Network Security Threat Assessment and Mitigation Strategies for Enterprise Systems CYB4025

1. Analyzing the Current Security Threats and Risks of Anzaw Pty Ltd

Ans: To analyze the current security threats and risks that exist in the different topologies of the network in Anzaw Pty Ltd some of the general threats that should be considered include; This entails assessing different levels of the Network topography and deducing where in the architecture of the communication these vulnerabilities and threats can happen.

i. Weaknesses and risks based on the current configuration of the network topology

1. Public WAN Link to Brisbane Branch:

• Vulnerabilities: This external connection is directly accessible through the internet whereby it is open to threats like DDoS, unauthorized access, and interception of information transmitted (Iqbal et al., 2023).
• Threat: The relation could also expose the internal network to external dangers that would lead to unauthorized users access and more cases of posing threats to data security.
• Consequence: If affected, the internal network can be breached thus exposing the organization to embarrassing facts or even disrupting key services.

2. Firewall:

• Vulnerability: This vulnerability means that a firewall may have misconfigurations, as well as the rules used, may be old.
• Threat: According to them, the attackers are capable of using these openings to penetrate through the firewall and gain access to the internal network.
• Consequence: Access control to some parts of the network may be gained by unauthorized people hence leading to penetration of some of the vital systems as well as data.

3. Switches:

• Vulnerability: The lack of an effective network segmentation strategy results in such issues as broadcast storms or an enhanced path for a successful attacker.
• Threat: If an attacker got to a certain area or a certain segment of the network, it could easily compromise other segments due to lack of segmentation.
• Consequence: A violation in one part of the structure might put other sensitive frameworks in the organization at risk including the database server or devices in the DMZ.

4. Database Server:

• Vulnerability: The database server might have problems such as SQL injection vulnerability or poor encryption of information kept in the database.
• Threat: These vulnerabilities can in turn be used by the attackers to get into the database and retrieve unauthorized information and data (Iqbal et al., 2023).

Consequence: Leaking of sensitive customers or company information can lead to monetary loss, legal consequences, and harm to organizational image.

5. DMZ (Mail Server and Web Server):

Vulnerability: Computer servers or hosts in DMZ are open to internet connections and various threat types can be launched against it, for instance, XSS attacks, Buffer overflow attacks, or even brute force attacks.

• Threat: These vulnerabilities could be used by the attackers as an entry point in the DMZ and then can move further and get access to internal networks.

Consequence: A breach into the web server or mail server may result in interception or modification of sensitive information exchange or subsequent attack on internal resources.

6. Internal Devices (CEO, Design Team, Production Team, Network Engineer):

Vulnerability: These devices may have open weaknesses because of old software, bad passwords, or incorrect configuration.

Threat: Phishing attacks targeting these devices or malware that manages to get into them could grant attackers access to the network.

Consequence: Should be infiltrated, these devices may be employed in initiating malware, leaking, and/or, eradicating crucial information among other things.

ii. Consequences of Identified Vulnerabilities/Threats

Ans:

• Data Breaches: Possible negative consequences of noncompliance relating to unauthorized access, leakage of information which may cause data loss of intellectual properties, customer confidence, and legal implications.
• Service Disruption: These threats are aimed at network accessibility and potentially can harm the business, threaten revenues, and result in network vulnerability, such as during a ransomware attack (Koutras et al., 2020).
• Reputation Damage: Prominent leak of such incidents posepose a significant threat to the image of the firm hence affecting customers relations and market position in Anzaw Pty Ltd.
• Financial Loss: Full monetary loss from fraud, theft of information, or costs connected with recovering networks and systems after an intrusion.

2. Security Tools to Guard information systems

Ans: The organization should invest in security tools relevant to the protection of information systems; namely, authentication, access control, and cryptography.

i. Multi-Factor Authentication (MFA)

• Reason for Choosing: Compared to usernames and passwords, MFA puts extra layers to enhance user identification, such as code sent to mobile devices.
• Deployment and Integration: MFA should be implemented equally on all the access points starting from login interfaces for the CEO, Design Team, Production Team, Network Engineer as well as within the access to the servers in the DMZ and internal network. This has to be done according to the existing authentication means of these systems (Suleski et al., 2023).

