WGU PA D482 Secure Network Design.
Network Security & Infrastructure Problems for Companies A & B
Based off the requirements given in the scenario to include the risk assessment and
vulnerability assessment Company A faces network security problems in the form of insecure
password criteria by not changing the passwords and having them short in length. Additionally,
the company has insecure ports that are open when they should be closed.
Company A’s infrastructure is operating on End- of- life OS’s which include 14
Windows 7 laptops and End-of-life 2012 servers that poses a significant problem to security and
functionality.
Company B does not have a cybersecurity position/member within the company, which
offers a significant network security risk especially when their company handles customer credit
card information. If a security incident were to arise there is no one within the staff that can
sufficiently respond and manage the incident. Additionally, there is no one to perform
assessments to manage the network. The second network security problem is the use of third-
party support as third-party vendors may not be adequately secured and introduce the risk of
added vulnerability.
Additionally, from an infrastructure perspective Company B currently doesn’t have
the scalability to grow within its current size due to the use of third-party support based on the
requirements of Company A. Company B doesn’t have on-site infrastructure and their off-site
third-party infrastructure may not be secure and vulnerable. They do not have the current
infrastructure in place to operate on zero trust principles due to limited resources and no
qualified cybersecurity personnel on board.
Company A
Current vulnerabilities
All users use eight-character passwords
High impact/risk – Refer to Company A’s description of High-Risk level
High Likelihood
All users have local administrative privileges
Moderate impact/risk – Refer to Company A’s description of Moderate-
Risk
Moderate Likelihood
Company A listed these two vulnerabilities in their Risk Analysis. The Company rated
the vulnerability of, “all users use eight-character passwords” as a High-Risk likelihood because
short passwords are easier to exploit. The company is opening a vast attack surface because it is
a standard practice among all users in the Company, which is why it is a high impact
vulnerability as well because the damage may have a severe or catastrophic effect. Furthermore,
, Company A has the additional risk of giving all users local administrative privileges which it has
rated as Moderate-Risk and moderate likelihood of it occurring and assume the risk to only have
serious adverse effects. It is vulnerability because once an attacker has gained access to the
network by a user privilege there isn’t a rule like least privilege preventing them from making
changes to the network/data.
Company B
Current Vulnerabilities
Distributed Ruby. Multiple Remote Code Execution
Vulnerabilities High-Risk
Critical Severity
High Level of Effort
MFA not enforced across all
users High-Risk
High Severity
High Level of Effort
Company B lists their number one risk as a remote code execution vulnerability with a high risk
and critical severity due to the root level damage it can impose on the company; however, it
would take a high level of effort to execute this risk which would likely make the likelihood of
this event ever happening more of a low to moderate. Their second highest ranked vulnerability
is not having MFA enforced across all users. Overall, it is a high risk to Company B, because
using single factor authentication increases the risk of your password being compromised and a
threat having access to your company system, which is why it is a high severity and could result
in elevated privileges and result in significant data loss or downtime according to WGU’s
Company B Vulnerability Report. Now although it is a high threat it has a likelihood of
moderate based on the High level of effort Company B rates the vulnerability as because of the
expertise it takes to crack a person’s password and effort involved.
Network Security & Infrastructure Problems for Companies A & B
Based off the requirements given in the scenario to include the risk assessment and
vulnerability assessment Company A faces network security problems in the form of insecure
password criteria by not changing the passwords and having them short in length. Additionally,
the company has insecure ports that are open when they should be closed.
Company A’s infrastructure is operating on End- of- life OS’s which include 14
Windows 7 laptops and End-of-life 2012 servers that poses a significant problem to security and
functionality.
Company B does not have a cybersecurity position/member within the company, which
offers a significant network security risk especially when their company handles customer credit
card information. If a security incident were to arise there is no one within the staff that can
sufficiently respond and manage the incident. Additionally, there is no one to perform
assessments to manage the network. The second network security problem is the use of third-
party support as third-party vendors may not be adequately secured and introduce the risk of
added vulnerability.
Additionally, from an infrastructure perspective Company B currently doesn’t have
the scalability to grow within its current size due to the use of third-party support based on the
requirements of Company A. Company B doesn’t have on-site infrastructure and their off-site
third-party infrastructure may not be secure and vulnerable. They do not have the current
infrastructure in place to operate on zero trust principles due to limited resources and no
qualified cybersecurity personnel on board.
Company A
Current vulnerabilities
All users use eight-character passwords
High impact/risk – Refer to Company A’s description of High-Risk level
High Likelihood
All users have local administrative privileges
Moderate impact/risk – Refer to Company A’s description of Moderate-
Risk
Moderate Likelihood
Company A listed these two vulnerabilities in their Risk Analysis. The Company rated
the vulnerability of, “all users use eight-character passwords” as a High-Risk likelihood because
short passwords are easier to exploit. The company is opening a vast attack surface because it is
a standard practice among all users in the Company, which is why it is a high impact
vulnerability as well because the damage may have a severe or catastrophic effect. Furthermore,
, Company A has the additional risk of giving all users local administrative privileges which it has
rated as Moderate-Risk and moderate likelihood of it occurring and assume the risk to only have
serious adverse effects. It is vulnerability because once an attacker has gained access to the
network by a user privilege there isn’t a rule like least privilege preventing them from making
changes to the network/data.
Company B
Current Vulnerabilities
Distributed Ruby. Multiple Remote Code Execution
Vulnerabilities High-Risk
Critical Severity
High Level of Effort
MFA not enforced across all
users High-Risk
High Severity
High Level of Effort
Company B lists their number one risk as a remote code execution vulnerability with a high risk
and critical severity due to the root level damage it can impose on the company; however, it
would take a high level of effort to execute this risk which would likely make the likelihood of
this event ever happening more of a low to moderate. Their second highest ranked vulnerability
is not having MFA enforced across all users. Overall, it is a high risk to Company B, because
using single factor authentication increases the risk of your password being compromised and a
threat having access to your company system, which is why it is a high severity and could result
in elevated privileges and result in significant data loss or downtime according to WGU’s
Company B Vulnerability Report. Now although it is a high threat it has a likelihood of
moderate based on the High level of effort Company B rates the vulnerability as because of the
expertise it takes to crack a person’s password and effort involved.
