Networks and Cyber Security Essentials

Submission Method

All written assessments, where practical and possible, must be submitted via Turnitin unless otherwise instructed by the Lecturer. (Please DO NOT put this assessment specification into Turnitin or it will match many similarities with other students’ submissions.) Alternative submission method (if applicable): Late submission of the assessment will result in a late penalty mark. Penalties for late submission: Up to one week late, maximum mark of 40%. Over one week late, 0%.  Only the Extenuating Circumstances Panel may approve a change to submission dates.

TASK DESCRIPTION

Background:

Securing the network is one of the top priority in today’s business operations. Verizon’s 2020 data breach investigation report points out that 8% of breaches were due to misuse by authorized users, 22% breaches were caused by Social Attacks, 30% involved internal actors, 28% breaches involved small business victims, 58% of victims had personal data compromised. More details on the report could be found in the link here (https://www.verizon.com/business/resources/reports/dbir/).

The rate of cybercrime is always spiking up year after year despite taking many efforts by organizations, cybersecurity professionals and individuals in securing the network. Having given this background, you are asked to work on the problems based on the scenario given below and document reasonable solutions appropriately citing them to academic credible literatures, industry whitepapers, statistical data, cybersecurity reports etc.

Scenario:

Your friend Popeye wants to open a small “CANTEEN CAFÉ” nearby Quay place campus. Initially, his business had 6 Sales Executives, 2 Sales Heads and 1 Accounts Officer. Sales Executives were given limited access to the business applications. Business Applications includes anything which is associated to the food operations (not limited to stock maintenance, purchase orders, sales details, accounting software etc). Sales Heads were given privilege access to all the business applications involving stocks, purchases, and sales. Accounts Officer and Popeye had full access to all the business applications including stocks, purchases, sales, and accounting software.

Recently, Popeye appointed Wimpy as the Marketing Head (a new position) and asked him to increase the business income by 30% within a stipulated time. Full access to all business applications was given to Wimpy as his job demanded it. To promote the business, wimpy propose 20% discount to the university students and staff on all food orders. As one of Wimpy’s business tactics to attract more customers, he offered “Complimentary” Wi-Fi with high speed internet to all his customers. Wimpy was keen to increase the business income as it would impact his performance. However, he was not interested to spend/ invest more on infrastructure. Instead of segregating the network, he used the same network to run his business applications as well as to provide open Wi-Fi for his customers.

“Complimentary” Wi-Fi tactics worked well and it attracted a lot of customers; students, staff as well as public. It promoted the business and increased the business income. Popeye was very happy. As he sees a hike in the business income, he now wanted to reduce its operational cost. He decided to withdraw the Sales Head positions and asked Wimpy to look after the job responsibility of all Sales Heads. Wimpy took this additional responsibility. However, it was very difficult to manage the work of 2 Sales Heads. So, Wimpy decided to diversify his job responsibility to the Sales Executives. This forced Wimpy to give all Sales Executives full access to all business applications. Literally, at this point all the users of this business have full access to all the business applications.

Bluto, a competitor for Popeye’s business was closely watching the growth. He is not happy on Popeye’s exemplary growth. He is thinking to bring down Popeye’s business. He came to know about the Sales Head positions being withdrawn at Popeye’s cafe. He hires Jack, one of the Ex-Sales Head at Popeye’s cafe and Alice, a professional hacker. Bluto’s team worked out a plan and on a fine morning, they had all Popeye’s cafe important documents/ services encrypted with “.meds” file format. Popeye was shocked and was worried if it would impact his business. He wanted to sort it out as soon as possible. He now seeks help from you. Imagine yourself as a Security Consultant.

Task:

Analyse the situation, write solution for the tasks given and recommend reasonable and appropriate solution. Note that, your submission should be a proper security analysis report following IEEE report format and it is addressed to Popeye, the Owner of canteen cafe.  

1. Based on the above stated scenario, what are the possible security breaches could have led the network to this situation?

(Hint: Breaches could have happened due to Internal Actors, Disgruntled Employees, and

Phishing attacks etc. (not limited to))

Word Limit: 600 Words Structure:

Possible Security Breach 1: Internal Actors

Reason: In the above scenario, it was stated that there are users…..

Possible Security Breach 2: Internal Actors

Reason: In the above scenario, it was stated that there are users…..

There are no limit in identifying the number of breaches and briefing them. The more, the better.

For each type of security breach you identify and brief, in-text cite appropriate literatures/references.

2. Write a brief review on different types of threats, vulnerabilities and attacks to give an overview for Popeye to understand the importance of Cybersecurity. Add a brief note on “.meds” file format attack which infected Popeye’s canteen cafe.  

Word Limit: 800 Words Structure:

Threats:

What is a Threat?

Types of Threats.

Significance of threats in a Network.

(Not Limited to) Vulnerabilities:

What?

Why? How?

(Not Limited to) Attacks:

What?

Why? How?

(Not Limited to)

“.meds” file format attack What it is?

How it affects the operation?

Is there any possible methods to recover?

(Not Limited to)

There are no limit in briefing the number of threats, vulnerabilities, attacks and .meds file format.

The more, the better. For each type you brief, in-text cite appropriate literatures/references.

• Demonstrate Popeye, how security could be implemented in his network infrastructure. Word Limit: 100 Words

 Complete “Introduction to Packet Tracer” course from Cisco networking academy. (https://www.netacad.com/courses/packet-tracer/introduction-packet-tracer) and attach the Certificate of Completion and share your digital badge link to verify.

 Draw Physical and Logical Topology based on the scenario.

 Implement the Topology as stated above and assign IP addresses and other required configurations to the canteen cafe.

 Configure wireless connectivity to ensure that guest users could successfully connect to the network’s “Complimentary” Wi-Fi.

 Propose security devices which could be added to the network to secure the network.

• Draft a guideline for staff members, and customers to responsibly use their digital space. Word Limit: 500 Words

Report Requirements:

• The report should be 2000 words.
• The figures should be clear enough so that all the captions will be clearly readable.
• The report should be presented in an academic way (IEEE/ACM format)

Report format Example:

• Table of Contents (Word count not included)
• List of Figures/ Tables (Word count not included)
• Abstract (The abstract should be a brief summary of your entire work, like what you have done in this coursework. Recommendation: Your abstract should start with a couple of lines introducing your work and then the problem followed by the proposed solution and its outcome. Finally your conclusion) (Word count not included)
• Introduction (Give a background of your work) (Word count not included)
• Task 1 (Include appropriate and adequate research aspect/literature review focusing on the security breaches)
• Task 2 (Include appropriate and adequate research aspect/literature review focusing on threats, vulnerabilities and attacks)
• Task 3 (Include appropriate and adequate screenshots with description, Links for digital badges etc. If needed added annexures/ appendix to support your work. Make sure the completed packet tracer file should be attached separately)
• Task 4 (Include guidelines similar to security policy)
• Conclusion, recommendation and future work (From your findings what do you recommend, discuss or state these.  What can be done in the future to improve on your findings will be the future work). (Word count not included)
• References (Add all the references used in this report and make sure they are in-text citied) (Word count not included)
• Abbreviations (Add abbreviations for technical terms) (Word count not included)
• Annexures/ Appendix (If any) (Word count not included)