you took at the beginning of the class to help guide you on which areas within LabSim you should pay closer attention. You must complete all online labs in LabSim; these are the activities with the computer mouse icon. Some of the other areas in LabSim are optional. You can complete any or all of those if you feel you need to learn more about the topics. This section should include areas where network security could pose security problems. Explain why these vulnerabilities could
be exploited and what the implications are if they are not addressed. In this section, you do not need to provide specific recommendations on how to mitigate these issues. Part2 This section should include specific recommendations based on the vulnerabilities identified in the previous section. These would include procuring new equipment or systems, and you should explain why these systems or equipment are needed. Cognizant that the firm only has a NETGEAR wireless router, you should determine what else is needed. The firm has Cat 6 cable running from each work area to the central wiring closet. But those cables are just hanging from the ceiling now. The technician has recommended implementing a managed switch, a firewall, and a Windows domain, as well as setting up some backups (note: this could mean many things). Research appropriate equipment and provide guidance on the setup as appropriate for the business. Part 3 This should include end-user specific recommendations such as the need for a specific application on the end-user’s computer or a specific training or best practice that the user must employ. Again, explain why these are necessary and provide the specific configuration information as needed. 1 Network Vulnerability Part 1 Prepared by
Edwige Kouassi To Prof: Roger Seeholzer Network Vulnerabilities Assessment and Recommendations Introduction Today network security is a big concern for many organizations. Today, one of the biggest security challenges is the level of sophistication of attacks. Attackers are using common internet tools and protocols to carry out attacks [1]. This makes it difficult to distinguish between an attack and a legitimate traffic. Vulnerability is caused by insufficient protection of sensitive data and network and an attacker can exploit the weakness to access sensitive information [2]. This report is an analysis of network vulnerability of a small accounting firm. The firm has 21 workers, including the owner. Out of the 21, 10 are accountants, 3 are administrative assistants, 1 vice president, 1 financial manager, 2 interns, and 1 manager, who is also the owner. The company has 20 computers and two multi-purpose printers. The manager uses his personal iPad to read and responds to emails. The firm’s network is simple and all computers are connected to the internet via a wireless NETGEAR MT814 device. A sketch of the current network setup
The Identified Vulnerabilities Router: Wireless routers can be an ideal target for network hackers. The accounting firm’s network uses a NETGEAR MR814 router that is connected to a Motorola SB3100 cable modem. The router has the following vulnerabilities: · Denial of service (DoS) attack: Happens when attackers bombard a target resource with unauthorized requests, which makes the resource to become unavailable to the authorized users. Comment by Roger Seeholzer: Source? Comment by Edwige Kouassi: · Network injections: In this case, an attacker can inject networking re-configuration codes, which might affect the router and other intelligent networking devices. Comment by Roger Seeholzer: Source · Default passwords or weak passwords: Leaving the default password of the router unchanged provides a perfect point of network infiltration. Similarly, weak password for the firm’s router can be risky and vulnerable to hackers. Comment by Roger Seeholzer: Was it found or are you just saying this? Access Points: · The firm’s wireless network is not limited or controlled to have physical boundary, which would prevent accidental associations. · Rogue access points: Comment by Roger Seeholzer: What about this? Why have you listed rogue access points? · Eavesdropping: Hackers can try to listen and to collect data between nodes in the wireless network. Comment by Roger Seeholzer: How is this done? Did you find this to be happening here? · Mac spoofing: Hackers can listen to the traffic of the network and try to identify the MAC addresses of privileged workstations. Comment by Roger Seeholzer: Did you find any spoofed addresses on the wireless network (while reviewing router logs)? · Default shared keys: Comment by Roger Seeholzer: What is thius here for? How does it apply to your vulnerability
assessment? Network Configurations: · Lack of network monitoring: There is no network monitoring device that is installed in the firm’s network that can detect rogue access points. This is a risk as intruders can infiltrate the network without detection. Comment by Roger Seeholzer: Did you check from an office laptop to see if there were any additional access points? · Inadequate network encryption standards: In the firm’s network, there is no encryption, such as the AES that is backed by WPA2, mechanism that has been implemented. Comment by Roger Seeholzer: Did the MR 814 have WEP enabled? · Application vulnerabilities: Hackers try to find weaknesses in the configuration of client’s workstation applications, such as browsers, in executing some arbitrary code, or embed Trojan horses that can crash the system. · Emails are a good form of communication. However, if not filtered well and security measures put in place, they can be a target for infiltration. The organization use of standard browsers and outlook to access their emails without a security layer is a risk to the security of the firm. iPad: · The iPad is prone to theft or loss, particularly given that it’s a personal device and the owner walks around with it. In case that happens, the firm’s sensitive information might be accessed by other unauthorized people. · The iPad can also be compromised and provide a way of accessing network resources by hackers. Employees: · The organization has several employees and can be a source of internal security breach. · The IT support staff is not well versed with high security measures. This can be an easy target of exploiting the internet. Recommendations Comment by Roger Seeholzer: Your recommendations should line up with the sequence you have
identified for vulnerabilities. Up above you separated sections by identifying where each applied, but here it is just a list. For each identified vulnerability, you should have a quick fix that would/will address the problem. I see nothing here of how to address the iPad, email, physical security, cable modem, and peer to peer networking · One way the firm can secure its network is through encryption. In most cases, routers and access points have an inbuiltin encryption technique [3]. Turning on AES supported WPA2 that is protected by a strong pre-shared key can be effective. · Default passwords are universal for the same device. It is imperative for the firm to changed passwords rather than use defaults. · Implementing signal hiding mechanisms can be ideal. Identifying and locating wireless networks is the initial stage of attackers’ interception. That can be achieved by turning off the service set identifier (SSID) broadcasting by access points or by assigning secret names to the SSIDs. · Restricting or reducing the signal strength of the firm’s wireless network in such a way that it only covers the premises and the required area can be a good step in preventing unauthorized access. · Installing a network monitoring tool can be important in order to identify any intrusion. References
[1] O. Awodele et l., (2012). “Vulnerabilities in network infrastructures and prevention/containment measures,” in InSITE, Montreal, Canada, 54-67. [2] Cisco. ( 2015, November 20). Cisco networking services sensitive information disclosure vulnerability [Online]. Available: http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa- 20151120-ns.html. [3] M. Choi et al., “Wireless network security: Vulnerabilities, threats and countermeasures,” IJMUE, vol. 3, no. 3, pp 77-86, July, 2008.

