retake esp sonali task 3
TASK 3
Longstaff Marketing Solutions
Sonali Paul
Jassal
Table of Contents
Having a centralised system to manage
User Identities and access................................. 3
Longstaff Marketing Solutions Updated Network Topology........................................... 0
Introduction:
Longstaff
Marketing Solutions are a marketing company with currently 25 staff, who have
expanded its workforce and relocated to a city centre office, but still relies
on outdated and insecure systems originally used in its home office. This
includes a SOHO router, a VPN server, and shared administrative accounts, which
pose significant security risks.
They are currently looking to modernise its infrastructure
by replacing the VPN with a cloud-based solution, strengthening data
protection, improving remote access management, and ensuring compliance with
data protection legislation. In order to do this, I will be looking at,
·
Looking at how I can ensure systems
are modernised
·
Current issues that are affecting the business
·
How is the software/hardware going
to be managed?
·
Justify the choices
made for the upgrades
·
Describe and justify
licensing for services
and products I may suggest
·
Relate the requirements to cybersecurity and data protection principles
Overview:
Current Issues:
Recently, the company
encountered a malware
attack on the NAS
drive and several important files were deleted
which included Personally identifiable information (PII) and it resulted in
losing two long term clients. Furthermore, this shows as a marketing company
their current network and infrastructure and security is clearly insufficient
to support their organisational needs and for future growth plans.
Additionally, currently there
is not much in place
to support employee’s awareness of current
threats an organisation may experience, which may lead to a lack of knowledge
and expertise when recovering from a cyber incident. With many weaknesses, it
can endanger customer data security, regulatory compliance and business
continuity. Consequently, this proposal will outline a detailed strategy to
prepare LongStaff Marketing Solutions for growth and meeting their
requirements.
These are Some of their main issues:
·
Lack of training
and awareness
·
Lack of backups
·
Outdated Systems
·
Generic, weak passwords
·
No role-based access
controls
·
Shared admin accounts
Requirements:
The requirements are:
• a centralised system to manage
user identities and access is
required
• replacement of the SOHO router with a more suitable solution
• securing access
to customer data from both inside and outside
of the network
• removal of VPN and replacement with a more user-friendly solution
• replacement of the network
attached storage (NAS) solution
• improved auditing
of network access
and activity
• remote management of devices outside
of the network
• systems that hold sensitive
data should be adequately protected
from network threats
• users should
not be able to install
unapproved software on their work
computers
• any training
or upskilling for staff to use the new systems should
be considered
• a robust
office solution should
be in place
Having a centralised system
to manage User Identities and access-
Having a centralised system to manage
user identities and access means having a system in place to manage all the organisations activity by
quickly and accurately verifying a person’s identity and deciding whether they
have the necessary permissions to use the requested resources during each
access attempt.
Furthermore, as hybrid work is more common and as this organisation
has plan of introducing all 25 staff
of working from home and remotely, it
is important to have a system in place that manages and controls what users can
and cannot access so that sensitive data and functions are restricted to the
people that may need that information. Therefore, we would like to recommend
Azure AD Premium
P1. This is software will be
really beneficial to Longstaff Marketing Solutions as it will significantly
enhance security as currently all staff has the same access level and shared
admin accounts. With all of this being replaced, it will prevent unauthorised
access and reduce risks form malware attacks. Moreover, it will simplify
management for all 25 users, making it easier for IT admin who the users are
and their access permissions. As the company will keep growing, it will be
easier to manage growth and expansion over time. Lastly, as some users may not
be as
experienced in terms of technicality, it is a simple sign-on with
multi-factor authentication which simplifies access to applications for staff
which will enhance productivity and security at the same time and support
hot-desking, which is also a requirement. Being able to provide,
MFA is vital in securing
user identities especially those who are remote.
Replacement of the SOHO router-
Recently, the company have moved from their original home office to
a new city central within a business centre
to support their major growth,
which had led them to move much of their home office
equipment to the new office and form the basis of their network. This is a great vulnerability, as it can pose the organisation to more at risks to attacks and frequently being
targeted by cybercriminals due to its weak security configurations. Therefore,
as a company who deals with sensitive information it can lead to a lot of
issues and potentially leaving the organisation suffering finically,
reputationally but also legally. Furthermore, it also has a limited device
capacity as SOHO routers a generally designed to handle a small number of
connected devices such as 10-20. But for this organisation, it could be quite
difficult as they recently have experienced major growth, therefore in the
future, it is most likely to keep growing, and for this reason, the SOHO router
will not be enough to meet the business’s needs.
