StudyDaddy Computer Science Cyber Security Project

Cyber Security Project

ISE 510 Final Project Scenario Background Limetree Inc. is a research and devel opment firm that engage s in multiple research projects with the federal government and private corporations in the area s of healthcare, biotechnology, and other cutting -edge industries . It has been experiencing major growth in recent years , but there is also a concern that information sec uri ty lapses are becoming rampan t as the company grow s. Limetree Inc. is working to establish a strong reputation in the industry, and it view s a robust information security program as part of the means to achieving its goal. The company look s to monitor and remain compliant to any regulation impacting its operation s. Limetree Inc. recently exp erienced a security breach; it believe s confidentia l company data has been stolen , including personal health information (PHI) used in a research study . Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its sys tem and processes. Limetree Inc.’s virtual environment is presented in the Agent Surefire: Info Sec educational video game . The rest of the enviro nment is presented via an interview with the security manager , Jack Sterling . Highlight of Interview with Jack Sterling Interview with Jack Ster ling revealed the following about Limetree Inc.’s system and processes: Hardware/Software : Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe F lash, Adobe Acrobat Applications/Databases:  Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no stand ard browser for the environment.  Virus Software – MacAfee is deployed locally on each user's machine and users ar e mandated to update their virus policy every month .  SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment. Network: The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco s witches, 250 desktops, three firewall devices, one gateway (router) de vice to the i nternet, and three wireless access point s. Configuration Highlight s:  Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN) . There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless networ k at the front desk to use the internet while they wait to be attended to .  Managed switches – There is no logging of ne twork activities on any of the switch es.  Web server – Public -facing web server is part of the LAN. This is where internet users get needed information on the company . The web servers are running the following services in addition: File & Print Services, Telnet, IIS.  Firewalls – Firewall configuration is very secure, and the logs are reviewed when there is suspicion of a security event . The fo llowing files types are allowed for inbound connection : EXE , DOC, XML , VBS. I n addition , Telnet and FTP are allowed for inbound connection.  Passwords – Users determine the length of the password and complexity, but it is mandatory to change password once a year.  Network configuration changes are determined by the IT manager and users are notified immediately once the c hanges are implemented . Documentation: I. There is no documented security policy , or computer use policy . II. There is no documented process for changes to the system . III. There is no contingency plan. System Backup: I. Backup is conducted daily by the network administrator , and tapes are kept safely in the computer room. Personnel/Physical Security: I. While users are not trained o n security awareness, emails go out every month from the system administrator warning users of emerging threat. II. Visitors sign in at the front desk before they are allowed to walk in to see employees at their respective offices. III. Remote employees connect via virtual private network. T heir laptops are configure d exactly as the desktops in the office with unencrypted hard drives. IV. Often users are allowed to bring in their own laptops, connect to corporate system , and complete their tasks, especially if they are h aving issues with laptops provided by the company . Incident Response: At Limetree Inc. , systems administrators are notified of computer incidents, and the administrators escalate to the IT manager , who report s incidents to the security manager if they are deemed relevant. Currently there is no official documented process of reporting incidents. There is also no previous documented history of incidents , even though Limetree Inc. has experienced quite a few. C orrecti ve measures are taken immediately after an incident, though none of the measures was ever docu mented.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!