Recommended

CMIT 320 FINAL PROJECT. NETWORK SECURITY
CMIT 320 FINAL PROJECT. NETWORK SECURITYCMIT 320 FINAL PROJECT. NETWORK SECURITY
CMIT 320 FINAL PROJECT. NETWORK SECURITYHamesKellor
 
CMIT 320 FINAL PROJECT NETWORK SECURITY.
CMIT 320 FINAL PROJECT NETWORK SECURITY.CMIT 320 FINAL PROJECT NETWORK SECURITY.
CMIT 320 FINAL PROJECT NETWORK SECURITY.HamesKellor
 
Project Instructions You have been recently hired as a.docx
Project Instructions You have been recently hired as a.docxProject Instructions You have been recently hired as a.docx
Project Instructions You have been recently hired as a.docxbriancrawford30935
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Wireless securit1
Wireless securit1Wireless securit1
Wireless securit1KowsalyaS12
 
Final2[1]
Final2[1]Final2[1]
Final2[1]MohammedHazzaa1
 

Recommended

CMIT 320 FINAL PROJECT. NETWORK SECURITY
CMIT 320 FINAL PROJECT. NETWORK SECURITYCMIT 320 FINAL PROJECT. NETWORK SECURITY
CMIT 320 FINAL PROJECT. NETWORK SECURITYHamesKellor
 
CMIT 320 FINAL PROJECT NETWORK SECURITY.
CMIT 320 FINAL PROJECT NETWORK SECURITY.CMIT 320 FINAL PROJECT NETWORK SECURITY.
CMIT 320 FINAL PROJECT NETWORK SECURITY.HamesKellor
 
Project Instructions You have been recently hired as a.docx
Project Instructions You have been recently hired as a.docxProject Instructions You have been recently hired as a.docx
Project Instructions You have been recently hired as a.docxbriancrawford30935
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Wireless securit1
Wireless securit1Wireless securit1
Wireless securit1KowsalyaS12
 
