DHN1 TASK 1: NETWORK MERGER AND IMPLEMENTATION PLAN
Describe two current network security problems and two current infrastructure problems for each company, based on business requirements given in the scenario.
Company A:
Network Security Problems: Network security problems are a major concern for businesses. Here are two current network security problems that Company A faces. .1. Open Ports: Company A has open ports 21-90, 3389, which can be exploited by attackers to gain unauthorized access to the company’s network. Remote desktop (Port 3389) is associated with the most-used attack type1. .2. Weak Passwords: Company A uses eight-character passwords for all users, which is a weak password policy. This vulnerability is also rated as high risk. Infrastructure Problems: Infrastructure problems can also pose significant challenges for businesses. Here are two current infrastructure problems that Company A faces. .1. End-of-Life Equipment: Company A uses end-of-life equipment, which is no longer supported by the vendor. This equipment can be difficult to maintain and can pose significant security risks. .2. User Account Management: Company A does not remove user accounts that are no longer required. This can lead to unauthorized access to the company’s network and data. This vulnerability is rated as moderate risk.
Company B:
1. Network Security Problems: Network security problems are a major concern for businesses. Company B is no exception, here are some current network security problems they face. 1.1. Multiple Remote Code Execution Vulnerabilities: Company B is vulnerable to multiple remote code execution vulnerabilities in Distributed Ruby(dRuby/DRb). This vulnerability is rated as critical and requires a high level of effort to fix. 1.2. Weak Passwords: Company B has weak passwords for PostgreSQL, which is a high-risk vulnerability3. Additionally, MFA is not enforced across all users, which is another high-risk vulnerability4. 2. Infrastructure Problems: Infrastructure problems can pose significant challenges for businesses. Here are two current infrastructure problems that Company B faces. 2.1. End-of-Life Operating System: Company B uses an operating system that has reached end- of-life (EOL)5. This can pose significant security risks and can be difficult to maintain. 2.2. Compromised Source Packages Backdoor Vulnerability: Company B is vulnerable to vsftpd Compromised Source Packages Backdoor Vulnerability, which is rated as high risk. This vulnerability can be exploited by attackers to gain unauthorized access to the company’s network.
Analyze the given network diagram and vulnerability scan for both companies by doing the following: 1. Describe two existing vulnerabilities for each company. 1.1. Company A: Port 3389 Open
This study source was downloaded by 100000875867944 from CourseHero.com on 06-11-2024 10:19:44 GMT -05:00
https://www.coursehero.com/file/223483545/DHN1-TASK-1-NETWORK-MERGER-AND-IMPLEMENTATION-PLANpdf/ 1.1.1. There are some High-Risk vulnerabilities associated with port 3389 being open. First, weak user sign-in credentials; given the weak password requirements of Company A, RDP connections are often protected by passwords, which can be weak and easily guessed. This vulnerability can be exploited by attackers to gain unauthorized access to systems via RDP6. Second, unrestricted port access, RDP connections almost always take place at port 3389. Attackers can assume that this is the port in use and target it to carry out on-path attacks, among others 6. 1.2. Company A: Users having Local Admin Rights 1.2.1. When all users have local admin rights, it can pose significant security risks for a company. Some vulnerabilities associated are Malware Deployment, Pass-the- hash attack, bypassing user access control. With malware deployment, malware can be installed on a system with local administration rights, which can then spread to other systems on the network7. Pass-the-hash attacks – when an attacker gains access to a system with local admin privileges, they can use this access to steal password hashes and use them to gain access to other systems on the network. Lastly, bypassing user access control, local admins can bypass user access control (UAC) and disable security settings, which can lead to unauthorized access to sensitive data7. 1.3. Company B: MFA not enforced across all users 1.3.1. This can present several vulnerabilities, some of which are bypassing MFA, Social Engineering, and Weak Passwords. Attackers can bypass MFA by exploiting vulnerabilities in the MFA system or by stealing MFA tokens. This can lead to unauthorized access to the company's network and data8. Malicious actors can use social engineering techniques to trick users into revealing their password or their MFA credentials. Lastly, users may use weak passwords for their accounts, which can be easily guessed by attackers, leading to attackers obtaining access to the company’s network. 1.4. Company B: PostgreSQL admin is reachable from internet 1.4.1. When a PostgreSQL admin is reachable from the internet, it can pose significant security risks for a company. The only scenario where it could be necessary to expose a database to the internet is for replication or clustering purposes. Exposing the database to the internet increases the attack surface and makes it more vulnerable to cyber-attacks.
2. Explain the impact, risk, and likelihood associated with each described vulnerability from part B1 as it relates to each company. 2.1. Company A: Port 3389 Open 2.1.1. Port 3389 being open poses high-risk vulnerabilities to the company. Weak user sign-in credentials and unrestricted port access are the two vulnerabilities associated with it. Attackers can exploit these vulnerabilities to gain unauthorized access to systems via RDP and carry out on-path attacks, among others. To address these vulnerabilities, the company should implement secure tunneling software, require employees to reset their passwords to something stronger, and establish a comprehensive remote access policy that addresses RDP security vulnerabilities as part of their overall business security plan. 2.2. Company A: Users having Local Admin Rights
This study source was downloaded by 100000875867944 from CourseHero.com on 06-11-2024 10:19:44 GMT -05:00
https://www.coursehero.com/file/223483545/DHN1-TASK-1-NETWORK-MERGER-AND-IMPLEMENTATION-PLANpdf/ 2.2.1. Users having local admin rights can pose significant secuirty risk to the company. Local admin accounts offer complete control over files, folders, services, and local user permissions management. An attacker who compromises a user account with local admin privileges can carry out various malicious activities that can harm the business, such as disabling endpoint antivirus, installing malicious software, encrypting data with ransomware, moving laterally within the network, and weaponizing the system against the organization. Over 90% of the vulnerabilities in Windows arise due to local admin rights. It is recommended that the company manage local admin rights properly, assign unique passwords to each account, and limit the number of local admin accounts to reduce the risk of a security breach9. 2.3. Company B: MFA not enforced across all users 2.3.1. Not enforcing Multi-Factor Authentication (MFA) across all users can pose outstanding security risks for the company. MFA is a form of authentication that requires a user to provide two or more verification factors to gain access to a resource, such as an application, VPN, or online account. The risks of not having MFA in place include ease of hacking, IT peace of mind, compliance, and company reputation. If hacked, cybercriminals could hold the company’s data and apps for ransom, which could be very costly, time-consuming, and stressful to sort out. It is recommended that companies enforce MFA for all users to reduce the risk of a security breach10. 2.4. Company B: PostgreSQL admin is reachable from internet 2.4.1. When a PostgreSQL admin is reachable from the internet, it poses a major security risk to the enterprise. Exposing a database to the internet is generally considered a bad idea, as it increases the number of attack surfaces that can be exploited by hackers. PostgreSQL has SSL-certificate-only authentication, which makes it safer to expose a database to the internet, but it is still recommended to establish a VPN or tunnel through SSH to make it even safer. The company should follow a layered security model that addresses physical security, network security, host access control, database access management, and data security to secure and protect their PostgreSQL database11. 3. Create a network topology diagram with details of the proposed merged network requirements 3.1.
References:
1. Common Open Port Vulnerabilities List (netwrix.com)
