TASK 3 FULL MINE

 


Introduction

No table of contents entries found.


Introduction 

I will be fixing out  for Swiftfin solution and providing them with alternatives they are a large organisation that facilitate online payments they are looking to expand to a second office and it is important that is done and the security and the policies of the company match the current needs of the organisation because they have not bee changed or updated in years.  Swiftfin solutions are currently suffering from a range of different issues such as security issues and outdated software and hardware I will be providing what things they can change and where they can get them from and the cost in detail and by implementing them Swiftfin solutions should be able to improve their organisation significantly and meeting all the requirements I have given bellow.

Aims and issues of the project and the mitigation 


There are many aims for this project with swift Fin solutions the current company network policies have been in place for years and they have not been updated or changed to accommodate to the needs to the company now which has significantly grow in size.

 One of the outcome or aims of of this project is that the business needs to improve their network security and I will propose methods and ideas on how this can be all implemented. It has also come to my attention that SwiftFin solutions has encountered multiple incidements that show how weak the current system is and how vulnerabilities have not been mitigated. I will need to implement a system if access such as rbac to mitigate problems like staff having unrestricted access to confidential information. 

Another aim of this project is to stop unauthorised logging in attempts through methods like having strong passwords that are unique for each induvial that have a range of different letters and symbols. 

Some hardware component like the file server and domain controller the file server is using a quite outdated operating system called windows server 2012 and that mean that is more vulnerable to outside threats due to its age and having less security methods like the newer systems and they are know to have vulnerabilities for example they are prone to memory Organisations running Windows Server 2012 or 2012 R2 after the end of the support date become extremely vulnerable to security breaches and cyberattacks in the absence of security updates and patches. Hackers deliberately go for unsupported systems, taking advantage of flaws that are not fixed. The domain controller is also old but iyts isn’t that old compared to the file sever the domain controller is operating on a windows server 2022 however that is still also vulnerable to threats because it is know to have vulnerabilities  due to it being a old os system. For both the file server and the domain controller they will ned to be changed to the most latest operating system.

Another aim and issue  in this project is   project is that the vpn management system needs updating currently it uses IPsec currently by default all traffic connected uses IPsec all connections must be authenticated however when Look at the current active connection there seems to be a few issues such as the IT laptop does not have encryption however the HR laptop does that is good so the confidential information that hr holds doesn’t go into the hands of cybercriminals but however it is important that all devices are protected and they have encryption because currently only hr does.

I would also like to add on that there are issues with how weak the passwords are and that they are easy to guess and they need to be unique for each individual and they should be different they should contain a range of different characteristics.

Unauthorised downloading is another issues and my aim is to sort this issues out because if anyone can download anything on the devices that are connected to the network of Swift fin solution they can download viruses and be exposed to malicious software which can result in loss of important information.

Staff training is also a key issue that need to sorted out because the staff at of Swift fin solution only get trained once and then that it that the only mandatory training they receive. That is not enough and the staff should have to do multiple staff training programs monthly  so they are updated to the most recent modern ways that cyber criminals attempt to steal information weather that be through social engineering attack or spear phishing staff should be able to identify it because if they don’t like the currently aren’t its easy for them to expose the confidential information of the organisation. 

Biometrics like face identification will also be important to ensure that the physical security is  secure of the building and no one can gain unauthorised access.                                             

Also 2 factor authentication can be implemented  ensure that unauthorised log in attempts go down and make them unsuccessful 2fma also adds a another layer of security making it harder for unauthorised individual to log in to devices.

Also, there is a lack of encryption and data is vulnerable encryption should be mandatory and should be used any where and everywhere in the organisation especially when the store sensitive data because if Swiftfin solution don’t they will be breaching laws like GDPR.

There also needs to be vpns for everyone ones that are secure and it should be mandatory this is especially useful for hybrid employees which mean they can access data from their work securely at home without the threat of it falling into the hands of cybercriminals. And vpns should  be check if they are outdated and misconfigured and because they are they should be changed immediately so they are moider and configured to meet the needs of the organisation.

On the vpn configuration policy allowed shared admin access was allowed and it should not be because then the organisation risks exposing their data because the employee have access to data they do not need and this feature needs to disabled only those who need access should be allowed like I mentioned before it is important that an access control method is added like rbac.

Also I recommend they store data on site so that they have more control and they can have easy access rather than storing it with some third party provider or in some other location because then the physical security will also be good.

