Purpose
The purpose of the current report is to analyze the existing state of affairs at OPM and gain more insight into the organizational security network. This would allow the author to determine the core threats and vulnerabilities affecting the unit and employers. There could also be an opportunity to collect data regarding information breaches and the likelihood of the most evident exploits being abused by hackers. Overall, this security assessment report is intended to shed light on some of the cost-effective strategies related to network security and the probability of protecting essential organizational assets such as hardware, software, and corporate and user data.
Given that the current level of security might not be meeting executives’ expectations, it should be essential to perform more internal audits while also following strategies to help organizations mitigate weaknesses and strengthen the existing security network.
Organization
One of the essential challenges when designing a decent network for the organization is the process of enabling technologies and skills that would help the responsible team to complete the task. Security issues should be included in the organization’s agenda because breakdowns and downtime are practically unavoidable when it comes to network security and standardization of the software and hardware required to create the best setup (Cram et al., 2017).
Easy access to information should be carefully balanced by a strong security system that would eventually spot every suspicious packet across the network and either decline or neutralize it. The organization might also want to establish a recovery plan in advance because issues should be carefully anticipated at all times (Opdyke et al., 2017). Future growth should also be included in the network in the form of scalable nodes and connections that would respond to all changes in a flexible manner, without the team having to rebuild the network from scratch. One of the possible ways of protecting the network during earlier builds would be to include redundancies that would slow down the potential attackers.
The security network design should also be responsive enough to allow for both local and wide area networks (LAN/WAN) to function properly and respond to threats individually, without human-led interventions. Nevertheless, OPM should carefully assess its capabilities and opportunities prior to designing the network, as the idea should be to limit the network to a certain facility and develop a private network that would not be affected by exterior variables (Ahmad et al., 2020).
There is no need for the organization to design a WAN at the moment because it would require the executive unit to allocate more resources to the issues of connectivity and environment control. Depending on the factors mentioned above, OPM management would be capable of creating the best version of their network while keeping the proposed solution cost-effective and easy enough to deploy (Burns, 2019). This would make the organization closer to an optimal network where downtime is minimal, and most nodes remain unaffected by suspicious exterior activities.
The organization currently does not benefit from unique workstations linked to discrete nodes within the network. This particular issue makes it harder for the unit to find ways to execute programs and add devices to the network without having to alter the structure of the network itself (Maithili et al., 2018). Accordingly, OPM has to focus on establishing all possible capabilities for all end-users so that the whole bandwidth would be available to eligible employees with required privileges.
This security concern is another part of the network organization that has to be considered when introducing certain changes, as no obsolete accounts should be given access to crucial sections of the network (Hyun et al., 2018). The network support should ensure that there is going to be a reasonable number of Ethernet switches in order to collect relevant data regarding Media Access Control and all of the existing devices that are connected to OPM’s network.
The current network setup is lacking cloud-based solutions due to a rather high number of legacy code lines and outdated applications that keep the organization away from experiencing the strength of innovation. Even though OPM possesses enough resources to purchase all the required tools, it is still willing to invest money and time in non-optimized, outdated protection mechanisms, exposing the organization to an increased number of threats (Liu et al., 2019).
With cloud-based solutions, OPM would become able to ensure better security and give itself a chance for a swift recovery in the case of an unexpected breach attack. According to Tayal et al. (2017), one of the crucial benefits characteristic of cloud-based solutions is that they support diverse services and do not limit an organization in terms of how it appeals to end-users or creates room for innovation. Based on this statement, it may be proposed to OPM to transfer all of its resources to a software-as-a-service (SaaS) or a platform-as-a-service (PaaS) framework.
The current situation within the organization proves that there are both external and internal threats to network security. This means that the existing vulnerabilities could increase OPM’s proneness to data breaches even more without the organization having a chance to respond in a meaningful manner. As it is posed by Opdyke et al. (2017), outside threats are usually much more dangerous than the inside ones because security networks are not always updated swiftly, establishing more creative real estate for hackers.
