Task Description You are hired by Advanced Medicos Limited (AML), a healthcare product sell company, as a cyber security consultant to help in security management and to address the contemporary and...

1 answer below »
please I need the screenshots to be provide it using wireshark only



Task Description You are hired by Advanced Medicos Limited (AML), a healthcare product sell company, as a cyber security consultant to help in security management and to address the contemporary and emerging risks from the cyber threats the company is f Task Description You are hired by Advanced Medicos Limited (AML), a healthcare product sell company, as a cyber security consultant to help in security management and to address the contemporary and emerging risks from the cyber threats the company is facing. AML is providing a platform for Australian customers to sell their product online. The vision of the company is to be among the top 5 nation-wide. The board from the advice by Chief Information Officer (CIO) and Chief Information Security Officer (CISO) has concluded that they should get to point that the key services such as web portal should be able to recover from major incidents in less than 20 minutes while other services can be up and running in less than 1 hour. In case of a disaster, they should be able to have the Web portal and payroll system fully functional in less than 2 days. The company is a new company which is growing rapidly. While the company uses its database server to store the information of its customers’ private data, credit card info, etc. it has a poor designed network with a low level of security. As the company is responsible for the privacy and the security of customer personal info, credit card details, the security of payment transactions, etc. they have decided to improve their information security. Therefore, they have hired you to do the following task: Vulnerability assessment and Business Impact Analysis (BIA) exercise: 1. Perform vulnerability assessment and testing to assess a fictional business information system. 2. Perform BIA in the given scenario. 3. Communicate the results to the management. Existing IT infrastructure of AML: - Office 365 Emails Hosting - 2 Web server providing web services and payment options - A physical database server storing customer information - DHCP and DNS servers - Servers located in a server room accessible by all staff - There is no virtual/cloud storage - The backup files are stored on a single computer connected to the internal network - Two 24-port Cisco Catalyst switches (1Gbps ports) - Switches are access layer switches - ADSL router - 40 PCs with outdated antivirus - The operating systems used in the company are Windows 2012 server and Windows 10 - Windows Firewalls are on - No security configuration on routers and switches - Telnet connection is used by IT people to remotely check the configuration of the network devices. Therefore, there is no encryption in remote access. - Two wireless access points - Wireless security is WPA - 10 Voice over IP phones - Servers located in a server room accessible by all staff - There is no virtual/cloud storage - The backup files are stored on a single computer connected to the internal network - There are 40 staff including three IT people (IT staff are responsible to look after internet connection, network devices, Wi-Fi, Voice over IP service, LAN, computers, servers, hardware and software, and video conference facilities). - All staff and equipment are on a single floor. - The roles and responsibilities of people who are responsible for information security management are not clear and they are not documented. All IT staff help in information security management. For this assignment, you need to write a report to the CEO of the company and answer a number of questions. You should also identify assets, perform risk assessment, and propose solutions to mitigate risks. This assignment has several group questions. Therefore, you should make groups of two members in each. In each question, there are three roles, and each team member should choose one role and answer its question. i. Analyse the output information that you receive from a well-known scanner, Nmap. For this question, you are strongly encouraged to watch a recording that has been posted guiding you in this task. You should add a screenshot of the scan results in your submission. ii. Critically discuss how Wireshark software can be used in penetration testing to capture information about the company’s traffic. For this question, you can install Wireshark on your own laptop/pc (https://www.wireshark.org/download.html). Open a browser in your computer and capture TCP and HTTP traffic. Explain what types of information you have obtained from Wireshark. You should add a screenshot of the output. iii. Explain which security measures (including hardware and software) you intend to implement in AML company to mitigate existing risks (a firewall and an IDS are examples of security measures). For this question, you should submit a logical topology of your proposed network design. The design should show how the security measures are connected to the company’s network. In your network design, the servers should be publicly available to external users. Therefore, the servers’ zone should be separate from the internal network and computers. iv. Reflection for the task not more 300 words Security Policy Development& Risk Management Contents 31. Task 1: Security Policy Development and Risk Management 31.1. Access Control (AC) Policy 41.2. Types of Access Controls for AML 41.2.1. Role-based Access Control (RBAC) 41.2.2. Mandatory Access Control (MAC) 41.2.3. Discretionary Access Control (DAC) 51.3 Threat Control 51.3.1. SQL Injections attacks 51.3.2. Ransomware attacks 51.3.3. Trojan Virus Attacks 51.3.4. Phishing 51.3.5. Information Theft 51.4. Data Security Solution 51.4.1. Data in Use 61.4.2. Data in Motion 61.4.3. Data at Rest 61.5. Authentication 71.6. Single Sign-On Service 71.6.1. Security Assertions Markup Language (SAML) 2.0 protocol 71.7. Incident Response Vs. Disaster Recovery 81.7.1. Responsibilities- IRT / DRT 81.8. AML Incident Response Plan 91.8.1. Preparation 91.8.2. Identification 91.8.3. Containment 91.8.4. Eradication 101.8.5. Recovery 101.8.6. Lessons learned 101.9. Disasters & Recovery Phases 101.9.1. Five Disasters 101.9.1.1. Network Collapse 101.9.1.2. Incompatible Software Issue 101.9.1.3. Inadequate Staff Training 111.9.1.4. Equipment Malfunction 111.9.1.5. VoIP Resource Issue 111.9.2. Disaster Recovery Phases 111.9.2.1. Activation Phase 111.9.2.2. Execution Phase 111.9.2.3. Reconstitution Phase 111.10. MTD |RTO | RPO | Disaster Recovery |Business Continuity 132. Task 2: Security Policies 132.1. Backup Policy 132.2. Computer Use Policy 14References 1. Task 1: Security Policy Development and Risk Management 1.1. Access Control (AC) Policy The access control policy established the AML Enterprise Access Control for risk management of account management, access monitoring and enforcement, segregation of duties. This policy outlines best practices that the organization should implement for hardware and software security. The standards that will constitute AML policy are mentioned below. The organization is bound to this policy and shall be compliant to the standards documented. AC-1: Access Control Procedures- AML business system shall adhere to formal documentation that explains the responsibilities, roles, commitment from management, compliance and entities coordination AC-2: Account Management: AML business Systems should identify authorized users within the organization and specify the privileges. Access should be granted on the basis of valid authorization and associated business functions in coordination with the intention of system use. Accounts should be reviewed periodically. AC-3: Separation of Duties: Separate duties should be assigned to individuals to avoid malicious activities and collusion. Duties should be documented. AC-4: System Use Notification: AML business systems should consistently follow the standards, regulations and policies. A notification message for system approval should be displayed prior to granting access to the system. AC-5: Concurrent Session Control: AML systems should enforce a limit on the number of concurrent sessions to 10. AC-6: Session Lock: A session lock of 120Minutes should be initiated by AML systems over information asset. Lock should be retained until user is identified and authenticated before reestablishing the access. AC-7: Wireless Access: Usage restrictions and guidelines on implementation of wireless access should be established, unauthorized wireless access to the AML Database should be monitored and wireless access should be authorized before establishing database connection. AC-8: Publicly accessible Content: AML system should designate individuals to post publicly accessible content on AML’s system. The individuals should be trained to review and avoid posting non-public information. 1.2. Types of Access Controls for AML AML Company should consider the access control as the paramount feature to ensure system security. 1.2.1. Role-based Access Control (RBAC) This AC authorizes control over objects and is further established by grouping users according to their roles and responsibilities. They could be reassigned to other roles if required later without affecting the infrastructure of the AC. Being a healthcare company, the main functions of RBAC would include storing and exchanging healthcare product records, management of data using smart devices. This AC shall control overall costs and tremendous incentives n efficiency based on roles ensuring that the right person gets access to right information at the right time. It will enable disclosure of minimum necessary information needed to achieve an intended purpose. 1.2.2. Mandatory Access Control (MAC) This AC allows personnel to access the system resources only if they possess clearance of substantially high level. The product or customer information which falls under highly sensitive category are placed under MAC. The sensitivity labels over the type of information and resources helps the designated and authorized personnel to access relevant information according to their scope and profile in order to accomplish their tasks. Mandatory along with role based AC would work the best for AML company under given scenario. 1.2.3. Discretionary Access Control (DAC) DAC allows an individual to access any object or program within the system, granting the individual complete control over the resources. It can be helpful for internal working of the employees on the resources where least restriction is required for daily operations at AML. But this should also follow the AC policy as it comes with great responsibility expected from the authorized personnel to ensure that the system is not left vulnerable and the system security level settings and permissions are used responsibly. 1.3 Threat Control 1.3.1. SQL Injections attacks This attack can be controlled by using stored procedures and prepared statements within AML database. Principle of least privilege (PoLP) should be implemented on each account to ensure that each individual has access to minimum relevant information and resources while accomplishing the task specific to his role. 1.3.2. Ransomware
Answered Same DayMay 27, 2021

