TASK 1!

 

 

Text Box:

Text Box:

Contents:

 

INTRODUCTION.. 3

CURRENT ISSUES WITHIN THE COMPANY.. 4

OUTDATED SERVERS: 4

USERS BROAD ACCESS TO RESOURCES: 4

STAFF TRAINING: 5

MISCONFIGURED FIREWALL: 5

UPDATING ANTI-MALWARE SOFTWARE: 5

VPN SERVER: 5

TEST PLAN.. 7

CONCLUSION: 13

 

 


 

 

INTRODUCTION

 

Willow Technology is a recently expanding at a rapid rate. As a result, the company has now grown its staff from 25 to 50 and plans to continue expanding as their long-term aim is to have a workforce of around 200. Some of its staff members work remotely, while the others are based in a single office on premises. Due to the nature of the business, they require staff to frequently access shared files on their local area network (LAN). Therefore, it is important for them reinforce the company’s security system to prevent any data loss and attacks. They have currently faced issues with the newly implemented firewall on the corporate network, some of the staff have reported that they have no longer access to download files from the workplace when connecting remotely. Whereas, some have faced problems connecting to the network during working hours.


 

CURRENT ISSUES WITHIN THE COMPANY

 

OUTDATED SERVERS:

After thoroughly analysing control document A, it is evident that there are many issues that the company faces such as compatibility and connectivity issues. A primely concern would be the 2 outdated servers as they are evidently currently operating on outdated Operating Systems both running on Windows Server 2008. An operating system a program that manages a computer's hardware and software resources, and provides services for other programs. It handles tasks such as input and output, memory allocation, and scheduling. It is important to keep an up-to-date operating system, this can prevent any cyber-attacks and vulnerabilities to the system as well as making sure that they are performing well. Updates can improve the functionality and usability of your device. If you're using an old operating system, the vendor might not support it anymore. It is important for Willow Technology to make sure that their hardware is all kept up to data to remove the likelihood of any other problems such as communication with other users. It is important that Willow Technology invest into new servers in order to gain up-to-date operating system which will help with communication and accessibility issues. It is also noted that the file and print service server is currently using protocols such as DHCP which can only host for 30 users. This can affect the way the staff access the internet and resources; this can leave room for data interception which can lead to severe consequences.

 

USERS BROAD ACCESS TO RESOURCES:

It is clearly stated that all staff have the same level of access so that all staff can access all resources. This can make it more convenient for the staff working at Willow Technology however it is also increasing the likelihood of data interception. it introduces factors such as insider threats, human error, and disguised criminals. Insider threats is a perceived threat to an organization from someone who has access to the organization's sensitive information. This could be an employee, former employee, contractor, or business associate. Insider threats can be intentional or unintentional, and can have serious consequences for an organization. This also bring consequences to the company of which they can lead to data theft, financial fraud, identity theft, and reputational damage. This can also result in fines and legal action. Human error involves accidental loss of data. This is a loss of data itself rather than a copy which means that the data is lost permanently and cannot be retraced. There are many other errors that included such saving files in the wrong location, sending emails to the wrong users with attachments, and accidental changes to documents. Human error were the causes to approximately 90% of data breaches. Disguised criminals involve the use of social engineering to gain access to buildings. This usually involve 2 types, tailgating/piggybacking which involves following someone with access to go inside the building, and shoulder surfing involves stealing someone’s confidential information this could be when looking over someone whilst they are entering their PIN to the server room. In order to prevent these issues, they should implement role-based access control which will allow appropriate access to resources depending on their role in the organization. This will enhance security and reduce the likelihood of any threats such as malicious employees and keeping data secure from any competitors.

 

STAFF TRAINING:

 During staff induction, they are provided with 3 hours of training on any cyber threats, network, software, system and security. Once they complete it, they are signed off as competent in the area. This can be a major issue as it is important that staff are kept up to date with threats and legislations as it can introduce human error which were the causes of approximately 90% of data breaches. Therefore, I would suggest Willow Technology to carry out regular staff training focusing on new threats and legislation and enhance the user policy in the company.

 

MISCONFIGURED FIREWALL:

In control document B, it stated that the finance department who work remotely frequently face issues using the FTP server. After thoroughly reviewing control document C, it is made clear that the firewall policy protocol rules are misconfigured as access to FTP and SFTP are denied regardless of the destination address. A firewall is a network security device that regulated inbound and outbound traffic based on the security rules applied. Firewalls and other networks settings can be a potential security vulnerability if they are not configured correctly. This usually occurs when there are open ports which are allowing unauthorized external connections to the network. This can be vulnerable to the network as hackers can intercept data throughout the network which can disrupt the way the users access data. This can lead to other threats such as viruses, ransomware, adware, DoS attacks. This can have an immense impact on the systems security, as it will make it much easier to access users’ data for the hackers. They should implement new and adaptable firewall rules which will allow only appropriate data into the system and allow appropriate access to resources.  

UPDATING ANTI-MALWARE SOFTWARE:

Willow Technology keeps regular scheduled updates to the operating system on a quarterly basis, updates to anti-malware are monthly, updates to applications however are only on reviewed requests. This can be seen as a threat to the security to the network as its crucial to updated to the latest version of anti-malware as it may not be able fix any patches and bugs that may have been resolved in the latest version. Furthermore, it can also lead to the anti-malware not working accordingly as intended. This can lead to multiple cyber threats and put users’ data at risk. Therefore, it is important for the company to carry out regular updates and make sure that the system is up-to-date to enhance security and make sure that the software is able to detect and neutralize new threats. Regular updates can also lead to improvements in the overall performance and stability of your computer, as they often address bugs and other issues. 

