TASK 1 Notes
PROPOSED TESTS:
| Test | Description | Expected Outcome |
|---|---|---|
| 1 | Ping NAS (\NAS01) | Response received |
| 2 | Access NAS via file path | Shared folders visible |
| 3 | Check firewall port 139/445 | Traffic allowed for IPs in 192.168.1.1–200 |
| 4 | Attempt install of restricted app | Blocked (if policy applied) |
| 5 | Access router admin page | Login prompt, no default credentials accepted |
FIREWALL CONFIGURATIONS:
NexaTech IT Solutions is currently facing a range of cybersecurity and network configuration issues that threaten both operational efficiency and information security. One of the most critical problems lies in the misconfiguration of the company's firewall rules. Specifically, the firewall currently denies internal SMB (Server Message Block) traffic for IP ranges outside of a narrow scope (192.168.1.251–253), which inadvertently blocks access for most office-based users trying to reach the NAS device. This issue has already resulted in users, such as Amirah from the marketing team, being unable to access essential shared resources while working from the office. The misconfiguration not only disrupts workflows and collaboration but also leaves the network open to external threats due to the overly permissive "allow by default" firewall policy. If exploited, such weaknesses could lead to data breaches or unauthorized access to critical systems.
WEAK CREDENTIALS:
Another major concern is the continued use of default credentials on critical infrastructure components, including the SOHO router and NAS device. These default admin usernames and passwords (e.g., “admin/admin” and “LMSAdmin/Pa$$w0rd”) are publicly known and widely documented, making them easy targets for brute-force or automated attacks. This lapse in basic security hygiene exposes the company to potential full-system compromises. Should a malicious actor gain access via these credentials, they could manipulate firewall settings, intercept internal communications, exfiltrate sensitive data, or even disable core services. Furthermore, failure to enforce strong password policies reflects poorly on the company’s commitment to cybersecurity best practices and could result in regulatory non-compliance, especially under data protection frameworks like the UK GDPR.
ADMINSTRATOR PRIVILAGES:
Equally concerning is the fact that all users in the organization currently operate with local administrator privileges on their devices. This lack of privilege separation permits staff to install any software—authorized or not—onto their systems. Such a setup has already resulted in unauthorized applications, including games and potentially pirated content, being installed and stored on company devices and the NAS. This not only degrades system performance but also introduces a high risk of malware infections and software conflicts. Additionally, it places the company in legal jeopardy, particularly if unlicensed or copyrighted material is found on the network. The absence of application control mechanisms also increases the chances of data leakage or insider threats.
SHARED ADMINSTRATION:
The final key issue involves the NAS device, which is currently accessed using a shared administrative account. This approach removes all accountability for file access and changes, as activities cannot be traced back to specific users. Without audit trails or individual permissions, it is impossible to enforce the principle of least privilege, detect malicious behavior, or respond effectively to accidental data deletions or alterations. Shared credentials are especially dangerous in a growing company where staff turnover is rising, as it becomes harder to ensure former employees no longer have access.
Staff training is crucial to keep staff members informed of new threats and vulnerabilities on a regular basis as it is proven that human error is approximately 90% of the cause to successful data breaches. Consequences of data breaches can be crucial in different aspects of the business, it can affect the company financially, legally, and socially. NextTech IT tend to provide short presentations delivered using video conferencing software, which provides them with a broad understanding on organization, network, software and security systems. Thereafter, they are provided with a copy of relevant policies on email and are asked to thoroughly read through and complete an online form to confirm the policies have been read and understood. Sometimes, some of the staff may have a large amount of workload and may not have enough time to carefully read through such policy, therefore they may tend to just complete the form without understanding the policy which can later lead staff unconsciously leaving vulnerabilities in the security system. Therefore, I would recommend to reinforce their policy and make sure that all staff has thoroughly read through the policy by perhaps printing physical copies and arranging meetings with induvial explaining them the policies. Furthermore, they should arrange regular meetings for staff to deliver new threats and security vulnerabilities to raise awareness to minimise the risk of cyber threats.
SCREENSHOTS:
TEST1
Open Powershell:








Comments
Post a Comment