Final2[1]
Final2[1]Final2[1]
Final2[1]MohammedHazzaa1
 
Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfCareerera
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonksRohit Kapoor
 
2Network VulnerabilityPart 1Prepared by Edwige .docx
2Network VulnerabilityPart 1Prepared by Edwige .docx2Network VulnerabilityPart 1Prepared by Edwige .docx
2Network VulnerabilityPart 1Prepared by Edwige .docxtamicawaysmith
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
 
hotel management
hotel managementhotel management
hotel managementChetanaNikam1
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxlmelaine
 
From Novice to Network Administrator Starting Your IT Journey (1).pdf
From Novice to Network Administrator Starting Your IT Journey (1).pdfFrom Novice to Network Administrator Starting Your IT Journey (1).pdf
From Novice to Network Administrator Starting Your IT Journey (1).pdfShahrabanAbdullah2
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principlesardexateam
 
Hacking from the Inside
Hacking from the InsideHacking from the Inside
Hacking from the InsideClaranet UK
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security ChecklistMobeen Khan
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
Networking Expertise
Networking ExpertiseNetworking Expertise
Networking ExpertiseCIPL Corporate Infotech
 
Information Technology Question.pdf
Information Technology Question.pdfInformation Technology Question.pdf
Information Technology Question.pdfbkbk37
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control AddressAngie Lee
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Skills that make network security training easy
Skills that make network security training easySkills that make network security training easy
Skills that make network security training easyEC-Council
 
Your initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxYour initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxdanhaley45372
 
Your initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxYour initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxdanhaley45372
 

More Related Content

Similar to Part 1You have been recently hired as a network security analyst.docx

Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfCareerera
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonksRohit Kapoor
 
2Network VulnerabilityPart 1Prepared by Edwige .docx
2Network VulnerabilityPart 1Prepared by Edwige .docx2Network VulnerabilityPart 1Prepared by Edwige .docx
2Network VulnerabilityPart 1Prepared by Edwige .docxtamicawaysmith
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxlmelaine
 
From Novice to Network Administrator Starting Your IT Journey (1).pdf
From Novice to Network Administrator Starting Your IT Journey (1).pdfFrom Novice to Network Administrator Starting Your IT Journey (1).pdf
From Novice to Network Administrator Starting Your IT Journey (1).pdfShahrabanAbdullah2
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principlesardexateam
 
Hacking from the Inside
Hacking from the InsideHacking from the Inside
Hacking from the InsideClaranet UK
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security ChecklistMobeen Khan
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
Information Technology Question.pdf
Information Technology Question.pdfInformation Technology Question.pdf
Information Technology Question.pdfbkbk37
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control AddressAngie Lee
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Skills that make network security training easy
Skills that make network security training easySkills that make network security training easy
Skills that make network security training easyEC-Council
 

Similar to Part 1You have been recently hired as a network security analyst.docx (20)

Advantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdfAdvantages and Disadvantages of Network Security.pdf
Advantages and Disadvantages of Network Security.pdf
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
 
2Network VulnerabilityPart 1Prepared by Edwige .docx
2Network VulnerabilityPart 1Prepared by Edwige .docx2Network VulnerabilityPart 1Prepared by Edwige .docx
2Network VulnerabilityPart 1Prepared by Edwige .docx
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
 
hotel management
hotel managementhotel management
hotel management
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docx
 
From Novice to Network Administrator Starting Your IT Journey (1).pdf
From Novice to Network Administrator Starting Your IT Journey (1).pdfFrom Novice to Network Administrator Starting Your IT Journey (1).pdf
From Novice to Network Administrator Starting Your IT Journey (1).pdf
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principles
 
Hacking from the Inside
Hacking from the InsideHacking from the Inside
Hacking from the Inside
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
Networking Expertise
Networking ExpertiseNetworking Expertise
Networking Expertise
 
Information Technology Question.pdf
Information Technology Question.pdfInformation Technology Question.pdf
Information Technology Question.pdf
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Skills that make network security training easy
Skills that make network security training easySkills that make network security training easy
Skills that make network security training easy
 

More from danhaley45372

Your initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxYour initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxdanhaley45372
 