Implementation methods 


1) Direct conversion: A direct conversion is when a company stops using the old system and start using the new system at a specific point in time. This can be risky because even with sufficient testing, it is impossible to make sure there are no issues with the new system


2) . 2) Parallel conversion: Parallel conversion is when the process is run on the old and new system for a period of time. This process is less risky than the direct approach because the company still has the old system to rely on. One downside is that this approach duplicates the work since it’s the work is being performed in two environments. 


3) 3) Phase-in conversion: This is when the company slowly implements a system in pieces. This can be useful to make sure that the whole process is not interrupted, which makes it less risky than the direct approach. 


4) 4) Pilot conversion: Pilot is when the company uses the system in a test environment for a period of time to work out all of the bugs. This is less risky than the direct approach since it allows the company to understand the issues that may become applicable with a new system.

These are four examples of implementation methods and the one that I  recommend is parallel when you run both new and old systems side by side and then you can compare their performance and how they are doing and if somethings aren’t up to standards and aren’t preforming as they should be that can be either security or performance then changes can be made quickly and the problem can be found quickly.



Requirements 

All desktop/laptop computers must use a current and standardised operating system

Administrative privileges must be restricted eliminating the current practice of multiple users having unnecessary high level access

Shared credentials should be eliminated and replaced with induvial securely managed user accounts

All server computers must use a current network operating system 

Software should be standardised across all computers with all users using the same productivity software.

Hybrid and remote employees must be able to securely access servers from outside the company network

The business must be confident that data protection requirements are met

Systems which old confidential information must be adequately protected from network threats.

(an) appropriate solution(s) to manage devices inside and outside the network must be implemented.

Standardised centrally managed endpoint protection should be implemented

Physical security of the building should be appropriate 

Users should not be able to install software on their work computers 

Any training or upskilling for staff to use the new systems should be considered

Additional VPN licences to be purchased to meet increased hybrid and home working  



Justifications




Devices and costs 


Company device Current software Current operating system Make Is current os up to date Replacement software + cost Replacement make and model cost Total cost 

File server Unknown Window server 2012 Unknown NO Windows Server 2025

Gbp 33.58 per CPU core / month; 0.036  / hour Synology DS224+ 2 Bay NAS Desktop: Efficient Storage Solution

£314.48 £348.06

Only with one core plus 0.036 per hour 

Domain server Unknown Windows server 2022 Unknown NO Office 365 Active Directory Domain Controller 2022

Per hour cost t2.2xlarge$0.03 0.03 per hour 

switch Unknown Unknown Unknown Unknown Runs on its own TP-Link TL-SG105S, 5 Port Gigabit Ethernet Network Switch, Ethernet Splitter, Hub, Desktop and Wall-Mounting, Sturdy Metal, Fanless, Plug and Play, Energy-Saving 13.99

13.99

WAP Unknown Unknown Unknown Unknown Omada Software Defined Networking (SDN) platform TP-Link EAP653 True WiFi 6 Access Point, AX3000 Dual Band Gigabit Wireless Access Points, Omada Mesh, Support 802.3at PoE+ and DC, Seamless Roaming Extended Range, Easily Mount to Wall or Ceiling. £82.68

82.68


Router Unknown Unknown Unknown Unknown ASUS RT-BE92U

ASUS RT-BE92U WiFi Cable Router - BE 9200, Tri-band £223

£223

End point protection Unknown Unknown Unknown Unknown Windows 11 GravityZone Full Disk Encryption 33.99 per three devices 33.99 per 3 devices 

Desktops x50 Unknown Unknown Unknown Unknown Windows 11 APPLE iMac 4.5K 24" (2024) - M4, 256 GB SSD, Silver 1 when you buy this product. Use code 5OFFAIRTAG at checkout.+4 more offers


£1,299.00


£64,950 


Laptops 

X25 Unknow Windows 8 Unknown NO Windows 11 SAMSUNG Galaxy Book4 Edge 15.6" Laptop, Copilot+ PC - Snapdragon X Plus, 256 GB  SSD, Sapphire Blue £599.00 £14,975

Vpns licences 

X35 IPsec TLS 1.0 protocol Unknown Unknown NordLynx (an implementation of WireGuard) Nord vpns ultimate £12.79 monthly £12.79 mothnly 




All devices are from either curries pc world or amazon I could not use dell because it was avliable and I also had to use azure.





