Reference no: EM133663778 , Length: 5000 words
Cyber Security Case Study Report
This assignment requires managing a company's global network infrastructure and conducting a cyber security risk assessment as an ethical hacker.
About - DAS
DAS is a prominent shipping company operating in the highly competitive container shipment industry. It also holds a significant market share in the logistics and energy sectors. The company's headquarters is in Frankfurt, Germany, and it has a global presence with subsidiaries and offices in over 100 countries. DAS employs approximately 85,000 people worldwide.
Approximately 90% of global trade is transported by sea, making the ships and ports vital components of the world economy.
DAS is a global shipping company that strongly relies on communication systems to ensure the smooth running of its operations across all major seaports. Hence, any IT issues or malfunctions can cause significant disruptions in its complex logistics supply chains.
Company IT Infrastructure
DAS has a globally connected IT infrastructure. Its data centres are located around the globe to support its business. DAS typically has regional and port offices connected via a secure VPN (Virtual Private Network) to one of its regional data centres. All significant operations, Such as:
Shipping ordering management Inventory
Container tracking
Booking systems and other critical systems rely on this connection.
All the above applications and voice/video servers (Windows-based) are hosted in regional data centres. The company uses resources from the public cloud (Amazon AWS or Microsoft Azure) for application scale-out.
Data Centres
The regional data centres are distributed as follows:
Two data centres in the American region (one in Virginia and one in New York)
Two data centres in Europe region (one in London and one in Frankfurt)
One data centre in Southeast Asia (in Singapore)
One data centre (in South East Australia - Victoria)
All the applications hosted in the data centres are based on Microsoft Windows and are hosted on Microsoft Windows Servers with Microsoft SQL Server databases. These databases are
available on both physical and virtual machines. Some branch port offices have local Internet breakout, while others have regional Internet breakout through regional data centres.
Network
All the data centres are connected through fibre optic connection. A data centre and any of its sea vessels are connected through a satellite connection.
Some port offices have regional security firewalls and IPS/IDS systems, and some don't. Each port office has 50 to 100 employees, and each regional office has 200 to 1000 employees.
A typical branch (port) office includes:
Desktop computers/ laptops have Windows 7 operating systems, client applications, host-based antivirus and an IPS (Intrusion Protection System)
Network switches with 1 Gbps access port and 10 Gbps core ports.
Wireless LAN access points (No wireless access policies defined)
IP telephony and video room endpoints for voice/video communications
A router that connects the site to the regional/other sites through VPN connections
Ransomware Cyber Attack
In June 2020, DAS experienced a ransomware cyber-attack like Petya/NotPetya. The attack prevented users from accessing their data unless they paid $1000 in Bitcoin. The ransomware took advantage of specific security vulnerabilities in the Microsoft Windows operating system, which Microsoft later patched. To prevent the risk of infection across the company, DAS shut down its entire Global IT systems as soon as the attack occurred. Normal operation was gradually restored after applying the recommended patches across all sites. Although none of its ship vessels were affected, they were closely monitored for potential impact.
TASK
The company's CEO has hired you, a Cybersecurity Consultant, to advise on securing its global network infrastructure and data assets in response to a cybersecurity attack. Your task is to:
Identify various types of threats (both internal and external) that the company may face and
Suggest measures to contain or eliminate those risks.
Provide recommendations for protecting your systems against cyber-attacks, including a threat and risk assessment report with recommended solutions and actions.
Specifically, the CEO has requested that your report cover the following areas:
Evaluation of the network and data architecture - You may focus on the following:
Design of regional data centres and their connectivity with port/regional sites. Clearly annotated diagram(s) is(are) required here
How is data transmitted to/from a port or regional site to regional data centres and/or the public cloud?
How suitable is this architecture from an application and infrastructure perspective?
Task Presentation Marking Criteria.
When marking the formal report, we will be looking for the following:
The Introduction and Conclusion sections are well-developed.
The introduction should explore the assignment's focus and discuss how the assignment has been approached.
Properly developed Abstract.
Clear, legible presentation.
Good use of diagrams and other illustrations.
Logical progression and structure of arguments.
Evidence of a range of relevant supporting reading.
Use of accurate, evidence-based information to support the arguments made.
Use of the Harvard system of referencing.
Requirements
Possible exploits and vulnerabilities
There are possible exploits and vulnerabilities in the company's global network infrastructure. You may consider both internal staff in different roles at different sites and external users like customers, suppliers, or other possible malicious attackers.
Risk assessment for exploits and vulnerabilities.
For each Point of Access and Systems component (above), how could any attacker (internal or external) exploit those access points and systems for malicious reasons? What damage could they do?
Recommendations and possible solutions/actions
- to minimise or ideally eliminate that risk and protect against that vulnerability (from both infrastructure and application perspectives) even if the access point cannot (or perhaps should not) be closed. Your recommended solutions and actions should address technical, social, legal, managerial, and procedural aspects.
A plan for both internal and external penetration testing
A plan for conducting internal and external penetration testing of the infrastructure to identify vulnerabilities and exploits, explicitly focusing on voice and video communication servers.
A comparison of the company's present and recommended security plan
Compare the company's current state to the target recommended security plan against industry-standard IT security frameworks or benchmarks. The analysis should include an assessment of the company's performance relative to the best in the industry and an evaluation of the expected improvements resulting from the proposed solutions and actions.
Your assessment should highlight the company's strengths and weaknesses in the industry's security standards and the recommended security plan. The final report should provide a clear and concise summary of the findings, recommendations for improvement, and a timeline for implementing the proposed solutions.