Your initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxYour initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxdanhaley45372
 
Your initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docxYour initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docxdanhaley45372
 
Your initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docxYour initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docxdanhaley45372
 
Your initial post should be made during, Submissions after this time.docx
Your initial post should be made during, Submissions after this time.docxYour initial post should be made during, Submissions after this time.docx
Your initial post should be made during, Submissions after this time.docxdanhaley45372
 
Your essay should address the following.(a) How  is the biologic.docx
Your essay should address the following.(a) How  is the biologic.docxYour essay should address the following.(a) How  is the biologic.docx
Your essay should address the following.(a) How  is the biologic.docxdanhaley45372
 
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docx
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docxYour initial post is due by midnight (1159 PM) on Thursday. You mus.docx
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docxdanhaley45372
 
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docxYour individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docxdanhaley45372
 
Your HR project to develop a centralized model of deliveri.docx
Your HR project to develop a centralized model of deliveri.docxYour HR project to develop a centralized model of deliveri.docx
Your HR project to develop a centralized model of deliveri.docxdanhaley45372
 
Your Immersion Project for this course is essentially ethnographic r.docx
Your Immersion Project for this course is essentially ethnographic r.docxYour Immersion Project for this course is essentially ethnographic r.docx
Your Immersion Project for this course is essentially ethnographic r.docxdanhaley45372
 
Your country just overthrew its dictator, and you are the newly .docx
Your country just overthrew its dictator, and you are the newly .docxYour country just overthrew its dictator, and you are the newly .docx
Your country just overthrew its dictator, and you are the newly .docxdanhaley45372
 
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docx
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docxYour have been contracted by HealthFirst Hospital Foundation (HHF),.docx
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docxdanhaley45372
 
Your group presentationWhat you need to do.docx
Your group presentationWhat you need to do.docxYour group presentationWhat you need to do.docx
Your group presentationWhat you need to do.docxdanhaley45372
 
Your contribution(s) must add significant information to the dis.docx
Your contribution(s) must add significant information to the dis.docxYour contribution(s) must add significant information to the dis.docx
Your contribution(s) must add significant information to the dis.docxdanhaley45372
 
Your good friends have just adopted a four-year-old child. At th.docx
Your good friends have just adopted a four-year-old child. At th.docxYour good friends have just adopted a four-year-old child. At th.docx
Your good friends have just adopted a four-year-old child. At th.docxdanhaley45372
 
Your good friends have just adopted a four-year-old child. At this p.docx
Your good friends have just adopted a four-year-old child. At this p.docxYour good friends have just adopted a four-year-old child. At this p.docx
Your good friends have just adopted a four-year-old child. At this p.docxdanhaley45372
 
Your goals as the IT architect and IT security specialist are to.docx
Your goals as the IT architect and IT security specialist are to.docxYour goals as the IT architect and IT security specialist are to.docx
Your goals as the IT architect and IT security specialist are to.docxdanhaley45372
 
Your essay should address the following problem.(a) What is .docx
Your essay should address the following problem.(a) What is .docxYour essay should address the following problem.(a) What is .docx
Your essay should address the following problem.(a) What is .docxdanhaley45372
 
Your future financial needs will be based on the income you can reas.docx
Your future financial needs will be based on the income you can reas.docxYour future financial needs will be based on the income you can reas.docx
Your future financial needs will be based on the income you can reas.docxdanhaley45372
 
Your friend Lydia is having difficulty taking in the informati.docx
Your friend Lydia is having difficulty taking in the informati.docxYour friend Lydia is having difficulty taking in the informati.docx
Your friend Lydia is having difficulty taking in the informati.docxdanhaley45372
 

More from danhaley45372 (20)

Your initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docxYour initial post should be 2-3 paragraphs in length.Inclu.docx
Your initial post should be 2-3 paragraphs in length.Inclu.docx
 
Your initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docxYour initial post should be made during Unit 2,  January 21st at 4.docx
Your initial post should be made during Unit 2,  January 21st at 4.docx
 
Your initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docxYour initial post should be at least 450+ words and in APA forma.docx
Your initial post should be at least 450+ words and in APA forma.docx
 
Your initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docxYour initial post should be made during Unit 2, january 21st at 4.docx
Your initial post should be made during Unit 2, january 21st at 4.docx
 
