TASK 3!!

 

 


 


Contents

INTRODUCTION.. 2

OVERVIEW... 3

Project requirements:. 3

How to resolve the issues and justification:. 3

UPDATED TOPOLOGY.. 0

HARDWARE/SOFTWARE JUSTIFICATION.. 0

Hardware/Software required:. 0

COSTS.. 0

POTENTIAL INVESTMENTS.. 1

POTENTIAL NETWORK AND SYSTEM SECURITY ISSUES:. 0

FINAL SUMMARY.. 1

 

 


 

INTRODUCTION

 

TeachTechNow is a fast-growing technical education company based in many different locations. They are soon expanding their team from around 500 employees to different locations. They are currently facing several difficulties which raise serious concerns about its existing network configuration and security controls. The aim of the project proposal is to outline all current issues within the network infrastructure and how they would affect the company. It will also suggest new hardware and software required to enhance the network infrastructure as well as including costs of implementation. Furthermore, it will include an explanation of any potential network and system security issues with recommended mitigation techniques for a long-term success and sustainability of the businesses which will relate to the proposal made overall.


 

OVERVIEW

 

Project requirements:

 

-          Robust solution for storing, managing, and provide access to company files and data, regardless of their location

-          Ability to manage company computers and devices centrally

-          Suitable account management for students

-          Separation of the classroom network from administration network

-          A solution to secure data on mobile devices

-          A solution that will allow staff to communicate and collaborate effectively with each other

-          Configure IP address errors

-          To reinforce the wireless internet speed that has affected some users

 

How to resolve the issues and justification:

 

TeachTechNow has faced multiple concerns regarding their security measures, as there has been many successful cyber-attacks in other organizations in the sector. Keeping up to date is very important, even for an individual user. This is because there are many zero-day exploits and flaws within outdated systems. Therefore, it is even more important that a business stays up to date to ensure the data is kept safe and away from intruders. To ensure this it is important for the company to update their devices to the latest software and eliminating the chances of zero-day exploits. I would recommend the company to schedule updates after hours so they don’t affect with employee work rate and making sure that they are not affected by limited bandwidth. Generally, it is recommended to upgrade a server operating on Operating Systems such as Windows Server 2016, however I would also like the company to replace these servers, as they are nearing to the end of its supported life and eventually needing to be replaced in order to being able to the latest security patches and features to protect against vulnerabilities.

 

At the moment, TeachTechNow is providing all users with administrative login to allow them to install software when required. This can be a massive issue as it can introduce many cyber-attacks both technical and non-technical. If a user is using their own external drivers at the classroom or laptops in the office, there is a high chance of the following threats:

-          Adware:

This is a type of software which will be showing the user continuous ads, such as pop-ups. Adware’s themselves are harmless to the user however they may include other malware such as key loggers which will then affect the user system.

-          Key Logger:

Key logger is installed on to the user’s device and its purpose is to record the users key strokes so the they can gain any type of information by the user. When the user is typing some confidential data such as passwords the hacker will be able to see what the user is typing this will allow them to steal this information without the user being aware of it.

-          Virus:

This is a program that is installed into the user’s computer, this then replicates itself and spreads throughout the computer and to other users’ computers as well. They do this by simply affecting files and when the user sends this to other users, they will download the file which then can affect their system as well as the virus is carried over to their system.

-          Worm:

This type of malware uses the network to spread itself. Unlike a virus this doesn't to be attached to an existing program, there harm is very minimal as they only affect the user’s bandwidth by consuming it.

-          Botnets:

There sole purpose is to take over the digital system, this type of malware allows the hacker to take control of the digital system which has been affected without the user's awareness. This results in an interconnected network of infected computer systems.

 

These threats can have a massive impact on the company, due to users having access to all files and resources it will mean that if a successful attack occurs it has the capabilities to modify and delete data. This can lead to many consequences such as legal, financial, and social, as it can ruin the company reputation and brand image which may lead to stakeholders and investors pulling back and potentially leaving the company bankrupt. However, this are not the only threats that are posed by shared administration login, Insider threats is a perceived threat to an organization from someone who has access to the organization's sensitive information. This could be an employee, former employee, contractor, or business associate. Insider threats can be intentional or unintentional, and can have serious consequences for an organization. This also bring consequences to the company of which they can lead to data theft, financial fraud, identity theft, and reputational damage. This can also result in fines and legal action. Therefore, I suggest the company to consider different types of access controls for the employees working. I would like to point out role-based access control as it may be the most suitable type of access control for TeachTechNow as it consists of having the rightful amount of data available to the employee depending on there role in the organization. This would mean if there is a case of a successful cyber attack the amount of data at risk will be minimal depending on the user that has been attacked.

