WGU D482 DHN1 Task 1: Network Merger And Implementation
Plan Assignment Aa2 |Latest Update With Complete Solution
D481..-..Secure..Network..Design
Daniel..Schmeling
DHN1..TASK..1:..NETWORK..MERGER..AND..IMPLEMENTATION..PLAN
Network..and..Infrastructure..Problems..for..Company..A..and..B
• Network..Problems
o Company..A
▪ Company..A..has..weak..password..policies...Having..the..passwords..all..set..to..eig
ht..characters..and..not..requiring..the..passwords..to..be..changed..regularly..is..a..larg
e..risk...Hackers..only..have..to..guess..words,..common..passwords,..or..phrases..that
..meet..the..only..requirement..to..be..eight..characters..long...Whitney..(2024)..rep
orted..that..an..advanced..hacker..can..get..hack..a..complex..password..eight..chara
cters..long..in..five..minutes.
▪ Company..A..also..has..a..high..vulnerability..with..their..network..with..having..inse
cure..ports..open...Insecure..ports,..such..as..21..(FTP)..and..23..(Telnet)..use..a..prot
ocol..that..sends..the..data..over..plain..text...A..hacker..could..easily..use..a..packet..snif
fing..software..such..as..Wireshark..to..read..the..exact..data..that..is..being..send..su
ch..as..confidential..information..like..credit..card..numbers..and..personal..informa
tion.
o Company..B
▪ Company..B..also..has..an..issue..with..authentication..issues..with..its..employees...All..t
he..employees..of..Company..B..have..administrative..privileged..accounts...This..m
eans..that..all..the..employees..could..potentially..have..access..to..network..setting
s,..apps,..databases,..services..and..more..of..the..company...A..malicious..employee..c
ould..install..malware..or..disable..firewall..settings...Company..B..could..also..imple
ment..that..all..employees..must..use..MFA..to..login..to..help..with..authentication..
and..verification.
▪ Company..B..has..a..vulnerability..with..FTP..where..an..attacker..or..user..can..login..u
sing..an..anonymous..login...Meaning..you..do..not..need..an..account..or..proper..cr
edentials..to..access..that..server...An..attacker..could..view..information..or..uploa
d..files..as..well.
• Infrastructure..Problems
o Company..A
▪ One..infrastructure..issue..Company..A..has..is..the..EOL..of..its..Cisco..3750X..switch...Ci
sco..says..that..their..support..for..the..switch..will..be..September..2024..(2023)...Th
is..event..will..have..an..impact..on..the..security..of..the..switch..for..the..future...The..s
witch..will..no..longer..get..up..to..date..security..patches..or..maintenance..support..f
rom..Cisco...In..the..future,..if..a..vulnerability..is..found..in..the..switch,..an..attacker..co
, uld..exploit..it..knowing..that..it..has..not..been..patched..since..September..2024.
▪
o Company..B
▪ Company..B..has..a..vulnerability..with..an..operating..system..being..End-Of-
Life..(EOL)...When..a..system,..especially..an..operating..system,..becomes..EOL,..th
e..system..is..no..longer..supported..and..maintained..with..the..owner..or..compan
y...This..means..that..the..system..will..no..longer..receive..security..patches..and..upd
ates...This..will..leave..the..system..vulnerable..to..future..attacks.
Business.. Vulnerability.. Analysis
• Company..A
o Company..A’s..risk..analysis..report..states..that..their..network..has..ports..21-
90..and..3389..open...This..is..a..high-
risk..potential..due..to..some..of..the..ports..not..being..secure...Ports..21..and..23..are..FTP..a
nd..Telnet..ports..that..send..information..in..plain..text..instead..of..cyphertext...Attackers..ca
n..use..packet..sniffing..software..such..as..Wireshark..to..easily..see..user..credential..and..the.
