Just have to check for plagiarism in already done Assignment and fix those plagiarism where it’s neededThanks CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY: WIRELESS AND MOBILE COMPUTING...

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY

CASE STUDY: WIRELESS AND MOBILE COMPUTING SECURITY WIRELESS AND

MOBILE

STUDENT ID: 10412135

STUDENT NAME: MOHITKUMAR KAMLESHBHAI PATEL

DUE DATE: 30TH APRIL,2018

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

1 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

TABLE OF CONTENTS

INTRODUCTION.................................................................................................................................2

BOYD IMPLEMENTATION REQUIREMENTS............................................................................3

KEY REQUIREMENTS AND WEIGHTINGS.................................................................................4

REQUIREMENT 1: IDS/IPS AND NETWORK DESIGN ..............................................................5

REQUIREMENT 2: MONITORING NETWORK AND TRAFFIC ANALYSIS USING

IDS/IPS ..................................................................................................................................................8

REQUIREMENT 3: LEGEL POLICIES AND STANDARDS......................................................11

REQUIREMENT 4: BOYD SECURITY RISKS AND MITIGATION STRATEGIES..............15

CONCLUSION ...................................................................................................................................16

REFERENCES....................................................................................................................................16

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

2 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

INTRODUCTION

The current research aiming to collect and mobile device forensic issues associated with a

Proposed new network infrastructure to be implemented at Bradford Hospital, In Perth(WA). The

hospital has accommodation of 600 beds with 50 in-charge administration employees and 3 IT in-charge

employees. The employees of the hospital are showing their continual expression of interest in building

a new network infrastructure which allows them to connect various wireless devices such as

smartphones, tablets, storage devices, laptops and their devices. The employees are aiming to make the

most out of the proposed network infrastructure such as managing patient data, uploading records and

review patient files on the go. This kind of network known as Bring Your Own Device (BYOD). The

existing network and infrastructure do not allow this type of activity.

The hospital’s existing operational environment is based on manual and on paper record keeping

system. Hence, the proposed changeover would require the hospital to invest a certain amount in new

infrastructure and hospital will need new maintenance agreements, usage policies, some devices to be

bought. Moreover this, Bradford hospital will also need to hire personnel to provide training to the

existing staff.

On the off chance, if executed, this new system enables staff to coordinate with their smartphones and

other wireless devices; permitting them with an advanced facility to manage and upload patient data

and retrieve specific patient data if needed. An additional advantage is that it will staff to take their

smart devices home to provide further adaptability with their workplace.

Overall, the proposed network and infrastructure has the potential to offer the staff flexibility,

technically more logical solution to access patient records and produce required reports on time. The

proposed system will allow Bradford hospital to reduce hardware and maintenance costs in the long

term.

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

3 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

BOYD IMPLEMENTATION REQUIREMENTS

The proposed system from this report is to continue with the improvement of another system

simultaneously, permitting Bring Your Own Device (BYOD) devices at the hospital, with certain

conditions. BOYD will be permitted with following conditions:

1. The hospital should purchase all the wireless devices and network infrastructure devices from the

certified vendor. The network should allow staff to connect specific models of smartphones, tablet

and workplace telephones which can be forensically certified.

2. The involvement of a third-party vendor who is responsible and trusted to download with digital

signatures. The device diagnoses reports should be continuously monitored by the network

administrator.

3. The software and procedures used by the hospital should not be operable on staff's devices. Every

device which connects to the hospital's network must be handled safely. Exchange of patient data must

be logged in a centralised storage device to ensure the integrity of evidence, and it must be kept

confidential.

4. detailed documented and implemented BOYD policy must be in place, and all staff using devices

connected to proposed network structure need to accept BOYD policy prior connecting any devices.

5. essentially the training should be provided for the network administrators and security staff to ensure

all the risks are documented in this reports and mitigation strategies must be in place to address them to

the satisfactory level.

6. The implementation of a digital “workplace policy” to control operational restrictions that are

indulged on the hospital staff and making sure they are completely satisfying workplace procedures.

7. The periodical security checks must be in place to ensure if the wireless device like smartphones,

tablets, laptops are updated to latest security patches including software updates. The devices must not

be disconnected from the network until and unless the update or security issue is rectified.

8. Device ownership documents should be signed off by the staff members to ensure that no illegal

activities carried out on hospital’s network.

All in all, the most significant risk to the hospitals confidential is data loss or leakage carried out; if a

device is lost or stolen. With keeping in mind, the fact that technical devices come along with the

security risks; this report will provide useful recommendations to reduce these risks in a significant

manner.