There may be plenty of attacks aimed at networks such as brute force, denial of service (DoS), phishing, malware, ransomware, packet sniffing, and many more (Dargahi et al., 2019). Therefore, the organization should make sure that it has the capability of shutting the network down in the case of an unexpected attack to isolate the remaining nodes and stop attackers prior to them gaining access to all the OPM’s intellectual property.
It would be rational for the organization to pick a cloud-based platform to move its resources because otherwise, OPM’s outdated network security system would not have enough power to persist innovative hacker attacks. Even though there are certain limitations associated with PaaS and SaaS, there is no doubt about an opportunity to reduce the number of cases where an employee’s credentials were compromised, for example. Data encryption and the quality of security measures should also become two of the most viable discussion topics for OPM executives. A monitoring program will be required to ensure that employees are aware of security policies and the network itself is prepared for unexpected exterior attacks.
Scope and Methodology
The scope of the author of the existing report was to investigate all kinds of inbound and outbound traffic that could negatively affect the organization’s security network. The state of the latter and inherent vulnerabilities are going to be assessed with the help of additional tools that would make it easier to identify suspicious activities and eradicate threats in a proactive manner. This would also bear a significant link to the organization’s infrastructure, as proper network security might make it easier for the unit to cope with digital threats.
There are both Windows- and Linux-operated machines, so it is proposed to utilize Nmap and Wireshark to run security scans for external or internal hosts and analyze packets, respectively. The existing network conditions make the use of these two tools reasonable because OPM is most likely to be attacked via unsafe protocols and other similar types of digital threats.
Another important method that the author of this security assessment chose to complete the report was a password strength determination routine. In the case where employees choose shorter, simpler passwords, organization data might be stolen easily via a single SQL injection causing the database to collapse (Caesarano & Riadi, 2018). This is the main reason why the team should also pay enough attention to security breaches and perform audits of organizational units recurrently to see how the network protects corporate assets. There could be issues identified that would be linked to data encryption or firewall usability.
The author is willing to use the proposed tools to maintain database integrity and avert crucial downtime. At the end of the report, there will be recommendations linked to how the author intends to strengthen database security and prevent future attacks.
Data
With the help of the proposed software instruments, the author of this security assessment report is going to analyze the following.pcap entry points: http.pcap, telnet.pcap, mysql.pcap, mail.pcap, pswrdauth.pcap. This would be completed to check on the existing pairs of IP addresses, protocols utilized to establish the connection, and port numbers that respond to the requirements. Accordingly, there will be a chance to trace destination and source addresses at the same time, allowing for a more in-depth analysis of how ports communicate information and what could be the possible drawbacks associated with the current setup.
Wireshark will become an essential contributor to the organization’s security assessment, allowing for a review of MAC addresses. In addition, the author would also utilize Nmap to assess the possible host/network vulnerabilities and come up with recommendations regarding what could be done to cope with the tangible threats.
Results
After the scan, which was based on the features of Wireshark and Nmap, the author came to the conclusion that there were numerous issues with the organization’s network security. The following bullet points are going to point out the essential challenges identified via analysis and create room for relevant recommendations. This list represents a dataset comprised of findings that relate solely to OPM’s network and have to be addressed as soon as possible.
- There was just one pair of IP addresses identified in packet data recorded in the http.pcap file. The TCP protocol was utilized by the system to transfer information back and forth across the established connection. Ports were also connected via the TCP interface. The assessment did not disclose any trace of plaintext in this packet data. The relevant IP addressed are 174.143.213.194 for the destination and 192.168.1.140 for the source. Port numbers were 5768 and 80, respectively.
- In the telnet.pcap packet file, the author found another pair of unique IP addresses that were active under the guidance of the TCP protocol: 192.168.1.184 for destination and 192.168.1.140 for the source. The same TCP protocol was also utilized to establish a connection between source and destination ports, 5687 and 23, respectively. There was no plaintext information identified, with two unique MAC addresses at hand (destination – 00:12:c6:00:54:a4; source – 00:1c:60:b3:01:74).
- The mysql.pcap file included another pair of unique IP addresses that communicated via the TCP protocol. The two ports utilized for the connection were of TCP origin as well: source – 5621, destination – 3303. The MAC address for the mysql.pcap was 00:00:00:00:00:00, with no sign of plaintext utilized to communicate certain data between the source and the destination.
