ITNE2002 Network and Information Security Assignment March 2020 Total Marks: 20% Individual Assignment The purpose of the assignment is to assess students on the following Learning Outcomes: LO1:...

File attached


ITNE2002 Network and Information Security Assignment March 2020 Total Marks: 20% Individual Assignment The purpose of the assignment is to assess students on the following Learning Outcomes: LO1: Describe security architecture, standards and protocols, and techniques of risk mitigation relating to network and information security LO2: Compare and contrast a range of information security risks and privacy issues as well as counter measures adopted in industry LO3: Identify and explain key features of appropriate technologies and products relating to network and information security LO4: Model infrastructure, application, operational and information security for a network LO5: Apply security controls and standard compliance policies to maintain confidentiality, integrity and availability, including encryption and firewall defence mechanisms Copyright © 2020 VIT, All Rights Reserved. Assignment Overview Ian Smith is the CEO of a data analytics company in Melbourne, Australia. Ian Smith requested you to consult them in updating their infrastructure in such a way that it enables their employees to work from home. The employees of analytics company are working with health dataset and they have to comply with the government and international regulations. The company is currently hosting all data sets inside an on premise server. The company has provided company laptops to its employees, in which they do not have administrative privileges. You also have noticed that, once all the employees are allowed to connect to the on premise from home, the network perimeter devices and WAN links of the company will not be sufficient to handle the load of incoming traffic. Considering all these factors, you decided to use a public cloud platform and enable most of the employees to access data sets from the public cloud. The senior data scientists are only allowed to access the on premise server. The changes conducted by senior data scientists will be synced with the public cloud. Task 1: Review the article, “Issues And Challenges of Data Security In A Cloud Computing Environment”, to develop an understanding of the cloud platform and security aspects. The Article is uploaded on the LMS. Write a report on the article which covers the following points. (300 words): • Introduction to the paper and main work. • Detail description of the methodologies employed in the paper. • Details of security architecture, protocols and risk mitigation techniques used. • Your comments on the advantages/disadvantages/superiority Task 2 : Prepare a table which includes information security risks and privacy issues that the company would encounter when they change from their current setup to a setup where most their employees are allowed to access the data sets from a public cloud, and only their senior data scientists are only allowed to access the on premise server. (250 words) Task 3: Then you should conduct a research on identifying appropriate technologies and products (including the services provided in a public cloud platform) that could be deployed for implementing countermeasures for the risks and issues in the previous task. Write a report which evaluates the features of those identified technologies, products and cloud platform, Copyright © 2020 VIT, All Rights Reserved. and explain how it mitigate the information security risks and privacy issues listed in Task 2. (300 words) Task 4: Draw a detailed network topology diagram and clearly indicate the locations where you would deploy the technologies products and cloud platform discussed in Task 3. (250 words) Task 5: Draft procedures which would complement the Work from Home policy of this company. You should explain how these procedures will enable the company to maintain confidentiality, integrity and availability. (300 words) __________________________________________________________________________________ Submission Guidelines: The report should have a consistent, professional, and well-organized appearance. 1. Your report should include the following:  The cover page must identify student names and the ID numbers, unit details, and the assignment details.  The assignment must use 12-point font size and at least single line spacing with appropriate section headings.  In-text referencing in IEEE style must be cited in the text of the report and listed appropriately at the end in a reference list. 2. The report must be submitted in soft (electronic) copy as a Microsoft Word document on the LMS in Turnitin dropbox. Assignments submitted on the LMS will only be accepted. 3. Late penalty applies on late submission, 10% per day would be deducted. 