network security

Computer Network 计算机网络代写, Cyber Security 网络安全代写, Database 数据库代写, Finance 金融代写

1. Background Information
ADVRTS is a small to medium sized company that started 5 years ago and has quickly grown to 25 employees. They serve 100s of clients by developing online adverts that are seen on websites and social media across the world.
The company is constantly producing new media images, videos, catchy jingles, marketing text, etc. for their clients. These creations can produce significant intellectual property that is very valuable to the company and to the clients.
The company is split into a few teams dealing with separate functions of the business, primarily a sales team, content creators, and a business management and finance team. Employees of ADVRTS often split their time between the head office and working from home. Sometimes they also visit their bigger clients. Due to these remote working scenarios, they have a number of software platforms that staff are required to access remotely.
After a disagreement about the highly questionable nature of online advertisements tracking and monetizing the personal data of the unsuspecting public, the person who was managing the IT systems at ADVRTS suddenly left the company. Consequently, the management have called in your consultancy firm to report on the state of their IT systems.
The ADVRTS staff have provided the following information related to their company network and various IT systems:
The company is based at a single site with office space for staff. The office space contains several PCs and various other hosts, including a few servers used by different groups in the company, including a media database server which hosts advert related media files that the company has created.
The company is provided with two static IPv4 public IP addresses by its business broadband provider. A Fortinet 40F has been used to set up a DMZ and a separate office LAN that uses private IP addressing. The Fortinet is also occasionally used to provide SSL VPN access for remote users to access a Docuware server.
The DMZ is home to a Qlik Sense server, which is onpremises software used by the company for data analytics to process information related to the performance of adverts, user interactions, and so on. The DMZ allows access to both the internal LAN, and to remote staff via the second static IP address.
According to initial discussions with staff, the Fortinet device and the Qlik server were set up around 18 months ago. However, it is not known how long ago other networked devices were set up, and there appears to be no clear policy for update and patch management, so the status of systems on the network in this respect is uncertain.

For internal networking, a UniFi USWPro48 switch is used to create a single LAN. Hosts across the company share the 192.168.1.024 address range, with internet access provided via one of the static IP addresses provided by the ISP.
The LAN hosts a server running Docuware onpremises software that allows for processing and storage of financial data related to sales and clients.
The previous network administrator configured the network so hosts generally use Googles
8.8.8.8 public DNS service as a default.

For internal networking, a UniFi USWPro48 switch is used to create a single LAN. Hosts
across the company share the 192.168.1.024 address range, with internet access provided via one of the static iP addresses provided by the isP.
The war hosts a server running vocoware on premises software that alows for processing
and storace of financial data related to sales and clients
The previous network doministrator contaured the network so hosts generally use googles
Most hosts are connected by physical ethernet cables to the switch. Additionally, a NETGEAR
WACIOS DUal band wireless access point, connecteo to the switch, provides Wirs
Connectors rocholassmas mast conces
in addition to the information about the network, even above your manager is particular
concerned about a new ransomware threat called cactus Ransomware. As part of your report, you
must consider how AUvRIS mient be vulnerable to cactus kansomware
Accordine to the guidance on the next page, vou therefore must also propose a set of network
security solutions that could be used to detec the spacitic presence of cactus Ransomware activities
across the AUvRis network, focussing on network locs related to the malware
Where intormation about the current network conteuration is not known, in your report vou can
state vour own reasonable assumptions and work trom there

2. Report Requirements
You must submit a report of 1,800 to 2,000 words in total, which includes any references. Your report must have two sections that address the requirements listed below:
Part 1: Analysis of Network Security Threats General Issues and Cactus Related Issues
Consider the background information about the network and its usage. Accordingly, present an analysis that identifies key network security issues of concern at the company.
Based on the information provided and your own research, you should explain any threats to the company from the Cactus Ransomware.
Your analysis should include justifications to explain why each issue you identify poses a security threat. For example, dont just say that something is bad, or an obvious problem. Concisely explain what could happen as a consequence of each threat.
For all threats you identify, you must consider their relative severity, and rank which issues you would prioritise as highest risk. You must justify your analysis with some discussion of the relative risks. This is not an exact science. The intention is for you to demonstrate judgement in evaluating the threats.
Part 2: Network Security Recommendations
Propose solutions to improve the security of the network, based on general best practice and your analysis of issues and threats from part 1.
In particular, explain how you would apply detection and protection measures to address network security issues that you have identified.
Your recommendations should consider specific network indicators of compromise IOCs and propose how they can be used to detect the presence of Cactus malware in the company network.
Focus on networkbased I0Cs. There may well be published information that discusses encryption, file hashes, etc. which are not applicable or useful from a networking perspective.
Draw a network diagram to illustrate how you would propose to configure the network to improve its security. Be sure to discuss key points about the diagram in your text.
Assuming longterm changes will take time to implement, highlight any shortterm mitigations that should be applied as a priority to lessen risks to the current network.
Evaluate how effective you think your proposed security measures would be. Consider any tradeoffs or pros and cons.