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

4 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

KEY REQUIREMENTS AND WEIGHTINGS

While investigating the given case, each requirement identified will have a weighting which will grade

the Wireless Intrusion Detection Systems/Wireless Intrusion Prevention system risk to the Bradford

hospital. The major requirements are:

1. The network design is the most essential thing in accordance to implement IDS/IPS. Intrusion

prevention and detection system should be placed at a proper location to monitor all the network traffic

without fail.

2. Any wireless device connected to the hospital network should be with a specified make and model

and from the certified vendor. Equipment should be compatible with forensic testing.

3. The device traffic should be continuously monitored, and network attacks should be documented and

in line with IDS/IPS Policies.

4. Legal agreements and policies implemented on these devices such as BOYD Policy should ensure

the device can be remotely wiped; if they are lost or stolen. The Bradford hospital should have the

should have rights to retrieve and analyse data, while ensuring the staff member’s privacy is

maintained.

5. A firewall Policy will be needed to filter specific data traffic.

6. The school must maintain a secure environment. IDS/IPS instruments should be placed in location

so incoming and outgoing network traffic easily monitored by the network administrator.

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

5 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

REQUIREMENT 1: IDS/IPS AND NETWORK DESIGN

INTRODUCTION TO IDS/IPS

Intrusion detection is the way toward monitoring the activities happening in your network and analysing

them for indications of conceivable incidents, infringement, or imminent threats to your security

framework. Intrusion prevention is the way toward performing intrusion detection and afterwards

halting the detected incidents. These security scenarios are accessible as intrusion detection system

(IDS) and intrusion prevention system (IPS), which turn out to be a piece of your network to recognise

and stop potential security threats. (Juniper Networks, n.d.)

PROBLEMS IDS/IPS ADDRESS

A standard business network has a few wireless access points to different networks, both public and

private. The challenge is keeping up the security of these networks while keeping them open to their

employees and other users (Juniper Networks, n.d.). In current cases, assaults are sophisticated to the

point that they can obstruct the best security systems, particularly those that still work under the

presumption that systems can be secured by encryption or firewalls. Lamentably, those technologies

alone are not adequate to counter the present attacks.

STANDARD IDS/IPS INSTALLATION IN A NETWORK

WHY TO IMPLEMENT IDS/IPS?

Intrusion detection system (IDS) and intrusion prevention system (IPS) continually watch your system,

recognizing conceivable incidents and logging information about users, halting the incidents, and

reporting them to network security administrator. Furthermore, several networks utilise IDS/IPS for

recognizing issues with security policies and preventing attackers from violating security policies.

IDS/IPS have turned into a vital component of the security networks of most workplaces, correctly

because they can stop attackers while they are retrieving information from the networks (Juniper

Networks, n.d.).

FIGURE 1: IPS/IDS INSTALLATION IN A NETWORK (Juniper Networks, n.d.)

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

6 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

HOW IDS/IPS WORK?

There are three IDS recognition procedures are ordinarily used to recognize incidents.

Signature-Based Detection looks at signature against observed incidents to distinguish conceivable

incidents. This is the very basic detection strategy since it looks at just the present unit of activity. Such

as a log entry or a packet using string correlation tasks. (Juniper Networks, n.d.)

Anomaly-Based Detection compares and observes what is viewed as the ordinary incident with

monitored events to distinguish critical deviations. This discovery strategy can be extremely powerful

at spotting already obscure threats. (Juniper Networks, n.d.)

Stateful Protocol Analysis looks at predetermined profiles of usually accepted definitions for protocol

activity against monitored incidents with a specific end goal to identify deviations. (Juniper Networks,

n.d.)

NETWORK DESIGN

Appropriate Network Management Model

Network design necessities are incorporated with proper components and outline segments (Soomro,

Shah and Ahmed, 2016). The network management model is required to include organisational parts

and reasonable use of network devices. Additionally, the security parts and risk mitigation policies are

another necessity too (Meyer et al., 2016). The network management model is designed as shown

underneath:

FIGURE 2: NETWORK MANAGEMENT MODEL (Source: Sim & Cho, 2016, pp. 1549)

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

7 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

Appropriate Network Design Consideration

According to the network management model, the planning is set up for two segmented networks. The

network management model is to be connected to system design for Bradford hospital. In these,

resources are designated to control and monitor control administration method of operation. The layers

are distinguished as operation, administration, and security alongside resources for administration

techniques (Harrison et al., 2016).

