sonali technical email

FROM: SONALI PAUL JASSAL- IT SUPPORT TEHCNICIAN TO: LINE MANAGER CC/BC: SUBJECT: Summary of the meeting with IT Manager Dear line Manager, I hope this email find you well. I recently attended a meeting with the IT Manager regarding the current infrastructure and the recent malware attack that occurred to gain a deeper understanding. Therefore, in this email I will be discussing about the topics that were covered in the meeting. Firstly, I wanted to find out a bit more about the organisation and how to operates. Therefore, my first question was: How many staff are currently in your organisation? The answer provided was-we have 25 employees, 10 which are office based and 15 are provided with laptops to work at home if agreed with management. This shows that the company have enough devices provided for everyone and are able to connect to work at home or in the office. My second question was- How many devices such as laptop, desktops do your organisation have? Could you talk me through your infrastructure? The answer was we have 15 laptops which are for remote users and they connect to the VPN ,10 desktops, a SOHO router, a NAS drive where all the client information is stored. This shows they are clearly lacking good secure network infrastructure as they are using a SOHO router which is used for more small homes and offices, However, as they are growing it is vital for them to upgrade and have a better router that is more fit to their needs but also for their intensive marketing programs Then, I moved onto the details of the attacks to discover why it has occurred and whether it was due to the vulnerabilities that were present in the organisation. My first question for this was- Could you provide some details of the malware attack on the NAS drive? The answer given was- The NAS was hacked and several important files were deleted which included Personally identifiable information (PII) and it related in losing two long term clients Key Issues- This is a big impact as this malware attacks have clearly lost their reputation as a business and will take a lot of reassurance and building the brand again to make their company be reliable. Furthermore, the NAS drive being hacked shows there was clearly a vulnerability in place that make it easy for the hackers to exploit this and use It to their advantage My second question was- How was the attack detected? Was there a system in place to detect this? The answer provided was- There was nothing in place to detect the attack, but we only found out when we had seen the several files deleted and missing. PaulJassal_S_107557084_Task2 Page 6 of 9 My follow up question was, would you like a solution in place to detect these types of issues? The answer stated was that yes that is something they would like to implement Key issues-There is clearly an issue highlighted as there was no system in place to detect the cyberattacks, which meant no one in the company was aware. Therefore, the malware attack could have ended up a lot worse than it was. Consequently, I would recommend implementing an IDS or IPS in place that will definitely help the company be aware of anything that happens which can help in reducing the impact but also is a good mitigation strategy in order to reduce the amount of cyberattacks My third question was-What do you have in place in term of security? The answer stated- We have a SOHO router with a built-in firewall Key issues-A SOHO router with a built-in firewall has quite basic features and can lack advanced threat protection. Furthermore, the router may not receive frequent updates which leave them open to any new malware if it is outdated. Also, the router is designed for usually 1-10 users and that may lead to complications with more devices or complex setups. My fourth question was- Could you tell me about the firewall and how it works in terms of rules and about the outbound and inbound traffic? The answer provided was- I’m not too sure about how the firewall is configured and I have not reviewed the security. But I’m not sure which ports are blocked or not and I do not get any alerts on any suspicious activity. Key issue- They are clearly not aware on how the firewall is configured which is a big threat as I was informed that the attack was external and this could be reason as allowing access on inbound traffic that is not necessary is an issue. After this I moved onto finding out more about the network and system access. My first question was- What user access controls are currently in place for the NAS and how are permissions assigned to staff? The response given was-The users control to the NAS drive thought the shared administrative account and all staff have shared access and can install any software they would like. Key issues- This is a concern as it is going to lead to all staff making unauthorised changes and modify anything they like and without a way of tracing the individuals it can be hard as an to keep track and log what has been done. Furthermore, an employee might install something malicious or a malicious software, which will affect the entire network and will cause many disruptions but also leave the organisation suffering financially and reputationally My second question was- Are there any remote access restrictions in place to access the NAS and how does it make sure its secure? The reply given was- All remote users connect to the NAS drive through a VPN have a username and password to access. I then asked, is the username and password quite generic or strong? The answer given was- its not as secure, the username is LMSAdmin and the password is password with special characters and numbers. Key issues- The problem is that they have tried to make it secure by adding a VPN however the account username and password is not secure at all and that is a PaulJassal_S_107557084_Task2 Page 7 of 9 weakness which can leave the remote users quite easily experiencing a cyberattack but also disrupting the whole network. Next, I moved onto the security measures that were placed at that current time and assessing whether they were suitable or not according to the organisation. My first question was- What security measures were in place on the NAS before the attack? (E.g., any antivirus software, IDS systems) The input received was- No, nothing in place just a firewall built in the SOHO router. Key Issues-This is a problem as it showing they are weak In some areas regarding security which needs to be solved immediately to reduce the risk of experiencing another cyber incident again. My second question was- Are software updates and patches regularly applied on the NAS and other systems? If so, how regular? The answer provided was-The NAS Is Linux based but I cannot confirm anything about the updates Key issues- They are clearly not aware of the backups, which will definitely needed to be implemented to keep a copy of files and data in case of an incident were to occur. Then I asked about the VPN and whether if it was up to date The answer provided was- The VPN is on a Windows Server 2019 and we believe it is quite outdated. After this I moved onto data protection and backups. My first question was- Were the deleted files backed up, if so, how frequently are the backups performed? Following on that question, where are the backups stored? The answer stated was- There’s no backups in place and it’s not frequent Key Issues- There is no backup, therefore this means that if all files were deleted, for example in this case several have been deleted.it means that they cannot be restored and all the data has been lost. Therefore, if there was a backup in place there would a copy of the documents. Ultimately, I moved onto finding more about Post attack and staff awareness. The Key information I found was that staff aren’t aware much of how to report incidents or any of the latest information. They’re only required to do an induction session which only included 3 videos totalling to 2 hours. To conclude, form my finding from the interview with the IT Manager, it has led me to realise that: • There is lack of training • Lack of backups • Outdated operating system • Weak passwords • Generic, weak passwords • No role-based access controls • Shared admin accounts PaulJassal_S_107557084_Task2 Page 8 of 9 I hope this is useful, Thank you for your time

Comments

Post a Comment

Popular posts from this blog

Post-Implementation IT Satisfaction Survey – NexaTech Staff Dear Team, As part of our commitment to improving our IT infrastructure and security, we value your feedback. Please take a few minutes to complete this short survey. Your input will help us identify what is working well and where further improvements may be needed. 1. Onboarding & Training How confident do you feel using the new systems (Microsoft 365, OneDrive, Intune)? Very confident Somewhat confident Neutral Somewhat unconfident Not confident at all 2. Ease of Access How easy is it to access your files and applications remotely? Very easy Easy Neutral Difficult Very difficult 3. Device Performance Has the performance and reliability of your work device improved since the upgrades? Strongly agree Agree Neutral Disagree Strongly disagree 4. Security Awareness Do you feel more aware o...
Read more

task brief

Image
  Scenario You are a junior cyber security technician who has been hired by Shooting Star Drones Ltd to address some of the issues that it has recently experienced with its network and suspected unauthorised external access to its systems. Shooting Star Drones Ltd has been operating for 3 years and has a reputation for innovative and spectacular drone displays. The company aims to provide cheaper, more environmentally friendly drone displays to replace traditional fireworks. Displays can be of different sizes with displays often using up to 1000 drones. The company has 220 employees in its single office and is expecting to grow rapidly in the next 5 years.     Brief As part of your role, you are involved in a large security management project to identify and remediate the possible security breach. You have also been asked to support members of staff who requir...
Read more