IT Security Management Assignment: Digital Forensics And Network Design

Task -1 Digital Forensics

This projects aims to analyse the digital forensic case investigation, which involves network designing and security solutions for a new start-up company. This company basically is a small medium enterprise and this company owned by Luton. Using E-government model, in production and accounting records, Luton decided to encounter many anomalies. This company has investigator and employed for digital forensics. So, investigator needs to evaluate determine any form of malicious activities that take place in the network. Provide prevention for the malware with the company system. All this will be analysed and discussed in detail. The digital forensic tool needs to be analysed and discussed in detail. Also the network security for this company will be analysed and discussed in detail. Further, analysing the authentication and authorization mechanisms will be done. Key management issues will be analysed and discussed. Measures on ROI security will be measured and discussed in detail. Finally, the security breaches will be identified.

The new start-up company is a small medium enterprise and this company is owned by Luton. In production and accounting records, Luton decided to encounter many anomalies, using E-government model. Basically, this company begins with system check for the log files, then it determines various suspicious entries along with various IP addresses. These information is transferred outside the company with the help of firewall. The enterprise system is also received and has encountered many complaints from the customers. It included that a strange message is often displayed in the processing time and sometimes it leads to redirect to the payment pages but it does not look relevant. So, this company faces hard situation for ensuring uncompromised computer system in terms of enterprise’s system. This company also contains investigator and is employed for digital forensic. Thus, the investigator must perform evaluation of malicious activities that occur in the network. It provides prevention for those malware with the company system.

Here, we will create the virtual disk images by using Magic ISO software. This software is used to provide effective virtual disk image file. It also makes back-up copies of the disk image files. To create the Virtual disk it follows the below steps.

First, open Magic ISO software.

Click File à New à Disk Image à 2.24 MB.

It is illustrated in the below figure.

This process opens the new disk image file and renames the file as Disk File, as shown below.

Next, add the image file for disk images by clicking on add files and choose the relevant images for the disk image. It is illustrated in the below figure.

The added files are shown below.

The created disk file contains hash values, images and case description file. Once the files are successfully added, save the disk image file, as shown below.

Finally, virtual disk image file is created successfully.

Here, we will design an enterprise network for an ANOJ-Software. This is considered as software house and it is a start-up Software Company. This company decided to design their enterprise network because this company sensitive data are hacked. So, this company decided to use the cutting edge security solutions for a network. The proposed network needs to be justified. The proposed network should satisfy the following requirements such as,

• Use internal email server
• Use two web servers. One for external users and another for the internal users.
• Use internal CVS server and it only grants the internal access.
• Also, use the anonymous CVS server for remote teams to download the source code.

Task – 2 Network Design

Network Diagrams are basics for guaranteeing you have an entire comprehension of how your network topology is interconnected and can give you an overhead perspective of what’s going ahead in the system. Commonly, it will enable you to imagine where your foundation is missing and what should be overhauled/supplanted.

Having a legitimately recorded schematic of your whole system and associations can likewise guarantee you can investigate issues in a deliberate request when they emerge. A portion of these product bundles even naturally refreshes your system topology, then outlines new gadgets included or expelled from the system, which truly eliminates by physically removing them.

With their ability for demonstrating how arrange parts collaborate, organize, the outlines can fill an assortment of needs, including the following:

• Arranging the structure of a home or expert system.
• Organizing updates to a current system.
• Detailing and investigating system issues.
• To follow PCI or different prerequisites.
• As documentation for outside correspondence, on boarding, and so forth.
• To monitor parts that send important data to a seller for a RFP (ask for proposition) without unveiling private data.
• Pitching a system proposition to monetary partners.
• Proposing abnormal state, syslog framework changes.

Remembering the final goal for outlining and constructing the highly anchored arrangement, numerous elements should be considered. For instance, host’s topology and position within an organization, equipment determining, then programming innovations as well as the careful arrangement of each segment.

Topology and Architecture

The basic development in outlining this system is to characterize the topology of the system. Topology is considered as physical and sensible system format. On the physical side, one must ensure circulation to the workplaces or near structures where the presence of client exists. For the servers, we should give network which includes the intranet, for the internet, especially for the other organizational areas, then the remote clients who are interfacing via phone lines etc. Consideration of intelligent topology is essential.