As given in the case study, the Bradford hospital is currently accommodating 600 beds and 53 total

employees including three in-charge of IT infrastructure. Hence, the intranet is going to be huge

regarding workplace machines and proposed BOYD. For such a large network; network segmentation

is a very considerable point.

Why Network Segmentation Needed?

At the point when separation of networks is required or if a device has reached its physical capacity,

the division is utilised. Fragmenting a LAN can extend the network, decrease contestation, isolate the

network issues, and enhance security.

▪ Extension of the network -- When the maximum physical capacity of a network has been over,

routers or switches can be added to implement new segments to allow new hosts onto the LAN (Tripod,

n.d.).

▪ Decreasing Congestion -- As the number devices or workstations on a single network increase, the

bandwidth requirement also increases. By segmenting the LAN, the network administrator can reduce

the number of hosts per network. If traffic consists of communications between devices on the same

segment, then bandwidth usage and requirement is Parallelly reduced (Tripod, n.d.).

▪ Separate network problems -- By dividing the network into smaller portions, the network

administrator can decrease the overflow of issues from one segment to the next. Hardware and software

failures are some of the challenges that can be reduced to affect smaller portions of the network (Tripod,

n.d.).

▪ Improve Security -- By utilising partitions, a network administrator can ensure that the internal

configuration of the network will not be accessible from an outside source. Privileged packets will only

be broadcasted on the subnet it originated from, not throughout the network (Tripod, n.d.).

FIGURE 3: NETWORK DESIGN BRADFORD HOSPITAL

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

8 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

REQUIREMENT 2: MONITORING NETWORK AND TRAFFIC ANALYSIS USING

IDS/IPS

In the process of interruption detection, we tend to centre around recognizing assaults and irregular

action. Nonetheless, another essential part of an entire intrusion detection system is basic network

observing and active investigation. Network monitoring gathers data on connections, while traffic

investigation enables us to perceive what services are being utilised on a network and to contrast them

against the incidents that we ought to see. This enables us to recognise unapproved network services

being utilized inside a network, and loopholes in network perimeter. By putting together network

monitoring and activity examination with other Intrusion detection methods, you can set up better

security. (Frederick, n.d.)

Network Monitoring

Keeping in mind the goal to perform basic network monitoring, one has to gather data on traffic at

different points inside the network. Although the individuals certainly need to focus on the network

perimeters, the individuals ought to look at purely internal traffic. On the off chance that the internal

hosts providing unapproved services to other internal hosts, the individuals will miss this traffic in case

they have a look outskirt of the network. Various tools, including sniffers and packet capture utilities

such as tcpdump and some IDS such as NFR Security's NID and Internet Security Systems (ISS's)

RealSecure can be utilized to collect the fitting information on activity (Frederick, n.d.).

When network admins are getting ready to gather information about network traffic, it's essential to get

just the basic required information. Unless it is a network with a low volume of traffic, attempting to

store the headers and contents of each data packet will be unreasonably asset concentrated.

Simultaneously, network admins can do traffic analysis basically by taking a look at handful attributes

of data packets and overlook the packets’ payloads inside and out. Afterwards, the network admin can

collect detailed information on specific network services or hosts that require complete examination.

An alert note on this - by overlooking payloads, the network administrator will be not able to check that

the interchanges happening on that port match the normal network services. For instance, a trojan could

utilize TCP port 21, influencing it to show up during the examination that happening on FTP (Frederick,

n.d.).

In most environments, you will want to focus your analysis on TCP, UDP and ICMP traffic. Of course,

you may also be interested in identifying protocols other than these that are in use on your network. But

for the sake of our discussion, we will stick to these three protocols, as we are primarily interested in

what TCP and UDP-based services are being used (Frederick, n.d.). The most fundamental elements

you should examine during traffic analysis are:

• Source and destination IP addresses.

• For TCP or UDP traffic, the source and destination ports.

• For ICMP traffic, only the contents of Destination Unreachable (ICMP type 3) messages. These

will be useful in identifying failed and blocked connection attempts.

In several environments, the network administrator will need to concentrate your investigation on TCP,

UDP and ICMP activity. The most basic elements the network administrator should check during traffic

analysis are:

• Source and destination IP addresses.

• For TCP or UDP activity, the source and destination ports.

• For ICMP traffic, just the content of Destination Unreachable (ICMP type 3) messages. These

will be helpful in distinguishing fizzled and blocked connection attempts.

