Call/WhatsApp/Text: +44 20 3289 5183

Question: Client Network and Brief: The network, shown in Figure 1, represents a client network that you are called to handle.

16 Feb 2023,3:42 PM

 

Client Network and Brief

The network, shown in Figure 1, represents a client network that you are called to handle. Your role, as a network security evaluation specialist, is to help the client design and build an effective evaluation and monitoring solution. Your client has specific requirements that need to be met and expects you to address some of the technical and legal challenges involved. The client owns all the data created, processed, stored and communicated on the networked systems, some of which is sensitive.
 

 

The network above is designed such that various services are spread out on server farms. The six server farms host server nodes numbered 20-39 accessible by six respective gateway nodes numbered 6, 7, 8, 10, 11 and 15. Gateway nodes 12, 13, 14, 16, 17, 18 and 19 connect to client nodes (over a hundred) distributed across subnets.

The nature of service traffic is a combination of web services (for external customer enquiries and ecommerce), and various application services for use within the organisation. Some of the services need to be accessible from the outside world.

The nodes are diverse in their configuration and with different levels of access to services and the outside world (internet) which is accessible by gateway node 0. Nodes 1, 2, 3, 4, 5 and 9 serve for the purpose of intermediary routing within the network.

The client is involved is innovation and product development within the defence and security sector serving clients ranging from government departments, multinational firms and foreign agencies. The nature of activity lends itself to sabotage and intellectual property theft. The collaborative nature of the organisation also means that it hosts development teams from other partners from a variety of countries.

Your role has specific deliverables and you are asked to prioritise the activities (set out in the questions) detailed below. You have a few weeks to present a report to the technical leadership of the client on these matters.

For consistency, in your answers, specific locations should be referred to by the labels used in Figure 1. It would be helpful to clarify particular locations that you refer to including interfaces on the firewall, routers (as there are multiple), links between routers and switches and so on.

 

 Question 1 (Network security monitoring)                                                 

 

The client is particularly vulnerable to insider attacks including sabotage (disruption and destruction) and espionage (stealing sensitive information). To detect any such attacks, it is important that the client has effective measures in place.

You are asked to evaluate the level of exposure for servers from insiders. Of particular interest here is network reconnaissance (scanning) activity that originates internally.

A)     Describe what data would you prefer to collect and at what points on the network? You are expected to adopt a systematic approach where you justify why are you collecting the various types of data and where? Also explain how potential intruders (insider of the network) can collect and use such data for malicious purposes?

(200 words)

B)      To support the above activity, what tools would you use and what type of activity would you configure to detect? Your answer is expected to prescribe tools that the client may wish to use and adopt in the future. Your client would appreciate suggestions for configuration of such tools to assist in efficient collection, logging and analysis of data collected.

(150 words)

C)      This is a high-volume network and parts of it get very busy at peak times. Any activity of collecting traffic from the network would be a challenge. In the context of above activity, discuss relevant strategies to help overcome the problem of scale.

(150 words)

Your total answer should be no more than 500 words.

 

 

 

 Question 2 (Cost benefit analysis)                                                       

 

 

Cyber security, be it in terms of equipment, human effort or inconvenience, has a cost. Cyber security, therefore, involves trade-offs. Your recommendations, in your answer to question 1, entail significant costs in terms of

§  equipment, including hardware, software and training resources,

§  human, including manual configuration and steering of monitoring operations, training, and

§  inconvenience, in terms of disruption to normal operations.

Present a brief justification of these costs. For each category, describe the benefit your client receives for the investment made.

Your response should be no more than 750 words.

 

 Question 3 (Legal aspects)                                                        

 

 

The client admits no prior knowledge or experience with the legal aspects applicable to data protection.

You are asked to present a summary of the responsibility and liability that your client has towards ensuring that personal and sensitive data is processed, stored and communicated in accordance with the law.

Such a summary should be legible to senior management (many of whom are not apt to legal jargon). Your answer should be in the context of UK GDPR (more details here).

Your summary should be no more than 500 words. 

 

 

 Question 4 (Human factors)                                                         

 

 

The client organisation employs a large workforce and is keen to understanding user behaviour with a view to effectively improving security controls and awareness activities. Understanding behavioural data may involve analysis of tracking usage across subnets to access logging to network configuration preferences.

As such, you are asked to guide organisational policies on matters related to the following.

A)     Offer at least two examples of what user behavioural data may be collected, and how and at what points on the network to enhance organisational security. The examples should explain behavioural traits associated with such data and the technical measures that may be put in place as a result for security enhancements.

(350 words)

B)      What ethical considerations are relevant to collecting behavioural data (from examples above and beyond)? You may wish to inform your answer from any number of perspectives across behavioural science, psychology, philosophy and economics.

(400 words)

 

Your total answer should be no more than 750 words.

Expert answer

 

This Question Hasn’t Been Answered Yet! Do You Want an Accurate, Detailed, and Original Model Answer for This Question?

 

 

Ask an expert

Stuck Looking For A Model Original Answer To This Or Any Other
Question?

Related Questions

A 32-year-old female presents to the ED with a chief complaint of fever, chills, nausea, vomiting, and vaginal discharge

Scenario 1: A 32-year-old female presents to the ED with a chief complaint of fever, chills, nausea, vomiting, and vaginal discharge. She states these symptoms started about 3 days ago, but she thought she had the flu. She has begun to have LLQ pain and notes bilateral lower back pain. She denies dysuria, foul-smelling urine, or frequency. States she is married and has sexual intercourse with her husband. PMH negative. Labs: CBC-WBC 18, Hgb 16, Hct 44, Plat 325, ­ Neuts & Lymphs, sed rate 46 mm/hr., C-reactive protein 67 mg/L CMP wnl Vital signs T 103.2 F Pulse 120 Resp 22 and PaO2 99% on room air. Cardio-respiratory exam ...
You work in the Department of Foreign Affairs and Trade of Australia. Your department will.....

Problem Description: You work in the Department of Foreign Affairs and Trade of Australia. Your department will be hosting a workshop on the Global Value Chains, challenges, and opportunities for Australia, with participants from academia, industry, government, and non-profit organizations. To prepare for this workshop, you plan to first write a report on GVCs by giving a relevant example. To appeal to the audience, you wish to focus on a GVC in which Australia participates, that is, Australian inputs are used to produce (deliver) final products (services). Your report should: Give an example of GVC which involves at least three ...
Critically examine the memorialisation or commemoration of an event said to be defining of a given society’s collective.......

  Select a relevant piece of artwork (i.e. documentary, exhibition, film) and/or artist and critically assess the artist’s/artwork’s contribution to understandings of how societies remember.   OR   Critically examine the memorialisation or commemoration of an event said to be defining of a given society’s collective or social memory, in which digital technologies/media/archives are seen as highly significant in the formation of remembrance.     DRAFT / STUDY TIPS: The Role of Digital Technologies in the Memorialization of Collective Memory: A Critical Examination Introduction Memorialization and commemoration are crucial aspects ...
You hold the HR directorship of a local company in Durham, which employs 100 workers

You hold the HR directorship of a local company in Durham, which employs 100 workers (all in a managerial position). The company usually offered an incremental pay rise of 3 per cent every year. It also offered some benefits such as health insurance, life insurance, and private pension plan. The cost of living and the high inflation are influencing the organisational revenue. You were asked to rethink the Employee Rewards including the pay rise and the benefit system and to consider withdrawing the private pension plan. Based on that information please answer the following:   1)    What external influences do ...

What Clients Say About Us

Copyright © 2012 - 2024 Apaxresearchers - All Rights Reserved.

WhatsApp us