Abstract
The report below provides a comprehensive analysis of Global Finance Inc.’s (GFI) network. It provides an overall description of the network based on the network diagram provided. The report also conducts a risk assessment on the network. The main purpose of the risk assessment is to discuss the risks resulting from the network design and configuration. In total, the assessment identified four apparent risks and the report provides proper mitigation techniques for the organization. The main purpose of the mitigation techniques is to improve network security and reduce financial losses resulting from network downtimes. The report also discusses the method employed in the risk assessment carried out. A mixed methodology was employed in order to take advantage of quantitative and qualitative methods. The report also provides a discussion on the most effective method to present the results of the risk assessment to GFI’s management. Lastly, using Ms. Visio, the network diagram was revised and the revised diagram is included in the report.
Introduction:
Global Finance, Inc. (GFI) has designed and implemented a network that has served the organization’s needs. The network is vital to the efficient functioning of the organization. Currently, the company is experiencing growth in its sector and has experienced two attacks in the past year on its network. Therefore, it requires a risk assessment of its network in an effort to investigate potential risks and provide mitigation recommendations. The report below provides a risk assessment of the network and proposes changes that would help improve data security.
Description of the company’s network:
The network design for the organization also designates a DMZ. This zone contains all the external facing network components including the VPN Gateway, boarder routers, distribution routers, a firewall, and PBX. The main purpose of this zone is to provide an additional layer of network security to the network by separating the externally facing network components from the internal network. The company’s network connects to the internet cloud through two border routers at the top of the network. One of the border routers connects to a VPN gateway, which connects to a 10 Gbps multilayer switch. The multilayer switch then connects to the trusted computing base internal network. The network also allows remote access among users. This implies that off-site offices can connect to the network via a VPN gateway and the internet. On the other hand, remote dial up users also can access the company’s PBX through a public switched telephone network (PSTN). The different departments at the organization (accounting, loan, customer service, management, credit, and finance) have subnets each connected through either a 100 Mbps or 10 Gbps access layer VLAN switch.
Risk assessment:
Internet cloud:
A number of risks exist in the organization’s network. It is clear from the description that GFI highly relies on its network for commercial activities. This means that members of the public have to be able to access the network. Also as mentioned earlier, the company’s network also allows remote users to access the network. The easiest and best way to do this is to have the network accessible through the internet cloud. As shown in the network diagram, remote users can access the network via both the VPN gateway. However, the internet connection is the single most risky part of the network. This is mainly because attackers can easily launch attacks such as network hacking and denial of service just to mention a few (Huang, MacCallum & Du, 2010).
Based on the information provided, it is clear that GFI experienced denial of service (DoS) attacks twice in a year. The result of this attack was the lack of availability of the company’s database and email servers. It also led to a financial loss of $ 25,000 during the recovery process, as well as, $ 1,000,000 resulting from the weeklong lack of essential network services at the company.
External malicious parties emanating from the internet carried out such attacks. Therefore, the biggest risk for the network is that it is accessible through the internet. The best mitigation tool in this aspect is to make it accessible to remote users while securing it from the threats present in the internet. Furthermore, because the internet is a public space that is free for anyone to use, it also harbors criminals who have ulterior motives. Based on the analysis above, a connection to the internet is therefore inherently risky and measures aimed at protecting the network require implementation to offer protection.
Firewall placement:
Another apparent risk and vulnerability in the network is the positioning of the firewall. The purpose of a firewall is to protect the internal part of the network from external threats. It works by filtering out traffic entering the network for threats (McNab, 2015). As such, it requires positioning between the internal part of the network and the internet. In addition, another firewall also requires placement between the boarder routers and the internet cloud, as well as, between the DMZ and the internal network. This is critical in order to ensure that all network components (internal and external facing) receive protection from unauthorized traffic (Wang & Kissel, 2015). Currently, the lack of a firewall between the internet cloud and the boarder routers exposes the trusted computing base internal network through the VPN gateway. This poses a major risk to confidential data, information, as well as, essential services need for the efficient running of network services. This is mainly because of the fact that traffic from the internet to the boarder routers lacks filtering implying that they are exposed.