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

9 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

Contingent upon what tools network admin have used and in what sort of environment, network admin

might have the capacity to capture data on TCP traffic by data packets or by the connection. But in

some instances, network admins would prefer to do both. By keeping an eye on TCP connections, they

will see what activity is being allowed. Nevertheless, if the network administrators look at only

successful connections, they are missing valuable information on denied connections. Capturing

information on TCP packets and questioning it to uncover unsuccessful connections (those that do not

have the full TCP three-way handshake), and also analysing the contents of ICMP Destination

Unreachable messages, can give extra significant information regarding analysis. (Frederick, n.d.)

There are four unique kinds of TCP activities a network admin ought to consider:

• Successful connection: three-way handshake is finished successfully.

• Fizzled connections: clients get no response to a connection attempt. The client does several

attempts with a little time gap between each attempt.

• Blocked connections: client gets a negative response to a connection attempt, for instance, a

TCP RST packet or an ICMP is not reachable or port not reachable packet.

• Aborted connection: three-way handshake is begun yet never finished.

Traffic Analysis

Once network admin has gathered data from a specific point on the network for a timeframe, the genuine

fun starts - performing traffic investigation on the information. Network admin should approach this

distinctively relying on what kind of environment is provided. On the off chance that administrator

allows everything that isn't explicitly denied, at that point administrator should search for those things

that are not explicitly denied. Obviously, several cases, no single individual will comprehend what

activity is extremely illegal, especially on a server-by-server or host-by-host environments. In those

cases, the most significant approach might be to make a report that demonstrates a wide range of

activities is happening; then consult that with the appropriate individuals to figure out which activity is

unauthorised (Frederick, n.d.).

There are a several ways in that the administrator takes a look the information. One way is that

administrator can utilize the information is to find port scans and host scans against the internal network

hosts, especially those that may happen over a long interval of time. This should be performed by sorting

the information by the client and then look at the number of ports contacted. Those ports or servers

most astounding qualities ought to be researched further to clarify the activity on the network. When

utilizing information for this reason or other reasons, the administrator does not have the absolute

capacity to see everything manually. Rather, they should put the information into a database and utilize

query to do the to generate certain reports.

One real fact is that it is always a headache to cop up with UDP packets. Since UDP is connectionless,

it is frequently unclear which host is the server and which is the client. The administrator can attempt

to query the information with a purpose to discover which host had sent the first UDP packet to the

next. However this might be troublesome, and it will end up with some false outcomes since it will miss

the packetssent before the observation started. The administrator can achieve better outcomes by sorting

information by the source host and by destination. If administrator discovers a host that dependably

utilizes the same UDP port number when communicating with other hosts, it's a genuinely sure thing

that it's going about as a server. Network admin will have to demonstrate in their database which entries

are the client to server and which are the server to client (Frederick, n.d.).

When the network administrator thinks of to start with traffic analysis; there are several ways in which

it can be carried out:

• External client and internal server.in most cases, the source addresses and ports are not relevant;

all network admin will need to analyse at first is the destination addresses and ports (Frederick,

n.d.).

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

10 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

• Internal client and internal server. However, the administrator set to focus on the destination

addresses and ports, source addresses may likewise be very essential (Frederick, n.d.).

• Internal client and the external server. On the off chance that active connections are unhindered

in the specified environment, the administrator can avoid this information when carrying out

their investigation. On the off chance that active connections are confined, they will presumably

need to concentrate most on the destination ports.

Further Remediation after traffic analysis

When network administrator verifies such suspicious or unauthorised activity is happeningclearly, they

will need to decide why the activity is happening. They might need to utilize the first traffic logs to get

more data including the services and the host using it. On the off chance that if the perimeter allowing

traffic through that they shouldn't, the administrator will need to audit firewall rules sets, router ACL's

and so forth. On the off chance that hosts are giving unauthorised services, the administrator needs to

check those hosts for misconfiguration or indications of trade-off, contingent upon the circumstance

(Frederick, n.d.).

Considering the aftereffects of the traffic examination and followed up investigations, admin should

configure IDS sensors. This may incorporate things, such as,

• Cautioning on traffic from the internal host that utilization illegal addresses

• Cautioning when a host uses or attempts to utilize an unauthorised service

• Cautioning when a host attempts to connect with specific internal or external hosts

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

11 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

REQUIREMENT 3: LEGEL POLICIES AND STANDARDS

When implementing BOYD environment in the Bradford hospital, it is much clearer that expansion of

facilities will head to the expansion of unwanted security risks as well. There are certain legal standards

and policies will be needed to control how users can interact with the proposed network. Bradford

Hospital needs to design unique firewall policy and IDS policy as well.

