Macros Computer Solutions is a company that specializes in the delivery of computer accessories to its clients. All the transactions are managed by a web application software which is hosted by the company. For smooth running of the company’s activities, the company set up a network which is made up the following: Cisco 1900 Series Router, Cyberoam Firewall, a server Computer, Telephony server, a Network Access Storage (NAS) for Backup, five switches and fifteen workstations.
The server computer runs on Windows Server 2012r2 and the most of the workstations run on Windows 10 Operating System while some use Windows 7. Most the computers are protected by Kaspersky Antivirus while a few use Smadav. All the workstations rely on the server for provision of services to the clients since the server computer hosts the web application used by the company.
The diagram below illustrates the Network architecture of the company.
(Aristarkus, et al., 2016)
Following a recent vulnerability scanning of the entire company’s network, the following are network vulnerabilities discovered:
The vulnerability scan showed that the router still uses the default manufacturer’s password posing a big security threat to the entire network. Furthermore, the wireless network provided uses weak passwords which may form loopholes to the entire system for attackers. Most of the user accounts are also protected by very weak passwords some of which are the default system generated passwords. Generally, the entire password protection mechanism of the network was found to be weak (Peltier, et al., 2017).
The network is powered by a low internet bandwidth making it difficult for users to access services. This makes the network slow thus poor performance and therefore poor service delivery to customers.
According to the vulnerability scan conducted, the web application was found to be prone to SQL injections. This puts the database at a very big risk of SQL injection and this may result to loss of data integrity or even loss of data, unauthorized access to user accounts and compromising of the entire company’s network.
The scan revealed that the communication between the system users and the system was not encrypted and thus not secure. The company web application runs on a Hypertext Transfer Protocol (HTTP) which is insecure. This puts the client’s communication with the sellers at risk of tapping into the communication and further access of customers confidential information (Abomhara & Køien, 2015).
The scan revealed use of outdated operating systems by the members connected to the Local Area Network. Use of outdated operating system gives room to attackers who use these loopholes to get into the network. Some members were using outdated versions of windows operating system such as Windows XP. Furthermore, there is no regular update of the antivirus software since the versions being used are outdated (Gheorghe, et al., 2017).
The scan revealed that the web application being used has bugs. Bugs were discovered in two areas; during authentication and authorization where poor algorithms were used to implement access control and as result some user privileges were not well controlled for example, a customer was able to delete a successful transaction from the system resulting to data loss and inaccurate sales reports.
Network devices security
The following measures should be put in place to ensure network devices security;
Without proper physical security to the routers, any malicious person can walk in the server room and perform password resets to the router. This will give the person full access to the entire network and therefore posing a high security threat (Carthern, et al., 2015).
Both the privilege mode and the login mode of the router should be properly secured with complex passwords to prevent changes to the configurations and initial access.
This ensures the correct time and date is captured by the router for log keeping.
This ensures quick configuration incase the router configurations are tempered with or wiped.
The company should the enforce the use of the Cyberoam Firewall. This should include preventing members who are directly connected to the LAN from accessing certain dangerous or malicious sites.
All the software should be updated including the operating systems being used on the workstations. Efficient antivirus software should also be used by all the computers on the network. This will help patching up possible loopholes in the system (Ciampa, 2014).
The following security practices should be adopted to ensure maximum service delivery and efficiency:
Since the use of simple username and password is not considered the best method for authentication, the implementation of the following practices within the company can help improve security of the systems and the network devices:
Setting complex passwords – Since short and simple passwords are easy to guess, system users must ensure that they set complex password by following the good password policy which entails having passwords with a minimal of eight characters with at least one uppercase character, one special character and one number.
Regular change of passwords – It is essential that the system users change their passwords regularly e.g. after every sixty to ninety days. This makes it difficult for the initially correctly guessed passwords to be used again.
Avoid use of default passwords – The network devices such as the router should have its password changed. This will make it difficult for attackers targeting to pull down the network.
The use of HTTPS instead of HTTP will offer the company the following advantages:
Regular software updates help to patch vulnerable points of the system making it more secure to use. Therefore, regular software updates should be encouraged by all the system users.
The principle of least privileges should be employed in the web application to ensure that the system users only access the limited and required system functions. This will improve the system security and ensure that the data integrity is maintained.
Since the system was prone to SQL Injections, the application developers should enforce the following to prevent SQL injections:
Validating user Input – The user inputs should be always be validated to check whether they meet the required conditions before being send to the database server. Validation may include checking whether the input data matches the database datatype, has the correct length etc (Beyah & Chang, 2018).
Keep database credentials separate and encrypted – Database credentials should be kept in a separate and encrypted file to avoid attackers from reaching it for the purpose of exploiting the system and accessing the confidential data residing on the database.
Increase Internet Bandwidth – The company should increase the internet bandwidth to avoid network traffics which often make the network slow (Conklin, et al., 2016).
Conclusion
In conclusion, having a secured network and communication system is one of the most precious move that any business enterprise whose operations are IT supported. It should be noted that billionaires are no longer found in goldmines nor real-estates but IT infrastructure is the thing which has the billionaires especially data handlers. This therefore implies that there must be tuft security measures to be put in place so as the data which is valued at billions be protected.
References
Abomhara, M. & Køien, G. M., 2015. Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks. Journal of Cyber Security, pp. 65-68.
Aristarkus, D. K., Palaniappan, S. & Purnshatman, T., 2016. Towards proposing network topology for improving performance. International Journal of Computer Networks and Communications Security, 4(9), pp. 1-6.
Beyah, R. & Chang, ., 2018. Security and Privacy in Communication Networks. Salmon Tower Building New York City: Springer.
Carthern, C., Wilson, . & Rivera, ., 2015. Cisco Networks: Engineers’ Handbook of Routing, Switching, and Security. 5th ed. New York City: Apress.
Ciampa, M., 2014. CompTIA Security+ Guide to Network Security Fundamentals. 3rd ed. Boston: Cengage Learning.
Conklin, W. A., White, . & Cothren, ., 2016. Principles of Computer Security. 4th ed. Pennsylvania Plaza New York City: McGraw Hill Professional.
Gheorghe, A., Tatar, . & -, . G., 2017. Strategic Cyber Defense: A Multidisciplinary Perspective. 3rd ed. Amsterdam: IOS Press.
Peltier, T. R., Peltier, . & Blackley, . A., 2017. Managing A Network Vulnerability Assessment. 4th ed. Leiden: CRC Press.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download