HELLMANN FINANCE, INC (HFI) is a multinational that takes the responsibility to manage numerous accounts in the United States. Even though its business operations have been successful, this company has recently been faced with cyber-security threats including the attack on its Oracle database server thereby losing the confidentiality, availability, and integrity of its customer base. As a result, this has damaged the organization’s reputation and thus ending up paying their customers large amounts for losing the confidentiality of their data.
In that case, this report intends on performing a quantitative and qualitative risk assessment of the HFI Company’s network for finding out vulnerabilities together with their associated risks, in addition to how they could be permanently eradicated. However not addressed in detail, the vulnerabilities determined within the HFI network have been categorized from very high risk to lower risk. Besides, this report on HIF risk assessment covers all the networking areas, such as the access points, the techniques of encryption, physical security, the general policies of the network, used protocols, wireless security, and the perimeter security. It is imperative to note that the proposed methods for eradicating risks are cheap with regards to the long-standing impact of another future successful attack on the network of HFI Company.
Risk assessment is a general term used for describing the general method or process where an organization identifies various risk factors and hazards with the capability of causing harm (Kott & Arnold, 2015). It is also the process of evaluating and analyzing the associated risk with that hazard, as well as determining the best way of eliminating the danger or even controlling the risk in situations where the hazard cannot be mitigated.
Like many other organizations, HELLMANN FINANCE, INC (HFI) is not an exception from facing internet and cyber-security risks including botnets, hacking, pharming, ransom-ware, distributed denial-of-service (DoS), malware, phishing, and spam. HFI is a financial organization responsible for managing thousands of accounts within the United States. Besides, it is regarded by Alkemper and Faria (2018) as a public company trading on the NYSE in addition to specializing in the approval of loan application, processing of the commercial loan, as well as money management investment for their customers. Currently, it seems that HFI does not have an expert in Information Security with the necessary experience for evaluating the company’s current systems and infrastructure. As a result, the information systems of the organization were compromised including the integrity and the confidentiality of its customers (Alkemper & Faria, 2018). As a result, this brought the firm to a standstill, a situation that made HFI in relying on vendors for helping it in mitigating this mess.
Besides, for the past few years, HFI Company has experienced numerous cyber-attacks from external aggression, such as the 2016 attack on the company’s Oracle database server making the database of its customers in losing its integrity, confidentiality, as well as availability for several days. As a result, the organization’s lost privacy damaged its reputation; thus it ended in paying a settlement of large amount to its customers for settling their private data loss. Besides, the company was also attacked in 2017 by a malicious virus that ended up infecting the whole network for many days. Generally, HFI Company is faced with the risks associated with its assets including its enterprise topology, procedures of remote access, wireless technologies, processes of asset management, and authentication methods (Chockalingam, Hadžiosmanović, Pieters, Teixeira & Gelder, 2016). Therefore, this report analyses HFI’s qualitative and quantitative risk assessment on its infrastructure for determining areas requiring improvement for lowering the risk of future attacks.
Physical Asset Analysis
Before putting any security measures, it is imperative in first identifying the risk through the determination of information and assets as they could easily be compromised, and this would assist with categorizing the associated risk with each entity (Shin, Son & Heo, 2015). Also, the recent attacks on the company’s network exhibit that HFI has not appropriately identified its risks, and thus there is still no substantial security measure that has been put in place for alleviating such attacks the future.
It is imperative in understanding that the network infrastructure of HFI is comprised of a corporate WAN that spans 20 interconnected remote facilities to the primary information processing environment within the company’s headquarters. An appliance of VPN gateway is utilized for transmitting data from a remote site to the headquarters’ gateway. Through the connection of this VPN, the users of remote office are capable of accessing the internal Oracle database for updating the data tables of the company’s client (Berry & Berry, 2018). However, a configuration of the VPN has determined that the traversing data transaction in the connection of remote access to the company’s internal database has not been encrypted.