Bradford Hospital’s Firewall Policy

PURPOSE:

Firewalls are an essential component of the Bradford Hospital. Firewalls are defined as alarm systems

that control and restrict network connectivity and network services. Firewalls implement a control point

where access controls may be enforced. Connectivity determines which machines are permitted to

exchange information. A service is something that, and it refers to the way for information transferred

through a firewall. For Example, services include file transfer protocol (FTP), web browsing (HTTP),

Mail Relay Server(SMTP), Remote Access(VPN) and MS-Exchange Servers. This policy indicates the

necessary rules regarding the management and maintenance of firewalls at Bradford Hospital, and it

applies to all firewalls owned, rented, leased, or otherwise controlled by Bradford Hospital employees

(Texas Wesleyan Firewall Policy, 2011).

SCOPE:

This policy applies to all firewalls on Bradford Hospital networks, whether managed by employees or

by third parties from the branch office. Departures from this policy will be allowed only if approved in

advance and writing by the Network Administrator of Bradford Hospital. In some instances, devices

such as proxy servers or UTM may be functioning as firewalls when they are not officially known as

firewalls. All Bradford Hospital is playing the role of firewalls, whether or not they are officially called

firewalls, and they must be managed according to the rules defined in this policy. At some occasions,

this will require that these devices be upgraded so that they support the minimum functionality defined

in this policy (Texas Wesleyan Firewall Policy, 2011).

REQUIREMENT SPECIFICATION:

• Required Documentation - before the deployment of every Bradford Hospital firewall, a network

diagram of allowed paths with a defence for each, and a depiction of qualified services accompanied by

an explanation for each must be submitted to the Network Administrator of Bradford Hospital.

Permission to allow such paths and services will be granted by the Bradford Hospital Network

Administrator just when these ways or administrations are essential for critical business reasons, and

viable safety efforts will reliably go with. The conformance of real firewall actualizes to the

documentation will be intermittently checked by the Security Engineer. Any progressions to ways or

administrations must experience this same procedure as portrayed underneath.

• Default to Denial -Bradford Hospital firewalls must obstruct each association way and administration

that is not particularly allowed by this approach and supporting reports issued by the Network

Administration division. The rundown of as of now endorsed ways and administrations must be reported

and appropriated to all framework heads with a need to know by Bradford Hospital Network

Administration Department. An inventory of all access paths into and out of Bradford Hospital internal

networks must be maintained by the Bradford Hospital Network Administration Department.

• Connections Between Machines - Real-time connections between two or more Bradford Hospital

must not be established or enabled unless the Bradford Hospital Network Administration Department

has determined that such connections will not unduly jeopardise network security and confidentiality.

Much of the time, firewalls or comparative middle frameworks must be utilised. This prerequisite

applies regardless of what the innovation utilised, including remote associations, microwave joins, link

modems, incorporated administrations advanced system lines, and computerised supporter line

associations. Any association between any-house Bradford Hospital and any external computer system,

or any external computer network or service provider, must be approved in advance by the Bradford

Hospital Network Administration Department.

• Regular Testing - Because firewalls provide such an important control of security measure for

Bradford Hospital networks, their strength and appropriate configuration must be checked on a regular

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

12 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

interval. Where merchant programming underpins it, this testing must incorporate the utilisation of

programming operators that naturally check to decide if firewalls stay arranged and running in a way

that is steady with both Bradford Hospital security policies and the Bradford Hospital’s architectural

plan. This testing procedure must incorporate thought of characterised arrangement parameters,

empowered administrations, allowed network paths, current regulatory practices, and ampleness of the

sent safety efforts. These tests must include the normal execution of powerlessness distinguishing proof

programming and the consistent execution of infiltration tests. These tests must be executed by

technically proficient persons, either in the Bradford Hospital Network Administration Department or

working for an outsider contractual worker. Those in charge of either the organisation or administration

of the included firewalls must not play out these tests.

• Logs - All progressions to firewall setup parameters, authorities and allowed network ways must be

logged. All suspicious action that may be an indication of either unauthorised usage or an attempt to

compromise security measures also must be logged. The integrity of this records must be ensured with

checksums, computerised marks, encryption, or equal measures. These logs must be immediately

expelled from the recording frameworks and put away in a physically secured holder for no less than

six months after the time they were recorded. These logs must be surveyed intermittently to guarantee

that the firewalls are working safely.