Answer To: Task Description You are hired by Advanced Medicos Limited (AML), a healthcare product sell company,...

Prasanta answered on May 31 2021
156 Votes
i. Analyse the output information that you receive from a well-known scanner, Nmap. For this question, you are strongly encouraged to watch a recording that has been posted guiding you in this task. You should add a screenshot of the scan results in your submission.
Solution

Test Domain
As a security officer in the organisation , I started a scanner tool namely Nmap which help me to find out the number of hosts connected in the subsequent network, find out the ports which are used and not used also detecting high security risks alert .

Observation- It has been observed that proper network Infrastructure is not defined and as a result many unnecessary ports are opened where there is possibility of vulnerability attack. Here Web portal and Payroll system both are not in high availability system. It shows when portal gets down due to natural disaster or any reason , there is no alternate availability zone or data center which can act as a fail over and our web portal, payroll system will up and functional in the disaster time. It has also been observed that customers private data, financial data like credit card information are stored in database not in a secured process which causes data leakage and critical security risk in the organisation. The process of online payment needs to be improved in secured way so that any kind of viral attack like Ddos, Trojan, etc should not be occured.
Entire network designed in the organisation are not properly maintained and not secured.
Gap Description- Web portal and Payroll system both are not having plan of disaster recovery. Customers private data, financial data are not properly and securely store in the database. Unnecessary ports are open while it capture through network scanner which causes chances of vulnerability attack on the network. No restrictions provided in the server room and as a...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here