TASK 1!

Contents:
CURRENT ISSUES WITHIN THE
COMPANY
USERS BROAD ACCESS TO
RESOURCES:
UPDATING ANTI-MALWARE
SOFTWARE:
INTRODUCTION
Willow Technology is a recently expanding at a rapid rate.
As a result, the company has now grown its staff from 25 to 50 and plans to
continue expanding as their long-term aim is to have a workforce of around 200.
Some of its staff members work remotely, while the others are based in a single
office on premises. Due to the nature of the business, they require staff to
frequently access shared files on their local area network (LAN). Therefore, it
is important for them reinforce the company’s security system to prevent any data
loss and attacks. They have currently faced issues with the newly implemented
firewall on the corporate network, some of the staff have reported that they
have no longer access to download files from the workplace when connecting
remotely. Whereas, some have faced problems connecting to the network during
working hours.
CURRENT ISSUES WITHIN THE
COMPANY
OUTDATED SERVERS:
After thoroughly analysing
control document A, it is evident that there are many issues that the company
faces such as compatibility and connectivity issues. A primely concern would be
the 2 outdated servers as they are evidently currently operating on outdated
Operating Systems both running on Windows Server 2008. An
operating system a program that manages a computer's hardware and software
resources, and provides services for other programs. It handles tasks such as
input and output, memory allocation, and scheduling. It is important to keep an
up-to-date operating system, this can prevent any cyber-attacks and
vulnerabilities to the system as well as making sure that they are performing
well. Updates can improve the functionality and usability of your device. If
you're using an old operating system, the vendor might not support it
anymore. It is important for Willow Technology to make sure that their
hardware is all kept up to data to remove the likelihood of any other problems
such as communication with other users. It is important that Willow Technology invest
into new servers in order to gain up-to-date operating system which will help
with communication and accessibility issues. It is also noted that the file and
print service server is currently using protocols such as DHCP which can only
host for 30 users. This can affect the way the staff access the internet and resources;
this can leave room for data interception which can lead to severe
consequences.
USERS BROAD ACCESS TO
RESOURCES:
It is clearly stated
that all staff have the same level of access so that all staff can access all
resources. This can make it more convenient for the staff working at Willow
Technology however it is also increasing the likelihood of data interception. it introduces factors such as
insider threats, human error, and disguised criminals. Insider threats is a perceived
threat to an organization from someone who has access to the organization's
sensitive information. This could be an employee, former employee, contractor,
or business associate. Insider threats can be intentional or unintentional, and
can have serious consequences for an organization. This also bring consequences
to the company of which they can lead to data theft, financial fraud, identity
theft, and reputational damage. This can also result in fines and legal action.
Human error involves accidental loss of data. This is a loss of data itself
rather than a copy which means that the data is lost permanently and cannot be
retraced. There are many other errors that included such saving files in the
wrong location, sending emails to the wrong users with attachments, and
accidental changes to documents. Human error were the causes to approximately
90% of data breaches. Disguised criminals involve the use of social engineering
to gain access to buildings. This usually involve 2 types,
tailgating/piggybacking which involves following someone with access to go
inside the building, and shoulder surfing involves stealing someone’s
confidential information this could be when looking over someone whilst they
are entering their PIN to the server room. In order to prevent these issues,
they should implement role-based access control which will allow appropriate
access to resources depending on their role in the organization. This will
enhance security and reduce the likelihood of any threats such as malicious
employees and keeping data secure from any competitors.
STAFF TRAINING:
During staff
induction, they are provided with 3 hours of training on any cyber threats,
network, software, system and security. Once they complete it, they are signed
off as competent in the area. This can be a major issue as it is important that
staff are kept up to date with threats and legislations as it can introduce
human error which were the causes of approximately 90% of data breaches.
Therefore, I would suggest Willow Technology to carry out regular staff
training focusing on new threats and legislation and enhance the user policy in
the company.
MISCONFIGURED FIREWALL:
In control document B, it stated that the finance
department who work remotely frequently face issues using the FTP server. After
thoroughly reviewing control document C, it is made clear that the firewall
policy protocol rules are misconfigured as access to FTP and SFTP are denied
regardless of the destination address. A firewall is
a network security device that regulated inbound and outbound traffic based on
the security rules applied. Firewalls and other networks settings can be a
potential security vulnerability if they are not configured correctly. This
usually occurs when there are open ports which are allowing unauthorized
external connections to the network. This can be vulnerable to the network as
hackers can intercept data throughout the network which can disrupt the way the
users access data. This can lead to other threats such as viruses, ransomware,
adware, DoS attacks. This can have an immense impact on the systems security,
as it will make it much easier to access users’ data for the hackers. They
should implement new and adaptable firewall rules which will allow only
appropriate data into the system and allow appropriate access to resources.
UPDATING ANTI-MALWARE
SOFTWARE:
Willow Technology keeps regular
scheduled updates to the operating system on a quarterly basis, updates to
anti-malware are monthly, updates to applications however are only on reviewed
requests. This can be seen as a threat to the security to the network as its
crucial to updated to the latest version of anti-malware as it may not be able fix
any patches and bugs that may have been resolved in the latest version.
Furthermore, it can also lead to the anti-malware not working accordingly as
intended. This can lead to multiple cyber threats and put users’ data at risk.
Therefore, it is important for the company to carry out regular updates and
make sure that the system is up-to-date to enhance security and make sure that
the software is able to detect and neutralize new threats. Regular
updates can also lead to improvements in the overall performance and stability
of your computer, as they often address bugs and other issues.