4. The assignments will go through Turnitin and plagiarism penalty will be applied. The report must be submitted in soft (electronic) copy as a Microsoft Word document via the upload link available on Moodle. Marking Guide: 100 Marks Item Description Marks Copyright © 2020 VIT, All Rights Reserved. Report Layout The report style, language and structure should be appropriate. All screenshots and descriptions need to be compiled and in a single final report and any given suggestions need to be incorporated. The report must contain i. Cover page with Unit Code, Unit Name, Student Name and Student ID ii. Table of Contents iii. Introduction iv. Technical Discussion v. Critical Analysis vi. Conclusion 5 Introduction The students should include purpose of the report, sections covered which should convince the reader that the report is worth reading. Word count limit – 125 words 10 Technical Discussion This section should include the discussions related to Task 1-5. You should break down this section into five tasks and stick to the guidelines given in those tasks. 70 Conclusion Summarize your findings. Word count limit – 125 words 10 References Should follow IEEE style 5 untitled Issues And Challenges of Data Security In A Cloud Computing Environment Prof.(Dr.) Pradeep Kumar Sharma University of Engineering & Management, Jaipur Jaipur, Rajasthan, India [email protected] Prof. (Dr.) Prem Shankar Kaushik, Prerna Agarwal, Payal Jain, Shivangi Agarwal, Kamlesh Dixit Shree Digamber Institute of Technology, Dausa, Rajasthan, India Abstract— Now customers can opt for software and information technology services according to his requirements and can get these services on a leased basis from the network service provider and this has the facility to scale its requirements to up or down. This service is known as cloud computing, provided by the infrastructure provider which is a third party provider. Cloud computing provides many advantages to the customer like scalability, better economics of scaling, its ability to recover from problems , its ability to outsource non-core activities and flexibility. Cloud computing is a better option for the organizations to take as their best option without any initial investment and day by day frequent and heavy use of cloud computing is increasing but despite all the benefits a cloud offers to an organization there are certain doubts and threats regarding the security issues associated with a cloud computing platform. The security issues primarily involve the external control over organizational structure and management and personal and private data of the organization can be compromised. Personal and private data in this computing environment has a very high risk of breach of confidentiality, integrity and availability. Growth of cloud computing is mainly hampered due to these security concerns and challenges. Proper security arrangements are need to be placed before selecting the service provider for any cloud computing service and customers need to be very careful about understanding the risks of security breaches and challenges of using this new computing environment. This detailed study discusses about some of the challenges associated with cloud computing services and security issues related to this platform. Keywords— Cloud Computing, Cloud Cryptography, Cloud Service, Cloud Security Controls, Cloud Security, Computer Network, Distributed Computing, Security. Security Threats. I. INTRODUCTION Cloud computing is emerging as the best suited utility for organizations who dreamt for economic, feasible, flexible and scalable computing service for its day to day activities. The cloud computing offers network of centralized computing infrastructure which can be deployed very fast and can also be scalable as per user requirements with great efficiency and minimum burden of managing the system [1]. With its un- precedented advantages, cloud computing enables a fundamental paradigm shift in how we deploy and deliver computing services. Users and organizations can avoid spending large amount of money and resources creating large capital outlays when purchasing and managing software and hardware, as well as dealing with the operational overhead therein [1]. Overall security and privacy has been the major concern in comparison to the benefits offered by a cloud [2]. It is very difficult to control or manage a cloud by users as all the resources of a cloud are from outside. Cloud computing still faces problems related to security threats from internal and external sources though it has more powerful and reliable capabilities for management and has reliable cloud computing system infrastructure. There are many examples of security breach in the recent times [2] like Apple’s iPad subscriber privacy leak [25], Amazon S3’s recent downtime [26], and Gmail’s mass email deletions (27). Cloud service provider organizations usually don’t examine data sent or received by user to the cloud and users don’t have any access to the internal procedures of a cloud, hence leading to possibility of data breach. Additionally, owing to hardware virtualization, multiple users can now share the same physical infrastructure, which runs their distinct application instances simultaneously. From user point of view cloud computing seems to be very insecure due to privacy and security vulnerabilities arises from its multi-tenancy feature [3]. It is not possible for user to get control of his data and computing applications until a strong security measure and privacy guarantee are not in place. User will not give priority to scalability, flexibility and economic availability over its privacy and security of his personal data. More motivation is required towards addressing security issues and providing more trustworthy solutions for making a cloud more helpful and