Just have to check for plagiarism in already done Assignment and fix those plagiarism where it’s neededThanks
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY
CASE STUDY: WIRELESS AND MOBILE COMPUTING SECURITY WIRELESS AND
MOBILE
STUDENT ID: 10412135
STUDENT NAME: MOHITKUMAR KAMLESHBHAI PATEL
DUE DATE: 30TH APRIL,2018
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
1 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
TABLE OF CONTENTS
INTRODUCTION.................................................................................................................................2
BOYD IMPLEMENTATION REQUIREMENTS............................................................................3
KEY REQUIREMENTS AND WEIGHTINGS.................................................................................4
REQUIREMENT 1: IDS/IPS AND NETWORK DESIGN ..............................................................5
REQUIREMENT 2: MONITORING NETWORK AND TRAFFIC ANALYSIS USING
IDS/IPS ..................................................................................................................................................8
REQUIREMENT 3: LEGEL POLICIES AND STANDARDS......................................................11
REQUIREMENT 4: BOYD SECURITY RISKS AND MITIGATION STRATEGIES..............15
CONCLUSION ...................................................................................................................................16
REFERENCES....................................................................................................................................16
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
2 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
INTRODUCTION
The current research aiming to collect and mobile device forensic issues associated with a
Proposed new network infrastructure to be implemented at Bradford Hospital, In Perth(WA). The
hospital has accommodation of 600 beds with 50 in-charge administration employees and 3 IT in-charge
employees. The employees of the hospital are showing their continual expression of interest in building
a new network infrastructure which allows them to connect various wireless devices such as
smartphones, tablets, storage devices, laptops and their devices. The employees are aiming to make the
most out of the proposed network infrastructure such as managing patient data, uploading records and
review patient files on the go. This kind of network known as Bring Your Own Device (BYOD). The
existing network and infrastructure do not allow this type of activity.
The hospital’s existing operational environment is based on manual and on paper record keeping
system. Hence, the proposed changeover would require the hospital to invest a certain amount in new
infrastructure and hospital will need new maintenance agreements, usage policies, some devices to be
bought. Moreover this, Bradford hospital will also need to hire personnel to provide training to the
existing staff.
On the off chance, if executed, this new system enables staff to coordinate with their smartphones and
other wireless devices; permitting them with an advanced facility to manage and upload patient data
and retrieve specific patient data if needed. An additional advantage is that it will staff to take their
smart devices home to provide further adaptability with their workplace.
Overall, the proposed network and infrastructure has the potential to offer the staff flexibility,
technically more logical solution to access patient records and produce required reports on time. The
proposed system will allow Bradford hospital to reduce hardware and maintenance costs in the long
term.
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
3 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
BOYD IMPLEMENTATION REQUIREMENTS
The proposed system from this report is to continue with the improvement of another system
simultaneously, permitting Bring Your Own Device (BYOD) devices at the hospital, with certain
conditions. BOYD will be permitted with following conditions:
1. The hospital should purchase all the wireless devices and network infrastructure devices from the
certified vendor. The network should allow staff to connect specific models of smartphones, tablet
and workplace telephones which can be forensically certified.
2. The involvement of a third-party vendor who is responsible and trusted to download with digital
signatures. The device diagnoses reports should be continuously monitored by the network
administrator.
3. The software and procedures used by the hospital should not be operable on staff's devices. Every
device which connects to the hospital's network must be handled safely. Exchange of patient data must
be logged in a centralised storage device to ensure the integrity of evidence, and it must be kept
confidential.
4. detailed documented and implemented BOYD policy must be in place, and all staff using devices
connected to proposed network structure need to accept BOYD policy prior connecting any devices.
5. essentially the training should be provided for the network administrators and security staff to ensure
all the risks are documented in this reports and mitigation strategies must be in place to address them to
the satisfactory level.
6. The implementation of a digital “workplace policy” to control operational restrictions that are
indulged on the hospital staff and making sure they are completely satisfying workplace procedures.
7. The periodical security checks must be in place to ensure if the wireless device like smartphones,
tablets, laptops are updated to latest security patches including software updates. The devices must not
be disconnected from the network until and unless the update or security issue is rectified.
8. Device ownership documents should be signed off by the staff members to ensure that no illegal
activities carried out on hospital’s network.
All in all, the most significant risk to the hospitals confidential is data loss or leakage carried out; if a
device is lost or stolen. With keeping in mind, the fact that technical devices come along with the
security risks; this report will provide useful recommendations to reduce these risks in a significant
manner.
