WGU D482 Task 1: Network Security & Infrastructure Analysis and
Recommendations.
A. Describe two current network security problems and two current infrastructure
problems for each company, based on business requirements given in the scenario.
Company A’s network security problems start with the ports they have open. Ftp being open is
a huge security risk. Another network security risk is allowing users to use eight-character
passwords. These can easily be cracked and allow a security threat access to the network.
The infrastructure problems for company A start with the Windows server 2012, which has
many vulnerabilities listed in the CVE(“Microsoft Windows Server 2012: Security Vulnerabilities,
CVEs Memory Corruption Published in 2015”). The second infrastructure problem comes with
the company using laptops running on Windows 7, which again has several vulnerabilities
publicly listed that threat actors can use to access those systems.
Company B's network security problems start with them having many unsecure ports open such
as ftp and Telnet. Another security risk would be having the rexec service running because it
sends unencrypted data and does not verify users, not to mention that the effort required is
low.
Company B’s infrastructure issues start with some of the workstations running Windows XP,
which is extremely outdated, meaning there are plenty of vulnerabilities associated with it, and
most machines that run it also need to be replaced. Another issue is with the Verizon border
router. That model and version are outdated and are susceptible to many attacks.
, B. Analyze the given network diagram and vulnerability scan for both companies by doing the
following:
1. Describe two existing vulnerabilities for each company.
2. Explain the impact, risk, and likelihood associated with each described vulnerability from
part B1 as it relates to each company.
Company A
1. Regular password changes are not enforced. This is a risk because it is a single point of
failure.
The risk likelihood is moderate, meaning serious effects to the company if it were to
occur. There is also a good likelihood that this will occur in the future.
2. All users have local administrative privileges. This allows anyone to do things only admin
should be allowed to do, such as changing passwords. The risk likelihood is moderate,
meaning serious impacts to the company if it were to occur. This risk is also likely to
happen soon.
Recommendations.
A. Describe two current network security problems and two current infrastructure
problems for each company, based on business requirements given in the scenario.
Company A’s network security problems start with the ports they have open. Ftp being open is
a huge security risk. Another network security risk is allowing users to use eight-character
passwords. These can easily be cracked and allow a security threat access to the network.
The infrastructure problems for company A start with the Windows server 2012, which has
many vulnerabilities listed in the CVE(“Microsoft Windows Server 2012: Security Vulnerabilities,
CVEs Memory Corruption Published in 2015”). The second infrastructure problem comes with
the company using laptops running on Windows 7, which again has several vulnerabilities
publicly listed that threat actors can use to access those systems.
Company B's network security problems start with them having many unsecure ports open such
as ftp and Telnet. Another security risk would be having the rexec service running because it
sends unencrypted data and does not verify users, not to mention that the effort required is
low.
Company B’s infrastructure issues start with some of the workstations running Windows XP,
which is extremely outdated, meaning there are plenty of vulnerabilities associated with it, and
most machines that run it also need to be replaced. Another issue is with the Verizon border
router. That model and version are outdated and are susceptible to many attacks.
, B. Analyze the given network diagram and vulnerability scan for both companies by doing the
following:
1. Describe two existing vulnerabilities for each company.
2. Explain the impact, risk, and likelihood associated with each described vulnerability from
part B1 as it relates to each company.
Company A
1. Regular password changes are not enforced. This is a risk because it is a single point of
failure.
The risk likelihood is moderate, meaning serious effects to the company if it were to
occur. There is also a good likelihood that this will occur in the future.
2. All users have local administrative privileges. This allows anyone to do things only admin
should be allowed to do, such as changing passwords. The risk likelihood is moderate,
meaning serious impacts to the company if it were to occur. This risk is also likely to
happen soon.