Protection Offered: MFA helps to diminish the instances of an unauthorized login, even if the password is revealed to a hacker, they need the second factor to log in.

ii. Role-Based Access Control (RBAC)

• Reason for Choosing: RBAC, for its part, provides that only information, application, or resource that is essential in the performance of a users job description will be accessible to him.
• Deployment and Integration: RBAC should be adopted in the network by following the below steps; creating various roles of the users which include the CEO, the Design Team, the Production Team, and the Network Engineer among others then assigning specific permissions for each role. This should apply to all these systems and any application that is developed in the future to cater for service delivery.
• Protection Offered: Thus, by restricting users access based on their roles, RBAC does not allow all and sundry to gain access to important information, which in turn causes potential attackers to have limited access to the network.

iii. Security for the information exchanged between nodes or between nodes and application servers: Network traffic TLS/SSL; Data AES.

• Reason for Choosing: Encryption ensures that data intercepted is not intelligible to anyone who did not possess the appropriate decryption key hence ensuring the confidentiality of data (Koutras et al., 2020).
• Deployment and Integration: All traffic originating between the external and internal networks should be encrypted using TLS/SSL especially those that pertain to the mail server, web server and public WAN link. It is recommended that AES encryption be applied to the data which is critical and stored on the database server (Rescorla, 2023).
• Protection Offered: Encryption provides for data security since even if the data is intercepted, or accessed by unauthorized personnel, he or she cannot read or manipulate the data in any way he or she wants since he or she does not have the key.

3. Security Technologies and probing scanning tools

Ans: In managing its security more effectively and improving security of information assets, Anzaw Pty Ltd must employ an effective combination of security technologies, scanning and probing tools.

i. Network Vulnerability Scanners

• Reason for Choosing: The types of scanners available for network vulnerability scans are able to determine the weaknesses of the network environment, computers, servers and applications.
• Deployment and Integration: The vulnerability scanners should probably be run periodically to all the segments within the organizations internal network and the DMZ in addition to the WAN link connecting to the Brisbane branch. The scans should be able to run on its own and should be connected to the existing Infomration Security and Event Management systems (Rescorla, 2023).
• Best Practices Implementation: Performing scans from time to time aids in easy identification of flaws and weaknesses hence can easily be rectified to help increase the security of the network.

ii. Security Information and Event Management (SIEM) Systems

• Reason for Choosing: SIEM systems offer a centralized solution for the logging and monitoring of data concerning security occurrences and events, thus helping with the early identification of security breaches in the network (Vielberth, 2021).
• Deployment and Integration: The SIEM systems should be located at the strategic position that is in the middle of the network architecture to gather logs from firewalls, IDS/IPS, endpoint devices and systems, servers, and other systems. There are other security instruments such as Identity and Protection System, and vulnerability scanners that should be assimilated with firewalls (Vielberth, 2021).
• Best Practices Implementation: SIEM systems are helpful in terms of the best practices because they help to monitor and analyze security events in real time so that it is easy for security personnel to identify, investigate, and respond to security threats and breaches.

iii. [[3]][[7]] Endpoint Detection and Response (EDR) Tools

• Reason for Choosing: EDR tools solve the problem of extended discovery of threats, including APTs and malware, by offering sophisticated investigation and response capacities at the endpoint level.
• Deployment and Integration: EDR tools should be installed on all endpoints in the network including the CEOs computer, and his or her assistant computer, the Design Team computer and the Production Teams computer, the Network Engineers computer and any other computer in the network that can be attacked. Through filtering, they should be dealt with centrally and coordinated with the SIEM for awareness and detection.
• Best Practices Implementation: Implementation of best EDR tools assists in the monitoring of endpoint activities hence quick identification of threats and prevents further penetration within the system.

Are you struggling to keep up with the demands of your academic journey? Don't worry, we've got your back!
Exam Question Bank is your trusted partner in achieving academic excellence for all kind of technical and non-technical subjects. Our comprehensive range of academic services is designed to cater to students at every level. Whether you're a high school student, a college undergraduate, or pursuing advanced studies, we have the expertise and resources to support you.

To connect with expert and ask your query click here Exam Question Bank