- The process of evaluating packets included in the file named mail.pcap allowed the author of this report to gain more insight into the ports used to communicate the data and potential areas of weakness that might be addressed in the future. The unique IP addresses for mail.pcap were 192.168.1. 105 for the source and 178.123.13.120 for the destination. The respective ports that were set up to communicate the data were TCP (ports 5656 and 443 for the source and the destination), UDP (4255 and 2687), and SSL (443 and 5656). Similar to other packets, no plaintext was included.
- The pswrdauth.pcap file included two unique IP addresses (224.0.0.5 for the destination and 10.0.0.2 for the source) and functioned on the basis of the OSPF protocol. No plaintext data was recognized when assessing the packets, while there were no distinct port numbers utilized to communicate the required information. There was just one simple password found during the scan, evidently hinting at the probable challenges associate with the network.
A thorough analysis of the network with the help of Nmap software disclosed that there were a total of 14 open ports in Windows with at least two open ports in Linux.
Findings
A thorough assessment of OPM’s network security showed that the organization might be significantly vulnerable to external threats due to several weak passwords and unstoppable communication between the source and the destination. It would not be a challenge for the hacker to penetrate the system and infect the whole network within seconds while having access to just one account.
There are no user privilege controls either, which creates another obstacle for the employees and employers because of the lack of flexibility and control over the situation. Ports should be closed in accordance with the fact that they currently allow for all kinds of information to be sent via this particular interface. The organization may be interested in closing these ports with the help of firewalls and block all of the restricted content together with the wrongdoers not being allowed to exploit open ports of all types.
Any instance of unwanted traffic should be closed in a strict manner so that not a single packet would travel toward the destination. Packet sniffing and IP spoofing will become the most popular attacks for hackers if the organization chooses to ignore the influence of open ports on network security. Stolen data could result in serious challenges for the whole company, causing even more cybercriminals to attack network hosts and spread malware. The key priority for the organization should be to invest in security and ensure that the majority of weaknesses above were identified and approached in a correct, timely manner.
References
Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How the integration of cybersecurity management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939-953.
Burns, A. J. (2019). Security organizing: A framework for organizational information security mindfulness. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 50(4), 14-27.
Caesarano, A. R., & Riadi, I. (2018). Network forensics for detecting SQL injection attacks using the NIST method. International Journal of Cyber-Security and Digital Forensics, 7(4), 436-443.
Cram, W. A., Proudfoot, J. G., & D’arcy, J. (2017). Organizational information security policies: A review and research framework. European Journal of Information Systems, 26(6), 605-641.
Dargahi, T., Dehghantanha, A., Bahrami, P. N., Conti, M., Bianchi, G., & Benedetto, L. (2019). A cyber-kill-chain based taxonomy of crypto-ransomware features. Journal of Computer Virology and Hacking Techniques, 15(4), 277-305.
Hyun, S., Kim, J., Kim, H., Jeong, J., Hares, S., Dunbar, L., & Farrel, A. (2018). Interface to network security functions for cloud-based security services. IEEE Communications Magazine, 56(1), 171-178.
Liu, X., Yu, J., Lv, W., Yu, D., Wang, Y., & Wu, Y. (2019). Network security situation: From awareness to awareness-control. Journal of Network and Computer Applications, 139, 15-30.
Maithili, K., Vinothkumar, V., & Latha, P. (2018). Analyzing the security mechanisms to prevent unauthorized access in cloud and network security. Journal of Computational and Theoretical Nanoscience, 15(6-7), 2059-2063.
Opdyke, A., Lepropre, F., Javernick-Will, A., & Koschmann, M. (2017). Inter-organizational resource coordination in post-disaster infrastructure recovery. Construction Management and Economics, 35(8-9), 514-530.
Tayal, S., Gupta, N., Gupta, P., Goyal, D., & Goyal, M. (2017). A review paper on network security and cryptography. Advances in Computational Sciences and Technology, 10(5), 763-770.