Vulnerabilities, Risks In Connected Network Of IT Company Assessment Answer

Introduction

An IT company has their built in network and connected network infrastructure to fulfil their business needs. This will include devices like router, switches, hubs, cables, computer systems, server, firewall and so many other tools and devices. All these devices should be run to do their daily business tasks. If there is no proper security technique is used, all their network and responsible devices are always at risk and can be hacked by any intruder any time. Besides this there are also so many risks are associated with a network and connected devices. As technology grow, also preventive mechanisms are there to help a network or system administrator to ensure confidentiality, availability, integrity and reliability of a network. In this report, we are going to discussed on these types of vulnerabilities, risks and their preventive mechanisms.  

Threats against network router / switches

These two devices are the main connectivity devices in any network either Ethernet or with wireless. If no proper security will be implemented both the devices are at risk and it will very harmful for the whole internal network. There are so many types of attacks that can be against these devices to gain access of the device or shut down the network. Denial of service and Syn Flood attack is one of the types of threat to these devices. These attacks are done through exploitation of TCP protocol. The attacker sends a large number of TCP SYN packet to the device with a forged IP address. This make the device insensitive to the network and other linked networking components. Every time when any device tries to begin connection with these devices, all their resources are fully used by the flooded packets and cause the whole network to go down or unresponsive for a long time (Cisco Certified Expert, 2019).

A study done by ACI, says that about 80 percent of routers and other devices are vulnerable to cyber attacks. All the main service components are directly connected to these devices such as servers, end user devices, data base etc. In their research, they found that so many devices in this class are always has security issues or no update on their firmware, that create a security vulnerability. They rank this vulnerability as low, medium, high and critical. Besides this, Brute force attacks is also a commanding and generally used attack type to take unauthorized access of the devices. In this attack, the in hacker uses some computerized tools like dictionary attack, to generate random pass phrases. Then try these pass phrases to gain access to the devices. They could damage our device or network or steal any confidential information reside in our network. To protect from this type of risks, there are so many tools and techniques available that should be used to secure these devices and connected network.

Network security devices

The Intrusion prevention and detection system and firewalls are the two security systems that are most usually used in controlling security and control threats in to an email and web servers (Blog.netwrix.com, 2019). 

IPS/IDS – Intrusion prevention and detection system is a hardware security device that installed with the router or switch to detect and prevent threats and attacks in a network. It scans the incoming packets in a network for any unidentified threat, capture them and block their access. It detects threats and make decision based on rules before forwarding packets to the destination network. This approach provide protection from single packet of threat on the very first attempt by blocking the distrusted attack packet. It performs inspection of incoming packets at wire speed. An IPS that has active response technology deliver a better level of defense by examining normal and abnormal actions and characteristics of the network and additional services. 

Firewall – A firewall in the network is the first line of defense. It isolates a network from another network and only allow access of resources to the authorized connection or users that are pre-defined based on rules and policies. A firewall can be both hardware and software form and installed at the starting point of the network. a software firewall also can be installed at router. Firewall use a firewall policy to allow or deny the network traffic coming inside or outside the network. two types of firewall policies are used – whitelisting and blacklisting. The connection mentioned in the whitelist policy are always allow and others are blocked. Beside this connection in blacklisting policy are always blocked to enter into the network. There are mainly four types of firewall – proxy, stateful, packet filtering, web application firewall. These has their specific uses according to the requirement. 

Availability of the web service

Windows server 2016 has many new and improved features to keep the services available all time. When a web server or IIS service is running on the windows server 2016, there are many functions to support the availability of web services in the network (Docs.microsoft.com, 2019). The new features involved – 

• Networking with SDN support – A running network is an essential component for any service to be available all the time. Networking in server 2016 is now combined with software defined networking (SDN). It enables us to deploy distributed firewall and network security groups like we can use in any cloud platform, to improve security of the services. The default ICW – initial congestion window is updated and TFO – TCP fast open is also implemented. The TFO feature decreases time to connect via a TCP connection.
• General computing – the server machine is benefits from greater time accuracy due to improved Win32 time and Hyper-V time synchronization services. With this, the new server is now compatible to run a service with 1ms accuracy.
• Access and identity management – this feature is so compatible while using cloud services combined with on premises hosting of application or services. The new certification service is involved with increased TPM key support that use a smart card KSP for key attestation. 
• Web application proxy – the updated web application proxy service is come up with new features and enable publishing and pre authentication for many applications such as exchange active sync, wildcard domain etc.  
• Hyper-V – this service is very beneficial when we need help of any virtualization technology that is supported by Hyper-V. Windows server 2016 support added performance improvements, support of windows container from windows 10 and simplified network management. That improves the service quality in virtualization environment. Some new features are also added to Hyper-V such as – new encryption support, easy conversion, updated authorization service, host guardian service for active directory etc.
• Failover clustering – server 2016 provide some new enhanced feature to combined several servers and grouped them into a group to provide fault tolerance using a failover cluster. 