Your initial post should be made during, Submissions after this time.docx
Your initial post should be made during, Submissions after this time.docxYour initial post should be made during, Submissions after this time.docx
Your initial post should be made during, Submissions after this time.docx
 
Your essay should address the following.(a) How  is the biologic.docx
Your essay should address the following.(a) How  is the biologic.docxYour essay should address the following.(a) How  is the biologic.docx
Your essay should address the following.(a) How  is the biologic.docx
 
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docx
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docxYour initial post is due by midnight (1159 PM) on Thursday. You mus.docx
Your initial post is due by midnight (1159 PM) on Thursday. You mus.docx
 
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docxYour individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
Your individual sub-topic written (MIN of 1, MAX 3 pages)You.docx
 
Your HR project to develop a centralized model of deliveri.docx
Your HR project to develop a centralized model of deliveri.docxYour HR project to develop a centralized model of deliveri.docx
Your HR project to develop a centralized model of deliveri.docx
 
Your Immersion Project for this course is essentially ethnographic r.docx
Your Immersion Project for this course is essentially ethnographic r.docxYour Immersion Project for this course is essentially ethnographic r.docx
Your Immersion Project for this course is essentially ethnographic r.docx
 
Your country just overthrew its dictator, and you are the newly .docx
Your country just overthrew its dictator, and you are the newly .docxYour country just overthrew its dictator, and you are the newly .docx
Your country just overthrew its dictator, and you are the newly .docx
 
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docx
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docxYour have been contracted by HealthFirst Hospital Foundation (HHF),.docx
Your have been contracted by HealthFirst Hospital Foundation (HHF),.docx
 
Your group presentationWhat you need to do.docx
Your group presentationWhat you need to do.docxYour group presentationWhat you need to do.docx
Your group presentationWhat you need to do.docx
 
Your contribution(s) must add significant information to the dis.docx
Your contribution(s) must add significant information to the dis.docxYour contribution(s) must add significant information to the dis.docx
Your contribution(s) must add significant information to the dis.docx
 
Your good friends have just adopted a four-year-old child. At th.docx
Your good friends have just adopted a four-year-old child. At th.docxYour good friends have just adopted a four-year-old child. At th.docx
Your good friends have just adopted a four-year-old child. At th.docx
 
Your good friends have just adopted a four-year-old child. At this p.docx
Your good friends have just adopted a four-year-old child. At this p.docxYour good friends have just adopted a four-year-old child. At this p.docx
Your good friends have just adopted a four-year-old child. At this p.docx
 
Your goals as the IT architect and IT security specialist are to.docx
Your goals as the IT architect and IT security specialist are to.docxYour goals as the IT architect and IT security specialist are to.docx
Your goals as the IT architect and IT security specialist are to.docx
 
Your essay should address the following problem.(a) What is .docx
Your essay should address the following problem.(a) What is .docxYour essay should address the following problem.(a) What is .docx
Your essay should address the following problem.(a) What is .docx
 
Your future financial needs will be based on the income you can reas.docx
Your future financial needs will be based on the income you can reas.docxYour future financial needs will be based on the income you can reas.docx
Your future financial needs will be based on the income you can reas.docx
 
Your friend Lydia is having difficulty taking in the informati.docx
Your friend Lydia is having difficulty taking in the informati.docxYour friend Lydia is having difficulty taking in the informati.docx
Your friend Lydia is having difficulty taking in the informati.docx
 