Example: To outline a sensible topology, the Virtual LANs (VLANs) as well as the Virtual Private Networks (VPNs) has significant adaptability. The proposed network topology diagram for ANOJ Software Company is shown below (Lucidchart, 2018).

Network topology architecture

Intrusion Detection Systems

This section focuses on Network Intrusion Detection Systems (NIDS) and how they it can be utilized in our LAN for distinguishing bothersome actions. Various specialists incorporates the IDS as the major aspect of basic components to anchor any system. The system IDS could caution the framework chairman for assaulting on the arrangement progressively with investigation on the activity related to the wire, and for creating cautions if suspicious exercises are distinguished. NIDS could be a consistent PC running IDS programming, for example, the freeware Snort, a machine compose gadget running restrictive programming, or even a particular card worked in to a switch or other arrange component as Cisco are presented. The host based intrusion recognition. For instance, free or business forms of Tripwire, or various types of proactive log observing programming, are subsequently exceedingly, outside the extent of this paper (SearchSecurity, 2018).

Firewall

Firewall is a device that is introduced among inside system of the organization along with what so ever the system contains. It intends forwarding some parcels as well as the other channels. For example, the firewall might channel each single that approaches the bundle bound for the particular host or a particular server like, HTTP or it might be utilized for denying accessing for a specific host or administration in an organization. In the system, any associated image portrays the establishment of firewall.

Working Architecture

The firewall is designed appropriately, its framework on one of its side is shielded from the frameworks on its opposite side. The firewalls in most of the parts of the channel movement are seen two techniques:

• Firewall could permit the any movement with the exception that is limited. It is based on the firewall type used, the source, then the goal addresses, and ports.
• Firewall could deny any type of activity which don’t meet specific criteria referring to the system layer where the firewall works.
• The type of criteria utilized for deciding whether the activity should be allowed differs beginning with a single kind and next to the other one.
• The firewall could be concerned of the activity types or with the goal locations as well as the ports.
• The firewall could similarly use the complicated principles with respect to examining the application information for deciding whether the movement should be permitted.

Demilitarized Zone (DMZ)

DMZ is fundamentally executed to anchor an inner system from collaboration with and misuse and access by outside hubs and systems. DMZ can be a legitimate sub-organize, or a physical system going about as a safe extension between an interior and outside system. A DMZ organize has constrained access to the inward system, and the greater part of its correspondence is filtered on a firewall before being exchanged inside. In the event that an assailant plans to break or assault an association’s system, a fruitful endeavour will just outcome in the trade off of the DMZ arrange – not the center system behind it. DMZ is viewed as more secure, more secure than a firewall, and can likewise fill in as an intermediary server.

The security problems that are present in the little to medium scrutinized LAN set for a business or other foundation are inspected, and identifies a part of the procedures that are accepted from the system architect’s point of view (Pkware.com, 2018). If the is no similarity among the systems, a part of the commonplace  complexities are looked by the organize fashioner who incorporates the following:

• From the internet propelled attacks, the systems are secured.
• Internet confronting web, the DNS and the mail servers are secured.
• Causing threat from the traded off frameworks, then counteracting the inside propelled threats.
• The securing of assets like, client databases, monetary records, exchange privileged insights, etc.  
• For the executives to securely manage the arrangement, a structure is built.  
• For logging and intrusion recognition, frameworks are provided.

Prior to the commencement of procedure outlining, a security arrangement should be set up. If not it must be refreshed so that the objectives of the organization can be identified. Then, a sensible assessment of threats are managed, and the asset ID (labour, equipment, and spending plan) which are accessible must be made. The process can begin, as the strategy for organization security and accessible assets is identified.

Authentication Mechanisms

• When it is needed that the server should know who is taking their data, in such case authentication is used by the server.
• When any of the customer requires realizing that, the server refers to a framework and when it acknowledges, then in such case, the customer use the Confirmation.
• In Authentication, either client or the PC are required for personality demonstration i.e.,  either for the customer or for the server.
• As a rule, confirmation by a server contains the use of client name and password. For validating various methods could be through like, voice acknowledgment, cards, retina filters and the fingerprints.  
• From the customer verification rule, contains the server providing endorsement to the customer where they are confided in the outsider. Example, Verisign or Thawte states which the server contains place with the element, like the bank that the customer anticipates.
• What type of tasks an individual could perform or what documents the person could access cannot be figured out by confirmation. Authentication just recognizes and assesses about the details of the individual and their framework.