Additionally, the company’s users are mandated in working remotely from home since HFI has availed VPN as well as dial-up remote access. A remote access server and Private Branch Exchange (PBX) are responsible for providing a dial-up, while VPN gateway helps in providing remote access. Also, an MS-CHAP V2 is being utilized for providing a password-based authentication (Kott & Arnold, 2015).HFI’s users are as well capable of benefiting from the company’s “Bring Your Own Device (BYOD)” policy since wireless networking has been allowed by a Wireless antenna within the company’s headquarters.
|Oracle DS Server
|File and Print Server
|Intranet Web Server
|Border (Core) Routers
|Wireless Access Points
As observed from the above diagram and table, HFI has significantly invested in the inventory of its physical assets. All these devices have their significance to the overall functionality of the company’s network since they are prioritized based on the risk weighed by them with regards to impact and cost they have on the network’s availability. The VPN gateways have a high effect since they must securely be capable of communicating with all the departments, such as Loan department, accounting department, Customer services department, finance department, management department, as well as credit department. However, a significant risk is that all these departments may not be capable of thoroughly assessing the internal customer database. As a result, this may hurt the company’s daily operations and its capability of competing requests (Alkemper & Faria, 2018). However, the physical asset inventory of this company is crucial since they could be utilized in determining the essential assets for information retrieval in case of an attack or a catastrophic event.
Perimeter and Remote Access Security Analysis
The perimeter security of HFI’s network is comprised of both the external and internal access points. They include the two (Core) Routers, which are used for separating the network perimeter between the internal network infrastructure of HFI and the internet. These core border routers are connected to the VPN Gateway and the two Distribution Routers. Besides, the distribution routers are then connected to a RAS server, which is a wireless router that assists in providing a bridge between the internal network and the Wireless Antenna, in addition to two different Multi-Layer switches. These Multi-layer switches are then connected to the six VLAN Access Layer switches separating the Loan Department, management, Finance VLANs, Accounting, Customer Services, as well as Credit Department (Chockalingam, Hadžiosmanović, Pieters, Teixeira & Gelder, 2016). Moreover, a third multi-layer switch is also connected to these Multi-layer switches, and this significantly helps in providing a connection to the servers of HFI Company within the Trusted Computing Base subnet.
While the HFI’s border routers are capable of filtering unwanted traffic, they are highly susceptible since they are located between the internal network and the internet that is not trusted. Such kind of setting up internet hardware is at risk of attacks to Denial of Service (DoS) since the main filters are the border routers. As noted by Shin, Son and Heo (2015), there has been a spike in network traffic being experienced across the routers of this network, and thus makes it difficult on determining the exact person on the other end. Besides, it is not the best practice in utilizing a router as a device of perimeter security on a highly sophisticated network like this of HFI organization.
Therefore, HFI should consider implementing strong firewalls to better assist in defending the network of this Company. It is because firewalls are developed for eliminating the unwanted traffic more quickly as compared to a router since they have additional security layers for filtering traffics before eventually reaching the border routers (Berry & Berry, 2018).As a result, this would assist in freeing up these routers’ bandwidth in addition to exponentially increasing the speeds of internal network traffic since the firewall would have a ripple impact to both the access and distribution layer switches.
Nevertheless, for the departments in HFI and remote users, a VPN gateway helps in providing them with the capability of accessing the resources of network anywhere anytime. Even though this is good for the organization’s productivity, it comes with a significant security risk, mainly because currently there is no encryption of VPN connection. It implies that while there is an encapsulated connection, every text can be clearly observed further than that (Kott & Arnold, 2015).In this case, HFI should consider implementing either the TLS or IPsec to the structure of their VPN for providing further protection to the remotely being accessed information. Also, the available wireless network for the HFI employees to network supports the need for them in deviating away from physically plugging into different ports within the system. Thus, HFI should consider implementing port-based security for eliminating the future potential risks of unauthorized access, rogue access points, as well as attacks from sniffing.