VPN SERVER:
At the moment, the company has the server running on a
spare desktop PC from the office to allow users to access facilities remotely. A VPN server
running on a spare desktop might experience connection problems due to various factors,
including internet connection issues, firewall settings, or VPN
client software issues. Incorrect IP address or DNS settings on
the client computer can interfere with VPN connections. Troubleshooting
often involves checking the internet connection, updating VPN client software,
or restarting the VPN app and networking devices. This
will help understanding the issues with running a VPN server on a desktop as
well as help fix the vulnerabilities at the moment.
TEST PLAN
In order to find the root cause
behind each induvial problem I have attached tests that should be carried out
in order to find the issues involved with the problems. This will help us find
a solution much quicker and effectively. It is important for the company to
implement any health and safety measures accordingly to each test. For example,
they should make sure that they have the right people with the right skills to
be completing each task to make it more efficient and precise. Moreover, they
should hire professionals for some tests such as pen testing as it will require
a more in-depth knowledge in order to tackle the testing.
|
USER |
TEST DATE |
SOFTWARE/ DEVICE |
OPERATING SYSTEM |
PROPOSED TEST |
EXPECTED |
ACTUAL OUTCOME |
PURPOSE |
FEEDBACK |
|
USER1 |
28/04/2025 |
SERVER1: FILE AND PRINT SERVICES |
WINDOWS SERVER 2008 R2 |
Load testing: Set up an environment that is similar to companies’ environment.
Develop scripts and actions the user would be simulating. Run the test
against application. |
We will be able to determine if the system performance under extreme
load testing. |
TBD |
To determine how the system performs under peak load conditions |
N/A |
|
|
28/04/2025 |
SERVER1: FILE AND PRINT SERVICES |
WINDOWS SERVER 2008 R2 |
Stress testing: You will require to plan the test and correctly identifying the
resources required and monitor system while gradually increasing the load on
the application. |
It will allow identify system vulnerabilities, and potential failure
points under extreme conditions. |
TBD |
To determine how reliable the system is under extreme workload |
N/A |
|
USER2 |
29/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
Leak testing: Check your current IP address whilst NOT connecting to a VPN.
Thereafter, turn the VPN and check IP address again by going to Google and
asking “What is my IP address?” |
It will allow identify if the VPN is functioning properly and masking
the IP address to keep online activity safe. |
TBD |
To determine if your VPN connection is protecting your IP address and
ensuring your online activity is kept safe. |
N/A |
|
|
29/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
Pen testing: This will include hiring professionals which will try to penetrate the
system in order to gain access |
If any vulnerability is
found, we quickly fix them |
TBD |
To
find any vulnerability in the system |
N/A |
|
|
29/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
Black box testing: This involves hiring a professional who will penetrate into the system
by only knowing key details of the user. They will thereafter report any
issues and bugs in the system. Usually provides unexpected vulnerabilities. |
We will be
able to identify any bugs and issues with the system |
TBD |
Evaluate the
functionality, security, performance, and other aspects of an application with no
knowledge of a system's internals |
N/A |
|
|
29/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
White box testing: This involves hiring a professional who will be provided with full
information on the system and will penetrate into the system and provide a
report with key issues and bugs in the system. This usually include internal
vulnerabilities that company may be aware of. |
We will be able to identify
any bugs and issues with the system |
TBD |
Provides the tester with
complete knowledge of the application being tested, including access to
source code and design documents. |
N/A |
|
Head of Finance/ Finance officer |
29/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
Ping the server’s IP address from different clients within and outside
the network to ensure it’s reachable. |
Successful pings from all test locations. |
TBD |
This will ensure that that all IP address are able to connect to the
network. |
N/A |
|
|
29/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
Temporarily disable firewalls and antivirus software to see if they
are the cause of the problem to restricting access to companies’ resources
using the FTP server. |
User should be able to access company resources using the FTP server. |
TBD |
To understand weather the firewall or anti-virus are the root to the issues. |
N/A |
|
Sales Representative |
30/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
Start with basic checks like verifying router connections, firmware
updates, and checking for interference from other devices. |
All hardware is correctly working and user is able to access the
company’s network. |
TBD |
To determine why the user is not able to access the network outside
work hours. |
N/A |
|
|
30/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
Verify that the DNS server is working correctly using the command line
and ‘nslookup’ |
DNS is correctly working with no issues. |
TBD |
To verify if the DNS server is working correctly. |
N/A |
|
|
30/04/2025 |
SERVER3: VPN |
WINDOW SERVER 2019 |
Use the command line to trace the path of network traffic to identify
potential bottlenecks. ‘ipconfig’ to renew the computer’s IP address
thereafter use the command line ‘traceroute’. |
All data is travelling to the correct destination. No bottlenecks are
identified. |
TBD |
This will help us to trace where the data is travelling to identify
the issues. |
N/A |
|
USER1 |
30/04/2025 |
SERVER2: REDUNDANT SERVER |
WINDOWS SERVER 2008 |
Load testing: Set up an environment that is similar to companies’ environment.
Develop scripts and actions the user would be simulating. Run the test
against application. |
We will be able to determine if the system performance under extreme
load testing. |
TBD |
To determine how the system performs under peak load conditions |
N/A |
|
|
30/04/2025 |
SERVER2: REDUNDANT SERVER |
WINDOWS SERVER 2008 |
Stress testing: You will require to plan the test and correctly identifying the
resources required and monitor system while gradually increasing the load on
the application. |
It will allow identify system vulnerabilities, and potential failure
points under extreme conditions. |
TBD |
To determine how reliable the system is under extreme workload |
N/A |
CONCLUSION:
This cyber security
fault-finding investigation has highlighted critical vulnerabilities and
associated threats within the organization's network. By adding all the
recommended security measures and testing that were discussed, the company can
strengthen its defence and minimize any external threats and cyber-attacks.
Regular security assessments, user training, and regular monitoring are crucial
to maintaining a secure IT environment within the company and ensuring all
users with online safety.
Comments
Post a Comment