Reference no: EM133691730
Implement Secure Encryption Technologies
ASSESSMENT 1
Task -1 Report Writing
This assessment requires you to research emerging encryption technologies for an Enterprise Network. This enterprise network has a range of devices such as:
• End-User PC with a range of Operating systems like Windows, macOS and Linux.
• Mobile devices as Android and iPhone.
• Server Infrastructure with Active Directory Domain Services, web server, DNS and more.
• Wireless Infrastructure and devices
Considering these devices during the research and write a report fully describing a range of emerging encryption techniques applicable to these settings including the cost, strength, impact on the user and resources. The report must address the following technology but not limited to:
• Introduction to encryption and its type
• Symmetric Encryption and its usage comparing AES, DES, triple DES, Blowfish
• Asymmetric Encryption and its usage in Enterprise Industry
• File encryption system in Enterprise Industry.
• Use of public key, private key, hash key, public key infrastructure, PGP or GnuPG
• Certificates and infrastructure including digital certificates, timestamps.
Task -2 Case Study
You have been recently Hired in Ford Pty Ltd, Brisbane to provide external Networking and Security Support. The IT manager of this company has tasked you to analyze encryption and security aspects of the Company, loopholes (if present) and different standards being used in the company.
Part A- Analyze enterprise data security requirements.
Moving forward to determine the encryption methods, you have arranged a meeting with the IT manager and other key stakeholders. Being a security specialist, your main goal of this meeting is to analyze enterprise data security requirements.
To determine the requirements of the client to secure the data make a list of questions you will discuss in the meeting. Enlist different types of question (open, closed and probing).
Part B- Review and Assess different encryption methods.
Question 1
After the analysis of the Wireless Network, you discovered that most Wireless Connections are using WEP standard. Being hired as Network and Security Support Officer what encryption standard will you suggest to the IT Manager so that wireless connection will be Secure.
You are required to compare different standards, cost, the strength of the standards and suggest the most secure wireless standard to the IT Manager.
Question 2
During the analysis you figured out different security threats and their sources including eavesdropping, data interception, data corruption, data falsification and authentication issues as less secure protocol as HTTP, telnet are being used. These are very critical organizational problems.
What suggestion/s will you give to minimize these problems? Include secure protocols for web, file transfer and remote management.
Question 3
In the meeting with the IT Manager, he mentioned encrypting the Hard Drive and files in the Laptop issued to the staff and enabling remote wiping feature so that if the Laptop is lost confidential data will not be exposed. He also wants to encrypt the email. But he is not sure how effective this will be, how can it affect the users work. Being a Network Security specialist explain each case to IT Manager in the Confidentiality, Integrity and Accountability aspects and suggest encryption methods.
Question 4
Most of the operating systems in Ford Pty Ltd is Windows 7. By default, in Windows 7 in the Internet option, TLS 1.0 is enabled. But this version of the TLS is vulnerable to man in the middle attack. Pointing out this vulnerability in the Internet option suggests newer encryption standard to the client.
Question 5
Summarize and document the finding from the scenarios (Q1-Q4). Forward this finding to your IT Manager.
ASSESSMENT 2
Task -1 Implement the encryption system.
In this task, you are required to implement encryption. After implementing an encryption system, you are required to inform the user and inform them about the impact on their daily tasks and responsibilities.
Part A - Determine encryption methods.
In this part, you are required to analyze the data security requirement in the Enterprise network to determine the encryption methods, rank them, and assess the cost of implementation.
Complete the following questions to determine the encryption methods.
Question 1
a) Discuss the data security requirement for in the enterprise network.
b) Discuss what kind of data needs to be protected; how can these data be protected. Summarize your findings.
Question 2
Research different encryption options that are available, find out their cost and basic functionality of these options and summarize them.
Question 3
Suggest the encryption options to your IT Manager with proper documentation.
Make a proper document and procedure for:
• Encrypting a Word file
• Encrypting File System
• BitLocker
• PGP for Desktop
• Use of secure protocols as HTTPS, SSH, TLS1.2 and so on
Part B - Create a security plan and policy.
You have recently forwarded the summarized version of encryption options you have suggested to your IT Manager. In the response of this, your IT Manager has provided a Template for security plan and policy regarding encryption methods to be used. You have been asked to make an extract of the security plan and policy following the given template.
Complete the security plan and policies in the template below.
Part B - Create a security plan and policy.
You have recently forwarded the summarized version of encryption options you have suggested to your IT Manager. In the response of this, your IT Manager has provided a Template for security plan and policy regarding encryption methods to be used. You have been asked to make an extract of the security plan and policy following the given template.
Complete the security plan and policies in the template below.
Information Security Policy and Standards: Data Encryption
Purpose:
This document provides Ford Pty Ltd. with the information required to effectively and efficiently plan, prepare and deploy encryption solutions to secure Legally/Contractually Restricted Information.
The focus is on providing a range of tools for the most common systems that are likely to be deployed in enterprise environments which store, transmit or process Sensitive and Personal Data.
When properly implemented, encryption provides an enhanced level of assurance that the data, while encrypted, cannot be viewed or otherwise discovered by unauthorized parties in the event of theft, loss or interception.