User Authentication

User Validity-The popularly identified Authentication process refers to the Log-in ID.  Furthermore, the Password-based Access Log-in which recognizes an individual to the framework with a concern on the end goal for acquiring to get it. The important use of Personal Computer login strategy refers to validate the PC client’s personality or PC programming endeavouring to know about the administration of PCs. The other mainstream of Authentication process refers to IP Filtering or IP confirmation. Such a procedure is considered as the parcel channel which dissects the bundles of TCP/IP. Web Cookie is another procedure of client Authentication that could be helpful for the server for perceiving the already confirmed clients. Web Proxy is another approach to validate. The confirmation framework likewise plays out the same cryptographic process on the test and looks at its outcome to the reaction from the customer. On the off chance that they coordinate, the Authentication framework has checked that the client has the right watchword (InfoSec Resources, 2018).

Authorization Mechanisms

• The authorization is referred as a procedure using which the server takes decision whether the customer contains any authorization for utilizing the asset or have access to the document.
• Typically, authorization is combined with confirmation so that the server contains some idea about the customer who asks for it.
• A sort of verification is needed for Authorization might change; the passwords could be needed whenever required.
• Whenever required, there exists no authorization; any client could use the asset or they can access the record just with a request. on the Internet, most of the pages doesn’t need any verification or Authorization.

User Authorization

The Resource Access Permission-Authorization characterizes clients’ consents as far as access to computerized assets and degree of its utilization. In the Access Management System, the authorization is allowed to the effectively confirm clients as per their rights on data accessible. Additionally, authorization directs the obligation problems doled out for various staff associated with advancement of a computerized storehouse/library and their separate experts regarding expansion, erasure, altering and transferring of records into a computerized gathering. Authorization refers to testing when compared to Authentication, particularly to the appropriated computerized content suppliers. There are standard access control models are listed below (Bu.edu, 2018).

1. Discretionary Access Control (DAC) – In a DAC Model, get to is represented by the entrance rights allowed to the client or on the other hand client gatherings. An association/executive/maker can distinguish an arrangement of activities and allocate them to a protest and to an arrangement of clients.
2. Mandatory Access Control (MAC) – In MAC, the information proprietor has restricted opportunity to settle on get to control. Data is arranged into various classes and every classification is appointed a specific security level.
3. Role Based Access Control (RBAC) – RBAC is a generally utilized – and prevailing – get to control display, and most get to control security items accessible in the market today depend on this model since its destinations are compositional.

Due to the concern for guaranteeing the client information or for securing the competitive innovations, various organizations alter their components just to exchange the information using the Internet. Thus, there exists a number of interesting points during the enhancement of information security exchange methodology, as follows:

• User Authentication – FTP utilizes clear content passwords, which debilitates security as there are possibilities that anyone could get the secret word which is used, for gaining admittance to information.
• The remote framework distinguishing proof confirmation for avoiding the capturing of parcels by the framework.
• Data protection (through encryption) with the goal that no transitional framework could use the information.
• Data security for averting change for the information, during its travel.
• Preservation of information arrange. Distinctive working frameworks may store information in diverse arrangements. When this is the case, it is attractive to have a characterized exchange design. FTP has generally completed a great job to perform information exchange among the frameworks.
• Utilization ease. An instrument that requires additional means or isn’t anything but complex for utilizing which will urge the clients to opt any other methods which might not safeguard the coveted security during rushing time.

The collection of components are as follow- Particular encryption, IPsec, FTP over Transport Layer Security (TLS), Virtual Private Networks, SFTP (Secure Shell File Transfer Program), and then the FTP over Secure Shell (SSH). Every single system contains contentions both for and against it. Thus, nobody could announce answer for all the issues.