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
4 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
KEY REQUIREMENTS AND WEIGHTINGS
While investigating the given case, each requirement identified will have a weighting which will grade
the Wireless Intrusion Detection Systems/Wireless Intrusion Prevention system risk to the Bradford
hospital. The major requirements are:
1. The network design is the most essential thing in accordance to implement IDS/IPS. Intrusion
prevention and detection system should be placed at a proper location to monitor all the network traffic
without fail.
2. Any wireless device connected to the hospital network should be with a specified make and model
and from the certified vendor. Equipment should be compatible with forensic testing.
3. The device traffic should be continuously monitored, and network attacks should be documented and
in line with IDS/IPS Policies.
4. Legal agreements and policies implemented on these devices such as BOYD Policy should ensure
the device can be remotely wiped; if they are lost or stolen. The Bradford hospital should have the
should have rights to retrieve and analyse data, while ensuring the staff member’s privacy is
maintained.
5. A firewall Policy will be needed to filter specific data traffic.
6. The school must maintain a secure environment. IDS/IPS instruments should be placed in location
so incoming and outgoing network traffic easily monitored by the network administrator.
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
5 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
REQUIREMENT 1: IDS/IPS AND NETWORK DESIGN
INTRODUCTION TO IDS/IPS
Intrusion detection is the way toward monitoring the activities happening in your network and analysing
them for indications of conceivable incidents, infringement, or imminent threats to your security
framework. Intrusion prevention is the way toward performing intrusion detection and afterwards
halting the detected incidents. These security scenarios are accessible as intrusion detection system
(IDS) and intrusion prevention system (IPS), which turn out to be a piece of your network to recognise
and stop potential security threats. (Juniper Networks, n.d.)
PROBLEMS IDS/IPS ADDRESS
A standard business network has a few wireless access points to different networks, both public and
private. The challenge is keeping up the security of these networks while keeping them open to their
employees and other users (Juniper Networks, n.d.). In current cases, assaults are sophisticated to the
point that they can obstruct the best security systems, particularly those that still work under the
presumption that systems can be secured by encryption or firewalls. Lamentably, those technologies
alone are not adequate to counter the present attacks.
STANDARD IDS/IPS INSTALLATION IN A NETWORK
WHY TO IMPLEMENT IDS/IPS?
Intrusion detection system (IDS) and intrusion prevention system (IPS) continually watch your system,
recognizing conceivable incidents and logging information about users, halting the incidents, and
reporting them to network security administrator. Furthermore, several networks utilise IDS/IPS for
recognizing issues with security policies and preventing attackers from violating security policies.
IDS/IPS have turned into a vital component of the security networks of most workplaces, correctly
because they can stop attackers while they are retrieving information from the networks (Juniper
Networks, n.d.).
FIGURE 1: IPS/IDS INSTALLATION IN A NETWORK (Juniper Networks, n.d.)
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
6 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
HOW IDS/IPS WORK?
There are three IDS recognition procedures are ordinarily used to recognize incidents.
Signature-Based Detection looks at signature against observed incidents to distinguish conceivable
incidents. This is the very basic detection strategy since it looks at just the present unit of activity. Such
as a log entry or a packet using string correlation tasks. (Juniper Networks, n.d.)
Anomaly-Based Detection compares and observes what is viewed as the ordinary incident with
monitored events to distinguish critical deviations. This discovery strategy can be extremely powerful
at spotting already obscure threats. (Juniper Networks, n.d.)
Stateful Protocol Analysis looks at predetermined profiles of usually accepted definitions for protocol
activity against monitored incidents with a specific end goal to identify deviations. (Juniper Networks,
n.d.)
NETWORK DESIGN
Appropriate Network Management Model
Network design necessities are incorporated with proper components and outline segments (Soomro,
Shah and Ahmed, 2016). The network management model is required to include organisational parts
and reasonable use of network devices. Additionally, the security parts and risk mitigation policies are
another necessity too (Meyer et al., 2016). The network management model is designed as shown
underneath:
FIGURE 2: NETWORK MANAGEMENT MODEL (Source: Sim & Cho, 2016, pp. 1549)
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
7 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
Appropriate Network Design Consideration
According to the network management model, the planning is set up for two segmented networks. The
network management model is to be connected to system design for Bradford hospital. In these,
resources are designated to control and monitor control administration method of operation. The layers
are distinguished as operation, administration, and security alongside resources for administration
techniques (Harrison et al., 2016).
