Task 2 Old

 TASK 2

HARDEEP SINGH

13 MAY 2025

THOMAS TELFORD UTC

 

Singh_H_107557087_Task2

Page 1 of 9

Contents

INTERVIEW QUESTIONS..................................................................................................................2

TECHINCAL EMAIL............................................................................................................................4

NON_TECHNICAL EMAIL.................................................................................................................8

Singh_H_107557087_Task2

Page 2 of 9

INTERVIEW QUESTIONS

Hi, I am the cyber security consultant that was requested to investigate your 

company to grasp issues within the network security measures. My name is Hardeep 

pleased to meet you, today I will be asking you a series of questions which will help 

me unveil the key issues within the network structure: My first question is ….

1) As stated in the brief, can you walk me through how the malware attack was 

detected?

Made aware when files where deleted and NAS storage was affected.

2) What kind of malware was involved in the attack (e.g., ransomware, 

spyware)?

Not sure

3) Following the result of the 2-client loss, how has this affected the organization 

ever since?

Future loss of finance

4) What security measures are in place to protect the company's network and 

data?

Firewall built into SOHO router, VPN supplied username and password, NAS 

has a shared administrative account. 

5) How does the company ensure personal and sensitive data is protected?

NAS drive keeps the most data and its only accessed by staff.

6) What is the backup process for company data, and how often are backups 

tested?

No backup test at the moment

7) Are employees given regular training on cybersecurity best practices?

No, they have an initial induction day where they are provided to 3 videos of 2 

hours and focus on password security and working safely with equipment and 

on the network and devices.

8) Does the company have an incident response plan in place for cyber threats?

Not at the moment

9) Are their regular security drills or simulations conducted?

No

10)My suggestions are that you may want to change the way they access they 

access the network, are you comfortable with that?

Yes 

11)Has the company experienced the usage of Cloud environment, if not would 

you be open to implement it?

Yes, they would be open to be implemented

12)Cloud environment allows to store data over the internet, however the security 

behind it is out of our control. Are you comfortable with such changes?

Yes, open to changes.

Firewall:

1) What type of firewall does the company currently use (e.g., hardware, 

software, cloud-based?

Hardware through the router

2) Is the firewall configured to filter both inbound and outbound traffic?

Singh_H_107557087_Task2

Page 3 of 9

Yes, it allows most traffic by default

3) Are there different firewall rules for different departments or user groups?

No, some ports are blocked not clear which one and why.

4) How often are firewalls rules reviewed and updated?

Not clear as not sure.

5) Does the firewall log network activity? If so, how often are those logs 

reviewed?

Does not alert for suspicious activity

NAS:

1) What type of NAS system does the company use, and how is it integrated into 

the network?

It’s a Linux based operation system, which use their shared administrator

login to access. Hybrid users that connect via the VPN to the NAS.

2) Are there different access permissions for different users or departments?

No, staff have own device with local admin accounts.

SOHO routers:

1) What make and model of SOHO router is currently being used?

Not sure, however it’s designed for small business and acts like a central 

hub.

2) Is the router configured with the default settings, or has it been customized 

for the network?

Currently uses default admin credentials and encryption is WPA

3) Is the default administrator username and password changed?

Admin password and Admin username

4) Is the router’s firewall enabled and properly configured?

It’s not as it allows inbound and outbound traffic, as some ports are blocked.

5) Does the router support and use WPA3 or WPA2 encryption for Wi-Fi 

security?

Not sure

Future Improvements:

1) What is the biggest cybersecurity challenging the organization is currently 

facing/faced?

Loss of data and malware attacks, as they are unsure what and how it has 

happened.

2) Are there any other concerns with the overall security management for the 

company? 

Staff find the VPN too technical to comprehend.

3) Any issues with the different level of access?

Admin account allows them to install unauthorized software.

Singh_H_107557087_Task2

Page 4 of 9

TECHINCAL EMAIL

FROM: HardeepSingh@cyberconsulting.com

TO: linemanager@cyberconsulting.com

CC/BCC: managingdirector@longstaffmarketingsolution.com

SUBJECT: Follow up Investigation with IT manager

Dear Line Manager,

After having a meeting with the IT manager at Longstaff Marketing Solutions, I was 

able to grasp an overview of the current issues at the organization. I had the 

opportunity to ask a set of questions to understand the overall security 

management of the company and been able to outline the key issues that pose 

threat to the company.

