Task 2 Old
TASK 2
HARDEEP SINGH
13 MAY 2025
THOMAS TELFORD UTC
Singh_H_107557087_Task2
Page 1 of 9
Contents
INTERVIEW QUESTIONS..................................................................................................................2
TECHINCAL EMAIL............................................................................................................................4
NON_TECHNICAL EMAIL.................................................................................................................8
Singh_H_107557087_Task2
Page 2 of 9
INTERVIEW QUESTIONS
Hi, I am the cyber security consultant that was requested to investigate your
company to grasp issues within the network security measures. My name is Hardeep
pleased to meet you, today I will be asking you a series of questions which will help
me unveil the key issues within the network structure: My first question is ….
1) As stated in the brief, can you walk me through how the malware attack was
detected?
Made aware when files where deleted and NAS storage was affected.
2) What kind of malware was involved in the attack (e.g., ransomware,
spyware)?
Not sure
3) Following the result of the 2-client loss, how has this affected the organization
ever since?
Future loss of finance
4) What security measures are in place to protect the company's network and
data?
Firewall built into SOHO router, VPN supplied username and password, NAS
has a shared administrative account.
5) How does the company ensure personal and sensitive data is protected?
NAS drive keeps the most data and its only accessed by staff.
6) What is the backup process for company data, and how often are backups
tested?
No backup test at the moment
7) Are employees given regular training on cybersecurity best practices?
No, they have an initial induction day where they are provided to 3 videos of 2
hours and focus on password security and working safely with equipment and
on the network and devices.
8) Does the company have an incident response plan in place for cyber threats?
Not at the moment
9) Are their regular security drills or simulations conducted?
No
10)My suggestions are that you may want to change the way they access they
access the network, are you comfortable with that?
Yes
11)Has the company experienced the usage of Cloud environment, if not would
you be open to implement it?
Yes, they would be open to be implemented
12)Cloud environment allows to store data over the internet, however the security
behind it is out of our control. Are you comfortable with such changes?
Yes, open to changes.
Firewall:
1) What type of firewall does the company currently use (e.g., hardware,
software, cloud-based?
Hardware through the router
2) Is the firewall configured to filter both inbound and outbound traffic?
Singh_H_107557087_Task2
Page 3 of 9
Yes, it allows most traffic by default
3) Are there different firewall rules for different departments or user groups?
No, some ports are blocked not clear which one and why.
4) How often are firewalls rules reviewed and updated?
Not clear as not sure.
5) Does the firewall log network activity? If so, how often are those logs
reviewed?
Does not alert for suspicious activity
NAS:
1) What type of NAS system does the company use, and how is it integrated into
the network?
It’s a Linux based operation system, which use their shared administrator
login to access. Hybrid users that connect via the VPN to the NAS.
2) Are there different access permissions for different users or departments?
No, staff have own device with local admin accounts.
SOHO routers:
1) What make and model of SOHO router is currently being used?
Not sure, however it’s designed for small business and acts like a central
hub.
2) Is the router configured with the default settings, or has it been customized
for the network?
Currently uses default admin credentials and encryption is WPA
3) Is the default administrator username and password changed?
Admin password and Admin username
4) Is the router’s firewall enabled and properly configured?
It’s not as it allows inbound and outbound traffic, as some ports are blocked.
5) Does the router support and use WPA3 or WPA2 encryption for Wi-Fi
security?
Not sure
Future Improvements:
1) What is the biggest cybersecurity challenging the organization is currently
facing/faced?
Loss of data and malware attacks, as they are unsure what and how it has
happened.
2) Are there any other concerns with the overall security management for the
company?
Staff find the VPN too technical to comprehend.
3) Any issues with the different level of access?
Admin account allows them to install unauthorized software.
Singh_H_107557087_Task2
Page 4 of 9
TECHINCAL EMAIL
FROM: HardeepSingh@cyberconsulting.com
TO: linemanager@cyberconsulting.com
CC/BCC: managingdirector@longstaffmarketingsolution.com
SUBJECT: Follow up Investigation with IT manager
Dear Line Manager,
After having a meeting with the IT manager at Longstaff Marketing Solutions, I was
able to grasp an overview of the current issues at the organization. I had the
opportunity to ask a set of questions to understand the overall security
management of the company and been able to outline the key issues that pose
threat to the company.
