Security Threats Facing Padawans LTD - UMUCSecurity Report

Your company, UMUCSecurity, has been hired to address the security needs a small business of 20 users, PadawansLTD. They need you to explain to management, via paper or Powerpoint why the following Cisco related items are a security issue, and you are to provide suggestions and remedies. 
Type 7 passwords are used on some of the devices
Telnet is used
No written Security Polices currently exists
The firewall has an ANY ANY rule
The company only needs to allow inbound 80 and 443.
The company currently allows everything outbound and would like some guidance 
They would like to implement a VPN 
Routers and switches are accessible in the breakroom by any employee/

Benefits of Strong Passwords

The continued adoption and usage of technology has led to the rise and growth of information security concerns. Controlling access to digital resources have become a critical concern to any enterprise. As such, organizations have invested heavily in ensuring that their digital resources are safe and protected to ensure that no unauthorized access is allowed. Companies have employed different authentication strategies and mechanisms to ensure that only validated users are allowed to access the resources. There are several techniques that have been invented to verify users before being granted access such as use of passwords, personal identification numbers, biometric identification, smartcards or keycards. One limitation for some techniques such as keycards or smartcards is that it may get stolen and if it lands into the wrong hands it may pose great risks to the organization. As such, to address such limitations, companies have adopted the use of two or more authentication techniques such as using PIN and biometric authentications, or password and one-time-pin sent to their mobile phones as SMS. Employing the use of two mechanisms to verify a user has been considered one of the most effective authentication techniques today. UMUC Security will prepare a report that will discuss the information security threats facing Padawans LTD because of their current technology practice and behaviors. Some of the practices and behaviors that this document will focus on include: the risk of using the following technologies:  type 7 passwords, telnet, lack of security policies, ANY-ANY firewall rule, allowing inbound 80 and 443, allowing everything outbound, allowing all employees to access switches and routers, and the benefits if implementing VPN.

Password is one of the commonly used knowledge-based authentication techniques to verify the identity of users. The use of passwords is popular because it is the least expensive and simplest authentication method. Many companies have employed the use of passwords because not does not require any additional hardware. However, even with the benefits associated with the use of passwords, the type and strength of passwords matters and determines how safe your information systems are (Bauman, 2018). Padawans LTD have employed the use of type 7 passwords which can be store in different or a number of forms. However, type 7 passwords are not strong and or encrypted. They are just encoded using weak cipher algorithm. Additionally, type 7 passwords setup on one device can be decoded on another device making Padawans LTD devices that use this type of password vulnerable and at risk of being accessed by unauthorized users. There exist several online tools that have been developed to decode type 7 passwords as such, Padawans LTD is advice to change to another stronger and more stable type of password.

Having strong and good passwords is and effective ways to secure company or personal information from being modified, made public, or getting stolen. The following recommendations are suggested for the company to adopt: the company should ensure that employees have created complex and longer passwords. This involves using a mix of characters such as special characters, numbers, and mixing both small and capital letters. Additionally, the users should not use personal information to create passwords. This will ensure that even if unauthorize users get access to the device, it will be difficult for them to guess the password. Fr instance, having a password with 8 characters will require that the hacker/ attacker has to make more that 100 million attempts to guess the password and every time you add a character to the password to increase the possibility by 10 (Curran, Doherty, McCann & Turkington, 2011). It will take a hacker longer time to crack or guess a complex or long password giving time to the company to remotely wipe the device if it supports remote access.

Security Issues Associated with Telnet

Another way that the company can adopt is to have a coding-system that users can use to generate password for them which is more difficult to crack since the system will generate a password with characters that is unlikely to form any sensible word (Gray, 2018). Also, if the passwords are being sent online, the company should ensure that it has adopted encryption techniques for such sensitive data. However, it is important to note that even with the strongest passwords, it is still possible to crack as such the company should employ the use of two authentication techniques such as using password and one-time-pin sent to their mobile phone. Additionally, it is important to have a password policy that requires employees to change their passwords after a specific period of time.

Telnet has been in existence for a very long time and is one of the earliest protocols for remote login over the internet. It is a client-server protocol that offers the users with telnet client application as a terminal session. However, telnet does not provide ay in-built security mechanism, it is vulnerable and faces numerous security issues and risks limiting its use in environments with untrusted network connections (Rfwireless-world, 2018). Padawans LTD uses telnet over the internet increasing the risk of letting unauthorize users access sensitive company information though eavesdropping. Additionally, the connection between the server and the client making it easy for eavesdroppers to reconstruct the data being sent over the internet once they have access to the TCP/IP packet flow and read the data being sent including passwords, credit card numbers, usernames, and other sensitive information that may be sent using telnet protocol. Attackers require little skills to enable them gain access to a network using telnet. The figure below shows a typical telnet connection between two hosts.