.data..being..sent..back..and..forth...Company..A,..being..a..global..financial..company,..has..
a..high..likelihood..an..attacker..would..want..to..retrieve..user..credentials..and..data..for..fi
nancial..gain...This..could..compromise..customers’..accounts..leading..to..a..large..impact..t
o..the..company..for..legal..and..social..reasons.
o Company..A..has..a..high..vulnerability..with..having..all..their..users..having..administrative..
rights...This..issue..paired..with..a..weak..password..policy..and..requirements..make..this..v
ulnerability..a..high..risk...The..cherry..on..top..would..be..that..Company..A..does..not..disabl
e..or..remove..old..accounts..and..that..the..passwords..are..not..enforced..to..be..changed...
If..a..user..that..is..no..longer..required..at..the..company..leaves,..they..can..try..to..access..th
eir..account..with..their..old..credentials...They..would..also..still..inherit..all..their..privileges
,..in..this..case,..administrative..or..elevated..privileges...Advanced..attackers..could..easily..fig
ure..out..an..eight-
..character..password..as..mentioned..above...The..attackers..would..also..have..administrat
ive..privileges..to..gain..access..to..sensitive..data..about..the..company..and..its..customers..
data..such..as..PII..and..account..information...This..is..a..high..risk,..highly..likely..risk..due..to
..Company..A..being..a..global..financial..company...This..could..put..the..company..at..legal..
risk..and..give..a..bad..reputation..to..the..consumers.
• Company..B
o Company..B..has..some..sever..vulnerabilities..as..well...One..critical..vulnerability..listed..in.
.the..company’s..report..is..the..remote..code..executions..for..its..Distributed..Ruby..system
s...This..is..a..critical..risk..due..to..an..attacker..can..execute..code..to..extract..table..informa
tion..such..as..a..user’s..credentials...If..an..attacker..gains..access..to..the..network,..the..com
pany..also..does..not..have..multifactor..authentication..enabled..to..prevent..unauthorized
..access..and..will..allow..the..user..to..have..local..administrative..access..because..the..comp
any..does..not..have..a..policy..with..least..privilege.
o When..companies..decide..that..their..product..is..no..longer..going..to..be..sold..or..support
Plan Assignment Aa2 |Latest Update With Complete Solution
D481..-..Secure..Network..Design
Daniel..Schmeling
DHN1..TASK..1:..NETWORK..MERGER..AND..IMPLEMENTATION..PLAN
Network..and..Infrastructure..Problems..for..Company..A..and..B
• Network..Problems
o Company..A
▪ Company..A..has..weak..password..policies...Having..the..passwords..all..set..to..eig
ht..characters..and..not..requiring..the..passwords..to..be..changed..regularly..is..a..larg
e..risk...Hackers..only..have..to..guess..words,..common..passwords,..or..phrases..that
..meet..the..only..requirement..to..be..eight..characters..long...Whitney..(2024)..rep
orted..that..an..advanced..hacker..can..get..hack..a..complex..password..eight..chara
cters..long..in..five..minutes.
▪ Company..A..also..has..a..high..vulnerability..with..their..network..with..having..inse
cure..ports..open...Insecure..ports,..such..as..21..(FTP)..and..23..(Telnet)..use..a..prot
ocol..that..sends..the..data..over..plain..text...A..hacker..could..easily..use..a..packet..snif
fing..software..such..as..Wireshark..to..read..the..exact..data..that..is..being..send..su
ch..as..confidential..information..like..credit..card..numbers..and..personal..informa
tion.
o Company..B
▪ Company..B..also..has..an..issue..with..authentication..issues..with..its..employees...All..t
he..employees..of..Company..B..have..administrative..privileged..accounts...This..m
eans..that..all..the..employees..could..potentially..have..access..to..network..setting
s,..apps,..databases,..services..and..more..of..the..company...A..malicious..employee..c
ould..install..malware..or..disable..firewall..settings...Company..B..could..also..imple
ment..that..all..employees..must..use..MFA..to..login..to..help..with..authentication..
and..verification.
