1
Complexities of Counterterrorism through Government Efficiency and Resilience
Student's Name
University
Course
Professor
Date
, 2
Complexities of Counterterrorism through Government Efficiency and Resilience
Question A: Describe two current network security problems for each company, based on
business requirements given in the scenario
For Company A, one current network security problem is the presence of open ports (21-
90, 3389) and the use of Remote Desktop Protocol (RDP) for remote desktop access. This poses
a high-risk vulnerability, especially considering the financial industry's sensitivity to data
confidentiality and integrity. Another concern is the use of eight-character passwords by all
users, which is also a high-risk issue. This weak password policy could potentially lead to
unauthorized access and compromise the confidentiality and integrity of customer and employee
Personally Identifiable Information (PII). Additionally, the persistence of user accounts that are
no longer required presents a moderate-risk problem, as it increases the attack surface and
potential for unauthorized access.
For Company B, a significant security issue is the lack of Multi-Factor Authentication
(MFA) enforcement for all users. Given the nature of Company B's operations, which involve
specialized software for medical providers and credit card transactions, MFA becomes crucial
for securing access and preventing unauthorized entry. Another concern is the presence of
critical vulnerabilities in the servers, such as the Distributed Ruby (dRuby/DRb) Multiple
Remote Code Execution Vulnerabilities and the Java RMI Server Insecure Default Configuration
Remote Code Execution Vulnerability. These vulnerabilities pose a high risk to the
confidentiality, integrity, and availability of sensitive data, and addressing them is imperative for
network security. Additionally, the existence of weak passwords in the PostgreSQL database and
the accessibility of PostgreSQL admin from the internet pose further risks to data integrity and
confidentiality.
, 3
Another security problem for company A is the use of outdated and end-of-life
equipment, as identified in the risk analysis. This low-risk issue could still pose a threat to the
availability and reliability of the network, especially in a financial industry setting where system
uptime is critical. The presence of end-of-life equipment may lead to increased vulnerability to
exploits and limited support for security updates, potentially impacting the company's
operational continuity. As for Company B, the lack of enforcement of Multi-Factor
Authentication (MFA) across all users is a critical security concern. Given that Company B deals
with specialized software for medical providers and handles credit card transactions, ensuring
robust authentication mechanisms is vital for protecting sensitive information. The absence of
MFA increases the risk of unauthorized access and potential data breaches. Additionally, the use
of deprecated and weak cryptographic protocols, as highlighted in the vulnerability assessment,
such as SSLv2 and SSLv3, poses a moderate-risk problem. This could expose the network to
security vulnerabilities, potentially compromising the confidentiality and integrity of data,
especially considering the sensitive nature of medical and financial information.
Question B: Analyse the given network diagram and vulnerability scan for both companies
by doing the following:
1. Describe the two existing vulnerabilities for each company
For Company A, two existing vulnerabilities are evident from the network diagram and
vulnerability scan. Firstly, the presence of Remote Desktop Protocol (RDP) for remote desktop
access poses a significant vulnerability. If not properly secured, RDP can be exploited by
attackers to gain unauthorized access, potentially leading to the compromise of sensitive
financial data. Secondly, the use of open ports (21-90, 3389) introduces a vulnerability,
particularly considering the financial industry's strict security requirements. These open ports
Complexities of Counterterrorism through Government Efficiency and Resilience
Student's Name
University
Course
Professor
Date
, 2
Complexities of Counterterrorism through Government Efficiency and Resilience
Question A: Describe two current network security problems for each company, based on
business requirements given in the scenario
For Company A, one current network security problem is the presence of open ports (21-
90, 3389) and the use of Remote Desktop Protocol (RDP) for remote desktop access. This poses
a high-risk vulnerability, especially considering the financial industry's sensitivity to data
confidentiality and integrity. Another concern is the use of eight-character passwords by all
users, which is also a high-risk issue. This weak password policy could potentially lead to
unauthorized access and compromise the confidentiality and integrity of customer and employee
Personally Identifiable Information (PII). Additionally, the persistence of user accounts that are
no longer required presents a moderate-risk problem, as it increases the attack surface and
potential for unauthorized access.
For Company B, a significant security issue is the lack of Multi-Factor Authentication
(MFA) enforcement for all users. Given the nature of Company B's operations, which involve
specialized software for medical providers and credit card transactions, MFA becomes crucial
for securing access and preventing unauthorized entry. Another concern is the presence of
critical vulnerabilities in the servers, such as the Distributed Ruby (dRuby/DRb) Multiple
Remote Code Execution Vulnerabilities and the Java RMI Server Insecure Default Configuration
Remote Code Execution Vulnerability. These vulnerabilities pose a high risk to the
confidentiality, integrity, and availability of sensitive data, and addressing them is imperative for
network security. Additionally, the existence of weak passwords in the PostgreSQL database and
the accessibility of PostgreSQL admin from the internet pose further risks to data integrity and
confidentiality.
, 3
Another security problem for company A is the use of outdated and end-of-life
equipment, as identified in the risk analysis. This low-risk issue could still pose a threat to the
availability and reliability of the network, especially in a financial industry setting where system
uptime is critical. The presence of end-of-life equipment may lead to increased vulnerability to
exploits and limited support for security updates, potentially impacting the company's
operational continuity. As for Company B, the lack of enforcement of Multi-Factor
Authentication (MFA) across all users is a critical security concern. Given that Company B deals
with specialized software for medical providers and handles credit card transactions, ensuring
robust authentication mechanisms is vital for protecting sensitive information. The absence of
MFA increases the risk of unauthorized access and potential data breaches. Additionally, the use
of deprecated and weak cryptographic protocols, as highlighted in the vulnerability assessment,
such as SSLv2 and SSLv3, poses a moderate-risk problem. This could expose the network to
security vulnerabilities, potentially compromising the confidentiality and integrity of data,
especially considering the sensitive nature of medical and financial information.
Question B: Analyse the given network diagram and vulnerability scan for both companies
by doing the following:
1. Describe the two existing vulnerabilities for each company
For Company A, two existing vulnerabilities are evident from the network diagram and
vulnerability scan. Firstly, the presence of Remote Desktop Protocol (RDP) for remote desktop
access poses a significant vulnerability. If not properly secured, RDP can be exploited by
attackers to gain unauthorized access, potentially leading to the compromise of sensitive
financial data. Secondly, the use of open ports (21-90, 3389) introduces a vulnerability,
particularly considering the financial industry's strict security requirements. These open ports