QUESTION: " As stated in the brief, can you walk me through how the malware
attack was detected?"
RESPONSE: "we were made aware when files where deleted and NAS storage
was affected "
KEY ISSUES: These issues could have further escalated if it was not alerted and
may have led to further loss of data. As of result of this attack it has resulted in the
loss of 2 major clients which have affected the company both financially and in the
legal aspect as they failed to meet legal practices such as GDPR regulations.
SOLUTIONS: They should install a defensive line such as intrusion detection
software, a security technology that monitors network traffic or system activity for
malicious behaviour or policy violations. With an intrusion prevention system, a
network security tool that monitors network traffic for malicious activity and actively
blocks it, preventing threats from entering or spreading within the network.
QUESTION: " What security measures are in place to protect the company's
network and data?”
RESPONSE: " Firewall built into SOHO router, VPN with users being supplied with
username and password, NAS has a shared administrative account to allow
access to the resources."
KEY ISSUES: The main concern with these security measures is that the
credentials provided for such measures are set to the minimal. With default
“Admin” password and “Admin” username, it poses a significant security risk as
they can be compromised by attackers, leading to unauthorized access to systems
and data. These are often characterized by being simple, common, or reused
across multiple accounts. Attackers can use techniques like dictionary attacks or
brute-force methods to try various combinations until they find the correct
Singh_H_107557087_Task2
Page 5 of 9
password. Successful password cracking can allow attackers to gain access to
sensitive data, personal information, or even take control of entire systems.
SOLUTIONS: To prevent this from future exploitation, always change the default
credential and disable unnecessary accounts before a system is deployed.
Furthermore, by implementing Role-Based access control it will allow users to
have access to data relevant to there role in the organization. This can limit the
amount of data the attacker can exploit in a cyber-attack event.
QUESTION: " Are employees given regular training on cybersecurity best
practices?”
RESPONSE: "No, they have an initial induction day where they are provided to 3
videos of 2 hours and focus on password security and working safely with
equipment and on the network and devices"
KEY ISSUES: It is important to conduct regular training as it improved employee
skills, boost morale, and enhance overall performance, leading to increase
productivity, costumer satisfaction, and reduced turnover. However, if the staff are
not provided with such training it can lead to human error and lead to
vulnerabilities within the network security system.
SOLUTIONS: By implementing regular training with up-to-date content, it will help
them understand the different methods of malware and learn on how to spot such
attacks. They will be able to take action accordingly without requiring further
assistance and escalating the problem.
QUESTION: " Is the firewall configured to filter both inbound and outbound traffic?"
RESPONSE: " Yes, it allows most traffic by default and been blocking some ports
that we were unable to identify”
KEY ISSUES: The key issues with open ports are that they increase the attack
surface, allowing hackers to potentially exploit vulnerabilities in services and
applications running on those ports. This can then further lead to breaches,
malware infections, data leaks, and denial of service attacks which will affect the
employee work rate and progress.
SOLUTIONS: By configuring firewalls and network devices to allow or block traffic
on designated ports, and verifying that services using those ports are functioning
correctly it will resolve the issue of allowing too much traffic into the network and
prevent any harmful data to get through.
Singh_H_107557087_Task2
Page 6 of 9
QUESTION: " What type of NAS system does the company use, and how is it
integrated into the network?"
RESPONSE: " It’s a Linux based operation system, which use their shared
administrator login to access. Hybrid users that connect via the VPN to the NAS "
KEY ISSUES: Use of shared administration login can put the system at risk from
attackers, as a largely number of users know the credentials it increases the
likelihood of malicious employee and other threats that can affect the company’s
data. Insider threats is a perceived threat to an organization from someone who
has access to the organization's sensitive information. This could be an employee,
former employee, contractor, or business associate. Insider threats can be
intentional or unintentional, and can have serious consequences for an
organization. This also bring consequences to the company of which they can lead
to data theft, financial fraud, identity theft, and reputational damage. This can also
result in fines and legal action.
SOLUTIONS: Adding Role-Based access control offers several advantages,
primarily centred around enhanced security, improved efficiency, and better
compliance. By grouping users based on their roles and granting permissions
accordingly, RBAC reduces the risk of unauthorized access, simplifies user
management, and helps organizations meet regulatory requirements.
