IT Security Risks Assessment for EMC Cloud Solutions, Study Guides, Projects, Research of Network security

The role of an External Security Consultant in assessing IT security risks for EMC Cloud Solutions. It covers identifying types of security risks, developing security procedures, data protection laws and regulations, ISO 31000 standard, and aligning IT security with organizational policy. The document also discusses common cybersecurity risks, methods to assess and treat IT security risks, and IT security solutions.

Typology: Study Guides, Projects, Research

2020/2021

Uploaded on 12/12/2022

tuan-ngo-minh
tuan-ngo-minh 🇻🇳

4

(1)

10 documents

1 / 53

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
PROGRAM TITLE: Security
UNIT TITLE: …………………………………………………….
ASSIGNMENT NUMBER: …………………………………
ASSIGNMENT NAME: …………………………………….
SUBMISSION DATE: ……………………………………….
DATE RECEIVED: …………………………………………….
TUTORIAL LECTURER: ……………………………………
WORD COUNT: ……………………………………………..
STUDENT NAME: Ngô Minh Tun
STUDENT ID: BKC12294
MOBILE NUMBER: 0379681318
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35

Partial preview of the text

Download IT Security Risks Assessment for EMC Cloud Solutions and more Study Guides, Projects, Research Network security in PDF only on Docsity!

PROGRAM TITLE: Security

UNIT TITLE: …………………………………………………….

ASSIGNMENT NUMBER: … ………………………………

ASSIGNMENT NAME: …………………………………….

SUBMISSION DATE: ……………………………………….

DATE RECEIVED: …………………………………………….

TUTORIAL LECTURER: ……………………………………

WORD COUNT: ……………………………………………..

STUDENT NAME: Ngô Minh Tuấn

STUDENT ID: BKC

MOBILE NUMBER: 0379681318

Summative Feedback:

Internal verification:

Assignment Brief and Guidance:

EMC Cloud Solutions is reputed as the nation’s most reliable Cloud solution provider in Viet Nam.

A number of high-profile businesses in Viet Nam including E-soft Metro Camps network, SME Bank Viet Nam and WEEFM are facilitated by EMC Cloud Solutions. EMC Cloud provides nearly 500 of its customers with SaaS, PaaS & IaaS solutions with high-capacity compute and storage options. Also, EMC is a selected contractor for Viet Nam, The Ministry of Defence for hosting government and defence systems.

EMC’s central data center facility is located at Viet Nam along with its corporate head-office in Hanoi. Their premises at Hanoi is a six-story building with the 1st floor dedicated to sales and customer services equipped with public wi-fi facility. Second-floor hosts HR, Finance and Training & Development departments and the third-floor hosts boardroom and offices for senior executives along with the IT and Data center department. Floor 4,5,6 hosts computer servers which make up the data center.

With the rapid growth of information technology in Ho Chi Minh city (HCMC) in recent years, EMC seeks opportunity to extend its services to HCMC. As of yet, the organization still considers the nature of such extension with what to implement, where is the suitable location and other essential options such as security are actually being discussed.

You are hired by the management of EMC Solutions as a Security Expert to evaluate the security-related specifics of its present system and provide recommendations on security and reliability related improvements of its present system as well as to plan the establishment of the extension on a solid security foundation.

Activity 01 Assuming the role of External Security Consultant, you need to compile a report focusing on following elements to the board of EMC Cloud Solutions; 1.1 Identify types of security risks EMC Cloud is subject to, in its present setup and the impact, such issues would create on the business itself. Explain, vulnerabilities, assets, risk – risk for the company with impact to EMC 1.2 Develop and describe security procedures for EMC Cloud to minimize the impact of issues discussed in section (1.1) by assessing and treating the risks. – procedure for identified risks (name the procedure and explain that) *M - Risk management and treatment and explain risk management process.

Activity 02

2.1 Discuss how EMC Cloud and its clients will be impacted by improper/ incorrect configurations which are applicable to firewalls and VPN solutions. – Discuss how improper or incorrect firewall configurations, improper or incorrect VPN connections, improper firewall or VPN policies will affect the security (client) of the EMC.