As given in the case study, the Bradford hospital is currently accommodating 600 beds and 53 total
employees including three in-charge of IT infrastructure. Hence, the intranet is going to be huge
regarding workplace machines and proposed BOYD. For such a large network; network segmentation
is a very considerable point.
Why Network Segmentation Needed?
At the point when separation of networks is required or if a device has reached its physical capacity,
the division is utilised. Fragmenting a LAN can extend the network, decrease contestation, isolate the
network issues, and enhance security.
▪ Extension of the network -- When the maximum physical capacity of a network has been over,
routers or switches can be added to implement new segments to allow new hosts onto the LAN (Tripod,
n.d.).
▪ Decreasing Congestion -- As the number devices or workstations on a single network increase, the
bandwidth requirement also increases. By segmenting the LAN, the network administrator can reduce
the number of hosts per network. If traffic consists of communications between devices on the same
segment, then bandwidth usage and requirement is Parallelly reduced (Tripod, n.d.).
▪ Separate network problems -- By dividing the network into smaller portions, the network
administrator can decrease the overflow of issues from one segment to the next. Hardware and software
failures are some of the challenges that can be reduced to affect smaller portions of the network (Tripod,
n.d.).
▪ Improve Security -- By utilising partitions, a network administrator can ensure that the internal
configuration of the network will not be accessible from an outside source. Privileged packets will only
be broadcasted on the subnet it originated from, not throughout the network (Tripod, n.d.).
FIGURE 3: NETWORK DESIGN BRADFORD HOSPITAL
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
8 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
REQUIREMENT 2: MONITORING NETWORK AND TRAFFIC ANALYSIS USING
IDS/IPS
In the process of interruption detection, we tend to centre around recognizing assaults and irregular
action. Nonetheless, another essential part of an entire intrusion detection system is basic network
observing and active investigation. Network monitoring gathers data on connections, while traffic
investigation enables us to perceive what services are being utilised on a network and to contrast them
against the incidents that we ought to see. This enables us to recognise unapproved network services
being utilized inside a network, and loopholes in network perimeter. By putting together network
monitoring and activity examination with other Intrusion detection methods, you can set up better
security. (Frederick, n.d.)
Network Monitoring
Keeping in mind the goal to perform basic network monitoring, one has to gather data on traffic at
different points inside the network. Although the individuals certainly need to focus on the network
perimeters, the individuals ought to look at purely internal traffic. On the off chance that the internal
hosts providing unapproved services to other internal hosts, the individuals will miss this traffic in case
they have a look outskirt of the network. Various tools, including sniffers and packet capture utilities
such as tcpdump and some IDS such as NFR Security's NID and Internet Security Systems (ISS's)
RealSecure can be utilized to collect the fitting information on activity (Frederick, n.d.).
When network admins are getting ready to gather information about network traffic, it's essential to get
just the basic required information. Unless it is a network with a low volume of traffic, attempting to
store the headers and contents of each data packet will be unreasonably asset concentrated.
Simultaneously, network admins can do traffic analysis basically by taking a look at handful attributes
of data packets and overlook the packets’ payloads inside and out. Afterwards, the network admin can
collect detailed information on specific network services or hosts that require complete examination.
An alert note on this - by overlooking payloads, the network administrator will be not able to check that
the interchanges happening on that port match the normal network services. For instance, a trojan could
utilize TCP port 21, influencing it to show up during the examination that happening on FTP (Frederick,
n.d.).
In most environments, you will want to focus your analysis on TCP, UDP and ICMP traffic. Of course,
you may also be interested in identifying protocols other than these that are in use on your network. But
for the sake of our discussion, we will stick to these three protocols, as we are primarily interested in
what TCP and UDP-based services are being used (Frederick, n.d.). The most fundamental elements
you should examine during traffic analysis are:
• Source and destination IP addresses.
• For TCP or UDP traffic, the source and destination ports.
• For ICMP traffic, only the contents of Destination Unreachable (ICMP type 3) messages. These
will be useful in identifying failed and blocked connection attempts.
In several environments, the network administrator will need to concentrate your investigation on TCP,
UDP and ICMP activity. The most basic elements the network administrator should check during traffic
analysis are:
• Source and destination IP addresses.
• For TCP or UDP activity, the source and destination ports.
• For ICMP traffic, just the content of Destination Unreachable (ICMP type 3) messages. These
will be helpful in distinguishing fizzled and blocked connection attempts.