Justifications

I got this specific file server  because it is high performance and it will meet the requirements of SwiftTech solutions but also because it is the most modern that is avliable  I got Windows Server 2025 Gbp 33.58 per CPU core / month; 0.036  / hour because it meet the requirements and it’s the most modern and ensure that the security of SwiftTech and the system wont be known to have any vulnerabilities that hackers can exploit.



Domain server I chose specifically and the software with it that I has listed above because that was the best one and it meets the needs of the organisation it can save cost and time to set login and security parameters for devices from a centralized server. Additionally, domain controllers allow automatically installing network printers on your system as soon as they join your domain overall it makes the network more secure and efficient.

Router  chose this specific router  and software that comes with it because it meets the needs of the organisation and One of the primary advantages of routers is their ability to use dynamic routing techniques, which allows them to analyse data and determine the best path for it to take through the network. This reduces network traffic and optimises the use of network resources. Additionally, routers can connect multiple devices to the internet using a single public IP address, which can help reduce networking overheads. This makes the network fast and efficient and makes sure that it optimised the best for Swift Fin solutions organisation..

WAP the hardware that I chose and the software that came with it was because it was the moist latest and newest and one of the best currently that ensure security and safety of SwiftFin solutions data  WAP devices create a Wi-Fi network within an existing wired or wireless network to accommodate more wireless devices. They extend the range of a Wi-Fi router to provide broad wireless coverage and overcome dead spots, especially in larger homes, outdoor areas, apartments, offices, and buildings. This resolves the network or connection issues they are facing at SwiftFin solutions and ensure that employees are more productive and efficient and they don’t waste their time or aren’t able to work as fast due to connectivity issues. 

The switch that I chose was because it was the most recent and that it was also one of the most popular it had good reviews and as a result can also be used by SwiftFin solutions because of already being proven to be effective. The benefits of a good switch like this are Using a good switch in a network provides many benefits such as Using a switch in a network provides several benefits.. Switches also offer improved security by isolating traffic between different ports and provide better scalability for expanding networks.


End point protection I got this spefic one because it is secure and ensure that data is safe during transition and storage that is essential to ensure that data is safe and secure it also means that this organisation is compliant with laws and regulations such as GDPR and other data protection laws this prevents the organisation from being able to suffer from legal and financial and reputational repercussions due to them not keeping their data safe so it is essential that it is.


I specifically chose this desktop because it is the most latest imac version sold on amazon also I mac are know to have better security een though they have a high price and they are known for their good performance and they are fast and efficient Firstly, desktops generally have more processing power, storage capacity, and memory, allowing for faster and more efficient multitasking. Additionally, desktops often have larger displays, providing a better visual experience for activities like watching movies or working with multiple windows open simultaneously. Newer pcs are known to have no known vulnerabilities or way les compared to past older system and this make cyber criminals not want to hack into their system it acts as a deterrent because its hard for them to gain access this enhances SwiftFin solutions.


I chose this specific laptop because it again will enhance security and prevent cyber attack and authorised log in attempts this is important to ensure up most security for Swiftfin solutions.

Vpn  A VPN, which stands for virtual private network, protects its users by encrypting their data and masking their IP addresses. This hides their browsing activity, identity, and location, allowing for greater privacy and autonomy. Anyone seeking a safer, freer, and more secure online experience could benefit from a VPN especially a organisation that faciliaties payments so it is important that their data is encrypted and as a result data will be safe of this organisation and Swiftfin will be compliant with laws such as GDPR and this is qute beneficial for the origination as there is increase security and there wont be any connectivity issues because Nord Vpn is one of the best Vpns out there.

Role based access control



Role-based access control (RBAC), also known as role-based security, is a mechanism that restricts system access It involves setting permissions and privileges to enable access to authorized users this is what I recommend that this organisation uses so their data remains secure . Then that will eman only people who should have access to resources will get it in swiftFin solutions this ensures data is safe 

It also streamlines the onboarding and offboarding of employees and reduces certification fatigue. As a result of this this organisation is compliant with laws and regulation like gdpr and they are fully complaint and don’t risk suffering from legal financial and reputational repercussions. This will limit things like only admins will be able to install certain thinsg a=or access certain information this enhances their security.

