NOTE: USE ATTACHMENT TO UNDERSTAND BETTER
The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls).
undefined
The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements in order to stay in step with ever-changing information system technologies.
undefined
The data breach at the US Office of Personnel Management (OPM) was one of the largest in US government history. It provides a series of lessons learned for other organizations in industry and the public sector. Some failures of security practices, such as lack of diligence with security controls and management of changes to the information systems infrastructure, were cited as contributors to the massive data breach in the OPM Office of the Inspector General’s (OIG) Final Audit Report, which can be found in open-source searches. Some of the findings in the report include:
undefined
weak authentication mechanisms;
undefined
lack of a plan for life-cycle management of the information systems;
undefined
lack of a configuration management and change management plan;
undefined
lack of inventory of systems, servers, databases, and network devices;
undefined
lack of mature vulnerability scanning tools;
undefined
lack of valid authorizations for many systems; and
undefined
lack of plans of action to remedy the findings of previous audits.
undefined
The breach ultimately resulted in removal of OPM’s top leadership. The impact of the breach on the livelihoods of millions of people may never be fully known.
undefined
There is a critical need for security programs that can assess vulnerabilities and provide mitigations.
undefined
Security Assessment Report (SAR): This should be an eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
undefined
Risk Assessment Report (RAR): This report should be a five- to six-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
undefined
STEP ONE
undefined
In this project, you will research and learn about types of networks and their secure constructs that may be used in an organization to accomplish the functions of the organization’s mission.
undefined
You will propose a local area network (LAN) and a wide area network (WAN) for the organization, define the systems environment, and incorporate this information in a network diagram. You will discuss the security benefits of your chosen network design.
undefined
Read the following resources about some of the computing platforms available for networks and discuss how these platforms could be implemented in your organization:
undefined
common computing platforms
undefined
cloud computing
undefined
distributed computing
undefined
centralized computing
undefined
secure programming fundamentals
undefined
Include the rationale for each of the platforms you choose to include in your network design.
undefined
STEP TWO
undefined
Review the OIG report on the OPM breach that you were asked to research and read about at the beginning of the project. The OIG report includes many security deficiencies that likely left OPM networks vulnerable to being breached.
undefined
In addition to those external threats, the report describes the ways OPM was vulnerable to insider threats. The information about the breach could be classified as threat intelligence. Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach.
undefined
You just provided detailed background information on your organization. Next, you’ll describe threats to your organization’s system. Before you get started, select and explore the contents of the following link: insider threats (also known as internal threats). As you’re reading, take note of which insider threats are a risk to your organization.
undefined
Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization?
undefined
You will perform a network analysis of the Wireshark files provided to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. You will identify any suspicious activities on the network through port scanning and other techniques. Include this information in your SAR.
undefined
BASE on Wireshark findings
undefined
What are the unique pairs of IP addresses that are communicating with one another, based on the source and destination addresses in the top frame of the Wireshark user interface?
undefined
SQL – Source: 192.168.0.254 Destination: 192.168.0.254
undefined
HTTP – Source: 192.168.1.140 Destination: 174.143.213.184
undefined
OS – Source: 10.0.0.2 Destination: 224.0.0.5
undefined
Telnet – Source: 192.168.1.140 Destination: 192.168.1.194
undefined
Gmail – Source: 192.168.1.101 Destination: 178.123.13.120
undefined
For each unique pair of IP addresses communicating, what protocols are being used as indicated by Wireshark?
undefined
SQL – Protocol: TCP (6)
undefined
HTTP – Protocol: TCP (6)
undefined
OS – Protocol: OSPF IGP (89)
undefined
Telnet – Protocol: TCP (6)
undefined
Gmail – Protocol: UDP (17)
undefined
What source and destination port numbers are being used?
undefined
SQL – Source Port: 56162 Destination Port: 3306
undefined
HTTP – Source Port: 57678 Destination Port: 80
undefined
Telnet – Source Port: 56760 Destination Port: 23
undefined
Gmail – Source Port: 42559 Destination Port: 26895
undefined
What are the MAC addresses for each of the unique pair of machines that are communicating with one another?