▪ Company..B..has..a..vulnerability..with..FTP..where..an..attacker..or..user..can..login..u
sing..an..anonymous..login...Meaning..you..do..not..need..an..account..or..proper..cr
edentials..to..access..that..server...An..attacker..could..view..information..or..uploa
d..files..as..well.
• Infrastructure..Problems
o Company..A
▪ One..infrastructure..issue..Company..A..has..is..the..EOL..of..its..Cisco..3750X..switch...Ci
sco..says..that..their..support..for..the..switch..will..be..September..2024..(2023)...Th
is..event..will..have..an..impact..on..the..security..of..the..switch..for..the..future...The..s
witch..will..no..longer..get..up..to..date..security..patches..or..maintenance..support..f
rom..Cisco...In..the..future,..if..a..vulnerability..is..found..in..the..switch,..an..attacker..co
, uld..exploit..it..knowing..that..it..has..not..been..patched..since..September..2024.
▪
o Company..B
▪ Company..B..has..a..vulnerability..with..an..operating..system..being..End-Of-
Life..(EOL)...When..a..system,..especially..an..operating..system,..becomes..EOL,..th
e..system..is..no..longer..supported..and..maintained..with..the..owner..or..compan
y...This..means..that..the..system..will..no..longer..receive..security..patches..and..upd
ates...This..will..leave..the..system..vulnerable..to..future..attacks.
Business.. Vulnerability.. Analysis
• Company..A
o Company..A’s..risk..analysis..report..states..that..their..network..has..ports..21-
90..and..3389..open...This..is..a..high-
risk..potential..due..to..some..of..the..ports..not..being..secure...Ports..21..and..23..are..FTP..a
nd..Telnet..ports..that..send..information..in..plain..text..instead..of..cyphertext...Attackers..ca
n..use..packet..sniffing..software..such..as..Wireshark..to..easily..see..user..credential..and..the.
.data..being..sent..back..and..forth...Company..A,..being..a..global..financial..company,..has..
a..high..likelihood..an..attacker..would..want..to..retrieve..user..credentials..and..data..for..fi
nancial..gain...This..could..compromise..customers’..accounts..leading..to..a..large..impact..t
o..the..company..for..legal..and..social..reasons.
o Company..A..has..a..high..vulnerability..with..having..all..their..users..having..administrative..
rights...This..issue..paired..with..a..weak..password..policy..and..requirements..make..this..v
ulnerability..a..high..risk...The..cherry..on..top..would..be..that..Company..A..does..not..disabl
e..or..remove..old..accounts..and..that..the..passwords..are..not..enforced..to..be..changed...
If..a..user..that..is..no..longer..required..at..the..company..leaves,..they..can..try..to..access..th
eir..account..with..their..old..credentials...They..would..also..still..inherit..all..their..privileges
,..in..this..case,..administrative..or..elevated..privileges...Advanced..attackers..could..easily..fig
ure..out..an..eight-
..character..password..as..mentioned..above...The..attackers..would..also..have..administrat
ive..privileges..to..gain..access..to..sensitive..data..about..the..company..and..its..customers..
data..such..as..PII..and..account..information...This..is..a..high..risk,..highly..likely..risk..due..to
..Company..A..being..a..global..financial..company...This..could..put..the..company..at..legal..
risk..and..give..a..bad..reputation..to..the..consumers.
• Company..B
o Company..B..has..some..sever..vulnerabilities..as..well...One..critical..vulnerability..listed..in.
.the..company’s..report..is..the..remote..code..executions..for..its..Distributed..Ruby..system
s...This..is..a..critical..risk..due..to..an..attacker..can..execute..code..to..extract..table..informa
tion..such..as..a..user’s..credentials...If..an..attacker..gains..access..to..the..network,..the..com
pany..also..does..not..have..multifactor..authentication..enabled..to..prevent..unauthorized
..access..and..will..allow..the..user..to..have..local..administrative..access..because..the..comp
any..does..not..have..a..policy..with..least..privilege.
o When..companies..decide..that..their..product..is..no..longer..going..to..be..sold..or..support