Audience:
• All Faculty and Staff
• All contractors, vendors and any others (including 3rd parties)
Policy Statement:
All the business functions are required to deploy Industry-approved encryption solutions to preserve the confidentiality and integrity of, and control accessibility to, University data classified as "Legally/Contractually Restricted" where this data is processed, stored or transmitted.
Policy/Procedures:
Encryption Products
The value of the data that requires protection and the system storing the data need to be considered carefully. Physical security refers to being able to control access to the system's storage media. All encryption methods detailed in these guidelines are applicable to desktop and mobile systems.
A defense in depth approach is recommended when evaluating and deploying encryption products. In an ideal situation, full disk and/or boot disk encryption would be combined with file/folder encryption in order to provide two "layers" of encryption to protect data in the event the first layer is compromised. This typically involves a combination of boot/full disk encryption and file/folder encryption.
Commercial operating systems such as Windows and Mac OS X provide integrated encryption solutions at no additional cost.
Boot Disk Encryption
• Scenario:
• Remarks:
• Product(s):
• OS-Integrated Product(s):
• Preferred Product(s):
Wireless Network Encryption
• Scenario:
• Remarks:
• Product(s):
• OS-Integrated Product(s):
• Preferred Product(s):
Email Encryption
• Scenario:
This allow messages and attachments to be sent in an encrypted form transparent to the user. This is most appropriate for departments whose users require frequent and regular encryption of email communications.
• Remarks: This encryption will encrypt every email. So, this standard is not compulsory for every department.
• Product(s): PGP Desktop
• OS-Integrated Product(s): Not Available
• Preferred Products: PGP Desktop
External Devices Encryption
• Scenario:
• Remarks:
• Product(s):
• OS-Integrated Product(s):
• Preferred Product(s):
File and FolderEncryption
• Scenario:
• Remarks:
• Product(s):
• OS-Integrated Product(s):
• Preferred Product(s):
Full Disk Encryption
• Scenario:
• Remarks:
• Product(s):
• OS-Integrated Product(s):
• Preferred Product(s):
Mobile Device Encryption
• Scenario:
• Remarks:
• OS-Integrated Product(s):
Transport-Level Encryption
• Scenario:
• Remarks:
• Product(s):
• OS-Integrated Product(s):
• Preferred Product(s):
Use of secure protocol
• Scenario:
• Remarks:
• Product(s):
• OS-Integrated Product(s):
• Preferred Product(s):
Forms/Instructions
Step 1 - Data Classification.
<Write how data can be classified and its level?>
Step 2 - Product Selection & Implementation
<What must be considered before selecting and implementing encryption?>
Step 3 - Key Creation and Management
<Procedure of Key Creation, Management and Recovery>
Step 4 - Document any Known Issues and their Resolution.
<Write how and what should be documented?>
Date:
Original Issue Date:
August 2023
Part C - Deploy encryption system.
In this part, you are required to deploy an encryption system. Some of the technologies that can be deployed are:
• Encrypting a Word file
• Encrypting File System
• BitLocker
• PGP for Desktop
• Use of secure protocols as HTTPS, SSH, TLS1.2 and so on
Note: Before installing PGP for desktop and encrypting the full hard drive you must analyze the Boot Time, CPU and GPU performance of user Desktop without the encryption. To analyze this, you can refer to Part D of this Task.
Part D - Analyze effect of encryption.
Analyze the following parameters to see the effect of encryption technologies before and after applying the encryption technologies:
Part E - Inform the user about the recent implementation.
In this part, you are required to inform the user of the recent policy and recent deployment of encryption methods.
You can draft an email to be sent to all the staff informing encryption options and policy. In your email mention to report the issues and compromises caused due to recent implementation to help desk.
Task-2 Monitor and document encryption.
In this Task you must verify, monitor and document encryption technologies and issues if present.
Part A - Verify the functionality of encryption.
In this part, you are required to verify the functionality and performance of each deployed encryption system.
Encryption can be verified as:
• Using Wireshark to verify communication is encrypted.
• Check Bit locker is Turned on or off.
• Go inside PGP to Verify the encryption and more.
• Verify the use of TLS 1.2
Part B - Review and solve any issues.
In this part you are required to review the help desk record, logs for related issues and compromises, document the issue with a resolution for future reference and notify the appropriate user with the solution to the problem.
Question 1
As the part of reviewing encryption-related issue two of the user has created the ticket mentioning their system has been slow since the encryption has been implemented. Review the helpdesk record and log. Locate those two tickets in Help Desk Record and copy the issue with the Ticket number.
Question 2
Earlier after the implementation of the Encryption, you have analyzed there would be slow performance and high memory usage because of the encryption. You tracked the user Desktop and reviewed hardware configuration. Only these two users had 2 GB of RAM and HDD installed.
Document the issue, cause and solution for future reference.
Question 2
Earlier after the implementation of the Encryption, you have analyzed there would be slow performance and high memory usage because of the encryption. You tracked the user Desktop and reviewed hardware configuration. Only these two users had 2 GB of RAM and HDD installed.
Document the issue, cause and solution for future reference.