In several stages, SFTP is generally accessible and it makes sure to take care of the anchoring problem relate to client’s secret key, then it allows information encryption which is trusted. SSH (which SFTP utilizes as the validation and tool for transporting the information) additionally confirms the server included the key trading. SSH keys are kept secretly and needs outside acknowledgment on, initially use or exchange via substitute method. As SFTP only utilizes the solitary TCP link with trade, the two summons and information won’t have any problem related to firewalls which could contain by the FTP. Shockingly, the SFTP does not generally safeguard the record design when distinctive working frameworks are included. Initially the SFTP convention was determined as a twofold document get to convention. Despite the fact that a content exchange component was included later corrections of the determination, not all usage bolster it, especially the most prevalent (OpenSSH). The convention too gives a system to subjective document qualities to be passed on the record open summon, however this isn’t very utilized. The SSH people group has permitted the draft determination to terminate as it was felt that the gathering didn’t have the fundamental mastery to institutionalize a document get to convention. While there are numerous executions accessible, not every one of them will refresh the convention level that they bolster on the off chance that they do not feel that their showcase contains utilization for it. This technique gives adequate usefulness to numerous clients in spite of the fact that the client may need to analysis to manage content document design transformation issues.

At its most fundamental, record exchange innovation is just a component to transport a document starting with one framework then onto the next framework over a system. A safe record exchange adds security highlights to this vehicle, for example, encoding the document to save its privacy and honesty. This counteracts spies on the systems between the frameworks from getting to the record substance and perusing or altering them. Secure document exchange additionally includes a type of dependable conveyance, regardless of whether it’s simply given by TCP/IP traditions. Most secure record exchanges depend on standard conventions, for example, the Secure File Transfer Protocol (SFTP) or secure duplicate (SCP). Makes record exchanges befuddling that there are a few different ways to give security. The most advanced compose is known as overseen record exchange (MFT), and it mixes it up of administration, reviewing, computerization, security and unwavering quality highlights to anchor document exchanges (Sans.org, 2018).

An intrusion detection system (IDS) is referred as a framework which screens the organize movement, for any suspicious action and when such action is found the problem is alarmed. While abnormality identification and announcing is the essential capacity, some intrusion detection systems are equipped to take activities during any malicious activity or when there strange movement identified, along with blocking movement which is sent from the suspicious IP addresses (www.alienvault.com, 2018).

Especially, IDS checks any action that is suspicious and circumstance which might be due to the consequence of any kind of infection, worm or the program. It is completed by finding any intrusion marks or the marks of assault which are known and describes various worms or infections, by following typical changes that contrast from the consistent framework action.

IDS covers the extensive item types, which creates final product for recognizing the intrusions. The arrangement of IDS could have less expensive shareware or uninhibitedly conveyed open source programs, for a significantly expensive and arrangement of safe merchant programming. Moreover, few IDSs contain both the programming applications, the equipment and sensor gadgets that are introduced at various emphasis with the system (SearchSecurity, 2018).

Here, we are introduced the Snort. A Snort refers to an open source organize interruption identification framework, that is equipped to perform constant activity investigation as well as signing parcel on the IP systems. It can do investigation of convention, seeking or coordinating content and could be used to identify any type of assaults and tests. For instance, support floods, secrecy port outputs, CGI attacks, SMB tests, OS finger printing endeavours etc.

As per late examinations, security is the greatest test confronting little and medium-sized organizations. Regularly changing security dangers from both inside and outside the business system can seriously hinder the business tasks, influencing productivity and consumer loyalty. What’s more, little and medium-sized organizations must agree to new directions and laws made to ensure shopper protection and secure electronic data.