2.2 Explain how following technologies would benefit EMC Cloud and its Clients by facilitating a ‘ trusted network ’. (Support your answer with suitable illustrations). i) DMZ – explain with illustration and impact of these three technologies to EMC ii) Static IP – explain with illustration and impact of these three technologies to EMC -Also DHCP iii)NAT– explain with illustration and impact of these three technologies to EMC How DMZ, NAT, Static IPs helps to a trusted network should be explained 2.3 Discuss the benefits of implementing network monitoring systems.

  • Explain about SNMP/Syslog/ NetFlow/ CDP/ Explain about tools use to network monitor.
  • Benefits of network monitoring (three or more than that)

Activity 03

3.1 Formulate a suitable risk assessment procedure for EMC Cloud solutions to safeguard

itself and its clients. (Risk Assessment procedure attach to this section)

3.2 Explain the mandatory data protection laws and procedures which will be applied to data storage

solutions provided by EMC Cloud. You may also highlight on ISO 31000 risk management methodology.

  • Explain about data protection laws and regulations that can be related to EMC
  • Explain about ISO 31000 standard 3.3 Comment on the topic, ‘IT Security & Organizational Policy’ Explain how IT security of the organization should be align to the organization policy. (Ex- password policy/ email policy/ IT security policy etc.…) Discuss the impact of any misalignment.

Activity 04

4.1 Develop a security policy for EMC Cloud to minimize exploitations and misuses while

evaluating the suitability of the tools used in an organizational policy.

4.2 Develop and present a disaster recovery plan for EMC Cloud for its all venues to ensure

maximum uptime for its customers (Student should produce a PowerPoint-based presentation

which illustrates the recovery plan within 15 minutes of time including justifications and

reasons for decisions and options used).

4.3 ‘Creditors, directors, employees, government and its agencies, owners /shareholders, suppliers, unions, and the other parties the business draws its resources’ are the main branches of any organization. Discuss the role of these groups to implement security audit recommendations for the organization.

  • Higher Nationals
  • Assignment Brief – BTEC (RQF)
  • I. Introduction.
  • II. LO1. Assess risks to IT security.
    • P1. Identify types of security risks to organization.
    • P2. Describe organisational security procedures.
        • Specifications for Procedures:....................................................................................................
    • M1. Method to assess and treat IT security risks.
      • a) Risk Management Process.
      • b) Treatment and Response.
  • LO2. Describe IT security solutions.
    • third-party VPNs................................................................................................................................ P3. Identify the potential impact to IT security of incorrect configuration of firewall policies and
        1. Firewall configuration
        1. Firewall Policy
        1. Virtual Private Network (VPN)
        1. VPN Policy
      • security (client) of the EMC? 5. How improper firewall configurations, VPN connections, their policies will affect the
    • network can improve Network Security. P4. Showing and using an example for each, how implementing a DMZ, static IP and NAT in a
        1. DMZ (Demilitarized Zone)
        1. Static Ips.
        1. DHCP (Dynamic Host Configuration Protocol).
        1. NAT (Network Address Translation)....................................................................................
        1. How Static IPs, DMZ, NAT helps to the EMC company?
    • M2. Discuss three benefits to implement network monitoring systems with supporting reasons.
  • D1. Investigate how a ‘trusted network’ may be part of an IT security solution.
  • LO3. Review mechanisms to control organisational IT security.
    • P5. Discuss risk assessment procedures.
    • P6. Explain data protection processes and regulations as applicable to an organisation.
    • M3. Summarise the ISO 31000 risk management methodology and its application in IT security.
        1. What is the law?
        1. Summarization of ISO 31000: 2018 related to EMC company
        1. ISO 31000: 2018 Risk Management
    • M4. Discuss possible impacts to organisational security resulting from an IT security audit.
        1. What is Audit? (M4)
        1. What is IT security Audit?
        1. What an IT security Audit does for the company.
        1. IT security Audits can identify the Vulnerable points and problem areas in the company.
  • of any misalignment D2. Consider how IT security can be aligned with organisational policy, detailing the security impact - 1. Aligning Security with company objectives - 2. How IT security Misaligned with organization policy?
  • LO4. Manage organisational security
    • P7. Design and implement a security policy for an organisation.
    • 1 Acceptable Use Policy (AUP)
      1. Access Control Policy (ACP)
      1. Change Management Policy
      1. Information Security Policy
      1. Incident Response (IR) Policy
      1. Remote Access Policy
      1. Email/Communication Policy
      1. Disaster Recovery Policy
      1. Business Continuity Plan (BCP)
    • inclusion. P8. List the main components of an organisational disaster recovery plan, justifying the reasons for
    • recommendations. M5. Discuss the roles of stakeholders in the organisation to implement security audit
        1. Who is a stakeholder?
        1. Types of the Stake Holders
        1. Role of a security stake holder related to the company.
  • Reference