undefined
SQL – Destination: 00:00:00_00:00:00 (00:00:00:00:00:00) Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
undefined
HTTP – Destination: Actionte_2f:47:87 (00:26:62:2f:47:87) Source: AsustekC_b3:01:84 (00:1d:60:b3:01:84)
undefined
OS – Destination: IPv4mcast_05 (01:00:5e:00:00:05) Source: c0:01:0f:78:00:00 (c0:01:0f:78:00:00)
undefined
Telnet – Destination: Opengear_00:55:a5 (00:13:c6:00:55:a5) Source: AsustekC_b3:01:84 (00:1d:60:b3:01:84)
undefined
Gmail – Destination: HuaweiTe_96:cd:0a (d0:7a:b5:96:cd:0a) Source: FirstInt_33:33:27 (00:14:0b:33:33:27)
undefined
What plaintext information (if any) can you find in any of the packets in the upper frame of the Wireshark user interface?
undefined
SQL – Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
undefined
HTTP – Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
undefined
OS – Frame 1: 90 bytes on wire (720 bits), 90 bytes captured (720 bits)
undefined
Telnet – Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
undefined
Gmail – Frame 1: 109 bytes on wire (872 bits), 109 bytes captured (872 bits) on interface 0
undefined
Base on nmap findings
undefined
Based on the output, answer the following questions:
undefined
What can you say about the results? It shows you the vulnerability of your network
undefined
How many ports are reported by the scan? 5
undefined
How many ports are opened? 5
undefined
What can you say about the host details in the screenshot below? It summarizes the result and it provides both the IP and Mac address
undefined
Comment on the data of interest in your findings? Open ports
undefined
STEP 3
undefined
Now it’s time to identify the security issues in your organization’s networks. You have previously learned about password-cracking tools; in this step, provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization?
undefined
Next, examine these resources on firewalls and auditing related to the use of the Relational Database Management System (RDBMS), the database system and data. Also review these resources related to access control.
undefined
Access control is the process by which permissions are granted for given resources. Access control can be physical (e.g., locked doors accessed using various control methods) or logical (e.g., electronic keys or credentials). There are several access control models, to include:
undefined
Role-based access control: Access is granted based on individual roles.
undefined
Mandatory access control: Access is granted by comparing data sensitivity levels with user sensitivity access permissions.
undefined
Attribute-based access control: Access is granted based on assigned attributes.
undefined
Discretionary access control: Access is granted based on the identity and/or group membership of the user.
undefined
Determine the role of firewalls, encryption, and auditing for RDBMS in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems. Reflect any weaknesses found in the network and information system diagrams previously created, as well as in your developing SAR.
undefined
STEP 4
undefined
Now that you know the weaknesses in your organization’s network and information system, you will determine various known threats to the organization’s network architecture and IT assets.
undefined
Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization?
undefined
IP address spoofing/cache poisoning attacks
undefined
denial-of-service attacks (DoS)
undefined
packet analysis/sniffing
undefined
session hijacking attacks
undefined
distributed denial-of-service attacks
undefined
In identifying the different threats, complete the following tasks:
undefined
Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems, as well as the types of remediation and mitigation techniques available in your industry and for your organization.
undefined
Identify the purpose and function of firewalls for organization network systems and how they address the threats and vulnerabilities you have identified.
undefined
Discuss the value of using access control, database transaction, and firewall log files.
undefined
Identify the purpose and function of encryption as it relates to files, databases, and other information assets on the organization’s networks.
undefined
Include these in your SAR.
undefined
STEP 5
undefined
What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report findings and recommendations as a possible source for methods to remediate and mitigate vulnerabilities.
undefined
Read this risk assessment resource to get familiar with the process, then prepare a risk assessment. Be sure to first list the threats, then the vulnerabilities, and then the pairwise comparisons for each threat and vulnerability. Then determine the likelihood of each event occurring and the level of impact it would have on the organization.
undefined
Include this in your risk assessment report (RAR).
undefined
How final report should look like
undefined
Your research and your Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership.
undefined
Prepare a Security Assessment Report (SAR) with the following sections:
undefined
Purpose
undefined
Organization
undefined
Scope
undefined
Methodology
undefined
Data
undefined
Results
undefined
Findings
undefined
The final SAR does not have to stay within this framework and can be designed to fulfill the goal of the security assessment.
undefined
Prepare a risk assessment report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation.
undefined
Devise a high-level plan of action with interim milestones (POAM) in a system methodology to remedy your findings.
undefined
Include this high-level plan in the RAR.
0 comments