Wireless Mobility Security Analysis
The HIF’s wireless access point also has significant susceptibilities that are associated with used protocol type, and the extent to which the wireless network surpasses this company’s office physical boundaries. The currently utilized security wireless protocol is an internal network known as trusted computing based (TCB), and it is located in a physically disconnected subnet. Oracle database is responsible for handling most of HFI’s processing of data since it is found on the TCB, which is a super computer’s high-end. Furthermore, also contained in the TCB are such as a Software Update Service (SUS) server utilized for managing patch, an e-mail server, intranet web server used by the organization’s internal support team, an internal DNS server, in addition to other workstations for support staff (Alkemper & Faria, 2018). Even though each organizational department is physically isolated on a different subnet, they utilize the TCB network for sharing access to the company’s information.
Another concern with the wireless mobility security is the interrelationship between the HFI’s operations and data. For instance, significant issues have been recently reported by some of the company’s twenty remote sites including slow performance, network latency, and the time-out applications against the Oracle database. Shin, Son and Heo (2015) posit that the business model of this company is driving up higher demand for data, but HFI has minimal ability to respond to these challenges. Therefore, to mitigate the associated risks with this problem, HFI firm should consider significantly lowering network latency or even increasing the time of application response. However, for this to be achieved, the Chief Security Officer should always be present for overseeing the process.
Wireless Mobility Security is crucial for this organization as it helps it in interacting with other co-workers and customers as well. However, there are security issues associated with wireless mobility including the potential migration of mobile client devices that often pass through control policies with very light access, between heterogeneous and several wireless environments. As a result, they come along with possible malicious code and software vulnerabilities. To combat this problem, HFI should consider using the best mobile computing practices, particularly for securing the BYOD environment. Therefore, the Company should consider implementing an active and new third party authorization, security assessment, as well as authentication strategy whereby, once a device is connected to unfamiliar Wi-Fi, then it should undergo analysis by the infrastructure (Chockalingam, Hadžiosmanović, Pieters, Teixeira & Gelder, 2016). However, if the device is determined to be seriously insecure, it should be instantly disconnected from the network and never allowed more access until all of its problems are entirely fixed.
Importantly, HIF should as well consider implementing a completely framework for automatic security analysis that is based on AHP, which is thought by Alkemper and Faria (2018) to be both customizable and flexible. As a result, this would significantly assist in providing real-time execution automated support, particularly with regards to tasks of complex risk evaluation, which depends upon the obtained results from a variety of methodologies and tools. Mobile computing is essential HFI as it would for freedom and better communication for employees in interacting with customers as well as accessing data in real-time.
Internal Computing Environment Analysis
An internal organizational cloud is a service for the cloud computing model, which is implemented through the infrastructure and dedicated resources of an organization. Internal cloud computing often applies shared storage, virtualization mechanisms, as well as network resources for facilitating a complete control of a company’s cloud computing environment. The internal network services of HFI Company are located within the Trusted Computing Base (TCB) since it is designed for allowing of a top-down secure environment for the network’s internal servers through putting in place several controls. Nevertheless, as evident from the past cyber-security attacks to the HFI organization, some security challenges are still present within the firm’s network. Both the remote and internal users have easy access to TCB resources. Besides, the remote users often either use a dial-up connection or a VPN through a RAS server as well as PBX. Although, the HFI’s VPN is currently not capable of encrypting traffic while the dial-up connection is also having some security issues because it is antiquated (Jourdan, Bochmann, Merlo, Miller, Onut & Tan, 2015). Therefore, while the TCB might be thought to be physically secure, the utilized insecure protocols within the network’s internal environment make it not to be logically secured, a situation that causes a significant security risk to the company.
Thus, Andrea, Chrysostomou and Hadjichristofi (2015) argue that the best way of eradicating such a risk is by eliminating the option of using a dial-up connection for accessing the network by users. Besides, HFI should consider offering a VPN for external access. This is because it is safer besides helping to control the access points of the external network.
Additionally, the currently being used VPN configuration of HFI is not capable of encrypting the transmitted data through the HFI’s WAN. However, it is imperative in understanding that even though VPN is providing a channel for the transfer of data through the untrusted internet, it is not by itself an appropriate tool for security. Thus, there is a need for having extra security protocols to be used in combination with the VPN to assist in protecting sensitive information that is being transmitted from a variety of sites (Cherdantseva, Burnap, Blyth, Eden, Jones, Soulsby & Stoddart, 2016). On the same note, an IPSec VPN should as well be used to assist with the encryption and authentication of data since it has the capability of handling numerous connections of VPN at a go, hence making it a better choice for the links of site-to-site, especially between the different departments of the HFI Company. This organization should also consider utilizing a TLS VPN since it would easily allow users in connecting to the internal resources. Furthermore, the purpose of TLS is for protecting Internet traffic since it is currently implemented in several web browsers.