Recently uploaded

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 

Recently uploaded (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 

Part 1You have been recently hired as a network security analyst.docx

  • 1. Part 1 You have been recently hired as a network security analyst for a small accounting firm. The firm realizes that it needs help to secure its network and customers' data. With your background and skills, the firm is looking to you to provide guidance. In addition to helping the firm secure its network, the firm requires that you obtain your CompTIA Security+ certification within 60 days of being hired. In addition to the owner, who serves as the overall business manager, there are about 20 people on staff: ➢ 10 accountants ➢ 3 administrative support specialists ➢ 1 vice president ➢ 1 financial manager ➢ 2 interns There is also one IT support technician on staff, who has basic computer hardware and networking knowledge. He has requested that the firm create a website, hosted internally, so that new customers can get information about the firm. This will be important to remember as you complete your final project. The firm has a simple network. There are 20 computers and two multipurpose printers. All computers and printers are connected wirelessly to a NETGEAR MR814 device. This router is connected to a Motorola SB3100 cable modem. Staff email accounts are set up through the company’s Internet provider. Employees use a combination of Microsoft Outlook and standard web browsers to access their e-mail. The owner uses his personal iPad during work hours to check and respond to email messages. Prior to your hiring, the firm hired a network cabling contractor to run Cat 6 cables from the central wiring closet to all offices and cubicles. The firm wants to move away from using wireless as the primary network connection, but wants to keep wireless access for customers coming to the building. The technician
  • 2. who did the wiring mentioned to your supervisor that he should look into setting up a Windows Server domain to manage user access, instead of the current peer-to-peer network. He also recommended that the firm invest in a managed switch and a firewall, and look into having some backups. The internal IT support technician agreed with these recommendations but needs your help to implement them. You’ve been asked to assess the current vulnerabilities and provide a recommendation to the firm’s owner on how to better secure the network infrastructure. Now that you are aware of the firm’s history, your assessment and recommendation should provide specifics about the network security settings that must be implemented and the equipment that must be procured, installed, and configured. The firm’s owner has a basic understanding of computing, so it is important that you explain the technical issues in layman's terms. In this learning demonstration, you will use TestOut Security Pro to help you understand how to identify and assess network infrastructure and pass the CompTIA Security+ certification. In order to identify your strengths and weaknesses, you will first complete the practice exam that will prepare you for the certification. The learning materials within LabSim will help you understand the types of vulnerabilities within a network and how to address them. As you step through each set of activities, you will submit a Vulnerabilities Assessment and Recommendation Document in three parts. Use the results of the certification practice exam you took at the beginning of the class to help guide you on which areas within LabSim you should pay closer attention. You must complete all online labs in LabSim; these are the activities with the computer mouse icon. Some of the other areas in LabSim are optional. You can complete any or all of those if you feel you need to learn more about the topics. This section should include areas where network security could pose security problems. Explain why these vulnerabilities could
  • 3. be exploited and what the implications are if they are not addressed. In this section, you do not need to provide specific recommendations on how to mitigate these issues. Part2 This section should include specific recommendations based on the vulnerabilities identified in the previous section. These would include procuring new equipment or systems, and you should explain why these systems or equipment are needed. Cognizant that the firm only has a NETGEAR wireless router, you should determine what else is needed. The firm has Cat 6 cable running from each work area to the central wiring closet. But those cables are just hanging from the ceiling now. The technician has recommended implementing a managed switch, a firewall, and a Windows domain, as well as setting up some backups (note: this could mean many things). Research appropriate equipment and provide guidance on the setup as appropriate for the business. Part 3 This should include end-user specific recommendations such as the need for a specific application on the end-user’s computer or a specific training or best practice that the user must employ. Again, explain why these are necessary and provide the specific configuration information as needed. 1 Network Vulnerability Part 1 Prepared by
  • 4. Edwige Kouassi To Prof: Roger Seeholzer Network Vulnerabilities Assessment and Recommendations Introduction Today network security is a big concern for many organizations. Today, one of the biggest security challenges is the level of sophistication of attacks. Attackers are using common internet tools and protocols to carry out attacks [1]. This makes it difficult to distinguish between an attack and a legitimate traffic. Vulnerability is caused by insufficient protection of sensitive data and network and an attacker can exploit the weakness to access sensitive information [2]. This report is an analysis of network vulnerability of a small accounting firm. The firm has 21 workers, including the owner. Out of the 21, 10 are accountants, 3 are administrative assistants, 1 vice president, 1 financial manager, 2 interns, and 1 manager, who is also the owner. The company has 20 computers and two multi-purpose printers. The manager uses his personal iPad to read and responds to emails. The firm’s network is simple and all computers are connected to the internet via a wireless NETGEAR MT814 device. A sketch of the current network setup