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
9 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
Contingent upon what tools network admin have used and in what sort of environment, network admin
might have the capacity to capture data on TCP traffic by data packets or by the connection. But in
some instances, network admins would prefer to do both. By keeping an eye on TCP connections, they
will see what activity is being allowed. Nevertheless, if the network administrators look at only
successful connections, they are missing valuable information on denied connections. Capturing
information on TCP packets and questioning it to uncover unsuccessful connections (those that do not
have the full TCP three-way handshake), and also analysing the contents of ICMP Destination
Unreachable messages, can give extra significant information regarding analysis. (Frederick, n.d.)
There are four unique kinds of TCP activities a network admin ought to consider:
• Successful connection: three-way handshake is finished successfully.
• Fizzled connections: clients get no response to a connection attempt. The client does several
attempts with a little time gap between each attempt.
• Blocked connections: client gets a negative response to a connection attempt, for instance, a
TCP RST packet or an ICMP is not reachable or port not reachable packet.
• Aborted connection: three-way handshake is begun yet never finished.
Traffic Analysis
Once network admin has gathered data from a specific point on the network for a timeframe, the genuine
fun starts - performing traffic investigation on the information. Network admin should approach this
distinctively relying on what kind of environment is provided. On the off chance that administrator
allows everything that isn't explicitly denied, at that point administrator should search for those things
that are not explicitly denied. Obviously, several cases, no single individual will comprehend what
activity is extremely illegal, especially on a server-by-server or host-by-host environments. In those
cases, the most significant approach might be to make a report that demonstrates a wide range of
activities is happening; then consult that with the appropriate individuals to figure out which activity is
unauthorised (Frederick, n.d.).
There are a several ways in that the administrator takes a look the information. One way is that
administrator can utilize the information is to find port scans and host scans against the internal network
hosts, especially those that may happen over a long interval of time. This should be performed by sorting
the information by the client and then look at the number of ports contacted. Those ports or servers
most astounding qualities ought to be researched further to clarify the activity on the network. When
utilizing information for this reason or other reasons, the administrator does not have the absolute
capacity to see everything manually. Rather, they should put the information into a database and utilize
query to do the to generate certain reports.
One real fact is that it is always a headache to cop up with UDP packets. Since UDP is connectionless,
it is frequently unclear which host is the server and which is the client. The administrator can attempt
to query the information with a purpose to discover which host had sent the first UDP packet to the
next. However this might be troublesome, and it will end up with some false outcomes since it will miss
the packetssent before the observation started. The administrator can achieve better outcomes by sorting
information by the source host and by destination. If administrator discovers a host that dependably
utilizes the same UDP port number when communicating with other hosts, it's a genuinely sure thing
that it's going about as a server. Network admin will have to demonstrate in their database which entries
are the client to server and which are the server to client (Frederick, n.d.).
When the network administrator thinks of to start with traffic analysis; there are several ways in which
it can be carried out:
• External client and internal server.in most cases, the source addresses and ports are not relevant;
all network admin will need to analyse at first is the destination addresses and ports (Frederick,
n.d.).
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
10 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
• Internal client and internal server. However, the administrator set to focus on the destination
addresses and ports, source addresses may likewise be very essential (Frederick, n.d.).
• Internal client and the external server. On the off chance that active connections are unhindered
in the specified environment, the administrator can avoid this information when carrying out
their investigation. On the off chance that active connections are confined, they will presumably
need to concentrate most on the destination ports.
Further Remediation after traffic analysis
When network administrator verifies such suspicious or unauthorised activity is happeningclearly, they
will need to decide why the activity is happening. They might need to utilize the first traffic logs to get
more data including the services and the host using it. On the off chance that if the perimeter allowing
traffic through that they shouldn't, the administrator will need to audit firewall rules sets, router ACL's
and so forth. On the off chance that hosts are giving unauthorised services, the administrator needs to
check those hosts for misconfiguration or indications of trade-off, contingent upon the circumstance
(Frederick, n.d.).
Considering the aftereffects of the traffic examination and followed up investigations, admin should
configure IDS sensors. This may incorporate things, such as,
• Cautioning on traffic from the internal host that utilization illegal addresses
• Cautioning when a host uses or attempts to utilize an unauthorised service
• Cautioning when a host attempts to connect with specific internal or external hosts
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
11 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
REQUIREMENT 3: LEGEL POLICIES AND STANDARDS
When implementing BOYD environment in the Bradford hospital, it is much clearer that expansion of
facilities will head to the expansion of unwanted security risks as well. There are certain legal standards
and policies will be needed to control how users can interact with the proposed network. Bradford
Hospital needs to design unique firewall policy and IDS policy as well.