Consequently, we would like to
recommend the Fortinet FortiGate 60F.We are aware your organisation has
preferred suppliers, however according to the business needs in terms of
security, we would highly recommend this product as it is both a firewall and a
router, which has advanced security and networking capabilities. It also has a
higher device capacity, which allows approximately 25-50 users, allowing for
scalability. As this organisation is further looking into working from home,
the FortiGate 60F allows for secure cloud-based access which replaces the
complex VPN server. This will ensure remote staff are authenticated securely,
which reduces the risks from the SOHO routers insecure VPN configurations.
On the Firewall policy, it clearly shows that the Server message
block which is used for file sharing and the
NAS drive, s blocking all users computers from accessing the NAS, which
is most likely a restrictive measure however, it is too restrictive and not
allowing any users form
accessing. Therefore, when configuring the new firewall, it is vital for it to be configured right. However, due to the replacement of the NAS drive, it will not be necessary for it to allow
any users to access it. In addition, the FortiNet has a default-deny policy
prevents external threats for exploiting the firewall, and stopping malware
form deleting important files. It also has strict rules that limits internal
misuse which mitigates insider threats also. Lastly, it reduces network expose
and this is done by limiting what ports are open unlike the SOHO router which
was quite an open but also weak configuration.
Replacement of the NAS (Network-Attached Storage)-
Unfortunate, this organisation had encountered a malware attack on
the NAS drive, which clearly highlights a vulnerability that has been exploited
and taken advantage of. The NAS drive is access through a shared administrative
account, with a generic and simple login (Username- LMSAdmin,
Password-Pa$$w0rd). Therefore, to reduce this vulnerability, we would recommend replacing the NAS drive with a cloud-
based solution, Microsoft 365 OneDrive for staff files and AWS S3 for sensitive
files. This way, it will allow for files to be managed and organised in a way
and prevent data misuse, by
restricting staff for downloading any other content and ensuring only
work-related data is saved. It also improves the recovery process as if there
was a cyber incident to occur OneDrive’s file versioning and S3s backup settings allows for quick restoration of deleted files and solving the
issue of client losses from data breaches. Furthermore, it can integrate with Azure AD for
role-based access control, which will allow for
restrictions to be put in place for data access, stopping inappropriate storage
but also who is accessing the data.
Improving Auditing-
As the Malware incident had occurred, there was currently nothing in
place to detect this incident, which shows that there was no real- time
monitoring for any suspicious threat or behaviour. This can be a huge problem
as it can impact the organisation in quite a
negative way as firstly, there would be no detection of the
incident, therefore, leaving it to
go unnoticed, Furthermore, it can also mean that there will be a delayed incident response, as it has not been detected
or noticed, which can gradually become a huge issue and potentially be
increasing recovery costs. Data Leaks and unauthorised access is also violating regulations and that can lead to penalties, legal action and leading to a bad
reputation. Therefore, we would highly recommend purchasing AWS CloudTrail to
log access to the AWS S3 data and Microsoft Sentinel to monitor the FortiGate
60F, Azure AD and device activity, with Microsoft 365.These both will detect
malware activity providing real time monitoring for suspicious behaviour. It
will also identify any insider threats and lastly make the incident
investigation process much more rapid and provide a clear timeline making it
less time consuming.
Remote Management of devices-
Currently, there is nothing place to manage devices that are working
from home apart from the VPN server which controls the remote access to the
company’s resources outside the network. This is a problem as, if there is no
remote management and a device may have a problem, IT staff will have to
physically access devices to troubleshoot or configure them, which causes
delays in resolving issues. Furthermore, it leads to reduced
productivity as the IT team may not be able to resolve issues like software conflicts
or misconfigured cloud applications.
Consequently, we would advise Microsoft Intune as it secure remote
laptops by enforcing encryption and security patches. It also enables remote
troubleshooting by
allowing remote wipe or diagnostics to fix issues without
onsite visits. Furthermore, it allows for blocking unauthorised software through intines
applications whitelisting and stopping staff from installing unapproved
software, reducing vulnerabilities.
