Unit 11: Cyber Security and Incident Management (Activity 2 - Protection Measures)
365 views 2 purchases
Course
Unit 11 - Cyber Security and Incident Management
Institution
PEARSON (PEARSON)
This document consists of a total of 30 Protection Measures (combined into 9 sections and approx 5300 words) to the Activity 1 - Threats and Vulnerabilities document I've uploaded. I was able to write down 6 of these sections with almost 16 Protection Measures in my exam and got Distinction mark. T...
Task A - Activity 2 Template: Cyber security plan for the networked system
Use the section headings below for each protection measure.
1) Threat(s) addressed by the protection measure
2) Details of action(s) to be taken
3) Reasons for the actions
4) Overview of constraints – technical and financial
5) Overview of legal responsibilities
6) Overview of usability of the system
7) Outline cost-benefit
8) Test plan
Test plan
Test Test description Expected outcome Possible further
No action following
test
1
2
, 1) Threat(s) addressed by the protection measure
1. Wi-Fi connection is not encrypted; Outdated Protocols Used
2. Misconfigured NAT
10.MITM attack on Wi-Fi connections via ARP Poisoning
11.MITM Attack using Packet Sniffing
2) Details of action(s) to be taken
- Configure Wi-Fi Settings properly
- Enabled NAT in Wi-Fi settings
- Make sure the staff/employees of HC don’t use free public Wi-Fi
- Regularly check for browser updates
- Install browser plugins to enforce users to use only HTTPS
- Set up Packet Filtering in Firewall
3) Reasons for the actions
Configuring Wi-Fi protocols properly is ensuring that the Wi-Fi is secure and latest Wi-
Fi security protocols are in place. For HC, it is important that their connection is using
latest security protocols as they have free public Wi-Fi. Outdated protocols such as
WEP and WPA, which are set by default, does not have strong encryption and
authentication, and can easily be guessed and intercepted by a MITM attack.
Comparing to latest protocols such as WPA2 and WPA3 which provides better
encryption and authentication as they use AES encryption and authentication which
generates a pre shared key that’s hard to guessed. Even though it guessed and
connection is intercepted and data is stolen, the hacker wont be able to read the data
as it will be in an encrypted format. Hence, the data will be useless for him.
Enabling NAT is a part of configuring Wi-Fi as it is a facility build in modern routers.
NAT hides the company’s devices private (real) IP addresses and assigns a global IP
address to every device whenever they are requesting information from a website
meaning whenever they are trying to communicate with the internet. This reduces the
chance of ARP Poisoning and DDOS attack attempts as the attacker wont be able to
locate exact IP address because the real IP address will be hidden. Hence, securing
the server and data stored in it.
It is important that staff don’t use public free Wi-Fi even if the connection is
encrypted. This is because many unknown users or hackers will also be connected to
connection, and it is likely that they can target the staff user for phishing or MITM
attack. This can cause serious issues for the business if confidential information is
stolen. However, if staff is warned and taught about not connecting to the free Wi-Fi
and the consequences that HC and its staff will have to face, it will reduce the chances
of a staff member using free Wi-Fi and being a victim for cyber-attacks.
As browsers are constantly updating their software, so it is important that we stay up
to date with them. This is because some of the patches might be just security updates
which are very beneficial sometimes as they increase the security of using the
browser and requests sent from it.
There are plugins/extensions available in browser extension/plugin store that adds a
layer of encryption onto HTTP. It does this by rewriting the requests to those unsecure
sites to HTTPS by adding the digital certificate (SSL/TLS). Hence, limiting the chances
of an attacker intercepting the information requested or sent to a website as the
attacker would require to break SSL/TLS encryption which is hard to do.
, As ARP Poisoning is done when a hacker sends ARP Packets across the LAN containing
hacker’s MAC address and victim’s IP address. After receiving the packet, hacker’s
MAC address is attached with victim’s MAC address as their MAC cache has been
changed. To prevent this, it is important that firewall monitor what packets are
coming in the LAN. This is done via Packet Filtering which detects if a malicious or
poisoned packet is trying to come in the LAN or is in the LAN according to firewall
rules (policy). After detecting, It can filter and block malicious packets that show any
conflicting source information.
4) Overview of constraints – technical and financial
Technical – except Wi-Fi protocols and NAT configuration, everything else stated
above don’t need any technical networking knowledge. Wi-Fi and NAT configuration
would require some knowledge and according to the scenario, HC IT management
team do have the knowledge and skill.
Financial – no financial constraints as there is no cost involved.
5) Overview of legal responsibilities
It is important to configure Wi-Fi, enable NAT and setting up packet filtering as it will
comply HC with legalities as their data is secure.
6) Overview of usability of the system
Usability should be improved as updating the browser, configuring Wi-Fi, and packet
filtering will restrict the number of unwanted packets coming in the network and
slowing it down. However, enforcing HTTPS might reduce a bit of usability as some
websites might be blocked as they don’t won’t work with a SSL certificate.
7) Outline cost-benefit
There is no investment included in these security measures however if HC doesn’t
have a modern router with NAT facility then they will have to buy a new one with NAT
facility as it is important to configure it to mitigate ARP and DDOS attacks.
8) Test plan
Test Test description Expected outcome Possible further
No action following
test
1 Set up latest protocols in WPA2/WPA3 should be enabled If WPA2 is not
Wi-Fi settings enabled, then do the
test again. Record
the evidence in log
2 Enable NAT in Wi-Fi Settings should show that its If not, then enable
settings enabled is again. Record the
evidence in the log
3 Check browser settings Should show that the latest If not then install
to see if you are up to version is installed the latest
date version/update
4 Check firewall packer Should show the report of If any malicious
filtering report/log to see packets coming in and out of packet is spotted,
if any untrusted packets the LAN then block it
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Saim. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.09. You're not tied to anything after your purchase.