Bradford Hospital’s Firewall Policy
PURPOSE:
Firewalls are an essential component of the Bradford Hospital. Firewalls are defined as alarm systems
that control and restrict network connectivity and network services. Firewalls implement a control point
where access controls may be enforced. Connectivity determines which machines are permitted to
exchange information. A service is something that, and it refers to the way for information transferred
through a firewall. For Example, services include file transfer protocol (FTP), web browsing (HTTP),
Mail Relay Server(SMTP), Remote Access(VPN) and MS-Exchange Servers. This policy indicates the
necessary rules regarding the management and maintenance of firewalls at Bradford Hospital, and it
applies to all firewalls owned, rented, leased, or otherwise controlled by Bradford Hospital employees
(Texas Wesleyan Firewall Policy, 2011).
SCOPE:
This policy applies to all firewalls on Bradford Hospital networks, whether managed by employees or
by third parties from the branch office. Departures from this policy will be allowed only if approved in
advance and writing by the Network Administrator of Bradford Hospital. In some instances, devices
such as proxy servers or UTM may be functioning as firewalls when they are not officially known as
firewalls. All Bradford Hospital is playing the role of firewalls, whether or not they are officially called
firewalls, and they must be managed according to the rules defined in this policy. At some occasions,
this will require that these devices be upgraded so that they support the minimum functionality defined
in this policy (Texas Wesleyan Firewall Policy, 2011).
REQUIREMENT SPECIFICATION:
• Required Documentation - before the deployment of every Bradford Hospital firewall, a network
diagram of allowed paths with a defence for each, and a depiction of qualified services accompanied by
an explanation for each must be submitted to the Network Administrator of Bradford Hospital.
Permission to allow such paths and services will be granted by the Bradford Hospital Network
Administrator just when these ways or administrations are essential for critical business reasons, and
viable safety efforts will reliably go with. The conformance of real firewall actualizes to the
documentation will be intermittently checked by the Security Engineer. Any progressions to ways or
administrations must experience this same procedure as portrayed underneath.
• Default to Denial -Bradford Hospital firewalls must obstruct each association way and administration
that is not particularly allowed by this approach and supporting reports issued by the Network
Administration division. The rundown of as of now endorsed ways and administrations must be reported
and appropriated to all framework heads with a need to know by Bradford Hospital Network
Administration Department. An inventory of all access paths into and out of Bradford Hospital internal
networks must be maintained by the Bradford Hospital Network Administration Department.
• Connections Between Machines - Real-time connections between two or more Bradford Hospital
must not be established or enabled unless the Bradford Hospital Network Administration Department
has determined that such connections will not unduly jeopardise network security and confidentiality.
Much of the time, firewalls or comparative middle frameworks must be utilised. This prerequisite
applies regardless of what the innovation utilised, including remote associations, microwave joins, link
modems, incorporated administrations advanced system lines, and computerised supporter line
associations. Any association between any-house Bradford Hospital and any external computer system,
or any external computer network or service provider, must be approved in advance by the Bradford
Hospital Network Administration Department.
• Regular Testing - Because firewalls provide such an important control of security measure for
Bradford Hospital networks, their strength and appropriate configuration must be checked on a regular
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
12 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
interval. Where merchant programming underpins it, this testing must incorporate the utilisation of
programming operators that naturally check to decide if firewalls stay arranged and running in a way
that is steady with both Bradford Hospital security policies and the Bradford Hospital’s architectural
plan. This testing procedure must incorporate thought of characterised arrangement parameters,
empowered administrations, allowed network paths, current regulatory practices, and ampleness of the
sent safety efforts. These tests must include the normal execution of powerlessness distinguishing proof
programming and the consistent execution of infiltration tests. These tests must be executed by
technically proficient persons, either in the Bradford Hospital Network Administration Department or
working for an outsider contractual worker. Those in charge of either the organisation or administration
of the included firewalls must not play out these tests.
• Logs - All progressions to firewall setup parameters, authorities and allowed network ways must be
logged. All suspicious action that may be an indication of either unauthorised usage or an attempt to
compromise security measures also must be logged. The integrity of this records must be ensured with
checksums, computerised marks, encryption, or equal measures. These logs must be immediately
expelled from the recording frameworks and put away in a physically secured holder for no less than
six months after the time they were recorded. These logs must be surveyed intermittently to guarantee
that the firewalls are working safely.