In the case of GFI’s network, there is only one firewall. From the network diagram, the network design places the firewall between the distribution routers and the organization’s PSTN. This is an ideal location for placing the firewall since the purpose of a firewall is to protect the internal part of the network from external threats (McNab, 2015). In the past, the most common way to connect to the network was through dial up technology. However, connection technologies and most people access the internet through broadband connections. It seems that this configuration is outdated as no firewall is present between the internal network and other external traffic originating from other means of connection other than dial up. This places the entire internal network at risk of external attacks.
This situation requires correction by implementing firewalls at all instances where the internal network connects to external networks such as the internet. Alternatively, GFI can implement a distributed firewall in its network. The distributed firewall is installed in all nodes in the internal network. It operates at the kernel level of an operating system. This means that each of the nodes in the internal network filters out all the traffic accessing them. This option provides additional security from threats originating from the internally within the network. This is because logically, the distributed firewall treats each node as a network and all traffic accessing the network are treated as external and therefore risky (Wang & Kissel, 2015).
Lack of encryption:
The third apparent risk in the network is encryption or lack of it. GFI uses its network for revenue generation, as well as, confidential financial transactions. This means that it should be able to transmit sensitive data, especially pertaining to clients. Such client information could include bank details, their location as well as credit card details. This is very attractive information for hackers and other attackers. Therefore, the company must ensure that its data receives protection from such threats. The best way to protect against such threats is to have a robust encryption system and scheme that encrypts all the data transferred in the network (Daras & Rassias, 2015). Use of a virtual private network uses tunnel channeling to protect from threats while information is being channeled through the internet. However, it has been established that the company also uses a dial up connection to connect clients. This can be a security hole that can be exploited by hackers if data is not encrypted. Point to point encryption is the most appropriate way of protecting against this threat (Daras & Rassias, 2015).
Internal network implementation:
Another apparent risk is the implementation of the internal network. It makes extensive use of virtual connections. In theory, the different nodes interconnect virtually (Angelescu, 2010). However, the use of virtual connections to enhance redundancy also poses a serious vulnerability. The physical connections between the nodes may probably use one physical connection. This means that any problem with the physical connection, say a network cable can undo the benefits of having a mesh network to improve redundancy. The best mitigation against this vulnerability is to try to ensure that there is more than one physical connection even when using virtual local area networks. This means that in case of a problem with one physical connection, the traffic requires re-routing through another physical connection. The logical implementation of a mesh network using virtual LAN will only provide redundancy when there is a problem with a virtual connection and not a physical connection.
Risk assessment methodology:
The risk assessment methodology utilized a mixed method of analysis. This means it utilized a combination of both qualitative and quantitative analysis. The quantitative analysis uses hard figures to examine the risks faced by the network. For example, as mentioned in the risk analysis above the company experienced a denial of service attack twice in the year. As a result, the oracle database and its email servers were down for a period of one week. Through this outage of service, the company is estimated to have lost approximately one million dollars in revenue and spent $25,000 to correct the situation. Based on these figures provided, it is possible to quantify the risks faced by the company in terms of financial loss. In addition, the use of figures makes it evident how the risks assessed above affect the company. Putting a figure to the risks is important as it helps to push forward to the management the need to improve then company’s security policies and investments. This is attributable to the fact that the organization should ensure proper mitigation of the risks identified in order to ensure 100% network availability and eliminate any financial losses resulting from the lack of availability.
Quantitative analysis also makes it easy to calculate the actual probability of a risk turning into reality. For example, an analysis of the number of threats caused by the vulnerabilities present in the network in the internet can help to put an actual number to the possibility of a risk actually occurring. Armed with this information, it is easier to convince the management to take action to mitigate the risks. The management of the company might not be very technically knowledgeable and the use of figures helps them to understand the risks they face as a result of the vulnerabilities. Use of qualitative analysis to try to explain this would not be very effective as management might not clearly understand the possibility of the threat actually occurring.