  • 5. The Identified Vulnerabilities Router: Wireless routers can be an ideal target for network hackers. The accounting firm’s network uses a NETGEAR MR814 router that is connected to a Motorola SB3100 cable modem. The router has the following vulnerabilities: · Denial of service (DoS) attack: Happens when attackers bombard a target resource with unauthorized requests, which makes the resource to become unavailable to the authorized users. Comment by Roger Seeholzer: Source? Comment by Edwige Kouassi: · Network injections: In this case, an attacker can inject networking re-configuration codes, which might affect the router and other intelligent networking devices. Comment by Roger Seeholzer: Source · Default passwords or weak passwords: Leaving the default password of the router unchanged provides a perfect point of network infiltration. Similarly, weak password for the firm’s router can be risky and vulnerable to hackers. Comment by Roger Seeholzer: Was it found or are you just saying this? Access Points: · The firm’s wireless network is not limited or controlled to have physical boundary, which would prevent accidental associations. · Rogue access points: Comment by Roger Seeholzer: What about this? Why have you listed rogue access points? · Eavesdropping: Hackers can try to listen and to collect data between nodes in the wireless network. Comment by Roger Seeholzer: How is this done? Did you find this to be happening here? · Mac spoofing: Hackers can listen to the traffic of the network and try to identify the MAC addresses of privileged workstations. Comment by Roger Seeholzer: Did you find any spoofed addresses on the wireless network (while reviewing router logs)? · Default shared keys: Comment by Roger Seeholzer: What is thius here for? How does it apply to your vulnerability
  • 6. assessment? Network Configurations: · Lack of network monitoring: There is no network monitoring device that is installed in the firm’s network that can detect rogue access points. This is a risk as intruders can infiltrate the network without detection. Comment by Roger Seeholzer: Did you check from an office laptop to see if there were any additional access points? · Inadequate network encryption standards: In the firm’s network, there is no encryption, such as the AES that is backed by WPA2, mechanism that has been implemented. Comment by Roger Seeholzer: Did the MR 814 have WEP enabled? · Application vulnerabilities: Hackers try to find weaknesses in the configuration of client’s workstation applications, such as browsers, in executing some arbitrary code, or embed Trojan horses that can crash the system. · Emails are a good form of communication. However, if not filtered well and security measures put in place, they can be a target for infiltration. The organization use of standard browsers and outlook to access their emails without a security layer is a risk to the security of the firm. iPad: · The iPad is prone to theft or loss, particularly given that it’s a personal device and the owner walks around with it. In case that happens, the firm’s sensitive information might be accessed by other unauthorized people. · The iPad can also be compromised and provide a way of accessing network resources by hackers. Employees: · The organization has several employees and can be a source of internal security breach. · The IT support staff is not well versed with high security measures. This can be an easy target of exploiting the internet. Recommendations Comment by Roger Seeholzer: Your recommendations should line up with the sequence you have
  • 7. identified for vulnerabilities. Up above you separated sections by identifying where each applied, but here it is just a list. For each identified vulnerability, you should have a quick fix that would/will address the problem. I see nothing here of how to address the iPad, email, physical security, cable modem, and peer to peer networking · One way the firm can secure its network is through encryption. In most cases, routers and access points have an inbuiltin encryption technique [3]. Turning on AES supported WPA2 that is protected by a strong pre-shared key can be effective. · Default passwords are universal for the same device. It is imperative for the firm to changed passwords rather than use defaults. · Implementing signal hiding mechanisms can be ideal. Identifying and locating wireless networks is the initial stage of attackers’ interception. That can be achieved by turning off the service set identifier (SSID) broadcasting by access points or by assigning secret names to the SSIDs. · Restricting or reducing the signal strength of the firm’s wireless network in such a way that it only covers the premises and the required area can be a good step in preventing unauthorized access. · Installing a network monitoring tool can be important in order to identify any intrusion. References
  • 8. [1] O. Awodele et l., (2012). “Vulnerabilities in network infrastructures and prevention/containment measures,” in InSITE, Montreal, Canada, 54-67. [2] Cisco. ( 2015, November 20). Cisco networking services sensitive information disclosure vulnerability [Online]. Available: http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa- 20151120-ns.html. [3] M. Choi et al., “Wireless network security: Vulnerabilities, threats and countermeasures,” IJMUE, vol. 3, no. 3, pp 77-86, July, 2008.