• Intrusion Detection - All Bradford Hospital firewalls must include intrusion detection systems
approved by the Bradford Hospital Network Administration Department. Each intrusion detection
systems must be set up according to the specifications defined by the Bradford Hospital Network
Administration Department. Among other significant problems, these intrusion detection systems must
detect unauthorised changes to firewall system files and detect DoS attacks in progress. Such intrusion
detection systems must also continuously notify by Network Administrator that is in a position to take
appropriate action. Technical staff working on firewalls must be accompanied by remote access systems
and rights so that they can respond to these incidents even when they are physically removed from the
firewall.
• Contingency Planning - Technical staff working on firewalls must prepare and obtain Bradford
Hospital Administration Department approval for contingency plans that address the appropriate actions
to be taken in the event of different problems including system compromise, system crash, system
overload, and Internet service provider unavailability. These contingency plans must be kept current to
reflect changes in the Bradford Hospital systems. These plans must be tested at regular intervals to
ensure that they will be effective in restoring a secure and flexible networking environment.
• Out-Bound Connections - All in-bound real-time Internet connections to Bradford Hospital internal
networks or multi-user computer systems must go through a firewall before users can reach a logon
banner. Aside from personal computers that access the Internet on an outbound single user session-bysession dial-up basis, no Bradford Hospital system may be attached to the Internet unless a firewall
secures it. The computer systems requiring firewall protection include web servers, Antivirus servers,
VPN servers, MS-Exchange and mail servers. All personal computers with a cable modem connectivity
must employ a firewall approved by the Bradford Hospital Network Administration Department.
Wherever a firewall supports it, logon screens must be notified indicating that the system may be
accessed only by authorised users, users who log on represent that they are authorised to do so,
unauthorised system usage or abuse is subject to disciplinary action including criminal prosecution, and
system usage will be monitored and logged.
• Extended User Authentication - Inbound traffic, except Internet electronic mail, regular news
distributions, and push broadcasts previously approved by the Bradford Hospital Network
Administration Department, that access Bradford Hospital networks through a firewall must in all
events involve extended user authentication measures approved by the Bradford Hospital Network
Administration Department.
• Virtual Private Networks - To prevent unauthorised disclosure of sensitive and valuable information,
all inbound traffic, except Internet mail, approved news services, and push broadcasts, that accesses
Bradford Hospital networks must be encrypted with the products approved by the Bradford Hospital
Network Administration Department. These connections are often called virtual private networks
(VPNs) (Texas Wesleyan Firewall Policy, 2011). The VPNs permissible on Bradford Hospital networks
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
13 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
combine extended user authentication functionality with communications encryption functionality
[https:\\uconnect.bradfordhospital.com.au].
•Firewall Access Mechanisms - All Bradford Hospital firewalls must have strong passwords or other
access control techniques. The same password or access control mechanism must not be used on more
than one firewall. Whenever supported by the involved firewall suppliers, those who administer
Bradford Hospital firewalls must have their identity validated through extended user authentication
mechanisms. In particular high-security environments designated by the Bradford Hospital Network
Administration Department, such as the Bradford Hospital Internet website, remote access for firewall
administrators is prohibited. All firewall administration actions must take place in person and on site.
• Firewall Access Rights - Privileges to modify the functionality, connectivity, and functionality
supported by firewalls must be restricted to a few technically-trained people with a business need for
these same rights. Unless permission from the Bradford Hospital Network Administration Department
has been obtained, these rights must be granted only to personnel who are full-time permanent
employees of Bradford Hospital, and not to any casual, contractors, consultants, or outsourcing staff.
All firewalls must consist at least two staff person who is adequately trained to make changes, as and
when required. Such training includes periodic refresher training program or conference attendance to
permit these officials to stay up to date with the latest progressions in firewall technology and firewall
operations. Care must be taken to schedule out-of-town holidays so that at least one person capable of
administering the firewall is readily available at all times.
• Secured VLANS - Portions of the Bradford Hospital internal network that includes sensitive or
valuable information, such as the devices used by the HR department, should employ a secured VLANs.
Access to this and other subnets should be restricted with firewalls and other access control measures.
Based on periodic risk assessments, the Bradford Hospital Network Administration Department will
deploy the secured subnets required in the Information Structure.
