Cyber Security Case Study Report
The majority of international goods transport is done by the sea route, which makes the management of shipping logistics an important part of the global businesses among which the case denotes a shipping corporation of considerable size and reach that makes the aspect of supply chain data management an important aspect of their business success. The number of the regional data centers contributing to the global supply chain is also high which makes the regional data centre security more important as a centralized infrastructure will be unable to assess regional factors (Stallings, 2006). Therefore, the regional data centres need to have their very own security infrastructure that would help in the protection of the data routed to the data centres from both port offices located across the respective regions. This fact was proven by the inadequacy of the current security measures and their vulnerability being exploited by a ransomware attack that was somewhat similar to that of the Petya that blocked access to the data for all users for a ransom of 500 bitcoins. It can be easily understood that the current protection and security systems employed by the company are lacking which is behind the main objective of the report that focuses on the current system vulnerabilities to prevent any future attacks of this type.
As a consultant hired by the ACME shipping company the first task for the risk assessment report would be to evaluate the current data management and transfer systems, which would be based on the personal evaluation of the framework and data architecture from both the administrative and internal users as well as the customers. This evaluation would be the foundation of the assessment of the risk present in the current architecture and identifying possible vulnerabilities that can be exploited for future cases that might affect the company performance and reputation and provide valid suggestions based on the possibilities of attack and the best way for combating and preventing those attacks. This includes several changes in the data management procedures employed by the company in current times and other regional security measures applied. The suitability of the current infrastructure framework from data management, efficiency and security aspects will, therefore, be the basis of the possible threat identification and preventive measures (Forouzan & Mukhopadhyay, 2011). Thus, any internal and external attack identification and prevention system is the basis of the risk assessment where the risk form each point of access or transfer will be evaluated separately for identification of risks and vulnerabilities and provide suggestions for the company in their global and regional operations in data centres port offices and sites.
The company ACME is a major player in the global container shipment with some stakes in the logistics and energy sector. The company has more than 70000 employees in over 100 countries with one port office at major seaports around the world that report to the regional offices through the secure virtual private network. These regional offices in turn report to the six data centres in Sydney, London, Frankfurt, Singapore, New York and Seattle that form the backbone of the communications systems used by the company. These data centres act as host for the different application that is scaled out via the public cloud.
Evaluation of current systems
While the data centres are interconnected through fibre optic, the regional offices transfer data via satellite connection. The data centres use Microsoft office servers and SQL databases to manage the connections. The security measures for the regional offices are erratic as some are protected by firewalls and IPS/IDS systems while the rest do not have any such protection. The orders, inventory, tracking functions are hosted by these data centres, which use cloud-based resources to access the data from different regional offices internally and externally by any client. The following diagram, therefore, can easily define the current system architecture of the company.
The first layer of the data sources consists of the branch or port offices located in the major seaports that update information over the VPN connecting them to the regional office. There are many different devices used for the daily operations of the port offices are the main source of raw data for the company which mostly use windows 7 system based computers and laptops as the computing devices for updating information for the shipping vessels reporting into the specific port. The use of the Network switches with 1 Gbps access port and 10 Gbps core ports are the main form of access to the communications system of the company. The locations also optionally use wireless access points for the information entry. The IP telephony is also used as most of the offices are provided with video room for both voice and video connections. A router manages the access to the VPN that connects the port office to the regional office. This is the basis of the delivery section of the above diagram. This also helps in defining the whole process of the information systems used in the case of the company.
Computing devices -
The current systems that are used can be divided into the several components that are central to the valuation and the first of the systems that need to be clearly defined are the computing devices used for the input of the data that have access to the VPN connecting them to the regional offices. The systems use windows operating system with the basic security protocols but they are not in any way evaluated to be judged fit for the inclusion of the system that needs to be specified by IPS/IDS for the individual devices that are allowed access to the logistics data stream. The factors like password protection identification of each device are not present in the system, which leave the system vulnerable to entry from one of the devices that can be used illegally or without the consent of the authorized user to access the databases. The updates for the system are also not made mandatory that might make them vulnerable to other threats through the same avenue.