I. Introduction.

  • EMC Cloud Solutions, known as the most reliable Cloud solution provider in Viet Nam.
  • EMC Cloud provides nearly 500 of its customers with SaaS, PaaS & IaaS solutions with high-capacity compute and storage options. Including E- soft Metro Camps network, SME Bank Viet Nam, and WEEFM – which are facilitated by EMC Cloud Solutions.
  • EMC’s central data center facility is located at Viet Nam along with its corporate head office in Hanoi. Their premises at Hanoi is a six-story building with the +) 1st floor dedicated to sales and customer services equipped with public

wi-fi facility.

+) Second-floor hosts the HR, Finance, and Training & Development

departments

+) Third-floor hosts a boardroom and offices for senior executives along

with the IT and Data Center departments.

+) Floor 4,5,6 hosts computer servers that make up the data center.

  • Since the rapid growth of information technology in Ho Chi Minh City (HCMC) in recent years, EMC seeks an opportunity to extend its services to HCMC. As of yet, the organization still considers the nature of such extension with what to implement, where are the suitable location and other essential options such as security are actually being discussed.
  • As a Security Expert, I was hired by the management of EMC Solutions to evaluate the security-related specifics of its present system and provide recommendations on security and reliability related improvements of its present system as well as to plan the establishment of the extension on a solid security foundation.
  • Beside from hardware risk like: physical damages, equipment malfunction, these are some common cybersecurity risks that can affect every infrastructure network, including the EMC organization:

1 – Malware:

  • The most prolific and common form of security threat. It’s been around since the internet’s inception and continues to remain a consistent problem. Malware is when an unwanted piece of programming or software installs itself on a target system, causing unusual behavior. This ranges from denying access to programs, deleting files, stealing information, and spreading itself to other systems.
  • Prevention: A proactive approach is the best defense. Common sense dictates users and organizations should have the latest anti-malware programs installed, for starters. It’s also important to recognize suspicious links, files, or websites, which are effective ways of implementing malware. Often, a combination of caution and anti-virus is enough to thwart most malware concerns.

2 – DDoS:

  • Distributed Denial of Service is an attack method in which malicious parties target servers an overload them with user traffic. When a server cannot handle incoming requests, the website it hosts shuts down or slows to unusable performance.
  • Prevention: Stopping a DDoS requires identifying malicious traffic and halting access. This can take time depending on how many malicious IP are used to distribute the attack. In most cases, servers need to be taken offline for maintenance.

3 – Ransomware:

  • A nasty variant of malware, ransomware installs itself on a user system or network. Once installed, it prevents access to functionalities (in part or whole) until a “ransom” is paid to third parties.
  • Prevention: Removal is challenging once installed. Keeping anti-virus updated and avoiding malicious links are the best current prevention methods. Also, current backups and replications are key to keeping ransomware attacks from becoming catastrophic.

4 – MitM Attack:

  • A Man-in-the-Middle attack occurs when a third-party hi-jacks a session between client and host. The hacker generally cloaks itself with a spoofed IP address, disconnects the client, and requests information from the client. For example, attempting to log-in to a bank session would allow a MITM attack to hijack user info related to their bank account.
  • Prevention: Encryption and use of HTML5 are recommended.

5 – Trojan Virus:

  • Trojan malware attempts to deliver its payload by disguising itself as legitimate software. One technique used was an “alert” a user’s system was compromised by malware, recommending a scan, whereby the scan actually delivered the malware.
  • Prevention: Avoid downloading programs or executable from unrecognized vendors or those that attempt to alarm the user to a serious problem.