On the other hand, qualitative analysis uses descriptive means and narratives to explain the risks the company faces. For example, there are vulnerabilities in the network that have not yet resulted in actual losses. Qualitative analysis helps to describe the risks and threats that the company faces. In the discussion above, qualitative narratives have found use in describing the risks and vulnerabilities evident in the organization’s network. Qualitative narratives also find use in describing and defending the different mitigation techniques proposed. In conclusion, the use of mixed methods to conduct a risk assessment is important as it helps to explain the risks the company faces better than would be achieved using only one of the two methods.
Presentation of findings and assessment:
The most effective method of presenting the findings and assessment to the organization is using a detailed report. The report would be addressed to the organization’s top-level management since they are responsible for making decisions relating to the company’s operations. The contents of the report would include the different vulnerabilities identified, the proposed mitigation techniques, duration of implementing proposed changes, and the cost of implementing proposed changes. The management will receive copies of the report beforehand and a PowerPoint presentation based on the report will require preparation and staging. The presentation provides an opportunity to go through the report with the management. When reading the report, some of the content might be understandable while some might be complex for the non-technical management team members.
The report will contain info graphics that help to present abstract content into a more easily understandable form. For example, figures might be confusing and it is not easy to pick up patterns from plain numbers. However, when the same information is plotted in a graph, the patterns become more apparent and therefore the information becomes more understandable. During the physical presentation, the speaker will highlight the key conclusions from the risk assessment while also providing an opportunity for management to seek clarifications on issues they do not comprehend clearly.
Furthermore, when conducting the risk analysis and compiling the final report, it is important to document every step. This is very important as the documentation provides support for any arguments made. Therefore, the report will provide a comprehensive account of all the steps carried out in the network risk assessment. This will include the methods used during the network analysis, as well as, the results obtained. The report will also summarize the characteristics and features of the network. These characteristics were identified during the network description stage.
The final report will also provide an overview of the security features of the network. It will detail the effectiveness of these security features in preventing attacks, as well as, their weaknesses. The report will contain information relating to the vulnerabilities identified during the penetration test. All vulnerabilities require listing and ranking based on the ease of exploiting them and the effect they have on the availability and security of the network, data, and users. In order to provide a better understating of the network risks a table ranking them would be included in the report. The purpose of the table is to provide a ranking criterion for the network risks in order to identify risks that have a greater impact on the organization’s network. This will provide guidance to the organization on the risks that require quick addressing.
The report will also provide an outline of the vulnerabilities exposed on the network. It will provide information relating to all exposed network vulnerabilities and weaknesses. Based on this information, it will provide security recommendations on the improvement of network security, as well as, the mitigation techniques aimed towards the elimination of various vulnerabilities. It will also provide recommendations on changes in network practices, and configurations required to eliminate exploits and prevent any future attacks on the network. This is highly desirable for the organization since it will assist in the elimination and prevention of attacks on the network such as the two DoS attacks experienced by the organization.
Revised Network diagram:
Figure 1 below shows the revised network diagram for the organization’s network. The revised diagram was developed using Ms. Visio.
Figure 1: Revised network diagram
Conclusion:
In conclusion, numerous risks and vulnerabilities are present in GFI’s network. The revised network diagram takes into account the proposed changes to the network such as additional internal and external firewall. It therefore depicts changes needed on the organization’s network in order to increased network security. This is in an effort to eliminate the risks identified above and improve network security, as well as, increase network availability.
References:
Angelescu, S. (2010). CCNA certification all-in-one for dummies. Hoboken, N.J: Wiley. Retrieved 9/6/2016 from: http://goo.gl/A7gAtC
Daras, N. J., & Rassias, M. T. (2015). Computation, cryptography, and network security. Cham: Springer. Retrieved from: http://goo.gl/9kf7r0
Huang, S. C.-H., MacCallum, D., & Du, D. (2010). Network security. New York: Springer. Retrieved from: http://goo.gl/1mR562
McNab, C. (2015). Network Security Assessment: Know Your Network. Oreilly & Associates Inc. Retrieved from: http://goo.gl/zpmLPJ
Wang, J., & Kissel, Z. A. (2015). Introduction to network security: Theory and practice. Hoboken, NJ: Wiley. Retrieved from: http://goo.gl/JsM43C