QUESTION: " As stated in the brief, can you walk me through how the malware 

attack was detected?"

RESPONSE: "we were made aware when files where deleted and NAS storage 

was affected "

KEY ISSUES: These issues could have further escalated if it was not alerted and 

may have led to further loss of data. As of result of this attack it has resulted in the 

loss of 2 major clients which have affected the company both financially and in the 

legal aspect as they failed to meet legal practices such as GDPR regulations. 

SOLUTIONS: They should install a defensive line such as intrusion detection 

software, a security technology that monitors network traffic or system activity for 

malicious behaviour or policy violations. With an intrusion prevention system, a 

network security tool that monitors network traffic for malicious activity and actively 

blocks it, preventing threats from entering or spreading within the network. 

QUESTION: " What security measures are in place to protect the company's 

network and data?”

RESPONSE: " Firewall built into SOHO router, VPN with users being supplied with 

username and password, NAS has a shared administrative account to allow 

access to the resources."

KEY ISSUES: The main concern with these security measures is that the 

credentials provided for such measures are set to the minimal. With default

“Admin” password and “Admin” username, it poses a significant security risk as 

they can be compromised by attackers, leading to unauthorized access to systems 

and data. These are often characterized by being simple, common, or reused 

across multiple accounts. Attackers can use techniques like dictionary attacks or 

brute-force methods to try various combinations until they find the correct 

Singh_H_107557087_Task2

Page 5 of 9

password. Successful password cracking can allow attackers to gain access to 

sensitive data, personal information, or even take control of entire systems.

SOLUTIONS: To prevent this from future exploitation, always change the default 

credential and disable unnecessary accounts before a system is deployed. 

Furthermore, by implementing Role-Based access control it will allow users to 

have access to data relevant to there role in the organization. This can limit the 

amount of data the attacker can exploit in a cyber-attack event.

QUESTION: " Are employees given regular training on cybersecurity best 

practices?”

RESPONSE: "No, they have an initial induction day where they are provided to 3 

videos of 2 hours and focus on password security and working safely with 

equipment and on the network and devices"

KEY ISSUES: It is important to conduct regular training as it improved employee 

skills, boost morale, and enhance overall performance, leading to increase 

productivity, costumer satisfaction, and reduced turnover. However, if the staff are 

not provided with such training it can lead to human error and lead to 

vulnerabilities within the network security system.

SOLUTIONS: By implementing regular training with up-to-date content, it will help 

them understand the different methods of malware and learn on how to spot such 

attacks. They will be able to take action accordingly without requiring further 

assistance and escalating the problem.

QUESTION: " Is the firewall configured to filter both inbound and outbound traffic?"

RESPONSE: " Yes, it allows most traffic by default and been blocking some ports 

that we were unable to identify”

KEY ISSUES: The key issues with open ports are that they increase the attack 

surface, allowing hackers to potentially exploit vulnerabilities in services and 

applications running on those ports. This can then further lead to breaches, 

malware infections, data leaks, and denial of service attacks which will affect the 

employee work rate and progress.

SOLUTIONS: By configuring firewalls and network devices to allow or block traffic 

on designated ports, and verifying that services using those ports are functioning 

correctly it will resolve the issue of allowing too much traffic into the network and 

prevent any harmful data to get through.

Singh_H_107557087_Task2

Page 6 of 9

QUESTION: " What type of NAS system does the company use, and how is it 

integrated into the network?"

RESPONSE: " It’s a Linux based operation system, which use their shared 

administrator login to access. Hybrid users that connect via the VPN to the NAS "

KEY ISSUES: Use of shared administration login can put the system at risk from

attackers, as a largely number of users know the credentials it increases the 

likelihood of malicious employee and other threats that can affect the company’s 

data. Insider threats is a perceived threat to an organization from someone who 

has access to the organization's sensitive information. This could be an employee, 

former employee, contractor, or business associate. Insider threats can be 

intentional or unintentional, and can have serious consequences for an 

organization. This also bring consequences to the company of which they can lead 

to data theft, financial fraud, identity theft, and reputational damage. This can also 

result in fines and legal action.

SOLUTIONS: Adding Role-Based access control offers several advantages, 

primarily centred around enhanced security, improved efficiency, and better 

compliance. By grouping users based on their roles and granting permissions 

accordingly, RBAC reduces the risk of unauthorized access, simplifies user 

management, and helps organizations meet regulatory requirements.

