WGU D482 TASK 1: Secure Network Design.
D482
Task 1
Martin Whitcomb
Student ID: 000767423
Company A has identified multiple network and infrastructure vulnerabilities. Identified
network security vulnerabilities include all network users have local administrative privileges
and use only eight-character passwords. Hardware vulnerabilities are end of life equipment
being utilized as well as open port 3389.
Users having local administrative privileges is a network security issue. Allowing all users to
have this level of privilege has a moderate vulnerability risk. Company A should deploy the
concept of least privilege to mitigate the likelihood of nefarious actors accessing the company
network. “The Principle of Least Privilege (POLP) is widely recognized as a security concept that
enforces giving an identity (a person or machine identity) only the permissions that are
essential to performing its intended function. If an identity does not need the authorization,
they should not possess it. It is implemented to minimize the cloud attack surface and protect
data by mitigating the number of opportunities for exploitation via permissions.” (Shea, Tally,
(2023, November 30). What’s Least Privilege? How to Implement & Stay There. Retrieved from
https://sonraisecurity.com/blog/principle-least-privilege/ ).
The requirement that users only use eight-character passwords is another Company A
vulnerability and is considered a high likelihood risk. A recent study has found that an eight-
character password only takes approximately five minutes to crack. (Whitney, Lance, (2023,
August 7). How an 8-Character Password Could be Cracked in Just a Few Minutes. Retrieved
from https://www.techrepublic.com/article/how-an-8-character-password-
could- be-cracked-in-less-than-an-hour/). “Security experts keep advising us to create
strong and complex passwords to protect our online accounts and data from savvy
cybercriminals. And “complex” typically means using lowercase and uppercase characters,
numbers, and even special symbols.” (Whitney).
The fact that Company A is a global financial company puts it at a greater risk of nefarious
activity by hackers and the like. Implementing and enforcing complex passwords can reduce
the risk of identity theft and financial fraud of those entrusting Company A with their financial
information. An example of a recent financial institution hacking is what occurred at Block
which resulted in 8.2 million customers having their financial information compromised. The
exposed information was not just personal identification information but also brokerage
account data and credit card information. (Kost, Edward, (2023, August 3). 10 Biggest Data
Breaches in Finance. Retrieved from https://www.upguard.com/blog/biggest-data-
breaches-financial-services). These types of breach not only impact the customer it
affects the company in form of reputation, stock value (if applicable), and fine/fees.
Company A identified a hardware vulnerability of the use of end-of-life (“EOL”) equipment
being used. The use of equipment that is at or past EOL creates a high risk to the Company as it
is no
, longer receiving support, security updates or patches. This makes systems increasing
vulnerabilities over time. “Malicious actors are constantly looking for vulnerabilities in
software, and once they find one, they can exploit it to gain access to your system, extracting
prized information/data and using it as ransom. Since EOL software no longer receives security
updates from the original vendor, hackers can – and still do – easily target these systems and
find vulnerabilities to exploit.” (TuxCare PRTeam, (2023, April 20). 5 Risks of Using End-of-Life
Software and the Risks Associated with It. Retrieved from https://tuxcare.com/blog/5-risks-
of-using-end-of-life-software-and-the-risks-associated-with-it/ ) Company A
continuing to use EOL equipment increases, almost daily, that hackers will access their system
which puts at risk all of the financial data housed in their system.
Company A also identified open port 3389 as a high-risk vulnerability. Open port 3389 is
a remote desktop protocol (“RDP”) TCP. Systems running Microsoft Windows Server such as
Company A does rely on RDP “for remote access, system administration, remote app
functionality, and other robust capabilities provided by the tool. Since the Remote Desktop
Protocol is built into Windows Server and client operating systems, it requires no additional
download to use.” (Lee, Brandon, (2022, June 21). Remote desktop protocol TCP port 3389
security risks and vulnerabilities. Retrieved from
https://specopssoft.com/blog/remote- desktop-protocol-port-3389-
vulnerabilities/)
In the last few years, critical vulnerabilities have been discovered surrounding how Microsoft
implements RDP. “For example, BlueKeep is a security vulnerability noted in CVE-2019-0708. It
allows an attacker to connect to an unpatched target system using RDP and then send special
packets that allow remote code execution.” (Lee) Additionally, vulnerabilities are created with
open port 3389 when the RDP is misconfigured which allows it to be exposed on the internet.
This exposure creates a high risk increased vulnerability point used by hackers as an access
point directly into the system.
Company B has identified Java RMI Server insecure default configuration removed code
execution and operating systems (“OS”) being used beyond end of live as infrastructure
vulnerabilities. Network security vulnerabilities include Multifactor Authentication (“MFA”) not
all users as well as rlogin passwordless login.
Company B lack of using MFA as a standard protocol is high risk vulnerability. “An
authentication system or an authenticator that requires more than one authentication factor
for successful authentication. Multi-factor authentication can be performed using a single
authenticator that provides more than one factor or by a combination of authenticators that
provide different factors.” (NIST Special Publication 800-53r5, Security and Privacy Controls for
Information Systems and Organizations. Retrieved from https://doi.org/10.6028/NIST.SP.800-
53r5). The MFA factors are typically referred to as: a known (e.g. password); a possession (e.g.
token); and a personal characteristic (e.g. biometrics). An MFA solution benefits business by
significantly reducing hackers' ability to access systems via stolen or weak passwords.
Additionally, many U.S. Government and State regulations require strong authentication
processes when your business stores financial or health information like Company B does.
Much like the discussion above for Company A, hackers look for financial or health businesses
to infiltrate since it yields high personal identifiable information and financial information.