VPN SERVER:

At the moment, the company has the server running on a spare desktop PC from the office to allow users to access facilities remotely. A VPN server running on a spare desktop might experience connection problems due to various factors, including internet connection issues, firewall settings, or VPN client software issues. Incorrect IP address or DNS settings on the client computer can interfere with VPN connections. Troubleshooting often involves checking the internet connection, updating VPN client software, or restarting the VPN app and networking devices. This will help understanding the issues with running a VPN server on a desktop as well as help fix the vulnerabilities at the moment.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TEST PLAN


In order to find the root cause behind each induvial problem I have attached tests that should be carried out in order to find the issues involved with the problems. This will help us find a solution much quicker and effectively. It is important for the company to implement any health and safety measures accordingly to each test. For example, they should make sure that they have the right people with the right skills to be completing each task to make it more efficient and precise. Moreover, they should hire professionals for some tests such as pen testing as it will require a more in-depth knowledge in order to tackle the testing.


USER

TEST DATE

SOFTWARE/

DEVICE

OPERATING

SYSTEM

PROPOSED

TEST

EXPECTED
OUTCOME

ACTUAL

OUTCOME

PURPOSE

FEEDBACK

USER1

28/04/2025

SERVER1:

FILE AND

PRINT

SERVICES

WINDOWS SERVER 2008 R2

Load testing:

Set up an environment that is similar to companies’ environment. Develop scripts and actions the user would be simulating. Run the test against application.

We will be able to determine if the system performance under extreme load testing.

TBD

To determine how the system performs under peak load conditions

 

N/A

 

28/04/2025

SERVER1:

FILE AND

PRINT

SERVICES

WINDOWS SERVER 2008 R2

Stress testing:

You will require to plan the test and correctly identifying the resources required and monitor system while gradually increasing the load on the application.

It will allow identify system vulnerabilities, and potential failure points under extreme conditions.

TBD

To determine how reliable the system is under extreme workload

N/A

USER2

29/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

Leak testing:

Check your current IP address whilst NOT connecting to a VPN. Thereafter, turn the VPN and check IP address again by going to Google and asking “What is my IP address?”

It will allow identify if the VPN is functioning properly and masking the IP address to keep online activity safe.

TBD

To determine if your VPN connection is protecting your IP address and ensuring your online activity is kept safe.

N/A

 

29/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

Pen testing:

This will include hiring professionals which will try to penetrate the system in order to gain access

If any vulnerability is found, we quickly fix them  

TBD

To find any vulnerability in the system  

 

N/A

 

29/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

Black box testing:

This involves hiring a professional who will penetrate into the system by only knowing key details of the user. They will thereafter report any issues and bugs in the system. Usually provides unexpected vulnerabilities.

We will be able to identify any bugs and issues with the system

TBD

Evaluate the functionality, security, performance, and other aspects of an application with no knowledge of a system's internals 

N/A

 

29/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

White box testing:

This involves hiring a professional who will be provided with full information on the system and will penetrate into the system and provide a report with key issues and bugs in the system. This usually include internal vulnerabilities that company may be aware of.

We will be able to identify any bugs and issues with the system 

TBD

Provides the tester with complete knowledge of the application being tested, including access to source code and design documents.  

N/A

Head of Finance/ Finance officer

29/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

Ping the server’s IP address from different clients within and outside the network to ensure it’s reachable.

Successful pings from all test locations.

TBD

This will ensure that that all IP address are able to connect to the network.

N/A

 

29/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

Temporarily disable firewalls and antivirus software to see if they are the cause of the problem to restricting access to companies’ resources using the FTP server.

User should be able to access company resources using the FTP server.

TBD

To understand weather the firewall or anti-virus are the root to the issues.

N/A

Sales

Representative

30/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

Start with basic checks like verifying router connections, firmware updates, and checking for interference from other devices.

All hardware is correctly working and user is able to access the company’s network.

TBD

To determine why the user is not able to access the network outside work hours.

N/A

 

30/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

Verify that the DNS server is working correctly using the command line and ‘nslookup’

DNS is correctly working with no issues.

TBD

To verify if the DNS server is working correctly.

N/A

 

30/04/2025

SERVER3:

VPN

WINDOW

SERVER

2019

Use the command line to trace the path of network traffic to identify potential bottlenecks. ‘ipconfig’ to renew the computer’s IP address thereafter use the command line ‘traceroute’.

All data is travelling to the correct destination. No bottlenecks are identified.

TBD

This will help us to trace where the data is travelling to identify the issues.

N/A

USER1

30/04/2025

SERVER2:

REDUNDANT

SERVER

WINDOWS SERVER 2008

Load testing:

Set up an environment that is similar to companies’ environment. Develop scripts and actions the user would be simulating. Run the test against application.

We will be able to determine if the system performance under extreme load testing.

TBD

To determine how the system performs under peak load conditions

 

N/A

 

30/04/2025

SERVER2:

REDUNDANT

SERVER

WINDOWS SERVER 2008

Stress testing:

You will require to plan the test and correctly identifying the resources required and monitor system while gradually increasing the load on the application.

It will allow identify system vulnerabilities, and potential failure points under extreme conditions.

TBD

To determine how reliable the system is under extreme workload

N/A

 

 


CONCLUSION:

 

This cyber security fault-finding investigation has highlighted critical vulnerabilities and associated threats within the organization's network. By adding all the recommended security measures and testing that were discussed, the company can strengthen its defence and minimize any external threats and cyber-attacks. Regular security assessments, user training, and regular monitoring are crucial to maintaining a secure IT environment within the company and ensuring all users with online safety. 

 

Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2