QUESTION: " Is the router configured with the default settings, or has it been
customized for the network?”
IT RESPONSE: " Currently uses default admin credentials and encryption is WPA”
KEY ISSUES: The router currently uses default settings with weak credentials,
which can experience common issues like forgetting login credentials, facing
connectivity issues, or encountering malfunctions. These issues can arise from
various reasons, including memory limitations, configuration conflict, or even
hardware malfunctions. The use of WPA encryption is not specified weather they
are using a WPA2 or WPA3 as normal WPA is considered weaker than the
modern versions, they usually have compatibility issues as well due to new
vulnerabilities and new stronger protocols.
SOLUTIONS: it’s crucial to change these default credentials as soon as possible
for enhanced security. Up-to-date encryptions will provide better protocols which
are better adapted to newer threats.
Singh_H_107557087_Task2
Page 7 of 9
To conclude, my findings from the interview with the IT manager have made aware
of the main concerns such as:
- NAS default credentials
- Firewall misconfiguration
- Little amount of Staff Training
- Alerts to any cyber-attack
Thanks for your time and I hope this email reaches you well. Hope this will help
you make and recognize appropriate changes required to enhance security in the
company.
Kind Regards,
Hardeep Singh
Cyber Consultant
Singh_H_107557087_Task2
Page 8 of 9
NON_TECHNICAL EMAIL
FROM: HardeepSingh@@cyberconsulting.com
TO: managingdirector@longstaffmarketingsolution.com
CC/BCC:
SUBJECT: Network security consultation
Dear Managing Director,
Hope your well, I am writing to discuss key issues within the network security system at
Longstaff Marketing Solutions. At the moment most hardware is currently using weak
credentials which can pose threats to the network as they can lead to data breaches with
factors such as Legal, Financial, Social consequences as a result. To prevent this from
future exploitation, always change the default credential and disable unnecessary accounts
before a system is deployed. Furthermore, by implementing Role-Based access control it
will allow users to have access to data relevant to their role in the organization. This can
limit the amount of data the attacker can exploit in a cyber-attack event. The router
currently uses default settings with weak credentials, which can experience common
issues like forgetting login credentials, facing connectivity issues, or encountering
malfunctions. These issues can arise from various reasons, including memory limitations,
configuration conflict, or even hardware malfunctions. it’s crucial to change these default
credentials as soon as possible for enhanced security. It is important to conduct regular
training as it improved employee skills, boost morale, and enhance overall performance,
leading to increase productivity, customer satisfaction, and reduced turnover. However, if
the staff are not provided with such training it can lead to human error and lead to
vulnerabilities within the network security system. By implementing regular training with upto-date content, it will help them understand the different methods of malware and learn on
how to spot such attacks. They will be able to take action accordingly without requiring
further assistance and escalating the problem. The key issues with open ports are that
they increase the attack surface, allowing hackers to potentially exploit vulnerabilities in
services and applications running on those ports. By configuring firewalls and network
devices to allow or block traffic on designated ports, and verifying that services using those
ports are functioning correctly it will resolve the issue of allowing too much traffic into the
network and prevent any harmful data to get through. Use of shared administration login
can put the system at risk from attackers, as a largely number of users know the
credentials it increases the likelihood of malicious employee and other threats that can
affect the company’s data. Insider threats is a perceived threat to an organization from
someone who has access to the organization's sensitive information. This could be an
employee, former employee, contractor, or business associate. Insider threats can be
intentional or unintentional, and can have serious consequences for an organization. This
also bring consequences to the company of which they can lead to data theft, financial
fraud, identity theft, and reputational damage. This can also result in fines and legal action.
Singh_H_107557087_Task2
Page 9 of 9
Adding Role-Based access control offers several advantages, primarily centred around
enhanced security, improved efficiency, and better compliance. The router currently uses
default settings with weak credentials, which can experience common issues like forgetting
login credentials, facing connectivity issues, or encountering malfunctions. These issues
can arise from various reasons, including memory limitations, configuration conflict, or
even hardware malfunctions.
Thanks for your time and I hope this email reaches you well. Hope this will help you make
and recognize appropriate changes required to enhance security in the company.
Kind Regards,
Hardeep Singh
Cyber Consultant
Comments
Post a Comment