It has become a routine today for hackers, criminals, and intelligent agencies to collect and monitor users’ credentials over the internet. As such, it is necessary that the company choose an alternative mechanism to telnet. In this instance, the use of secure shell (SSH) to replace the insecure TELNET currently being used by Padawans LTD. SSH offers a better and more secure connection than Telnet. By using SSH, usernames, passwords, user data, and company information sent over the network are protected from snooping attacks and secure file transfers and logins are allowed. TELNET has been replaced by SSH practically and is only used in rare instances. As such, it is recommended that Padawans replaces TELNET with secure shell which offers better security and encryption of any information sent over the network or internet (Ssh.com, 2018).

Information security policies are very crucial to any company because it protects intellectual property and critical and sensitive company resources by defining and outlining the responsibilities of the employees in safeguarding company information. The risk of losing, leaking or modifying information by employees is increased because Padawans do not have security policies in place. As such, employees can do anything with the information they have with them because they have not been given guidelines on how to protect and use company data. Therefore, it is recommended that the company develop security policies. This is because security policies are critical in supporting the mission and vision of the company (Deutsch, 2018). When coming up with security policies it is important to ensure that they meet the needs of the company in achieving the vision and mission.

Security Polices

The security policies should be written because they are crucial to the company as it defines the responsibility and the role of each employee in ensuring security. Security policies creates a secure culture’ within the company. The policies the company implements and the details each policy contains will determine how the company will grow (Dunham, 2018). The company should define security policies that addresses both information and physical security issues because it forms the basis for assessing the security requirements of the company. The following security policies should be considered by Padawans LTD adoption (Lee & Kim, 2017):

• Internet Usage
• Social and email networking
• Key control
• Mobile device/PDA security
• Visitor management
• Non-disclosure agreement

Firewalls are very important in securing company network from malicious traffic and applications that is transmitted over the network. However, what dictates the reliability of the firewall are the rules that have been configured on the firewall. Padawans LTD have implemented ANY-to-Any rule on their firewall and this rule has several limitations and security issues. Any-any rule allows traffic from any source to any destination. With regards to network security, this is the worst access control rule because it contradicts the principle of least privilege and concept of denying traffic by default (Myo, 2015). Also, this rule allows traffic to company’s web server from any source, allows access to RDP from any source, and allows access to my SQL from any source. By allowing access to the critical company resources such as database, webserver, and any traffic from any source, the company faces numerous security threats such as SQL injection, malware infection, packet sniffing among other threats (Sophos, 2018). As such, the company should ensure that it has employed the best firewall configuration practices and completely do away with ANY-Any rule. The following are some of the best practices that are recommended for Padawans LTD when configuring the firewall:

• Block by default
• Only allow specific traffic
• Specify source IP addresses
• Specify the destination IP address
• Specify destination port

Generally, port 443 and 80 are associated with the internet. Port 80/HTTP is associated with world wide web (WWW) while port 443/HTTPS is the HTTP protocol over SSL/TLS. Allowing inbound on port 80/443 poses significant threats to the company network. These ports being open and is associated with web and internet traffic is rarely monitored. These opens up the company to attacks such as browser-based attacks. As such, is the company wants to continue allowing inbound traffic from these ports, it should ensure that they are monitored and the traffic is filtered and analyzed for any malicious traffic or potential security attacks.

Allowing all outbound traffic means that the company does not require any future rule definitions. The cost of managing perimeter security will be reduced because there is no need to specify any outbound rules. However, the company may save a lot of money but also increases the security threats. By allowing everything outbound the company is likely to face distributed denial of service attacks (DDoS). Secondly, employees with bad intentions or accidentally move proprietary information outside the company network because of uncontrolled file transfers or email communication. As such, the company needs to restrict outbound traffic just like it restricts inbound traffic to ensure that unwanted outbound traffic filtered (Edwards, 2018). This can be achieved by adding different traffic filters in the overall network security arsenal.

