Cybersecurity

Midterm Exam

Cybersecurity

For the midterm, you will be writing a report based on fictional client. You task is to analyze the client’s current situation, define the biggest areas of risk, and propose a solution in a professional report. You may be required to perform some outside research to complete your reporting. Any information not provided by “the client” is assumed to be an area of deficiency/an opportunity for improvement.

The intention of this midterm project is for you to show that, given a real-world scenario, you are capable of applying defensive security best-practices in a well-reasoned manner. All recommendations MUST be supported. However, do not just copy/paste the STIGs. The length of the report is not a determining factor for your grade.

Please use the provided template (below), but feel free to add sections as necessary and change the appearance if you desire. Have fun with this project. There are a LOT of right answers here. What I’m looking for is your analysis of the situation. Remember, I will be reading each of these submissions, so the more professional and attractive they look, the easier they are for me to work with.

Note: Delete this page prior to submission

Scenario

Acme Enterprise Systems (AES) has hired you to perform a security risk assessment on their networks. They are interested in determining where their weak spots are, what kinds of risk those weak spots areas pose, and what they can do about them (on a budget).

AES has 75 employees, to include: Accounting/Backoffice, Software Developers, and Sales.

AES has a headquarters office in Maitland Florida, with a regional office in Jacksonville and Tampa. Each site is connected together over a VPN to allow for one cohesive network. AES develops a software product called BIRDS. BIRDS is a web-based software-as-a-solution product they host out of their primary office in Maitland. The web server infrastructure consists of 3 large servers, each of which runs a webserver and database server (there are three for scaling).

The IT Director has one IT Administrator to help him secure and operate the networks. Upon questioning, they did not know what the CIS standards were. They use a Windows domain controller, but have not applied any group policy. Each user in the network has local administrator accounts. The only end-point control applied appears to be Windows Defender for Antivirus. The IT director can VPN in to the network from home, no 2FA. No audit of expired user accounts has ever been performed.

On the network: The environment consists of about 100 machines. There is no segmentation between any networks, including the web infrastructure. On inspection, it was found that the firewalls were all unpatched and had been for several years. They have a Dell Sonicwall at each site and they use a SonicPoint access point at each site for Wireless access. The Wireless network is secured using WEP and MAC Filtering.

In speaking with the developers, it was discovered that they are developing custom software in PHP without using any frameworks. Developers had no knowledge of secure coding practices, or security in general.

All user-work is done using laptops over wifi.

Acme was recently hit with a CryptoLocker variant that spread through their entire enterprise, encrypting all their files and source code. They were forced to pay roughly $5000 in ransoms because they had no recent back-ups to restore from.

Acme is a very typical company who has not thought about security. Using the information gathered so far, provide ACME with a comprehensive report and roadmap to improve their security posture.

Security Risk Assessment

For

ACME Enterprise Systems, Inc.

Presented by:

Your Name Here

on

Date here

Introduction

[Describe the environment and include a network diagram. Use a tool like Visio or OpenOffice Draw to produce a professional diagram. Search google images for examples of network diagrams. You may elaborate on the scenario to provide some creative information not already included in the above scenario. Note: Delete all of these comments prior to submission.]

Findings

[Complete the findings table below from the scenario information provided. You may infer more information as you would like; feel free to be creative. You must list at LEAST 15 findings. Note: Copy/Paste from the STIGS or the CIS controls is unacceptable here. I will provide an example to get you started.]

Finding	Risk to the Organization	Mitigating Controls Implemented	Recommendations
Users are unaware of security best practices	A lack of security awareness places the organization at increased risk of attack due to a lack of ability for users to prevent, detect, or respond to data breaches.	None	1. Implement annual security awareness training. 2. Provide security updates throughout the year to keep employees focused on security 3. Implement and enforce acceptable use policies

Remediation Roadmap

[The remediation roadmap is a very specific, but succinct, list of tasks based on the findings above.]

Short Term Tasks (30 Days)	Mid-Range Tasks (6 Months)	Long-Term Tasks (18 Months)
· Perform a security awareness for all employees	· Develop acceptable use policies for all employees to read and sign.	· Plan for annual awareness training

Summary

[Summarize your findings. How do you think ACME is doing on security? What are you most concerned about?]