Impact of employee on information

Any running business is always at risk with the breaches related to cyber-attacks, data loss or masquerading. Sometime an employee in the organization is the biggest cyber security risk to the business. Here are some reasons that clearly describe the risk issues related to an employee (Open Access Government, 2019).

• Storing confidential data on drives – a staff member will never be allowed to store company’s sensitive information in to removable or external storage devices. Every employee should be trained with this respect to use only the authorized resources assigned to him and do not disclose secret information to others.
• Lack of awareness – it is one of the biggest reasons for being a security risk when they are unaware of what they should do and what shouldn’t. This act can include unawareness of security policies, unsecured connections, password policies etc. 
• Installing illegitimate software and no security update – There is a lot of new applications are launched every day that are free to use. This free software is riddled with malwares and can infect the whole network or help an attacker to get into the network. Besides this if not security updates are installed such as software update or windows update, is another security loophole from an employee.
• Target of attacks – an employee unfamiliar with security policies is always be a possible target of attack. Some researches show that many attacks like phishing scams, are success due to the user do not has proper knowledge of attacks and innocently gain access to the attacker to the resources.  

Windows server 2016 auditing tools

Windows server 2016 has some tools to audit events that help in early detection of suspected activity in the network. Here are some auditing tools that can be used to track potential risk to the organization (Datacenter and Private Cloud Security Blog, 2019).

• Windows power shell loggings – by default the power shell logging is turn off. The system admin can use the power shell to enable or disable logging to the power shell module level. Power shell also provide a detailed script analyzing and tracking features to track windows power shell scripting on a system. 
• SAM attack logs – A database file called security account manager stores user passwords. This file is always be attacked to gain access to the complete group of users. When any type of attack is done to access this file remotely with improper authentication, an event log is generated and can be viewed on the server.
• Auditing and advance auditing policies – the auditing policies allow us to record several activities to the windows security logs. We can than investigate any specific log that need further investigation. And based on these activities, we can track the success or failure of events or services configured on the server. 
• Events logs – This logs the overall activities that are done with a particular system. It includes security events, warnings, errors, information etc. To track the most critical events windows server also provide customized events creation to track any specific service or events and generates a popup and log to be tracked by the system admin.   

APIC logo image

Now we are going to use stenography tool to hide a text file which contains student names and IDs in to an image file that is provided to us (<shetzl@chello.at>, S., 2019). The preview of text file and logo image is here – 

Logo image – 

 Student.txt file details – 

Steganography steps and screenshot

The steps used in this lab exercise are here – 

• The logo is provided to us for stenography. 
• We create text file and name it as –  student.txt 
• Installing Steghide tool – 

Steghide is being installed by running the below command from terminal – 

# apt-get install steghide

• Now we hide student.txt file in logo image with steghide

To hide the text file in to logo image, we use this command. It will ask for password, we enter “student@123” as a password string – 

# steghide embed -cf apic.jpg -ef student.txt (passphrase – student@123) 

• Extracting data from the steno file –

In this step, we are extracting the actual data from the steno file that we hide in the above steps. To do this, we use below command and enter the password that we used to hide the data.

# steghide extract -sf logo.jpg (entered passphrase – student@123)

Summary

This report has detailed description of the asked question. We have researched on the topics and got the best solution available to be used in an IT organization. Our research is related to the topics asked in the question as network security, windows server 2016 advantages, auditing tools, vulnerabilities, employees’ impact on IS security. After finding solution, we moved to the stenography technique, with Steghide tool. It is free tool; we use it on Ubuntu server for stenography. A text file, which is having details of students and their IDs, is hide behind the jpg image file named logo.jpg. Further we retrieve data from the jpg file by Steghide. Commands used in this process is describe in the report, with details and screenshots for reference.