Prepared by: Dr. Ghassan Kbar XXXXXXXXXXModerated by: Dr Sihui (Sue) Zhou May 2019 Assessment Details and Submission Guidelines Trimester T1, 2019 Unit Code BN223 Unit Title Cyber Security Principles...

Topics: Security Consideration when segmenting a network Vulnerability assessment Securing the Network Topology using: Firewalls Penetration test & role of security team Access policies Monitoring System Access and Use Policy DOS Attacks Availability and Business Continuity


Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May 2019 Assessment Details and Submission Guidelines Trimester T1, 2019 Unit Code BN223 Unit Title Cyber Security Principles Assessment Author Dr Ghassan Kbar Assessment Type Group (of 2 or 3) (Assignment 2) Assessment Title Assignment 2 – Cyber Security Network Design and Assessment Unit Learning Outcomes covered in this assessment Students should be able to demonstrate their achievements in the following unit learning outcomes: a. Understand the Common Security Countermeasures b. Managing security programs, and design a secure Network Topology Weight 15% of Total Assessment Total Marks 100 Word limit See instructions Due Date Friday 31st May 2019 11:55PM Submission Guidelines  All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.  The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.  Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using APA or IEEE referencing style for School of Business and School of Information Technology and Engineering respectively. Extension  If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and- guidelines/specialconsiderationdeferment Academic Misconduct  Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute- publications/policies-procedures-and-guidelines/Plagiarism-Academic- Misconduct-Policy-Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description. http://www.mit.edu.au/about http://www.mit.edu.au/about http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure BN223 Cyber Security Principles Page 2 of total pages Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019 Assignment Description Tasks: There are two parts to this assignment, i.e. part A and part B. A. Write a review article for the topic described below. Note that final mark of part A would be affected by the presentation result of part B. This is to assure that students understand the work presented in part A. overall mark of part A could be deducted by 50% for poor presentation 90 marks B. Presentation (to present a maximum of 8 slides in 8 minutes) 10 marks Part A description: Topic - infrastructure can be limited to one location or, widely distributed, including branch locations and home offices. Access to the infrastructure enables the use of its resources. Infrastructure access controls include physical and logical network design, border devices, communication mechanisms, and host security settings. Because no system is perfect, access must be continually monitored; if suspicious activity is detected, a response must be initiated. Figure 1 shows the topology of a network that has not been properly segmented. The network topology consists of a Call center, a Branch, a Warehouse, and a Data center. BN223 Cyber Security Principles Page 3 of total pages Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019  The Call center shows two file servers, one application server, and a database server that is connected together directly and diagonally. The file server on the left is connected to two laptops and the file server on the right is connected to a telephone. The application server is connected to two servers on the right and left and to a switch.  The Branch consists of a file server that is connected to a laptop, telephone, and to a switch that is further connected to a credit card reader at the top and to a server on the right and to a database server at the bottom.  The Warehouse consists of a file server that is connected to a laptop and a telephone at the top, an application server at the bottom that is further connected to a database server at the bottom. The database server of the call center, branch, and the warehouse are connected to the two database servers of the data center.  The data centers are connected to two application servers directly and diagonally. The application servers are connected to two database servers at the bottom and to a firewall on the right that is further connected to a switch. The application servers are connected to the "POS Application" consisting of a set of two servers that are connected to each of the application servers. Each server is again connected to the "Identity and Authentication System" consisting of two application servers on the right and two servers on the left. The two application serves on the left and right are connected to two servers. The switch at the top is connected to a service provider that is further connected to acquiring banks. You need to cover the following topics Why Segment a Network? Working from the inside out, network segments include the following types:  Enclave network: A segment of an internal network that requires a higher degree of protection.  Trusted network (wired or wireless): The internal network that is accessible to authorized users.  Semi-trusted network, perimeter network, or DMZ: A network that is designed to be Internet accessible. Hosts such as web servers and email gateways are generally located in the DMZ.  Guest network (wired or wireless): A network that is specifically designed for use by visitors to connect to the Internet.  Untrusted network: A network outside your security controls. The Internet is an untrusted network. 1. Security Consideration when segmenting a network: a. Apply security measures to secure the access of internal network. BN223 Cyber Security Principles Page 4 of total pages Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019 b. Apply security measures to secure the access of external network. c. Apply security measures to secure the access of perimeter network. d. Apply security measures to secure the access of guest network. e. Apply security measures to secure the access of data sent over public network. Securing the Network Topology: The network topology in Figure 1 shows an enterprise that has a call center, a branch office, a warehouse, and a data center. The branch is a retail office where customers purchase their goods and the enterprise accepts credit cards. Users in the call center and the warehouse have access to the resources in the Branch office and vice versa. They also have access to resources in the data center. If any device is compromised, an attacker can pivot (or move laterally) in the network. 2. List all assets at the branch and call centre, and assess the vulnerability associated with these assets assuming that database server is based on SQL, and file servers and application servers are running at Window server platform. 3. You need to redesign this network by adding relevant Firewalls to allow the traffic from the credit card readers to communicate only with specific servers in the data center. Draw a diagram to show the location of the proposed firewalls and explain their roles. (Note you need to consider securing the access at different levels as described in network segmentation above) a. Firewall can be based on content filtering or other techniques. Explain the role of Content Filtering and Whitelisting/Blacklisting. Comment on which section (call centre, branch, and warehouse) this content firewall would be helpful. 4. Explain the role of Border Device Administration and Management that can be used to enhance the network security. 5. Different role of security team such as Blue, Red, and Purple can have impact of the network security. Creating a Request for RFP for Penetration Testing You have been asked to send out a red team penetration testing Request for Proposal (RFP) document. a) Explain what is often referred to as a “red team.” b) Explain the difference between a red team and a blue team. c) Find three companies to send the RFP to. Explain why you chose them. d) The selected vendor will potentially have access to your network. Describe the due diligence criteria that should be included in the vendor selection process. Select one of the companies from the previous step and find out as much as you can about them (for example, reputation, history, credentials). 6. Access Control: a. Explain the role of Border Device Security Access Control Policy b. Explain the remote access security policy. c. Develop a relevant User Access Control and Authorization Policy d. The following example Role-based access controls (RBACs) (also called “nondiscretionary controls”) are access permissions based on a specific role or function. Administrators grant access rights and permissions to roles. Users are then associated with a single role. There is no provision for assigning rights to a user or group account. Let’s take a look at the example illustrated in Figure 2 https://www.safaribooksonline.com/library/view/developing-cybersecurity-programs/9780134858623/ch09.xhtml#ch09fig02 BN223 Cyber Security Principles Page 5 of total pages Prepared by: Dr. Ghassan Kbar