6 – Password Theft:

  • “I’ve been hacked!” A common conclusion when you log in to an account, only to find your password changed and details lost. The reality is an unwanted third party managed to steal or guess your password and has since run amok with the information. It’s far worse for an enterprise, which may lose sensitive data.
  • Prevention: There are several reasons for losing a password. Attackers may guess the password or use “brute force” programs to cycle through thousands of potential attempts. They may also steal it from an unsafe location or use social engineering to trick a user into giving it away. Two-factor authentication is a robust protection method, as it requires an additional device to complete the login. Additionally, using complicated logins thwarts brute force attempts.

7 – Traffic Interception;

  • Also known as “eavesdropping,” traffic interception occurs when a third- party “listens” to info sent between a user and host. The kind of information stolen varies based on traffic but is often used to take log-ins or valuable data.
  • Prevention: Avoiding compromised websites (such as those not using HTML5) is an excellent proactive defense. Encrypting network traffic – such as through a VPN – is another preventive method.
  • How to use (using Kali Linux OS environment):
  • Download the suitable version of Nessus software:
  • Open Terminal with user-root privilege unlocked and extract the downloaded file by typing: “dpkg -i address of the downloaded file”:
  • Type “/bin/systemctl start nessusd.service” and follow the link as the description in the picture.
  • Sign up and install:
  • It should look like this when finished:

the vulnerabilities.

  • Beside Nessus, there are lot more tool to detect the system’s flaws. For example, we can use Nmap (stand for: “Network Mapper”) a free and open source (license) utility for network discovery and security auditing:
  • At a practical level, Nmap is used to provide detailed, real-time information on your networks, and on the devices connected to them.
  • The primary uses of Nmap can be broken into three core processes. First, the program gives you detailed information on every IP active on your networks, and each IP can then be scanned. This allows administrators to check whether an IP is being used by a legitimate service, or by an external attacker.
  • Secondly, Nmap provides information on your network as a whole. It can be used to provide a list of live hosts and open ports, as well as identifying the OS of every connected device. This makes it a valuable tool in ongoing system monitoring, as well as a critical part of pen-testing. Nmap can be used alongside the Metasploit framework, for instance, to probe and then repair network vulnerabilities.
  • Thirdly, Nmap has also become a valuable tool for users looking to protect personal and business websites. Using Nmap to scan your own web server, particularly if you are hosting your website from home, is essentially simulating the process that a hacker would use to attack your site. “Attacking” your own site in this way is a powerful way of identifying security vulnerabilities.
  • How Nmap is used:
  • In Kali Linux OS, it is quite easy, type “nmap IP address of the target” in terminal command prompt. There are variety ways to use Nmap, depending on the purpose. For example:
  1. Host Scanning. It returns more detailed information on a particular host or a range of IP addresses. As mentioned above, you can perform a host scan using the following command:
  2. OS Scanning. It is one of the most powerful features of Nmap. When using this type of scan, Nmap sends TCP and UDP packets to a particular port, and then analyses its response. It compares this response to a database of 2600 operating systems, and return information on the OS (and version) of a host. To run an OS scan, use the following command:
  • There’re still much more alternative ways to use Nmap: https://alternativeto.net/software/nmap/?license=opensource

this page.) Checking this option allows additional updates to be installed from Microsoft. When a restart is required, Windows will prompt you to schedule a restart or will do so when you are not using your machine. You can also manually check for updates by clicking Check for updates.

Optional : If you select Advanced Options, you can enable the following options: a. Give me updates for other Microsoft products when I update Windows - This allows updates for programs like Office to also be downloaded and installed. b. Defer Upgrades - This allows only security updates to be installed and any feature updates to be deferred for a few months.

  • Visit https://www.catalog.update.microsoft.com/Home.aspx to download

the latest patch update for Window OS from Microsoft.

  • Apple
  • Mac OS X automatically checks for software updates. Choose a different

schedule (set weekly by default) or check manually. If you want to update manually, do as follow: