This assignment is based on a case study, in which you will demonstrate your ability to manage a company’s global network infrastructure and conduct cyber security risk assessment as an ethical hacker.
‘Versand' is one of the leading shipping companies in the highly competitive world of container shipment. It also has a major business share in ‘logistics and energy sectors’. The company headquarters is in London. It has 70,000 employees with subsidiaries and offices across 100 countries.
About 90 percent of world trade is transported by sea, with ships and ports acting as the arteries of the global economy. With Versand global reachability across all major global sea port, the company heavily relies on communications systems for maintaining the smooth running of its global shipment operations. Any IT glitches can create major disruptions for its complex logistic supply chains Versand has a globally connected IT infrastructure. Its data centers are located around the globe for supporting its business. Versand typically has a regional office and a port-office that is connected via a secure VPN (Virtual Private Network) to one of its regional data centers. All of the major operations like shipping ordering management, inventory, container tracking, booking systems, and other critical systems rely on this connection. All these applications and voice/video servers (windows based) are hosted in regional data centers. The company uses resources from the public cloud for applications scale-out (like Amazon AWS or Microsoft Azure). The regional data centers are distributed as follows:
Two data centers in American region (one New York and one in Seattle)
Two data centers in Europe region (one in London and one in Frankfurt)
One data center in Asia (in Singapore)
One data center (in Sydney Australia)
All the data centers are connected through fiber optic connection. The connection between a data center and any of its sea vessels id through a satellite connection.
All of the applications in its data centers are Microsoft Windows-based and are hosted on Microsoft Windows Servers with Microsoft SQL Server databases (On Physical and Virtual Machines). Some of the branch port offices have local Internet breakout and some have regional internet breakout through their regional data centers. Some port offices have regional security firewall and IPS/IDS systems, and some don’t have. Each port-office has 50 to 100 employees and each regional office has 200 to 1000 employees. A typical branch (port) office includes:
Desktop computers/ laptops have Windows 7 operating systems, client applications, host based antivirus and an IPS (Intrusion Protection System)
Network switches with 1 Gbps access port and 10 Gbps core ports.
Wireless LAN access points (No wireless access policies defined)
IP telephony and video room endpoints for voice/video communications
A router that connects the site to the regional/other sites through VPN connections
In June 2017, Versand has been hit by ransomware cyber-attack (like Petya/NotPetya) that prevented people from accessing their data unless they paid $500 in bitcoin. The ransomware took advantage of certain security vulnerabilities in Microsoft Windows operating system (that Microsoft patched after the attack). As soon as the attack hit, Versand shut down their entire Global IT systems to avoid any risk of spread of infection across the whole company. After applying the recommended patches in all sites, normal operation got restored gradually. Although, none of its ship vessels were affected, but closely checked.
In response to this cybersecurity attack, the CEO of the company has contracted you - A Cybersecurity Consultant- to advise her on what measures and steps need to be taken to secure its global network infrastructure, data assets, to identify different types of threat (internal or external) that the company faces and how to contain or eliminate those risks.
You are requested to recommend protective measures and a continual monitoring process for reviewing its systems against future cyber security attacks. You are also required to produce a threat and risk assessment report, supplemented by recommended solutions and actions. Specifically, the CEO has requested that your report covers the following areas:
Marking scheme
1.1) Development of a sound introductory section which provides an appropriate introduction to the subject area (10 marks).
2.2) Evidence of sound research activity and/or any agreed practically-based development work (50 marks).
3.3) Presentation of work undertaken in a structured manner using a scientific/technical style of writing (20 marks).
4.4) Development of a sound concluding section (10 marks).
5.5) Inclusion of appropriate references using the Harvard referencing style (10 marks).