COM7006 IT Security Management Report, MU, Singapore

Assignment Tasks

This assignment consists of two parts:

Part 1: Digital Forensics Case Investigation

Part 2: Network Design and Security Solutions

Part 1: The Case of Network data reveals theft of trade secrets

The fact:

Xiaolang Zhang worked as an engineer for Apple’s autonomous car division. He had been with the company 2 ½ years when he announced that he would be resigning and returning to China to take care of his elderly mother. He told his manager that he would be working for an electric car manufacturer in China. The conversation left the manager suspicious. Company security started an investigation. They searched Zhang’s two work phones and laptop—but were most alarmed when they reviewed Zhang’s network activity. The story the network data told was that Zhang’s activity had spiked to a two-year high in the days leading up to his resignation. It consisted of “bulk searches and targeted downloading copious pages of information” taken from secret databases he could access.

When confronted, Zhang admitted to taking company data. The matter was referred to the FBI for investigation. In a proactive move to mitigate against the risk of disgruntled staff members who may attempt to breach company policies to impart information from its facilities, an external digital forensic examiner was employed to analyse all storage media being used within the enterprise.

The investigation is to be conducted using the following scope for all Application Administrator team members.

• Company Policy # 197801 – No data relating to Active Directory strategy must be copied or saved to portable devices.
• Company Policy # 197812 – A Project Manager must approve all electronic communication between technical staff and clients.
• Company Policy # 197806 – Access to all financial institutions is restricted within the organisation’s network in alignment with session 2211 of government financial regulations.
• Company Policy # 197823 – All Virtualization software, proxy bypass and VPN access are limited to the Server Pro Teams.
• Company Policy # 197880 – Deletion of all data and viruses must be reported to the support team and processed by the Data Sanitation Unit.

The takeaway

Above are company policing (digital image) of Zhang storage device that must be urgently analysed. Additionally, reports were received from the helpdesk that the storage media assigned to Zhang was recently formatted and Apple’s autonomous car division team suspects that a phantom Virtual Server was created by a member of the Application Administrator Unit on the 21st of June 2019. The scenario envisioned, in this case, is within the scope of well-defined company policies and procedure focusing on computer savvy individuals.

Therefore, one must examine the recovered files to obtain the facts regarding Zhang ’s recent activities. Please note that Zhang is proficient in file editing and renaming extensions and the Company only uses Microsoft Outlook to send emails. This part is a technical one that does not require many words, screenshots of your investigations, an executive summary of the findings and a conclusion will do the job.

Part 2 – Network Design

Swindon College staff and students warned over cyber-attack. A college has advised students and staff to check their financial data after falling victim to a cyber-attack. You are member of Information Commissioner’s Office and National Crime Agency team and they have consulted you to design their network.

As their data is sensitive, the college is particularly interested in cutting-edge security solutions. The budget, however, needs to be justified. Thus, you will need to design the layout of users (including those anonymous), domains (including those trusted), etc. You need to consider the following requirements

• The college should have an internal Concurrent Versions System (CVS) server. Only internal access can be granted to it.
• The college also has an anonymous CVS server for remote teams to work on source code.
• The college has two web servers. One is for internal users and the other one for external users.
• The college also has an internal email server.

To complete this task, you need to:

1) Propose a network topology for various servers and the assumed location for trusted domains such as the location of your firewalls and Intrusion Detection System (IDS).

2) List down all Security related assumptions about approaches to the design and the trust.

3) Discuss the proposed authentication and authorisation mechanisms to be used. You need to justify your design choices.

4) Propose a mechanism to exchange secure email between users. This needs to consider the key management issue as well.

5) Discuss the inclusion of an IDS and where to place it.

6) Investigate the potential security issues in your own design. In other words, criticise your own design listing down the possible vulnerabilities it may have.

7) Consider a security breach on your internal email server. How would you deal with this? How would you respond to the breach?

8) Explain how you would measure the Return on Investment (ROI) on security for your system. You should give examples for both tangible and intangible assets.

This report must be underpinned by references to academic literature. You need to have at least 10 academic references in your bibliography.