COMP3781 Cybersecurity – Threat analysis and securing the network
Submit your assignment through FLO by midday Friday 15th May 5 pm, Week 9.
Saeed Rehman
College of Science and
Engineering
Flinders University,
Abstract— The objective of the assignment is to critically evaluate the existing information security management of an organization, identify the threats (internally and externally) and propose a Threat Model to effectively mitigate and manage the information security of the organization.
This assignment hand out will guide you through the requirement for submission of assignment 2 report. A case study is given in appendix A. You have to critically evaluate the threats to the organization and submit a research report. You must follow the IEEE two-column template for submission of your research report. The submission should be through the FLO hand-in on Friday 29th May by 5 pm.
Keywords—cybersecurity, comp3781, comp9781, Flinders, college of science and engineering
I. INTRODUCTION
Information is the key for a successful and profitable business operation. The information flows in and out of the organisation through the clients and employees. Confidentiality, Availability and Integrity of information are related to flow of information in/out of the organisation. This assignment is concerned with PREPARATION of a Threat Model Analysis (TMA) of an organisation given in appendix A.
TMA is an analysis that helps determine the security risks posed to a product, application, network, or environment, and how attacks can show up. The goal is to determine which threats require mitigation and how to mitigate them. TMA is the first step toward securing the critical assets/information/business of the organisation. Threats can be both internally and externally. An organisation should have a well-established threat model to tackle an incident arising due to internal or external threats.
Reference [1,2] are two recommended search platforms that index a wide variety of academic research papers. You can search the literature for threat analysis.
While submitting the report, be mindful of the university academic integrity (https://students.flinders.edu.au/mycourse/academic-integrity ).
II. LEARNING OUTCOMES
The purpose of this assignment is to support the following Learning Outcomes (LO) for this topic:
COMP3781 – Cybersecurity
S1-2020
• LO1: Understand, Evaluate & Identify Network Security Threats
• LO2: Secure Ethernet, Wireless and Mobile Networks
• LO3: Security Design at Different Levels of the OSI model
• LO4: Implement Intrusion Detection & Prevention
• LO5: Apply Authentication, Authorisation and Accounting Tools & Techniques
• LO6: Implementing Firewall Technologies
• LO7: Ongoing Management of a Secure Network
III. DELIVERABLES
You are to make a report of 1500-2000 words. The emphasis of the report should be on analysis, evaluation, and synthesis of knowledge of business and information security. Your research report must address the following main points. (This is not the final structure but a hint of how you report might look like)
1. Abstract
2. Background of the organisation
3. Classification of information, processes, assets etc.
4. Critical evaluation of the existing network and possible threats to information/network.
5. Threat model of the organization (include step 3, 4 information)
6. Business impact analysis after threat modelling
(include information from step 5)
7. Discussion
8. Conclusion and summary
9. References
A. Additional Notes
• The report should have a strong research focus – it should not be a simple storytelling of existing work.
• You should attempt to focus on current SECURITY
THREATS AND MITIGATION TECHNIQUES.
• Your report should be written using the IEEE conference template. This document is written in the two columns format. You should follow the same structure. A template is uploaded on the FLO.
• Carefully cite and reference all sources. Your report can also follow the structure as explained in the template.
• Marks will be awarded as per the rubric. Your work should be properly cited both in text and bibliography.
• Your bibliography should be recent, not older than 2010. If using references older then provide justification in an appendix.
• Peer review marking process will follow submissions
B. 2.3 Grading and submission
• The assignment is worth 30% of your total semester grade
Figure 1: Company B network architecture [3]
• Late submission shall incur a penalty as per official statement of assessment methods (S1, 2020).
• Marking rubric is given in appendix B.
• Your work needs to be submitted to the hand-in box on FLO
• Check the due date and time on the assignment hand-in box on FLO; this overrides any date on this document
• All extension requests are to be submitted at least 48 hours prior to the due day of the assignment.
• All requests will be processed electronically, request in person will not be accepted
IV. ACADEMIC REFERENCES
• Use academic referencing in either IEEE or Harvard or
APA formats. Use only one format throughout the report
• Minimum of 10 academic references or relevant industry white papers
• Search platforms for references.
REFERENCES
[1] Google scholar. (2020). Googlescholar, Available at:https://scholar.google.com/ [Accessed 5 Mar.2020]
[2] ResearchGate. (2020). ResearchGate | Find and share research. [online] Available at: https://www.researchgate.net/ [Accessed 5 Mar. 2020].