Network devices and access ports-
The wireless access points used in the sites do not have any fixed security policy that would prevent any unauthorized user from accessing the system wirelessly which makes them prone to external threats even if the devices are secured. Moreover, the network switch used is not assigned any specific device identification aspect that would prevent the same from happening. The network router connecting the port offices to the regional offices do not mention any security also so the data entry or generating point of the system seems to be the main vulnerability of the port offices that can be exploited by an unscrupulous individual.
the data transfer and synchronization protocols used for the data centres are different from that of the data gathering aspect that is employed by the regional offices transferring data to the data centres for analysis and synchronization purposes. The data centers use wired optical fiber connection for the synchronization of the system's data for their supply chain that is more secure and reliable but the access to the database from the regional offices for bidirectional transfer and accessing of the data is based on satellite transmission that might give more versatility but it also compromises the security somewhat. Therefore, the data transfer and synchronization aspect of the information management infrastructure is more vulnerable at the lower levels concerning the transfer routes from port offices to data centres via the regional offices.
the access to the data is probably the most important source of the threat for the company as the logistics operations of the company is dependent highly on the information, which makes it an appealing target for cybersecurity risks. Any interruption of the IT infrastructure, therefore, has a high potential of affecting the company. The security measures at the data source (i.e. the port offices) are not standardized that makes the detection of any breach impossible and the same is true for the transfer route between e port offices and regional offices as the VPN is by no means a secure method of transfer of sensitive data (Stallings et al., 2012).
Use of cloud-
The use of public cloud for the applications together with the lack of standardized security measures implemented at the port and regional offices are another aspect of the system vulnerability for the company (Ren, Wang & Wang, 2012). The use of cloud is usually a secure method but that point of access being unsecured is the main reason behind the vulnerability in the system infrastructure. Therefore, at least one aspect needs to be made secure for the system to be secure from unauthorized access and tampering.
Findings from evaluation
The findings that can be understood from the above evaluation is based on the size of the organization and nature of the business that is dependent on real-time data management and access to the same data in a secure manner. Thus, the point of vulnerability of the architecture lies in the regional and port offices and their internal communication systems along with their data transfer channels with the data centres. The aspect of the management of the access point security through IPS/IDS is also a point of a possible security breach. The absence of a standardized and centralized data security at the port and regional offices are also responsible for the threat to the organization and the same makes it hard for detection of any possible breach within time to be effective in prevention of the data theft or in this specific case ransom of the data (Aguirre & Alonso2012).
The list of possible vulnerabilities of the current system is based on the evaluation are centred on the data management and security strategies that are implemented in the regional and port offices. There are several aspects of the vulnerabilities that can be exploited by any internal and external unauthorized users to compromise the system and affect the efficiency of the organization. The ransomware attack forced the company to shut down their information network globally to recoup the losses attained from the attack and prevent any further damage. The possible vulnerabilities of the system are listed below with short descript on the magnitude and scale of the impact.
