Scenario Uxbridge College Information Systems Network Security Principles involve around key principles of Confidentiality, Integrity and Availability. Depending upon the application and context, one of these principles might be more important than the others. For example, a government agency would encrypt an electronically transmitted classified document to prevent an unauthorized person form reading its contents. Thus, confidentiality of the information is paramount. If an individual succeeds in breaking the encryption cipher and then re-transmits a modified encrypted version, the integrity of the message is compromised. On the other hand, an organization such as Amazon.com would be severely damaged if its network were out of commission for an extended period of time. Thus, availability is a key concern of such e-commerce companies. In this assignment you will consider Uxbridge College for security analysis. Task 1 As a member of the Network Security group in Uxbridge College, you have been asked to serve on the committee and evaluate the threats and vulnerabilities of the following: (P1.1) • Describe each of the following security threats then write a report about their impact on Uxbridge College as an FE educational institution and on teaching and learning • Adware • Virus • Worms • Spyware • Trojan • Rootkits • Backdoors • Logic bomb • Botnets • Man-in-the-middle • DDoS • Spoofing • Spam • Phishing • Spim • Spear phishing • Pharming • Malicious insider threat • DNS poisoning and ARP poisoning • Transitive access • Client-side attacks • Dumpster diving • Tailgating • Impersonation • Hoaxes • Whaling • Vishing • SQL injection • XML injection • Buffer overflow • Cookies and attachments • Session hijacking • Header manipulation • Known exploits Task 2 The management at Uxbridge College, with two campuses in Hayes and Uxbridge, recently purchased a new facility in Ealing. This purchase will have a serious impact on the network security and information services department and will include the following changes to the organization’s operation: 1. The Contractors will now be responsible for all information assurance. In the past, these responsibilities were done by the IT department. 2. All the organization’s data centres will be consolidated into one central facility in Uxbridge in an effort to save costs and improve information assurance. Discuss how to implement the above changes and the impact of the new network design on (P1.2) • Physical security threats in three campuses. • The roles of packet-filtering routers and firewalls • Show how Intrusion detection and prevention system can be implemented in Uxbridge College network to detect malicious activities • Data credibility. • Access to the internet and email security, vetting of staff for employment and Security policy. • Systems recovery, data recovery and legal proceedings. The purpose of a risk analysis is to identify the components of the network, evaluate the importance of each component, and then apply an appropriate level of security. Carry out a Qualitative or Quantitative risk analysis (list at least 16 risks) of the current Uxbridge College network, identify what needs to be secured and at what cost and what risk mitigation strategies you would use. (P1.3). Cloud computing has been credited with increasing competitiveness through cost reduction, greater flexibility, elasticity and optimal resource utilization. Explain in details supported by evidence, from current technologies available in the market and providers how cloud computing can be used to enhance the ability of Uxbridge College (as an educational institution) to achieve its business goals and what are the benefits, cost, risks and consequences. (D3.3) Task 3 Describe the impact of the following protocols and crypto method: GRE, VPN, RSA, IPSec, ISAKMP, DES, 3DES on Uxbridge College Security. Use the Cryptool utility to observe and record the result of using different cryptographic systems. Use Microsoft Notepad to create the following highlighted secret message. Record the results in the table below: “Network Security Principles should involve three key principles of Confidentiality, Integrity and Availability” Note: Save file as assignment 1.txt Cryptographic System Result MD5 SHA Hash AES DES 56-bit The selection and implementation of encryption systems in Uxbridge College is critical to the safe transmission and storage of sensitive information (P4.1). Draft security procedures for use throughout the college in all three campuses to protect students from network security threats. Then, discuss the best ways of protecting confidential data stored on the college database. Finally, what sort of workplace security issues should be covered by HR policies and why. (D1.4) Task 4 What is the difference between disaster recovery and business continuity planning? Assess the impact of data loss and service unavailability on Uxbridge College productivity (P4.3) and how the management can plan to minimise their affect and what resources are available and should be available to recover from them. (M3.3) Task 5 Creating a Security Policy (D3.5) In this task, you will create your own acceptable use policy (AUP) and include acceptable use of computer equipment, Internet, email, mobile devices, remote access and bring your own device (BYOD) in Uxbridge College to cover staff and students, ensuring reasonably few technical restrictions imposed on access Uxbridge College services. • Overview • Scope • Policy • Enforcement • Definitions • Revision History Unit 46: Networked Systems Security Assignment 1 Contextualised Grading Note: failure to complete a pass criterion will lead to failure of the entire unit. M1.3: failure to meet the deadline for handing in this assignment as stated in the front sheet means that you have failed to make an effective judgement in organising your time effectively and therefore the assignment basically will be marked only for pass criteria. As you know even if you meet all the merit criteria and all the distinction criteria, if you fail to meet M1.3 your assignment will only be judged on the pass criteria. Furthermore, if you consult resources to answer the above questions, you need to provide references using the Harvard system of referencing. M3.3: In Task 4, you need to use a range methods and presentation to explain how the management can plan to minimise the damage in case of a disaster. D1.4: You need to discuss the best ways of protecting confidential data stored on a hard disk and what sort of workplace security issues should be covered by HR policies and how these measures can improve the current security system. D3.3: In task 2 you need to explain how cloud computing can help and what are the risks. Here you need to use lateral thinking to get to your goals. D3.5: in task 5, you need to create a new AUP for Uxbridge College. BTEC L5 HND DIPLOMA IN COMPUTING AND SYSTEMS DEVELOPMENT Unit 46: Networked Systems Security Assessment guidance Outcomes To achieve a pass grade the evidence must show the learner is able to: To achieve a merit or distinction grade the evidence must show the learner is able to: Understand the impact on the social and commercial environment of network security design P1.1 evaluate a current system’s network security P1.2 discuss the potential impact of a proposed network design P1.3 discuss current and common threats and their impact M1.3 an effective approach to study and research has been applied Be able to design network security solutions P2.1 design a network security solution to meet a given specification M3.3 a range of methods of presentation have been used and technical language has been accurately used P2.2 evaluate design and analyse feedback Be able to implement network security solutions P3.1 using a design, implement
a complex network security solution D1.4 realistic improvements have been proposed against defined characteristics for success P3.2 systematically test the complex network security solution D3.3 convergent and lateral thinking have been applied P3.3 document and analyse test results D3.5 Innovation and creative thinking have been applied. Be able to manage network security solutions P4.1 manage a network security solution P4.2 analyse ongoing network security policies and practices P4.3 recommend potential change management