• Security Issue No. 1: Worms and Viruses. The computer worms and infections remains as most widely recognized security risk, with 75 percent of little and medium-sized organizations influenced by no less than one infection in the most recent year. Worms and infections can devastatingly affect the business congruity and gainfulness. More quick witted, more damaging strains are spreading speedily than any other time, contaminating whole workplaces in a flash. Cleaning the contaminated PCs takes no longer, and the procedure regularly results in lost requests, debased databases, and furious clients. As the organizations battle to secure their Personal Computers using latest working framework patches and antivirus programming, the new infections can infiltrate their protection whenever required (Medium, 2018). In the interim, workers spread infections along with spyware by accidentally entering the pernicious Websites, then downloading or opening email connections which contains untrustworthy files or materials. Such assaults are inadvertently welcomed into the organization, however it could result is huge budgetary disasters. Security frameworks must identify and repulse worms, infections, and spyware at all the areas in the system.
• Security Issue No. 2:Information Theft Information robbery is lucrative. Programmers break into business systems to take MasterCard or standardized savings numbers for benefit. Little and medium-sized organizations are viewed as a less demanding focus than the substantial enterprises. Securing the border of the system is a decent start, yet it isn’t sufficient, since numerous data robberies are helped by a confided insider. For example, a representative or temporary worker. Data robbery can be expensive to little and medium-sized organizations, since they depend on fulfilled clients and a decent notoriety to help develop their business. Organizations that don’t satisfactorily ensure their data could confront negative reputation, government fines, or even lawsuits (Bittlingmeier and King, 2018).
• Security Issue No. 3:Business Availability Computer worms and infections are not by any means the only danger to the business accessibility. Refusal of-benefit (DoS) assaults can close down Websites and online business activities by sending extensive volumes of movement to a basic system component and making it come up short or to be unable process. However, the outcomes are awful: information and requests are lost and the client demands are not replied (Cisco.com, 2018).
• Security Issue No. 4:Security Legislation Aside from these security dangers, new laws and directions necessitate that little and medium-sized organizations ensure the protection and trustworthiness of the data endowed to them.

In the world of finance, capital assumption must be estimated for its viability in producing benefit for the association. This is the place the return on investment (ROI) estimation comes in, for the assessment of a venture. For a venture to be legitimized it should express in quantitative terms, why it needs to happen (Helpsystems.com, 2018). The proposition with the most productivity potential generally wins; which is the reason cybersecurity recommendations frequently lose except if there was a noteworthy occasion. The run of the mill degree of profitability estimation resembles as follows:

Gain from the investment –Investment Cost

ROI =           ____________________________________________

Investment Cost

For instance,

Gain from investment is $50000 and cost of investment is 30,000.

$50000 – $30,000

ROI = __________________________       = 0.666

      $30,000

This straightforward calculation idea applies to each venture, including security. The quality of a venture is typically estimated by the conviction and size of return it will give. Does this same rationale apply to cybersecurity, well yes and no? Profit for security speculation (ROSI) has some subtlety to it (Kohen, 2018).

Security is complicated, in that a speculation does not give expanded incomes, but rather it provides reserve funds among the certain digital attack. Security specialists call this disaster expectation, while in business and financial aspects, disaster counteractive action will fall under the classification of chance cost. Supervisors and official discuss the opportunity cost to assess the estimation of one venture choice against another. On the off chance that one venture gives prompt payback yet in the long pull costs the organization more than another chance, at that point they won’t run with the fleeting alternative. Expanded incomes should not be the desire when using the resources in cybersecurity. Rather safeguarding of capital and resources is the thing that should not be out of ordinary. Prior to investigating the count, it is critical to comprehend the factors of hazard appraisal (Incident Response Consortium, 2018).

The cases of inconceivably expensive representative caused information breaks differ. While some came about because of disappointed representatives’ longing to undermine their boss, others were as pure as solicitations for specialized help.

People can be hazardous. In any case, security experts can comprehend their own particular part in overseeing representative dangers. By review gadget misfortune as inescapable, gadget encryption and observing can diminish the danger of losing information in an auto or home break in. Thus, more quick witted strategies and direction on looking for technical support, the transmission of information, and whaling dangers can decrease your odds of honest slip-ups (Process.com, 2018).

By perceiving people as a presumable purpose of disappointment in security, those in IT can bring their arrangements, specialized protects, and observing procedures up to speed.

Human blunder is unavoidable. In any case, the correct state of mind and activity can guarantee you’re not subject to expensive fines or open shame.

IT leads need to comprehend the distinction between record respectability checking and other programming that can present hazard and the ones that can moderate dangers. In case you’re consistently managing a worker with special access and criminal purpose, some record uprightness observing arrangements can empower criminal movement by permitting review trails to be killed or changed.

Your association needs propelled devices for a culture of responsibility and aggregate oversight. By giving resources into specialist based record uprightness checking with inevitable review logs, you can comprehend the wellspring of each move made on your system continuously.