 

Staff and Employee are obligated to attend a short presentation using video conferencing software. This introduces them to organization, network, software, and security systems. They are then provided with a copy of all policies on email and are asked to complete an online form to confirm policies have been read and understood. This can be critical as it is known that human error is 90% of the time the cause of successful cyber-attacks. This means it is important for staff and employees to be able to understand the overall new threats so that they know how to prevent them and take actions upon it. Furthermore, the presentation over video conferencing can be interfered with factors such as slow internet and lag which can mean that some things might not be understood by the employee. Therefore, I would suggest physical meetings which would remove all technical factors and allow the employee to grasp the threats. They should host meeting regularly as cyber attacks are developing at a high rate with factors such as Artificial Intelligence which enables more sophisticated attacks which may seem genuine. This will allow users to take more precautions and know how to deal with these attacks reducing help line desk phone time as well.

 

In the classroom, they are designed to facilitate up to 20 students to attend a course. The classroom provides 10 desktops computers that use a generic student’s account and a generic password. This can be crucial as it may introduce issues such as students who are able to access other users accounts which may lead to modification and loss of data. To minimize these vulnerabilities, the company can make sure that each employee changes their passwords from there default. To create a strong a password they can implement combination of characters, numbers, and special characters. Implementation of further authentication methods can robust the security of these desktops’ devices, there are many different type of authentication methods, they follow as: 

  • Two-Factor authentication: This is a common method to verify the user, as it requires a user to provide two methods of authentication to verify their identity
  • Biometric authentication: This method uses physical characteristics of a user such as a fingerprint or facial recognition to confirm the user’s identity
  • API keys: This is a code used to identify and authenticate the user. API keys are available through platforms, such as a white-labelled internal marketplace. They also act as a unique identifier and provide a secret token for authentication purposes.

Reading through Control document C, the security settings applied by policy to all users is set to default, with no type of security measures being applied such as virus & threat protection, firewall & network protection, and other features such as account protection which require the users to sign in to. Without these settings the network would be seen as unprotected and would allow hackers to intercept data easily as there is no security measure in place. I would strongly recommend the organization to update their policy and make sure that they are turning on features such as virus & threat protection and firewall & network protection, they role are simple:

-          Virus and threat protection involves safeguarding devices from various malicious threats like viruses, malware, and ransomware. It includes like features like real time scanning, which would allow to identify and threat and remove as well as preventing attacks on files and protected folders.

-          Firewall and network protection acts as the first line of defence, inspecting and filtering network traffic based on pre-defined security rules. It is important that these rules are regulated and checked ever so often as they can be crucial on detecting threats.

  

One of the requirements was to enrol a robust solution for storing, managing, and providing access to company files and data, regardless of location. Currently, there is nothing that allows it to be implemented, therefore I would like to suggest a public cloud environment, some company data will be stored on a public cloud environment which can present both benefits and risks, including security concerns like data breaches, weak authentication, and lack of encryption. However, it also offers scalability and cost effectiveness. Storing sensitive data or regulated data in the cloud raises concerns about complying with industry and regional regulations which can damage the company legally and financially and reputationally. Furthermore, as the data stored on the public cloud it can mean that anyone can access and edit the data which increase insider threat and perhaps give competitors an advantage as they would be able to access the data. 


UPDATED TOPOLOGY

 

 

 


HARDWARE/SOFTWARE JUSTIFICATION

 

Hardware/Software required:

 

-          Switch:

By adding a secondary switch provides a backup path, ensuring network connectivity even if the primary switch or a link fails. With multiple switches, the network isn’t reliant on a single device for a communication. Problems can be isolated to the faulty switch or link without affecting the rest of the network. This also ads to scalability and flexibility as multiple switches will be able to handle higher volumes of traffic than a single switch. With multiple paths, data can be routed through the most efficient available switch, potentially speeding up transfer times.   

-          Wireless Access Point:

By adding a secondary WAP can significantly expand the Wi-Fi range, reaching areas where the original router’s signal weakens or disappears. By reducing the load on the primary WAP, a secondary WAP can help alleviate congestion and improve data transfer speeds for devices within its coverage. Multiple WAPs can support a higher number of connected devices without experiencing performance degradation. With shorter distance between devices and WAPs, latency can be reduced. By utilizing different channels for each WAP, interference between the 2 devices can be minimized, further enhancing performance. It provides flexibility in network configuration, allowing the users to tailor their wireless coverage and performance to their specific needs.

-          Public Cloud Environment:

Public cloud environments provide the ability to easily scale resources up or down based on demand, offering greater flexibility compared to traditional on-premises infrastructure. By leveraging a pay-as-you-go model, organization can reduce capital expenditures and operational costs associated with hardware, software, and maintenance. Public clouds offer a wide range of specialized services, such as cloud storage, databases, and analytics, which can be easily integrated into the network topology. They can provide better performance and lower latency, especially when accessing applications and data hosted in the cloud.