A virtual private network (VPN) is very important to any company or users using public network because it brings an additional security layer. VPN enable users to protect any information sent across different networks which may be vulnerable if it is just sent over public network infrastructure. Padawans LTD needs to implement a VPN especially if the company have employees who may need to access company information while working remotely because it improves network security and safeguards sensitive information. Some of the benefits of using VPN include (Bourque, 2018):

• Improved security
• Mobility- allows employees to work remotely and access company network securely
• It is more affordable as compared to physical private network

However, the company should look out for specific features when choosing an effective VPN.  These features include:

• Scalability
• Reliability
• Server location (incase the company chooses external VPN provider)

Therefore, it is recommended that Padawans LTD implement a VPN because it ensures data security as much as it does not provide failsafe security. Additionally, it helps in preventing any loss of data in the future proving to be a valuable investment for Padawans (Mitchell, 2018).

Access control list (ACL) is a very essential security mechanisms because it offers mapping between services, groups, a user, and a set of permissions. Padawans requires an ACL that will grant group members, users, and service members access to resources that are protected (Setapa & Suhilah, 2014). ACL is made up of entries and each entry specifies groups, services, and users with a list of permission that are given to those groups, services, and users. It is recommended that default ACLs must not be deleted or modified. When creating an ACL ensure that you have an open connection.

Conclusion

In conclusion, UMUC Security found out that the current information technology infrastructure and practices that has been adopted by Padawans are not reliable and needs to be reviewed and upgraded. The need to control access to digital resources have become a critical concern the company. As such, organizations have invested heavily in ensuring that their digital resources are safe and protected to ensure that no unauthorized access is allowed. Companies have adopted the use of two or more authentication techniques such as using PIN and biometric authentications, or password and one-time-pin sent to their mobile phones as SMS to enhance security of their IT resources. One of the ways to secure these resources id using passwords. Having strong and good passwords is and effective ways to secure company or personal information from being modified, made public, or getting stolen. The following recommendations are suggested for the company to adopt: the company should ensure that employees have created complex and longer passwords. It is also important to have security policing in place because they create a secure culture within the company.

References

Bauman, A. (2018). The Importance of Strong, Secure Passwords. Retrieved from https://www.securedatarecovery.com/resources/the-importance-of-strong-secure-passwords

Bourque, A. (2018). 5 ways your company can benefit from using a VPN. Retrieved from https://www.computerworld.com/article/3184651/networking/5-ways-your-company-can-benefit-from-using-a-vpn.html

Curran, K., Doherty, J., McCann, A., & Turkington, G. (2011). Good Practice for Strong Passwords. EDPACS, 44(5), 1-13. doi: 10.1080/07366981.2011.635497

Deutsch, W. (2018). 6 Security Policies You Need for Your Company. Retrieved from https://www.thebalancesmb.com/effective-security-policies-394492

Dunham, R. (2018). Information Security Policies: Why They Are Important to Your Organization. Retrieved from https://linfordco.com/blog/information-security-policies/

Edwards, M. (2018). Outbound Traffic Is a Serious Security Risk. Retrieved from https://www.itprotoday.com/security/outbound-traffic-serious-security-risk

Gray, K. (2018). 5 Benefits of using a password manager. Retrieved from https://blog.envisionitsolutions.com/5-benefits-of-using-a-password-manager

Lee, W., & Kim, N. (2017). Security Policy Scheme for an Efficient Security Architecture in Software-Defined Networking. Information, 8(2), 65. doi: 10.3390/info8020065

Mitchell, B. (2018). Here's Why You Should Be Using a VPN. Retrieved from https://www.lifewire.com/advantages-and-benefits-of-a-vpn-818178

Myo, T. (2015). A Formal Model to Analyse the Firewall Configuration Errors. Science And Education Of The Bauman MSTU. doi: 10.7463/0615.0778576

Rfwireless-world, R. (2018). Advantages of TELNET | disadvantages of TELNET. Retrieved from https://www.rfwireless-world.com/Terminology/Advantages-and-Disadvantages-of-TELNET.html

Setapa, S., & Suhilah, T. (2014). An Access Control List for Role-Based System: An Observation and Recommendation. International Journal Of Information And Education Technology, 4(6), 468-472. doi: 10.7763/ijiet.2014.v4.452

Sophos, C. (2018). The "Any -> Any: rule. - Network Protection: Firewall, NAT, QoS, & IPS - Sophos UTM 9 - Sophos Community. Retrieved from https://community.sophos.com/products/unified-threat-management/f/network-protection-firewall-nat-qos-ips/39582/the-any---any-rule

Ssh.com, S. (2018). Telnet – How to use SSH as a secure alternative | SSH.COM. Retrieved from https://www.ssh.com/ssh/telnet