• Firewalls must protect demilitarised Zones - All Internet commerce servers including VPN servers,
Email Relay servers, Honeypot, MS-Exchange Server and Antivirus servers, and be located within a
demilitarised zone (DMZ), a subnet that is secured from the Internet by one or more firewalls. An
internal network, such as an intranet, is also secured from the DMZ subnet by one or more firewalls.
• Network Management Systems - Firewalls must be programmed so that they are accessible to
internal network management systems. Firewalls also must be programmed so that they permit the use
of remote automatic auditing tools to be used by authorised Bradford Hospital staff members. Unless
deliberately intended as a test, such automated verification tools must not execute a response sequence
via firewall-connected IDS.
• Disclosure of Private Network Information - The internal system addresses, configurations,
products deployed, and related system design information for Bradford Hospital networked computer
systems must be restricted such that both systems and users outside the Bradford Hospital internal
network cannot gain this information.
• Secure Backup - Current offline backup copies of firewall setup files, connectivity privileges files,
firewall systems administration procedural records, and related files must be kept nearby the firewall at
all times. An available alternative to offline copies involves online encrypted versions of these same
files. Where systems software allows it, the automatic re-establishment of approved copies of these
systems files must proceed whenever an unauthorised modification to these files has been detected.
• Virus Screening and Content Screening - Virus screening software approved by the Bradford
Hospital Network Administration department must be installed and enabled on all Bradford Hospital
firewalls. Because the files passing through a firewall may be encrypted or compressed, firewall based
virus detection systems may not detect all virus-infected files. For this reason, virus screening software
is also required at all Bradford Hospital mail servers, VPN servers, MS-Exchange Servers and desktop
PCs. Both content filtering software and programs that block users from accessing certain non-business
websites must also be enabled on all Bradford Hospital firewalls.
• Firewall Dedicated Utility - Firewalls must run on Separate machines that perform no other services,
such as acting as a mail server. Sensitive or critical Bradford Hospital information must never be kept
on a firewall. Such information may be stored in buffers as it passes via a firewall.
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
14 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
Bradford Hospital’s IDS/IPS Policy
Overview
This policy gives strategies to establish intrusion detection and security monitoring to protect resources
and data on the Bradford Hospital network. It provides guidelines for intrusion detection
implementation of the Bradford Hospital networks and hosts along with associated roles and
responsibilities (Intrusion Detection Policy, n.d.).
Purpose
This policy is developed both to secure the confidentiality of any data that may be saved on the wireless
devices and to protect the Bradford Hospital network from being infected by any hostile software when
the mobile computer returns. This policy also considers wireless access (Intrusion Detection Policy,
n.d.).
Scope
This policy covers every host on the Bradford Hospital network and the entire data network including
every path that Bradford Hospital data may travel that is not on the internet. Paths covered by this policy
even include Bradford Hospital wireless networks. The other policy areas include additional security
needs of the organisational network and systems (Intrusion Detection Policy, n.d.).
Objectives
1. Increase the level of security by actively searching for signs of unauthorised intrusion.
2. Prevent or detect the confidentiality of organisational data on the network.
3. Preserve the integrity of Bradford Hospital’s organisational data on the network.
4. Prevent unauthorised use of Bradford Hospital systems.
5. Keep hosts and network resources accessible to authorised users.
6. Enhance security by detecting weaknesses in systems and network design in the early stage.
Requirements
1. All devices accessible from the Internet or by the other persons must operate Bradford Hospital
Network Administration approved active intrusion detection software during any time the public may
be able to execute the system.
2. All systems placed in the DMZ must run IT supported active intrusion detection software.
3. All host-based, and network-based IDS must be checked on a daily basis and their records reviewed.
4. All IDS logs must be kept for a minimum or 30 days.
Notifications
1. Any suspected intrusions, suspicious activity, or system unexplained erratic behaviour discovered by
Bradford Hospital Network administrators, users, officials or computer security personnel must be
reported to the organisational Bradford Hospital Network Administration Department within 1 hour.
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
15 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
REQUIREMENT 4: BOYD SECURITY RISKS AND MITIGATION STRATEGIES
Through this examination, various security threats have been distinguished including proof
accumulation using intrusion detection and prevention system. On the off chance that the security is
traded off at the Bradford Hospital, intrusion detection and prevention system will play a key
part in discovering what happened and how the security could have been counteracted. (Juniper
Networks, n.d.). This will show how the wireless devices can be compromised due to technical or legal
issues and that can lead to potential data loss.