-          Virtual Server:

Lower hardware costs are a major benefit. Fewer physical servers mean less capital expenditure on hardware, as well as reduced operational costs related to power, cooling, and physical maintenance. Virtualization enables rapid scaling of resources to meet changing business needs. VMs can be easily provisioned, moved, or cloned, providing flexibility to quickly adapt to workload demands. This is particularly useful for dynamic workloads like web applications or cloud services.


COSTS

 

DEVICE

HARDWARE/SOFTWARE

OPERATING SYSTEM

NEW HARDWARE/SOFTWARE

NEW OPERATING SYSTEM

PRICE (£)

LINK

MANAGED

SWITCH

/

/

Dell S3148 Networking

/

£379.99

https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=0CHsQj_IEahcKEwjg6_eZ6_-MAxUAAAAAHQAAAAAQBQ&url=https%3A%2F%2Fsiliconconnect.co.uk%2Fproduct%2Fdell-emc-s3100-s3148-48-port-layer-3-managed-gigabit-network-switch%2F%3Futm_source%3DGoogle%2BShopping%26utm_campaign%3DPFP%2Bfeed%26utm_medium%3Dcpc%26utm_term%3D18475%26srsltid%3DAfmBOoofDAUKHD_5c4FIEROxncEXm0R7FgeMm-ocYF7n5F4MpmIFuSKRgE8%26gQT%3D1&psig=AOvVaw2J4Azwonfxn3xaZyxq-QDC&ust=1746105197596169&opi=89978449

WAP

/

/

Dell EMC Networking Aerohive AP550 Wireless Access Terminal

/

£324.50

Dell EMC Networking Aerohive AP550 Wireless Access Terminal 802.11ac Wave 2 Bluetooth Wi-Fi Dual Band Dell Smart Value Flexi : Amazon.co.uk: Computers & Accessories

Office365

/

/

Microsoft 365 Business Standard

/

£9.60

User/month

(Paid yearly)

Microsoft 365 Business Standard - Sign up

Server Licenses

X3

/

/

Window Server 2025

/

£7203

Per license

Windows Server 2025 Licensing & Pricing | Microsoft

               

 

 

 

 

POTENTIAL INVESTMENTS

 

 

 

DEVICE

HARDWARE/SOFTWARE

OPERATING SYSTEM

NEW HARDWARE/SOFTWARE

NEW OPERATING SYSTEM

PRICE (£)

LINK

Laptops X10

Unknown

Unknown

Inspiron 15 Laptops

Windows 11 Home

£379.01

https://www.dell.com/en-uk/shop/laptops-2-in-1-pcs/inspiron-15-laptop/spd/inspiron-15-3520-laptop/cn32042sc?ref=variantstack

Desktops X10

Unknown

Unknown

Tower Desktop

Windows 11 Home

£599.00

https://www.dell.com/en-uk/shop/desktop-computers/dell-tower-desktop/spd/dell-ect1250-desktop/cdect125005?ref=variantstack

Monitor X10

Unknown

Unknown

Dell Pro 24 plus 16:10

/

£242.20

https://www.dell.com/en-uk/shop/dell-pro-24-plus-16-10-usb-c-hub-monitor-p2425e/apd/210-bmjf/monitors-monitor-accessories


 

DEVICE

MONTHLY COST

ANNUAL COST

TOTAL COST

Managed Switch

/

£379.99

£379.99

WAP

/

£324.50

£324.50

Office 365

£9.60 user/monthly

/

£96.00

Server Licenses X3

/

£7203 per license

£21,609

Laptops

X10

/

£379.01

£3790.10

Desktops

X10

/

£599.00

£5990.00

Monitor

X10

 

 

/

£242.20

£2422.00

 

 

ONE OFF PAYMENT

£34,611.59

ANNUAL PAYMENT

£1,152.00

 

 

 


POTENTIAL NETWORK AND SYSTEM SECURITY ISSUES:

 

SHARED ADMINSTRATION LOGIN:  

 

In the controlled document D, it is made evident that all users have been enabled shared administrator login. This can be seen as vulnerable as all users will be able to change and access any other user's data. This can introduce multiple concerns such as malicious employee that exploit their rights to gain access to this data for malicious purposes. It is also important to consider the different legislation around data protection such as GDPR and DPA which makes sure that all data is kept confidential. In any case of a data breach, this legislation will be broken and can lead to many consequences for the company. This includes fines and lawsuits, with other consequences such as bad reputation, loss of clients and customers, and stakeholders and investors losing interest in the company. 