The unsecured WIFI access points used in the port offices are one source of vulnerability that can be exploited by hackers to access the system. Moreover, as the requests will come to the server from an authorized access point of breach will not be detected in time to prevent unauthorized access or implementation of the failsafe measures for the protection of the central databases. The main vulnerability that is effective in this aspect is the default setting for the use of the default SSID that is standardized in a region. The use of the information also points to be considered as the password and default SSID makes the system easily identifiable to hackers. As there is no company policy for setting up the access point, there is no way of checking the vulnerability of the system at a port office and thus they are not protected equally, which makes them targets. While the secure SSID or encryption will not deter any determined attacks, it will make the job of the hacker considerably easier. There is no fixed WAP/WEP implemented in the networks used in the port offices, which make the physical location more vulnerable and threatens the whole information network (Wright & Cache, 2015). The WPA2 protocol is similarly seen as the current standard, which remains the most secure but then there is no provision for using them mandatorily in the organization. The planting f rouge access points within the boundary of a wifi network are also a possibility that would allow for unauthorized access to the system. This provides a long-term way for intrusion form a physical location and causes prolonged vulnerability issue. As a result, there needs to a strict company policy for setting up wireless access points at the port offices with clear instruction on the system that would allow for the network to be secure. (Wright & Cache, 2015)
Cloud storage applications
The cloud storage based application that is used by the ACME for accessing the data from across the globe is another vulnerability that can threaten the security of the company. Given the importance of data in the logistics selector, this seems to be one point of vulnerability that is less preventable because of the span of the organization (Subashini & Kavitha, 2011). The use of cloud Storage Company that is reputable with higher-level encryption is a deterrent for cybersecurity threats but it does not make the system invulnerable. The device access management system to the data in the area, which makes the system vulnerable in this case, as it is impossible to keep track of 70000 employees accessing the data across the globe. Thus, the managing the access and implementing security measures by authorization process makes the system more secure. The host-based antivirus effectiveness is also affected by the lack of any device usage policy and standardized security measures used in the port and regional offices. The offices and the employees, therefore, need to be regulated locally, which would make the cloud more secure (Takabi, Joshi & Ahn, 2010).
The antivirus that is used by the company is also host-based which makes the identification of the authorized devices more important. If the system is accessed through an unauthorized access point the detection of any malware is lessened because the antivirus would fail to recognize whether the device is authorized or not. Therefore, the recognition of the client system and defining their access limitation is important where one authorized device can be used to access information that indicates the vulnerability to an internal threat. Therefore, the client based registration for the antivirus and definition of the access level is essential to battling the insider threat (Kahate, 2013). It is seen that insider threat is much more significant than the outsider threat as the detection of the threat is harder and the system is compromised to a higher degree before the threat is detected. Client based verification and identification or lack thereof affect the security of the data thoroughly.
The VPN that is used by the company to transfer data from port offices to regional offices are another point of vulnerability of the system as the SSL encryption that is used by the offices for the VPN are not defined by the company policy. Many of the offices used SSLv3 protocol and SSLv2 protocol that are obsolete and can be easily used to find the IP of the users in the system that can be used to crack the network. The lack of SSL certificates is also another matter that makes the system vulnerable, which makes it easy for the setting up of a proxy server that, emulates the real one and collects the data (Perlman, Kaufman & Speciner, 2016).
insecure SHA-1 signatures used in the VPN, 1024-bit keys for their RSA certificates makes them both noncompliant with current standards and thus leaves them vulnerable to external threats through these vulnerabilities. The server management aspect of the VPN also is a point of vulnerability as the use of OpenSSL (e.g. Fortinet), are still vulnerable to threats. The lack of compliance with PCI DSS requirements and NIST guidelines that form the basic benchmark for the security of VPNs also affects the client payment data and personal information at risk (Rhodes-Ousley, 2013).
Recommendations and Possible response
The following recommendations can be used in this case for the reduction of the vulnerabilities identified in the assessment of the network information system.
Antivirus- the current host-based antivirus is inadequate protection that is not able to identify single machines used to access the data and the authentication of the devices are not linked with eth antivirus because it does not have any component on the client system. Consequently, a integrates antivirus with client system component that would help identify the different authorized computers and allow them conditional and limited access to the internal applications of the network. This would improve the security of the database greatly.
Standard security policy-
the lack of standard authentication used in determining the access to the machines used in the regional and port offices make accessing the system easier to penetrate which would increase the internal threat to the database and network itself. Therefore, a standard security policy would benefit the organization greatly, which would not only allow all offices of the company to have the same level of protection that would make the individual offices with lacking security less of a target. The issue of outdated security certificates for the VPN and security protocols in wireless networks will be eliminated by the establishment of standard security measures in all of the ACME offices across the globe.