A digital "group policy" is a powerful solution for guarantee the Bradford Hospital keeps up control of
all gadgets while keeping up their proof accumulation capacities. The policy will expel a portion of the
operational abilities from the owner of the device and guaranteeing compliance in line with the
Hospital’s BYOD Policy.
Losing a device while travelling overseas could make both lawful issues and difficulties the remote
execution of data of devices. Several country's cyber cells can download the data from devices and
misuse them for certain purposes. Hance, staff, ought to be banned from carrying work device while
travelling.
The work devices should not have allowed connecting to the public Wi-Fi. Public Wi-Fi usually more
utilised by the cyber attackers to carry out packet tracing. Public access points usually not secured with
perimeters.
Backup machines should be implanted within hospital networks, and all work devices are supposed to
back up at regular interval for data safety solutions.
To reduce certain BOYD Risks following consideration will be kept in mind.
• All wireless devices need to keep updated to latest firmware, application updates, security
patches updates and operating system updates.
• Every device in the hospital's network needs to follow and agree with BOYD Group Policy.
• No devices will be manipulated. For instance, not allowed to be rooted or jail broken.
• Every BOYD needs to follow and agree on hospitals Firewall and IDS/IPS Policies.
• No devices can connect publicly open networks.
• The Bradford Hospital’s Network Policies needs to review at regular interval.
• The user credentials will be changed every three months.
• IDS Traffic should be monitored constantly by the Network administrator.
• No devices are permitted to take outside the work premises except the personal gadgets.
• Any suspicious activities need to be reported to the Network Administrators ASAP.
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
16 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L
CONCLUSION
This report found that there are critical issues concerning the potential implementation of a
Bring Your Own Device (BYOD) and connecting it to the Bradford Hospital's Network. However, the
Hospital staff is to keen to utilise proposed network implementation in their daily workplace activities.
The most suitable solution that guarantees that Wireless Devices needs to be utilized inside the work
premises and an eye will be kept over them Using Network-Based IDS/IPS with the involvement of
strict firewall policies. The Bradford Hospital’s Network Admins Will make sure that the devices
available will follow IDS/IPS policies along with Hospital’s Firewall Policy.
Hospital’s Staff will go under specific training programme before their hands onto the proposed system.
This training programme will make sure that they will be able to take care of the devices and no
infringement proceeded to written policies.
While carrying out the whole case study, it is proven that advantages of BOYD in relevance to Intrusion
Prevention and detection system apparently outweighs disadvantages and keenness of Hospital staff
about Proposed Network Structure will lead the hospital to the techno-savvy enhancements.
REFERENCES
• Frederick, K. K. (n.d.). Network Monitoring for Intrusion Detection. Retrieved from
Symantec Connect: https://www.symantec.com/connect/articles/network-monitoringintrusion-detection
• Juniper Networks. (n.d.). What is IDS and IPS? Retrieved from Juniper Networks:
https://www.juniper.net/us/en/products-services/what-is/ids-ips/
• Tripod. (n.d.). LAN Segmentation. Retrieved from
http://netcert.tripod.com/ccna/internetworking/lanseg.html
• Soomro, Z.A., Shah, M.H. & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
• Meyer, A., Green, L., Faulk, C., Galla, S. & Meyer, A.M. (2016). Framework for Deploying a
Virtualized Computing Environment for Collaborative & Secure Data Analytics. eGEMs,
4(3).
• Harrison, I.J., Green, P.A., Farrell, T.A., Juffe‐Bignoli, D., Sáenz, L. & Vörösmarty, C.J.
(2016). Protected areas & freshwater provisioning: a global assessment of freshwater
provision, threats & management strategies to support human water security. Aquatic
Conservation: Marine & Freshwater Ecosystems, 26(S1), pp.103-120.
• Sim, J.H. & Cho, G. (2016). Construction of Port Logistics Security System based on the
Information Security Management System. International Information Institute (Tokyo).
Information, 19(5), p.1549.
• Intrusion Detection Policy. (n.d.). Retrieved from The Computer Technology Documentation
Project: http://www.comptechdoc.org/independent/security/policies/intrusion-detectionpolicy.html
• (2011, 12 14). Texas Wesleyan Firewall Policy. Texas: Texas Wesleyan University.
Retrieved from Texas Wesleyan University: https://txwes.edu/media/twu/contentassets/documents/it/policyprocedures/firewall-policy.pdf
CSI6218 WIRELESS AND MOBILE COMPUTING SECURITY CASE STUDY REPORT
17 | P a g e 1 0 4 1 2 1 3 5 - M O H I T P A T E L