The GDPR principles include: 

·         Lawfulness, fairness and transparency 

·         Purpose limitation 

·         Data minimisation 

·         Accuracy  

·         Storage limitation 

·         Integrity and confidentiality  

·         Accountability  

Therefore, I suggest the company to add user access levels and make sure that the administrator login and password are secure and regularly updated to prevent the risk of any threats. By adding user access levels, in the company it will make sure that all employees have access to data according to their job role in the company, this will mean that they only have access to data relevant to their needs.

 

ROLE BASED ACCESS CONTROL (RBAC): 

 

Role-Based Access Control (RBAC) implementation can face challenges like role explosion, poor role design leading to excessive permissions, and difficulty in managing and maintaining roles, especially in large organizations. As organization grows and their needs become more complex, for example Swift FinTech expansion plans will increase the number of staff members and include new job roles. This makes it difficult to manage and audit access permissions. Many roles can lead to confusion, increased administrative overhead, and potential security risks if not managed effectively. Roles that are not well-defined or based on a thorough analysis of business needs can lead to excessive permissions or gaps in access control. This can lead to unauthorised software and application to be downloaded on the system which can include malicious attachments such as viruses and worms which will damage data in the network system. To correctly implement role-based access controls into the system, they should define roles depending on their job and position in the company. Thereafter, they should assign permissions to roles according to the minimum necessary permissions to perform their tasks for each job role in the company. Then they should assign users to roles corresponding to their job function, you could also consider assigning users to groups where each group has a specific role, simplifying administration. Lastly, implement RBAC in the system by choosing the application or system desired to enforce access control based on user roles. Identify the resources that need to be protected and configured them to use RBAC. They should also carry out regular monitoring and audits. Regularly audit access control to ensure that permissions are appropriately assigned and that no unauthorized access occurs. 

 

TeachTechNow should consider a number of implementation techniques such as; parallel, phased, pilot, direct. 

 

DIRECT

This involves a complete and immediate switch from the old system to the new one on a specific date. This can be fast and relatively inexpensive but comes with the high risk of disruption if the new system fails or has issues.  

PILOT

This approach involves rolling out the new system to a small, representative group of users or a specific department to test out the system before it is implemented. This allows for testing and refinement of the new system with minimal impact on the overall organization. However, it can be time consuming and may not fully represent the entire user base. 

PARELLEL

This method involves running both systems concurrently for a period of time, allowing data comparison and user training before fully switching over. This has the least risks, as users can continue using the old system while transitioning. However, this is also the most expensive and resource-intensive, as it requires maintaining 2 systems simultaneously. 

PHASED

This approach involves introducing the new system in stages, with different modules or functionality gradually being rolled out. This allows more controlled and less disruptive transition, with the ability to address issues as they arise. 

The company should consider the best method to implement the system by evaluating the benefits and drawbacks. Personally, they should implement a pilot implementation technique as it will test out all the components and modules of the system without interfering with the current system. They should pick out a day where no staff is working when transitioning to the new system to reduce the likelihood of any risks. 

 

FINAL SUMMARY

 

With the proposed project to TeachTechNow, we were asked to assess the specification of requirements and prepare a proposal that addresses their needs. We were provided with current issues and used our understanding to highlight any possible issues that could have affect TeachTechNow and created suggestions based off the issues. 

 

Not only did we suggest hardware and software for the company to use on-site, but also to use as a standardisation for each individual employee. We also included a justification for each suggestion, and for each suggestion we provided a cost table to show how much each product costs, how many products, and total costs.

  

Issues with unnecessary high-level access and shared credentials, which should have been eliminated, have all been taken care of as acceptable suggestions are made on how they could mitigate those issues.

 

It is also made possible for hybrid workers to easily access resources online as they there have been a suggestion of a virtual server which allows the users to access, store, and share data from anywhere at any times making it more efficient as well as meeting on of there requirements. Furthermore, there has been changes to the network as classroom and office network have been standardized which makes sure that there is no IP address errors and that rightful data is accessible for each employee and student.

 

All changes implemented into the new proposal tend to meet all guidelines of different legislations such as DPA and GDPR. This will help them maintain a safe network and make sure that all client/costumer data is kept safe, this will increase the trust of the client and Swift FinTech which will help them build a good relationship and maintaining a loyal client for a long period of time.

 

In term of long term, we can ensure the proposal to remain the same for about 3-4 years, the reason for that is because technology is evolving at a rapid rate and it is important for a company to exploit the technology available to them to compete with their competitors. If they don’t implement changes, it will restrict the company from accessing new services and features which would give their competitors an advantage.

 

Therefore, it is vital for an organization to keep changing their operating system to keep track of new services which could improve their deliverables. As for software licensing they tend to update in terms of payment lengths and services which means they also need to be changed after a while to have the full access to software’s. 

 

 

Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2