[3] Microsoft Biztalk. (2020). Microsoft, Available at https://msdn.microsoft.com/en-us/library/aa559935.aspx [Accessed 5 Mar.2020]
APPENDIX A: CASE STUDY
This case study is adapted from Microsoft Biztalk server [3]. Ninjasoft is a software company. Its business model relies on electronic transactions with key customers and suppliers. It uses a BizTalk Server implementation for its transactions. BizTalk Server manages transactions and communications between internal and external applications. Ninjasoft communicates with approximately 85 internal applications and 2300 trading partners. It currently processes approximately 2.5 million documents per month and estimates that it will process 6 million documents per month by the end of 2020.
A. Potential Threats and Security Concerns
Ninjasoft wants to make sure that it receives and processes only messages from authenticated sources. It also wants to make sure that it can receive and retrieve documents from outside its corporate network as safely as possible. The firewall that separates Ninjasoft’s corporate network from the Internet only lets through traffic from port 80 and port 443. The firewall rejects all other traffic.
B. Security Architecture
Figure 1 shows the network architecture of Ninjasoft. BizTalk Server is used as a message broker to communicate between internal applications and to process, send, and receive correctly formatted messages to and from its suppliers and customers. It has to process internal and external documents in different formats. This includes flat files and XML documents.
Ninjasoft uses a single firewall to separate its corporate computers from the Internet. As an added layer of security, it incorporates Internet Protocol security (IPsec) communication between all its corporate servers and workstations that reside within the corporate network. It also uses IPsec to encrypt all communications within its internal domain.
Ninjasoft uses a file share server to receive flat files. This file share server resides outside its corporate network and domain. A firewall separates the file share server from the corporate network. Ninjasoft’s external partners post their flat file documents on this file share server, and they communicate with the file share server through an encrypted Point-to-Point Tunnelling Protocol (PPTP) pipeline. It protects access to the file share server by partner passwords that expire every 30 days.
Ninjasoft has created a custom file-movement application that retrieves the flat file documents from the file share server and sends them to BizTalk Server for additional processing. The internal applications for Ninjasoft also use the custom file-movement application to pass flat files to BizTalk Server. BizTalk Server transforms these documents and sends them to Ninjasoft’s trading partners.
Before BizTalk Server transforms the partner data to the internal application formats, it validates that it has an entry for the sender, receiver, and document type. If BizTalk Server receives a message for which it does not have an entry for either the sender, receiver, or document type, BizTalk Server rejects the message, and the operations team of Ninjasoft review the message. The internal applications send messages in a variety of formats that include EDIFACT, flat file, XML, and ANSI X12.
Ninjasoft also receives documents through HTTPS from internal and external sources. External partners post their documents to a Web server outside the corporate network. A firewall separates this Web server from the corporate network. The custom file-movement application also retrieves the documents posted through HTTPS. Ninjasoft uses a third-party product to encrypt and sign messages to its trading partners. As an additional piece of security, Ninjasoft performs a nightly audit on all the servers to make sure they have the correct security settings. Ninjasoft logs all exceptions for review.
If some information is missing or not clear then you can make assumption but do explain that in your report.
Appendix B
Element Criteria Marks Excellent
(85%- 100%) Good
(75-84) Satisfacto ry (65-74) Fair (50-64) Poor
(0-49)
•
•
•
• Balanced background, relevant and legitimate information to understand the context of the organisation. Explanation and evaluation of security risks and their impact on the business continuity of the organisation.
A thesis statement providing a direction for the report, either by a statement of a position or
hypothesis
Clear explanation of any assumption
made for the thread model analysis
5
•
•
•
•
• In-depth discussion and elaboration of the threats faced by the organisation, internally and externally.
Effectiveness of the threat analysis, supported by the literature Effectiveness of the proposed mitigation techniques and technologies, while considering implementation and testing.
Embedding the threat model into the
new secure network design Summarizing all the threats preferably in a table with four or more columns (threat, description, impact, mitigation)
20
•
•
•
•
• •
• Ties together information from all sources. Paper flows from one issue to the next without the need for headings.
Authors writing demonstrates an understanding of the relationship among material obtained from all sources
In-depth discussion and elaboration in all sections of the report.
Client centric report for the reader to gain important insights.
Correct IEEE template is used
References/bibliography are correct,
and cite all data in text and
bibliography
Credible and properly formatted bibliography
5
Total 30
GET ANSWERS / LIVE CHAT