Cloud Computing design and Analysis
Cloud computing design is a term used for describing cloud architecture with different components including, software capabilities, databases, and applications. An organizational cloud computing design should be engineered for leveraging the cloud resources’ power for finding solutions to business challenges. HFI has taken an initiative of jumping into the bandwagon of cloud computing with various products including Hotmail, Gmail, as well as Yahoo.
The significant benefits of using the cloud-based applications by HFI Company is that it helps them in reducing smaller running costs and capital investment, particularly the enormous capital expenses needed for deploying the organization’s local systems. Besides, if there is an increase in the number of users, HFI can only pay for the costs of those additional users (Shameli, Aghababaei & Cheriet, 2016). Similarly, if there is a drop in the number of team members, HFI would still have the ability to revert its cloud computing applications’ cost. Furthermore, it is much evidence that HFI is enjoying the benefits of lower running costs and minimal investment as it gains more funding in addition to taking over other providers’ existing project team members. Also, this Company is also capable of instantly assimilating its new users to its contemporary cloud-computing applications.
On the other hand, there are some currently associated risks with the company’s cloud computing environments since its clients would most likely be interrogating a web server that would be physically located on the HFI network. While the TCB is housing most servers of HFI, it should not house the web server. As noted by Shepherd, Petitcolas, Akram and Markantonakis (2017), this is because the web server housing the company’s new website should be closer to the network edge as possible to assist in limiting the intrusion and traffic amount on the HFI’s internal network. As a result, this would simultaneously help the web servers from being attacked.
Therefore, for this to be securely implemented to thwart future attacks from the associated risks, HFI would need to create a Zscaler cloud computing design, since it would be capable of providing all-inclusive protection for the company’s users, regardless of the place in which they connect (Kott & Arnold, 2015). It is because the Zscaler design would be controlling access and moving security to the cloud, thus protecting the web servers of this company.
Furthermore, the Zscaler cloud-computing design often has the latest updates of internet security for keeping the organization protected from the hastily evolving malware. HFI’s network appliances have been unable of keeping up as a result of emerging numerous new sites of phishing. Therefore, Zscaler cloud-computing design helps in minimizing costs in addition to eliminating the complexity of updating, patching, as well as maintaining software and hardware (Jourdan, Bochmann, Merlo, Miller, Onut & Tan, 2015). Similarly, the controls of Zscaler security are all assembled into a cohesive platform, and hence they are able to communicate with one another for giving HFI a unified picture concerning all the traffics moving across the company’s network. Importantly, through Zscaler’s single interface, HFI would be capable of instantly gaining insight into all requests-by location, user, as well as device around the globe.
Network Vulnerability Analysis
A network vulnerability assessment is regarded by Alkemper and Faria (2018) as the reviewing and analyzing process for a computer network for determining the likely security loopholes and vulnerabilities. In this case, it should be utilized by HFI network administrators for evaluating a network defense in addition to security architecture against possible threats and vulnerabilities. Currently, the network layout and topology of HFI has several assets with significant vulnerabilities, in which some of them still exist yet they have been exploited in the past. The problems with these assets range from the network’s physical layout all through to the utilized protocols of communication for conducting HFI’s daily business operations. HFI should thus desist from operating if these vulnerabilities are still present since the Company may be attacked again, hence resulting in much more loss of capital and public confidence.
|Cost to Mitigate
|Lacks perimeter security devices (firewall, IDS, DMZ)
|Mobile devices and VPN not encrypted
|Absence of port security
|Dial-up used, poor authentication, single factor authentication
|WEP used, Wi-Fi spillage
|Poor BYOD policies set, no MDM software used
|$60 per device/year
|Current infrastructure not implemented
Therefore, it would be important for HFI Company to implement a network vulnerability assessment since it would assist the network security staff and network administrators of this Company in assessing a specific network’s security strength (Cherdantseva, Burnap, Blyth, Eden, Jones, Soulsby & Stoddart, 2016). The primary goal of such an assessment is to determine the extent to which these vulnerabilities are capable of compromising the overall privacy, operations, and security of the network.