D482
Task 1
Martin Whitcomb
Student ID: 000767423
Company A has identified multiple network and infrastructure vulnerabilities. Identified
network security vulnerabilities include all network users have local administrative privileges
and use only eight-character passwords. Hardware vulnerabilities are end of life equipment
being utilized as well as open port 3389.
Users having local administrative privileges is a network security issue. Allowing all users to
have this level of privilege has a moderate vulnerability risk. Company A should deploy the
concept of least privilege to mitigate the likelihood of nefarious actors accessing the company
network. “The Principle of Least Privilege (POLP) is widely recognized as a security concept that
enforces giving an identity (a person or machine identity) only the permissions that are
essential to performing its intended function. If an identity does not need the authorization,
they should not possess it. It is implemented to minimize the cloud attack surface and protect
data by mitigating the number of opportunities for exploitation via permissions.” (Shea, Tally,
(2023, November 30). What’s Least Privilege? How to Implement & Stay There. Retrieved from
https://sonraisecurity.com/blog/principle-least-privilege/ ).
The requirement that users only use eight-character passwords is another Company A
vulnerability and is considered a high likelihood risk. A recent study has found that an eight-
character password only takes approximately five minutes to crack. (Whitney, Lance, (2023,
August 7). How an 8-Character Password Could be Cracked in Just a Few Minutes. Retrieved
from https://www.techrepublic.com/article/how-an-8-character-password-
could- be-cracked-in-less-than-an-hour/). “Security experts keep advising us to create
strong and complex passwords to protect our online accounts and data from savvy
cybercriminals. And “complex” typically means using lowercase and uppercase characters,
numbers, and even special symbols.” (Whitney).
The fact that Company A is a global financial company puts it at a greater risk of nefarious
activity by hackers and the like. Implementing and enforcing complex passwords can reduce
the risk of identity theft and financial fraud of those entrusting Company A with their financial
information. An example of a recent financial institution hacking is what occurred at Block
which resulted in 8.2 million customers having their financial information compromised. The
exposed information was not just personal identification information but also brokerage
account data and credit card information. (Kost, Edward, (2023, August 3). 10 Biggest Data
Breaches in Finance. Retrieved from https://www.upguard.com/blog/biggest-data-
breaches-financial-services). These types of breach not only impact the customer it
affects the company in form of reputation, stock value (if applicable), and fine/fees.
Company A identified a hardware vulnerability of the use of end-of-life (“EOL”) equipment
being used. The use of equipment that is at or past EOL creates a high risk to the Company as it
is no
, longer receiving support, security updates or patches. This makes systems increasing
vulnerabilities over time. “Malicious actors are constantly looking for vulnerabilities in
software, and once they find one, they can exploit it to gain access to your system, extracting
prized information/data and using it as ransom. Since EOL software no longer receives security
updates from the original vendor, hackers can – and still do – easily target these systems and
find vulnerabilities to exploit.” (TuxCare PRTeam, (2023, April 20). 5 Risks of Using End-of-Life
Software and the Risks Associated with It. Retrieved from https://tuxcare.com/blog/5-risks-
of-using-end-of-life-software-and-the-risks-associated-with-it/ ) Company A
continuing to use EOL equipment increases, almost daily, that hackers will access their system
which puts at risk all of the financial data housed in their system.
Company A also identified open port 3389 as a high-risk vulnerability. Open port 3389 is
a remote desktop protocol (“RDP”) TCP. Systems running Microsoft Windows Server such as
Company A does rely on RDP “for remote access, system administration, remote app
functionality, and other robust capabilities provided by the tool. Since the Remote Desktop
Protocol is built into Windows Server and client operating systems, it requires no additional
download to use.” (Lee, Brandon, (2022, June 21). Remote desktop protocol TCP port 3389
security risks and vulnerabilities. Retrieved from
https://specopssoft.com/blog/remote- desktop-protocol-port-3389-
vulnerabilities/)
In the last few years, critical vulnerabilities have been discovered surrounding how Microsoft
implements RDP. “For example, BlueKeep is a security vulnerability noted in CVE-2019-0708. It
allows an attacker to connect to an unpatched target system using RDP and then send special
packets that allow remote code execution.” (Lee) Additionally, vulnerabilities are created with
open port 3389 when the RDP is misconfigured which allows it to be exposed on the internet.
This exposure creates a high risk increased vulnerability point used by hackers as an access
point directly into the system.
Company B has identified Java RMI Server insecure default configuration removed code
execution and operating systems (“OS”) being used beyond end of live as infrastructure
vulnerabilities. Network security vulnerabilities include Multifactor Authentication (“MFA”) not
all users as well as rlogin passwordless login.
Company B lack of using MFA as a standard protocol is high risk vulnerability. “An
authentication system or an authenticator that requires more than one authentication factor
for successful authentication. Multi-factor authentication can be performed using a single
authenticator that provides more than one factor or by a combination of authenticators that
provide different factors.” (NIST Special Publication 800-53r5, Security and Privacy Controls for
Information Systems and Organizations. Retrieved from https://doi.org/10.6028/NIST.SP.800-
53r5). The MFA factors are typically referred to as: a known (e.g. password); a possession (e.g.
token); and a personal characteristic (e.g. biometrics). An MFA solution benefits business by
significantly reducing hackers' ability to access systems via stolen or weak passwords.
Additionally, many U.S. Government and State regulations require strong authentication
processes when your business stores financial or health information like Company B does.
Much like the discussion above for Company A, hackers look for financial or health businesses
to infiltrate since it yields high personal identifiable information and financial information.