Conclusion

This project has successfully analysed the digital forensic case investigation, network design and its security solutions for a new start-up company. This company basically is a small medium enterprise and this company owned by Luton. The Luton was decided to encounter many anomalies in the production of records and accounting using, E-government model. This company has investigator and employed for the digital forensics. So, in the network the investigators need to determine any kind of malicious activities that generally take place Provide prevention from malware with the company system. All this is analysed and discussed in detail. The digital forensic tool are analysed and discussed in detail. Also the network security for this company are analysed and discussed in detail. Further, analysing the authentication and authorization mechanisms are done. Key management issues are analysed and discussed. Measures on ROI security are measured and discussed in detail. Finally, the security breaches are identified successfully to provide the security for this company.

References

Bittlingmeier, D. and King, T. (2018). Understanding the Basic Security Concepts of Network and System Devices | CompTIA Security+ Exam: Devices, Media, and Topology Security | Pearson IT Certification. [online] Pearsonitcertification.com. Available at: https://www.pearsonitcertification.com/articles/article.aspx?p=31562&seqNum=2 [Accessed 28 Aug. 2018].

Bu.edu. (2018). Understanding Authentication, Authorization, and Encryption : TechWeb : Boston University. [online] Available at: https://www.bu.edu/tech/about/security-resources/bestpractice/auth/ [Accessed 28 Aug. 2018].

Cisco.com. (2018). Top Five Security Issues for Small and Medium-Sized Businesses. [online] Available at: https://www.cisco.com/web/IN/solutions/smb/files/net_implementation_white_paper0900aecd804606fc.pdf [Accessed 28 Aug. 2018].

Helpsystems.com. (2018). 6 Ways to Calculate ROI from your Network Monitoring Investment. [online] Available at: https://www.helpsystems.com/resources/guides/6-ways-calculate-returns-your-network-monitoring-investment [Accessed 28 Aug. 2018].

Incident Response Consortium. (2018). How to Measure the Return On Investment (ROI) in Your CyberSecurity Environment | Incident Response Consortium. [online] Available at: https://www.incidentresponse.com/how-to-measure-the-return-on-investment-roi-in-your-cybersecurity-environment/ [Accessed 28 Aug. 2018].

InfoSec Resources. (2018). Network Design: Firewall, IDS/IPS. [online] Available at: https://resources.infosecinstitute.com/network-design-firewall-idsips/#gref [Accessed 28 Aug. 2018].

Kohen, I. (2018). How to calculate your return on security investments. [online] CSO Online. Available at: https://www.csoonline.com/article/3229887/security/how-to-calculate-your-return-on-security-investments.html [Accessed 28 Aug. 2018].

Lucidchart. (2018). What is a Network Diagram. [online] Available at: https://www.lucidchart.com/pages/network-diagram [Accessed 28 Aug. 2018].

Medium. (2018). Learn to securely share files on the blockchain with IPFS!. [online] Available at: https://medium.com/@mycoralhealth/learn-to-securely-share-files-on-the-blockchain-with-ipfs-219ee47df54c [Accessed 28 Aug. 2018].

Pkware.com. (2018). Secure Data Exchange | Smartcrypt | PKWARE. [online] Available at: https://www.pkware.com/solutions/solutions-by-use-case/secure-data-exchange [Accessed 28 Aug. 2018].

Process.com. (2018). A Comparison of Secure File Transfer Mechanisms. [online] Available at: https://www.process.com/resources/ssh/comparison_secure_file_xfer.pdf [Accessed 28 Aug. 2018].

Sans.org. (2018). Designing a Secure Local Area Network. [online] Available at: https://www.sans.org/reading-room/whitepapers/bestprac/designing-secure-local-area-network-853 [Accessed 28 Aug. 2018].

SearchSecurity. (2018). Choosing secure file transfer products for your enterprise. [online] Available at: https://searchsecurity.techtarget.com/feature/Choosing-secure-file-transfer-products-for-your-enterprise [Accessed 28 Aug. 2018].

SearchSecurity. (2018). What is intrusion detection system (IDS)? – Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/intrusion-detection-system [Accessed 28 Aug. 2018].

www.alienvault.com. (2018). Intrusion Detection Techniques: Methods & Best Practices. [online] Available at: https://www.alienvault.com/blogs/security-essentials/intrusion-detection-techniques-methods-best-practices [Accessed 28 Aug. 2018].