• Intrusion Detection - All Bradford Hospital firewalls must include intrusion detection systems

approved by the Bradford Hospital Network Administration Department. Each intrusion detection

systems must be set up according to the specifications defined by the Bradford Hospital Network

Administration Department. Among other significant problems, these intrusion detection systems must

detect unauthorised changes to firewall system files and detect DoS attacks in progress. Such intrusion

detection systems must also continuously notify by Network Administrator that is in a position to take

appropriate action. Technical staff working on firewalls must be accompanied by remote access systems

and rights so that they can respond to these incidents even when they are physically removed from the

firewall.

• Contingency Planning - Technical staff working on firewalls must prepare and obtain Bradford

Hospital Administration Department approval for contingency plans that address the appropriate actions

to be taken in the event of different problems including system compromise, system crash, system

overload, and Internet service provider unavailability. These contingency plans must be kept current to

reflect changes in the Bradford Hospital systems. These plans must be tested at regular intervals to

ensure that they will be effective in restoring a secure and flexible networking environment.

• Out-Bound Connections - All in-bound real-time Internet connections to Bradford Hospital internal

networks or multi-user computer systems must go through a firewall before users can reach a logon

banner. Aside from personal computers that access the Internet on an outbound single user session-bysession dial-up basis, no Bradford Hospital system may be attached to the Internet unless a firewall

secures it. The computer systems requiring firewall protection include web servers, Antivirus servers,

VPN servers, MS-Exchange and mail servers. All personal computers with a cable modem connectivity

must employ a firewall approved by the Bradford Hospital Network Administration Department.

Wherever a firewall supports it, logon screens must be notified indicating that the system may be

accessed only by authorised users, users who log on represent that they are authorised to do so,

unauthorised system usage or abuse is subject to disciplinary action including criminal prosecution, and

system usage will be monitored and logged.

• Extended User Authentication - Inbound traffic, except Internet electronic mail, regular news

distributions, and push broadcasts previously approved by the Bradford Hospital Network

Administration Department, that access Bradford Hospital networks through a firewall must in all

events involve extended user authentication measures approved by the Bradford Hospital Network

Administration Department.

• Virtual Private Networks - To prevent unauthorised disclosure of sensitive and valuable information,

all inbound traffic, except Internet mail, approved news services, and push broadcasts, that accesses

Bradford Hospital networks must be encrypted with the products approved by the Bradford Hospital

Network Administration Department. These connections are often called virtual private networks

(VPNs) (Texas Wesleyan Firewall Policy, 2011). The VPNs permissible on Bradford Hospital networks

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

13 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

combine extended user authentication functionality with communications encryption functionality

[https:\\uconnect.bradfordhospital.com.au].

•Firewall Access Mechanisms - All Bradford Hospital firewalls must have strong passwords or other

access control techniques. The same password or access control mechanism must not be used on more

than one firewall. Whenever supported by the involved firewall suppliers, those who administer

Bradford Hospital firewalls must have their identity validated through extended user authentication

mechanisms. In particular high-security environments designated by the Bradford Hospital Network

Administration Department, such as the Bradford Hospital Internet website, remote access for firewall

administrators is prohibited. All firewall administration actions must take place in person and on site.

• Firewall Access Rights - Privileges to modify the functionality, connectivity, and functionality

supported by firewalls must be restricted to a few technically-trained people with a business need for

these same rights. Unless permission from the Bradford Hospital Network Administration Department

has been obtained, these rights must be granted only to personnel who are full-time permanent

employees of Bradford Hospital, and not to any casual, contractors, consultants, or outsourcing staff.

All firewalls must consist at least two staff person who is adequately trained to make changes, as and

when required. Such training includes periodic refresher training program or conference attendance to

permit these officials to stay up to date with the latest progressions in firewall technology and firewall

operations. Care must be taken to schedule out-of-town holidays so that at least one person capable of

administering the firewall is readily available at all times.

• Secured VLANS - Portions of the Bradford Hospital internal network that includes sensitive or

valuable information, such as the devices used by the HR department, should employ a secured VLANs.

Access to this and other subnets should be restricted with firewalls and other access control measures.

Based on periodic risk assessments, the Bradford Hospital Network Administration Department will

deploy the secured subnets required in the Information Structure.

