Scenario

Uxbridge College Information Systems Network Security Principles involve around key principles of Confidentiality, Integrity and Availability. Depending upon the application and context, one of these principles might be more important than the others. For example, a government agency would encrypt an electronically transmitted classified document to prevent an unauthorized person form reading its contents. Thus, confidentiality of the information is paramount. If an individual succeeds in breaking the encryption cipher and then re-transmits a modified encrypted version, the integrity of the message is compromised. On the other hand, an organization such as Amazon.com would be severely damaged if its network were out of commission for an extended period of time. Thus, availability is a key concern of such e-commerce companies. In this assignment you will consider Uxbridge College for security analysis.

Task 1 As a member of the Network Security group in Uxbridge College, you have been asked to serve on the committee and evaluate the threats and vulnerabilities of the following: (P1.1)

• Describe each of the following security threats and write a report about their impact on Uxbridge College as an FE educational institution and on teaching and learning • Adware • Virus • Worms • Spyware • Trojan • Rootkits • Backdoors • Logic bomb • Botnets • Man-in-the-middle • DDoS • Spoofing • Spam • Phishing • Spim • Spear phishing • Pharming • Malicious insider threat • DNS poisoning and ARP poisoning • Transitive access • Client-side attacks • Dumpster diving • Tailgating • Impersonation • Hoaxes • Whaling • Vishing • SQL injection • XML injection • Buffer overflow • Cookies and attachments • Session hijacking • Header manipulation • Known exploits

Task 2 The management at Uxbridge College, with two campuses in Hayes and Uxbridge, recently purchased a new facility in Ealing. This purchase will have a serious impact on the network security and information services department and will include the following changes to the organization's operation: 1. The Contractors will now be responsible for all information assurance. In the past, these responsibilities were done by the IT department. 2. All the organization's data centres will be consolidated into one central facility in Uxbridge in an effort to save costs and improve information assurance.

Discuss how to implement the above changes and the impact of the new network design on (P1.2)

• Physical security threats in three campuses. • The roles of packet-filtering routers and firewalls • Show how Intrusion detection and prevention system can be used to monitor to Uxbridge College network for malicious activities or policy violations. • Social impact: data credibility. • Individual impact: social engineering; • Security policy: access to the internet and email security, vetting of staff for employment and forensic analysis of systems. • Impact on productivity: systems recovery, data recovery and legal proceedings.

The purpose of a risk analysis is to identify the components of the network, evaluate the importance of each component, and then apply an appropriate level of security. Carry out a Qualitative or Quantitative risk analysis (list at least 16 risks) of the current Uxbridge College network, identify what needs to be secured and at what cost and what risk mitigation strategies you would use. (P1.3). Cloud computing has been credited with increasing competitiveness through cost reduction, greater flexibility, elasticity and optimal resource utilization. Explain in details supported by evidence and research how cloud computing can be used to enhance the ability of Uxbridge College to achieve its business goals and what are the benefits, risks and consequences. (D3.3)

Task 3 Describe the impact of the following protocols and crypto method: GRE, VPN, RSA, IPSec, ISAKMP, DES, 3DES on Uxbridge College Security.

Use the Cryptool utility to observe and record the result of using different cryptographic systems. Use Microsoft Notepad to create the following highlighted secret message. Record the results in the table below:

"Network Security Principles should involve three key principles of Confidentiality, Integrity and Availability" Note: Save file as assignment 1.txt

Cryptographic System Result MD5 SHA Hash

AES DES

56-bit The selection and implementation of encryption systems in Uxbridge College is critical to the safe transmission and storage of sensitive information (P4.1). Draft security procedures for use throughout the college in all three campuses to protect students from security threats. Then, discuss the best ways of protecting confidential data stored on a hard disk. Finally, what sort of workplace security issues should be covered by HR policies and why. (D1.4)

Task 4 What is the difference between disaster recovery and business continuity planning? Assess the impact of data loss and service unavailability on Uxbridge College productivity (P4.3) and how the management can plan to minimise their affect and what resources should be available to recover from them. (M3.3)

Task 5 Creating a Security Policy (D3.5) In this task, you will create your own acceptable use policy (AUP) and include acceptable use of computer equipment, Internet, email, and mobile devices in Uxbridge College to cover staff and students. Be sure to include the following sections in your policy: • Overview • Scope • Policy • Enforcement • Definitions • Revision History

Unit 46: Networked Systems Security Assignment 1 Contextualised Grading Note: failure to complete a pass criterion will lead to failure of the entire unit.

M1.3: failure to meet the deadline for handing in this assignment as stated in the front sheet means that you have failed to make an effective judgement in organising your time effectively and therefore the assignment basically will be marked only for pass criteria. As you know even if you meet all the merit criteria and all the distinction criteria, if you fail to meet M1.3 your assignment will only be judged on the pass criteria. Furthermore, if you consult resources to answer the above questions, you need to provide references using the Harvard system of referencing.

M3.3: In Task 4, you need to use a range methods and presentation to explain how the management can plan to minimise the damage in case of a disaster.

D1.4: You need to discuss the best ways of protecting confidential data stored on a hard disk and what sort of workplace security issues should be covered by HR policies and how these measures can improve the current security system.

D3.3: In task 2 you need to explain how cloud computing can help and what are the risks. Here you need to use lateral thinking to get to your goals. D3.5: in task 5, you need to create a new AUP for Uxbridge College.