HFI Organization should as well ensure that its network vulnerability assessment is a comprehensive process including a variety of tasks such as security control check, analysis of Wi-Fi/Router passwords, analysis of device-level security (computer, router, switch), as well as the scanning for potential and known vulnerabilities and threats. Other included tasks should be the identification, quantification, and prioritization of network threats (Shin, Son & Heo, 2015). Most importantly, the assessment process should be capable of reviewing the strength of the network against various network-based attacks including Man-in-the-middle attack, network intrusion, in addition to the distributed denial of service (DDoS). Network vulnerability assessment would act as HFI’s input to network security policy in addition to the related security products.
Network Vulnerability Risk Assessment and Mitigation Techniques
A significant vulnerability to HFI organization is within its perimeter security as it still lacks the network devices for perimeter security. This is because the organization is currently relying on its only two border routers for defense. However, Jourdan, Bochmann, Merlo, Miller, Onut and Tan (2015) mention that routers alone lack the implemented appropriate security measures for protecting this company’s network. Even though routers are capable of filtering specific incoming traffic, they are not capable of doing that at the same rate the system is receiving requests. Therefore, there is a need for having specialized hardware for holistically protecting a network of such capacity and size. HFI should thus consider implementing a DMZ/firewall environment for the protection of its internal system. As a result, this configuration would assist in filtering out the unwanted traffic from accessing HFI’s internal network. The lack of proper devices for perimeter security would result in HFI losing significant resources as a result of being attacked again. However, implementing a double firewall DMZ would require HFI in spending about $15,000 for acquiring two level enterprise firewalls.
Additionally, HFI has issues with the methods of its encryption as the VPN being currently used is not encrypted. This is a significant risk since anyone from anywhere could likely hack the transmitted data over the WAN to the other departments of HFI. Such a situation is also the same for the company’s users with the capability of accessing the resources of the network. Therefore, to eradicate this issue, HFI organization should consider implementing IPSec and TLS VPN, in which the latter should be used for accessing internal resources while IPSec should be utilized for the site-to-site links between the departments (Cherdantseva, Burnap, Blyth, Eden, Jones, Soulsby & Stoddart, 2016). Importantly, such an encryption type can be implemented through the use of modern network resources for producing certificates that are then used to decrypt and encrypt messages.
Wireless mobility/security also poses a significant safety issue to the HFI Company as it uses an outdated and replaced WEP as its current protocol of wireless security. WEP can be easily hacked and cracked by malicious people through even the simplest software devices freely provided on the internet. Using such a protocol in combination to the company’s current spillage of the wireless network out of the physical location gives an attacker the privilege of being physically outside of the organization, but would still be capable of gaining access to the system (Kott & Arnold, 2015). To permanently eliminate this threat, then HFI Company should consider implementing WPA2 that would only allow a connection through it.
HFI Company is currently being faced with significant security issues and vulnerabilities within its network, which as a result poses substantial threats to both the Company and its customers. Besides, this organization has faced many attacks in the past including an attack on its Oracle database server in addition to plugging of a laptop running network sniffer software into the company’s network jack under one of the desks located on the vacant offices. Therefore, it is imperative for this Company in putting security measures in place with the intention of preventing such attacks from happening in the future.
Additionally, the attacks on HFI came from different and several directions, implying that these vulnerabilities are existing within the different organizational levels. It, therefore, implies that numerous avenues exist and they can be used for exploitation purposes, particularly for allowing attackers in gaining access to the company’s network for extracting out relevant information. Therefore, HFI should completely comply with the recommended techniques of mitigating these problems, since they are consistent with the best practices of the industry as well as the standards of current technology. As a result, this would assist HFI to halt its process of paying reparations to its customers as a result of their data being compromised or stolen.