• Firewalls must protect demilitarised Zones - All Internet commerce servers including VPN servers,

Email Relay servers, Honeypot, MS-Exchange Server and Antivirus servers, and be located within a

demilitarised zone (DMZ), a subnet that is secured from the Internet by one or more firewalls. An

internal network, such as an intranet, is also secured from the DMZ subnet by one or more firewalls.

• Network Management Systems - Firewalls must be programmed so that they are accessible to

internal network management systems. Firewalls also must be programmed so that they permit the use

of remote automatic auditing tools to be used by authorised Bradford Hospital staff members. Unless

deliberately intended as a test, such automated verification tools must not execute a response sequence

via firewall-connected IDS.

• Disclosure of Private Network Information - The internal system addresses, configurations,

products deployed, and related system design information for Bradford Hospital networked computer

systems must be restricted such that both systems and users outside the Bradford Hospital internal

network cannot gain this information.

• Secure Backup - Current offline backup copies of firewall setup files, connectivity privileges files,

firewall systems administration procedural records, and related files must be kept nearby the firewall at

all times. An available alternative to offline copies involves online encrypted versions of these same

files. Where systems software allows it, the automatic re-establishment of approved copies of these

systems files must proceed whenever an unauthorised modification to these files has been detected.

• Virus Screening and Content Screening - Virus screening software approved by the Bradford

Hospital Network Administration department must be installed and enabled on all Bradford Hospital

firewalls. Because the files passing through a firewall may be encrypted or compressed, firewall based

virus detection systems may not detect all virus-infected files. For this reason, virus screening software

is also required at all Bradford Hospital mail servers, VPN servers, MS-Exchange Servers and desktop

PCs. Both content filtering software and programs that block users from accessing certain non-business

websites must also be enabled on all Bradford Hospital firewalls.

• Firewall Dedicated Utility - Firewalls must run on Separate machines that perform no other services,

such as acting as a mail server. Sensitive or critical Bradford Hospital information must never be kept

on a firewall. Such information may be stored in buffers as it passes via a firewall.

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

14 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

Bradford Hospital’s IDS/IPS Policy

Overview

This policy gives strategies to establish intrusion detection and security monitoring to protect resources

and data on the Bradford Hospital network. It provides guidelines for intrusion detection

implementation of the Bradford Hospital networks and hosts along with associated roles and

responsibilities (Intrusion Detection Policy, n.d.).

Purpose

This policy is developed both to secure the confidentiality of any data that may be saved on the wireless

devices and to protect the Bradford Hospital network from being infected by any hostile software when

the mobile computer returns. This policy also considers wireless access (Intrusion Detection Policy,

n.d.).

Scope

This policy covers every host on the Bradford Hospital network and the entire data network including

every path that Bradford Hospital data may travel that is not on the internet. Paths covered by this policy

even include Bradford Hospital wireless networks. The other policy areas include additional security

needs of the organisational network and systems (Intrusion Detection Policy, n.d.).

Objectives

1. Increase the level of security by actively searching for signs of unauthorised intrusion.

2. Prevent or detect the confidentiality of organisational data on the network.

3. Preserve the integrity of Bradford Hospital’s organisational data on the network.

4. Prevent unauthorised use of Bradford Hospital systems.

5. Keep hosts and network resources accessible to authorised users.

6. Enhance security by detecting weaknesses in systems and network design in the early stage.

Requirements

1. All devices accessible from the Internet or by the other persons must operate Bradford Hospital

Network Administration approved active intrusion detection software during any time the public may

be able to execute the system.

2. All systems placed in the DMZ must run IT supported active intrusion detection software.

3. All host-based, and network-based IDS must be checked on a daily basis and their records reviewed.

4. All IDS logs must be kept for a minimum or 30 days.

Notifications

1. Any suspected intrusions, suspicious activity, or system unexplained erratic behaviour discovered by

Bradford Hospital Network administrators, users, officials or computer security personnel must be

reported to the organisational Bradford Hospital Network Administration Department within 1 hour.

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

15 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

REQUIREMENT 4: BOYD SECURITY RISKS AND MITIGATION STRATEGIES

Through this examination, various security threats have been distinguished including proof

accumulation using intrusion detection and prevention system. On the off chance that the security is

traded off at the Bradford Hospital, intrusion detection and prevention system will play a key

part in discovering what happened and how the security could have been counteracted. (Juniper

Networks, n.d.). This will show how the wireless devices can be compromised due to technical or legal

issues and that can lead to potential data loss.

