Cyber Security case study report
3000-3500 words, excluding ‘table of contents’ and references.
Title: Cyber Security Case Study Report
This assignment is based on a case study, in which you will demonstrate your ability to manage a company’s global network infrastructure and conduct cyber security risk assessment as an ethical hacker.
‘Versand‘ is one of the leading shipping companies in the highly competitive world of container shipment. It also has a major business share in ‘logistics and energy sectors’. The company headquarters is in London. It has 70,000 employees with subsidiaries and offices across 100 countries. About 90 percent of world trade is transported by sea, with ships and ports acting as the arteries of the global economy. With Versand global reachability across all major global sea port, the company heavily relies on communications systems for maintaining the smooth running of its global shipment operations. Any IT glitches can create major disruptions for its complex logistic supply chains
Versand has a globally connected IT infrastructure. Its data centers are located around the globe for supporting its business. Versand typically has a regional office and a port-office that is connected via a secure VPN (Virtual Private Network) to one of its regional data centers. All of the major operations like shipping ordering management, inventory, container tracking, booking systems, and other critical systems rely on this connection. All these applications and voice/video servers (windows based) are hosted in regional data centers. The company uses resources from the public cloud for applications scale-out (like Amazon AWS or Microsoft Azure). The regional data centers are distributed as follows:
•Two data centers in American region (one New York and one in Seattle)
•Two data centers in Europe region (one in London and one in Frankfurt)
•One data center in Asia (in Singapore)
•One data center (in Sydney Australia)
All the data centers are connected through fiber optic connection. The connection between a data center and any of its sea vessels id through a satellite connection.
Cyber Security Case study report
All of the applications in its data centers are Microsoft Windows-based and are hosted on Microsoft Windows Servers with Microsoft SQL Server databases (On Physical and Virtual Machines). Some of the branch port offices have local Internet breakout and some have regional internet breakout through their regional data centers. Some port offices have regional security firewall and IPS/IDS systems, and some don’t have. Each port-office has 50 to 100 employees and each regional office has 200 to 1000 employees. A typical branch (port) office includes:
•Desktop computers/ laptops have Windows 7 operating systems, client applications, host based antivirus and an IPS (Intrusion Protection System)
•Network switches with 1 Gbps access port and 10 Gbps core ports.
•Wireless LAN access points (No wireless access policies defined)
•IP telephony and video room endpoints for voice/video communications
•A router that connects the site to the regional/other sites through VPN connections
In June 2017, Versand has been hit by ransomware cyber-attack (like Petya/NotPetya) that prevented people from accessing their data unless they paid $500 in bitcoin. The ransomware took advantage of certain security vulnerabilities in Microsoft Windows operating system (that Microsoft patched after the attack). As soon as the attack hit, Versand shut down their entire Global IT systems to avoid any risk of spread of infection across the whole company. After applying the recommended patches in all sites, normal operation got restored gradually. Although, none of its ship vessels were affected, but closely checked.
In response to this cybersecurity attack, the CEO of the company has contracted you – A Cybersecurity Consultant- to advise her on what measures and steps need to be taken to secure its global network infrastructure, data assets, to identify different types of threat (internal or external) that the company faces and how to contain or eliminate those risks.
You are requested to recommend protective measures and a continual monitoring process for reviewing its systems against future cyber security attacks. You are also required to produce a threat and risk assessment report, supplemented by recommended solutions and actions. Specifically, the CEO has requested that your report covers the following areas:
Evaluation of the network and data architecture – You may focus on the following:
a) Design of regional data centers and their connectivity with port/regional sites. Clearly annotated diagram(s) is(are) required here
b) How is data transmitted to/from a port/regional site to regional data centers and/or public cloud?
c) How suitable is this architecture from an application and the infrastructure perspective?
Possible exploits and vulnerabilities in the company’s global network infrastructure. You may consider both internal staff in different roles at different sites and external users like customers, suppliers or other possible malicious attackers.
Risk assessment for exploits and vulnerabilities: for each Point of Access and Systems components (above) – how could any attacker (internal or external) exploits that access points and systems for malicious reasons? What damage could they do?
Recommendations and possible solutions/actions: – so as to minimize or ideally eliminate that risk and protect against that vulnerability (from both infrastructure and application perspectives) even if the access point cannot (or perhaps should not) be closed itself. Your recommended solutions and actions should address technical, social, legal, managerial and procedural aspects.
A plan for both internal and external penetration testing of the infrastructure to identify vulnerabilities and exploits. You should focus on voice/video communication servers.
A comparison of the company’s present and recommended security plan as compared against industry standard IT security frameworks or benchmarks. How well does the company compare now against the best and how will it compare once all your solutions and actions are implemented?
It is expected that you will have to supplement this case study with your own intelligent assumptions and additional research. You must fully document and explain all such assumptions and fully reference any external sources you use via the Harvard referencing systems