Encryption 

At its most basic level, encryption is the process of protecting information or data by using mathematical models to scramble it in such a way that only the parties who have the key to unscramble it can access it. Encryption ensures no one can read communications or data except the intended recipient or data owner. This prevents attackers from intercepting and accessing sensitive data. This is what Swiftfin solutions should use mandatory in every place from storing files to sending data this ensures data is safe and also they are complaint with laws and regulations and don’t suffer from legal repercussion or financial. So I reconded that SwiftFin use asymmetric encryption for store files and also they use vpns like nord mandatory.

Shared login 

Logins should be different for everyone and the passwords should also be unique for everyone also the passwords should have a range of different letters and  characteristics making sure that they aren’t easy to guess and this also ensure upmost security from attacks such as  dictionary or brute force attacks that are built to crack passwords.



















Network topology


With all the new hardware suggested to Swiftfin solution, the following topology would be a great example on how the company could rearrange their network. This will also re-assure the company that their network runs smoothly as they have been using their topology for a long time which means that the topology is robust and efficient for the organization. This network topology that I have bellow is the best (efficient) and secure system they can have with the devices that Swiftfin solution has.


 




Final summary 

Overall I summarised all the issues that SWIFTfIiN solutions are facing and the actions that they will have to take implace this proposal talked about all of the specification and the requirements that are needed to sort this major issues out and that if things aren’t changed I have explained how severe the impacts will be in this proposal. 

I also suggested hardware and software that is required and the model and software that will be used including the cost I have explained many things in the intro and the Aims and issues of the project and the mitigation. I would also like to suggest that all of the hybrid users connect using a vpns that should be mandatory because it ensure safety. 

There should be mandatory encryption and all files will be kept safe this way and also the protocols need to be changed every 2 years or quicker depending on changes made to the organization including expansion this is quite important. And if everything I have said in this proposal is implemented overall this will benefit the organization and all requirement and issues will be sorted.



























































































































Comments

Post a Comment

Popular posts from this blog

TASK 1 MINE FULL

Image
      Introduction   I am a consultant who is working with TeachTechNow and I have been asked to make recommendations to secure the network and to resolve some specific issues that have been brought to my attention to the office there are currently a range of different issues and I will talk about them specifically what they are and what to do and how to mitigate these risks. I have been also told that that several organisations within the same sector have experienced successful cyber attacks and the board of directors are concerned with the management of the it systems at TeachTechNow and the impact it could have on their reputations so it is my job to ensure this does not happen and is prevented.         Overview of current issues:   Outdated operating systems One of the many factors that are making TeachTechNow have a insecure network is that they have old os systems and this is a major flaw and due to t...
Read more

Eveything TASK format

 You're in excellent shape — and yes, based on what you've now completed and plan to finish, you are in a strong position to earn full marks (6/6) for both parts of Task 4 , if you follow through properly . ✅ Let’s go over it clearly: 🧾 Part 1: Satisfaction Survey (6 marks) You already: ✔ Wrote thoughtful, varied questions ✔ Covered all required topics (ease of use, security, VPN/cloud access, confidence, secure work) ✔ Included different question types (tick boxes, yes/no, open, ranking, Likert scale) ✔ Aimed it at non-technical users ✔ Planned to add in formatting later (which is fine — it's expected) ➡️ As long as you add in the actual tick boxes, scales, and fix spelling/grammar , you’ll get full marks . 📄 Part 2: Project Summary (6 marks) You now have: ✔ A detailed overview of the original network weaknesses ✔ A clear list of solutions you implemented (cloud storage, VPN, hardware) ✔ A breakdown of security issues mitigated ✔ ...
Read more

Full format what i done at home questions

 Perfect — to help you achieve full marks (6 marks) on the sample satisfaction survey for Task 4, here's a fully expanded and professionally formatted version with a wide variety of question types , including: ✅ Yes/No ✅ Tick boxes ✅ Open-ended ✅ Ranking (1–10) ✅ Likert scale (Strongly Agree → Strongly Disagree) This version is clearly laid out, accessible for non-technical users , and specifically covers: Ease of use Network security Ability to connect to resources (especially via cloud/VPN) Confidence in security Ability to work securely and efficiently 📋 NexaTech IT Solutions – User Satisfaction Survey Thank you for taking part in this short survey. Your feedback helps us evaluate the effectiveness of our recent system upgrades, including new cloud storage and cloud-based VPN access. Section 1: General Usage and Frequency 1.1 Which department are you in? ☐ Finance  ☐ HR  ☐ Sales  ☐ IT  ☐ Operations  ☐ Other: ___________ 1.2 How often do you use...
Read more