QUESTION: " Is the router configured with the default settings, or has it been 

customized for the network?”

IT RESPONSE: " Currently uses default admin credentials and encryption is WPA”

KEY ISSUES: The router currently uses default settings with weak credentials, 

which can experience common issues like forgetting login credentials, facing 

connectivity issues, or encountering malfunctions. These issues can arise from 

various reasons, including memory limitations, configuration conflict, or even 

hardware malfunctions. The use of WPA encryption is not specified weather they 

are using a WPA2 or WPA3 as normal WPA is considered weaker than the 

modern versions, they usually have compatibility issues as well due to new 

vulnerabilities and new stronger protocols.

SOLUTIONS: it’s crucial to change these default credentials as soon as possible 

for enhanced security. Up-to-date encryptions will provide better protocols which 

are better adapted to newer threats.

Singh_H_107557087_Task2

Page 7 of 9

To conclude, my findings from the interview with the IT manager have made aware 

of the main concerns such as:

- NAS default credentials

- Firewall misconfiguration

- Little amount of Staff Training

- Alerts to any cyber-attack

Thanks for your time and I hope this email reaches you well. Hope this will help 

you make and recognize appropriate changes required to enhance security in the 

company.

Kind Regards, 

Hardeep Singh

Cyber Consultant

Singh_H_107557087_Task2

Page 8 of 9

NON_TECHNICAL EMAIL

FROM: HardeepSingh@@cyberconsulting.com

TO: managingdirector@longstaffmarketingsolution.com

CC/BCC:

SUBJECT: Network security consultation

Dear Managing Director,

Hope your well, I am writing to discuss key issues within the network security system at 

Longstaff Marketing Solutions. At the moment most hardware is currently using weak 

credentials which can pose threats to the network as they can lead to data breaches with 

factors such as Legal, Financial, Social consequences as a result. To prevent this from 

future exploitation, always change the default credential and disable unnecessary accounts 

before a system is deployed. Furthermore, by implementing Role-Based access control it 

will allow users to have access to data relevant to their role in the organization. This can 

limit the amount of data the attacker can exploit in a cyber-attack event. The router 

currently uses default settings with weak credentials, which can experience common 

issues like forgetting login credentials, facing connectivity issues, or encountering 

malfunctions. These issues can arise from various reasons, including memory limitations, 

configuration conflict, or even hardware malfunctions. it’s crucial to change these default 

credentials as soon as possible for enhanced security. It is important to conduct regular 

training as it improved employee skills, boost morale, and enhance overall performance, 

leading to increase productivity, customer satisfaction, and reduced turnover. However, if 

the staff are not provided with such training it can lead to human error and lead to 

vulnerabilities within the network security system. By implementing regular training with upto-date content, it will help them understand the different methods of malware and learn on 

how to spot such attacks. They will be able to take action accordingly without requiring 

further assistance and escalating the problem. The key issues with open ports are that 

they increase the attack surface, allowing hackers to potentially exploit vulnerabilities in 

services and applications running on those ports. By configuring firewalls and network 

devices to allow or block traffic on designated ports, and verifying that services using those 

ports are functioning correctly it will resolve the issue of allowing too much traffic into the 

network and prevent any harmful data to get through. Use of shared administration login 

can put the system at risk from attackers, as a largely number of users know the 

credentials it increases the likelihood of malicious employee and other threats that can 

affect the company’s data. Insider threats is a perceived threat to an organization from 

someone who has access to the organization's sensitive information. This could be an 

employee, former employee, contractor, or business associate. Insider threats can be 

intentional or unintentional, and can have serious consequences for an organization. This 

also bring consequences to the company of which they can lead to data theft, financial 

fraud, identity theft, and reputational damage. This can also result in fines and legal action.

Singh_H_107557087_Task2

Page 9 of 9

Adding Role-Based access control offers several advantages, primarily centred around 

enhanced security, improved efficiency, and better compliance. The router currently uses 

default settings with weak credentials, which can experience common issues like forgetting 

login credentials, facing connectivity issues, or encountering malfunctions. These issues 

can arise from various reasons, including memory limitations, configuration conflict, or 

even hardware malfunctions.

Thanks for your time and I hope this email reaches you well. Hope this will help you make 

and recognize appropriate changes required to enhance security in the company.

Kind Regards, 

Hardeep Singh

Cyber Consultant

Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2