A digital "group policy" is a powerful solution for guarantee the Bradford Hospital keeps up control of

all gadgets while keeping up their proof accumulation capacities. The policy will expel a portion of the

operational abilities from the owner of the device and guaranteeing compliance in line with the

Hospital’s BYOD Policy.

Losing a device while travelling overseas could make both lawful issues and difficulties the remote

execution of data of devices. Several country's cyber cells can download the data from devices and

misuse them for certain purposes. Hance, staff, ought to be banned from carrying work device while

travelling.

The work devices should not have allowed connecting to the public Wi-Fi. Public Wi-Fi usually more

utilised by the cyber attackers to carry out packet tracing. Public access points usually not secured with

perimeters.

Backup machines should be implanted within hospital networks, and all work devices are supposed to

back up at regular interval for data safety solutions.

To reduce certain BOYD Risks following consideration will be kept in mind.

• All wireless devices need to keep updated to latest firmware, application updates, security

patches updates and operating system updates.

• Every device in the hospital's network needs to follow and agree with BOYD Group Policy.

• No devices will be manipulated. For instance, not allowed to be rooted or jail broken.

• Every BOYD needs to follow and agree on hospitals Firewall and IDS/IPS Policies.

• No devices can connect publicly open networks.

• The Bradford Hospital’s Network Policies needs to review at regular interval.

• The user credentials will be changed every three months.

• IDS Traffic should be monitored constantly by the Network administrator.

• No devices are permitted to take outside the work premises except the personal gadgets.

• Any suspicious activities need to be reported to the Network Administrators ASAP.

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

16 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L

CONCLUSION

This report found that there are critical issues concerning the potential implementation of a

Bring Your Own Device (BYOD) and connecting it to the Bradford Hospital's Network. However, the

Hospital staff is to keen to utilise proposed network implementation in their daily workplace activities.

The most suitable solution that guarantees that Wireless Devices needs to be utilized inside the work

premises and an eye will be kept over them Using Network-Based IDS/IPS with the involvement of

strict firewall policies. The Bradford Hospital’s Network Admins Will make sure that the devices

available will follow IDS/IPS policies along with Hospital’s Firewall Policy.

Hospital’s Staff will go under specific training programme before their hands onto the proposed system.

This training programme will make sure that they will be able to take care of the devices and no

infringement proceeded to written policies.

While carrying out the whole case study, it is proven that advantages of BOYD in relevance to Intrusion

Prevention and detection system apparently outweighs disadvantages and keenness of Hospital staff

about Proposed Network Structure will lead the hospital to the techno-savvy enhancements.

REFERENCES

• Frederick, K. K. (n.d.). Network Monitoring for Intrusion Detection. Retrieved from

Symantec Connect: https://www.symantec.com/connect/articles/network-monitoringintrusion-detection

• Juniper Networks. (n.d.). What is IDS and IPS? Retrieved from Juniper Networks:

https://www.juniper.net/us/en/products-services/what-is/ids-ips/

• Tripod. (n.d.). LAN Segmentation. Retrieved from

http://netcert.tripod.com/ccna/internetworking/lanseg.html

• Soomro, Z.A., Shah, M.H. & Ahmed, J. (2016). Information security management needs

more holistic approach: A literature review. International Journal of Information

Management, 36(2), pp.215-225.

• Meyer, A., Green, L., Faulk, C., Galla, S. & Meyer, A.M. (2016). Framework for Deploying a

Virtualized Computing Environment for Collaborative & Secure Data Analytics. eGEMs,

4(3).

• Harrison, I.J., Green, P.A., Farrell, T.A., Juffe‐Bignoli, D., Sáenz, L. & Vörösmarty, C.J.

(2016). Protected areas & freshwater provisioning: a global assessment of freshwater

provision, threats & management strategies to support human water security. Aquatic

Conservation: Marine & Freshwater Ecosystems, 26(S1), pp.103-120.

• Sim, J.H. & Cho, G. (2016). Construction of Port Logistics Security System based on the

Information Security Management System. International Information Institute (Tokyo).

Information, 19(5), p.1549.

• Intrusion Detection Policy. (n.d.). Retrieved from The Computer Technology Documentation

Project: http://www.comptechdoc.org/independent/security/policies/intrusion-detectionpolicy.html

• (2011, 12 14). Texas Wesleyan Firewall Policy. Texas: Texas Wesleyan University.

Retrieved from Texas Wesleyan University: https://txwes.edu/media/twu/contentassets/documents/it/policyprocedures/firewall-policy.pdf

CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT

17 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L