Authentication of access-
Device identification and will also be beneficial for the security of the servers and the database itself as the unauthorized access would be identified readily as the list of machines with defines access levels would need to pass this authentication test before accessing the system. This step, while limiting the accessibility somewhat would make the system more secure which is an acceptable payoff regarding the importance of the real-time data for running the logistics operations of the shipping company.
the device identification policy and authorization testing would provide a level of security that can only be successful by through monitoring. Hence, any access from unauthorized or listed machines would allow for immediate alarm that can greatly reduce the extent of any security breach and thus restrain the impact to a great degree that would allow for reduced impact in case of any such attacks (Tankard, 2011).
the updating of the systems should be made mandatory as it takes only one vulnerable access point to compromise the system security for the whole network. This includes the regular change in the SSID and password in the port offices and regional offices so that any rogue access point cannot be used indefinitely. This also doubles for the servers and antivirus as the problem of ransomware was the result of one such vulnerability resulting from a Microsoft system that is used in the network (Sharkh et al., 2013).
Cloud access and applications- cloud access and applications used in the global information network while providing more flexibility to the operations this leaves the system vulnerable because of the competency of the cloud storage systems used. The cloud storage should have high-level encryptions used along with an integrated authentication system that would allow the only certain level of access to each point and thus limiting the impact of any possible breaches in security (Chen & Zhao, 2012). The regulation of use, therefore, needs to be coordinated with the cloud storage company to increase the level of security.
Defining user access level-
using different access level for the different accounts like the client accounts for external users like the suppliers and recipients that manage the booking system along with tracking of payment and status of the container will be on a level that would limit the external threats. The standardized security policy and different levels of administrative access would help in the diminishing of internal threats.
the vulnerability assessment should be made a scheduled process for the network that would allow for the identification of the threats based on the current trends and guide the system update procedure (Tankard, 2011). This would also allow for identification of any possible threats and implement protective measures based on the system security status as indicated by the assessment.
the penetration tests are another way of making sure the network is secure from enterprising individuals and the company cannot achieve this internally. The best way to implement this security measure is announcing a bounty to any ethical hacker that could penetrate the system security and point out the vulnerability. This would keep constant stream penetration attempts that should lead to constant improvement of the network security.
the compliance report publication should also be implemented as standard procedures for each of the offices of the company as a way of enforcing the different changes in the security policy in all levels of the company. The different certifications standards and out of date protocol usage would be eliminated by the mandatory report that would be implantation of the above policies and changes in the network security for each of the locations.
The security measures outlined in the report based on the vulnerabilities identified by the system are more precautionary and protective measures capable to protect the company in the current scenario. However, this needs to be noted that no system is invulnerable so the periodic assessment and vigilance is the only way the system can be made truly secure (Stallings, 2007). Therefore, the enforcement of the security policies and standard protocols would yield the best result only if there are agreement and compliance from all levels of the organization and constant monitoring for the identification of new threats and detection of any breach and vulnerability in time.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your Order
Stallings, W. (2006). Cryptography and network security: principles and practices. Pearson Education India.
Stallings, W. (2007). Network security essentials: applications and standards. Pearson Education India.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.
Forouzan, B. A., & Mukhopadhyay, D. (2011). Cryptography and Network Security (Sie). McGraw-Hill Education.
Tankard, C. (2011). Advanced persistent threats and how to monitor and deter them. Network security, 2011(8), 16-19.
Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11.
Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security: principles and practice (pp. 978-0). Pearson Education.
Ren, K., Wang, C., & Wang, Q. (2012). Security challenges for the public cloud. IEEE Internet Computing, 16(1), 69-73.
Takabi, H., Joshi, J. B., & Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8(6), 24-31.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Rhodes-Ousley, M. (2013). Information security: the complete reference. McGraw Hill Education.
Aguirre, I., & Alonso, S. (2012). Improving the automation of security information management: A collaborative approach. IEEE Security & Privacy, 10(1), 55-59.
Sharkh, M. A., Jammal, M., Shami, A., & Ouda, A. (2013). Resource allocation in a network-based cloud computing environment: design challenges. IEEE Communications Magazine, 51(11), 46-52.
Wright, J., & Cache, J. (2015). Hacking exposed wireless: wireless security secrets & solutions. McGraw-Hill Education Group.