Staff Training and Upskilling
Staff are provided with a set of three videos, totalling 2 hours of
training as part of their induction training introducing them to working safely
and securely on the network and devices.
The videos focus
on password security
and working safely
with equipment. When staff have completed watching the videos, they are
asked to inform the office manager. This is clearly showing that staff aren’t
as aware of the current threats and don’t have much technical knowledge but
more on how to use equipment safely. Despite the fact they have been taught
about password security, there is clearly not password security in place as all
password and account credentials and weak and quite generic. Furthermore, as
technology is rapidly advancing it is fundamental for them to know about the emerging threats that can be a risk for them and the
company as well. As a result, we would highly advise purchasing a one-time
package from Microsoft which is called Microsoft Learn Cybersecurity Modules that will
help teach them about more into this field and gain a deeper understanding.
Robust Office
Solutions:
Having a robust
office solution is vital as SMEs need robust solutions
for networking, productivity
and remote tools to stay efficient and secure. Therefore, we would recommend
Microsoft 365 Business Premium which will enhance productivity by providing
Teams, Word, Excel and other tools which will boost efficiency for all staff.
In addition, it simplifies remote access as cloud-based apps replaces the
complex VPN that was in place. Moreover, it facilitates hot-desking for real
time coloration and supports flexible work arrangements, meeting Longstaff
Marketing Solutions needs.
Cost
Breakdown:
|
Category |
Recommended Product |
Explanation |
Warranty/Software Licensing |
Quantity |
Total Price (INC VAT) |
|
10 remaining |
Dell Latitude |
The 10-office |
one year
warranty |
10 |
£849.99 x 10= |
|
staff to have |
5520 15.6" |
staff are |
from date of |
|
£8499.90 |
|
laptops |
Laptop - Core |
provided with |
delivery. |
|
|
|
provided. |
i7 3.0GHz CPU, |
laptops as
we |
|
|
|
|
|
16GB RAM |
believe with |
|
|
|
|
|
|
the plans of |
|
|
|
|
|
|
recommending |
|
|
|
|
|
|
all staff to |
|
|
|
|
|
|
work from |
|
|
|
|
|
|
home or |
|
|
|
|
|
|
remotely, it will |
|
|
|
|
|
|
be beneficial |
|
|
|
|
|
|
for them to be |
|
|
|
|
|
|
provided with |
|
|
|
|
|
|
one as
it will |
|
|
|
|
|
|
allow flexibility |
|
|
|
|
|
|
but also |
|
|
|
|
|
|
facilitating hot |
|
|
|
|
|
|
desking |
|
|
|
|
Centralised |
Azure AD |
|
Annual |
25 users |
£4.60 (one |
|
system |
Premium P1 |
Commitment |
|
user) x
25= |
|
|
|
|
|
|
£115 a month |
|
|
|
|
|
|
Yearly- |
|
|
|
|
|
|
£115x12=£1380 |
|
|
|
|
|
|
+ VAT =
£1656 |
|
|
Firewall + |
Fortinet |
|
1 Year Hardware |
1 |
£1,098.39 + |
|
Router |
FortiGate 60F |
plus FortiCare |
|
VAT = |
|
|
|
|
Premium and |
|
£1318.07 |
|
|
|
|
FortiGuard |
|
|
|
|
|
|
Enterprise |
|
|
|
|
|
|
Protection |
|
|
|
|
Data |
Microsoft |
|
Yearly Commitment |
25 |
£16.90(one |
|
Storage + |
Business |
|
|
user) x
25= |
|
|
Robust |
Premium |
|
|
£442.50 |
|
|
Office |
|
|
|
Annual- |
|
|
Solutions |
|
|
|
£442.50 x 12 = |
|
|
|
|
|
|
£5070 + VAT = |
|
|
|
|
|
|
£6084 |
|
Data Storage |
AWS S3 |
|
Monthly |
|
~ Pricing ranging from £3.73- £373.332 Depending on size and usage |
|
Auditing |
AWS CloudTrail |
|
Monthly |
- |
First 5 TB/month: £1.87 per
GB Next 20 TB/month: £0.75 per
GB Over 25 TB/month: £0.37 per GB Depending on size and usage |
|
Auditing |
Microsoft
Sentinel |
|
Pay As you go |
|
£4.11 per GB Approximately Maximum use 10GB – £41.11 Monthly |
|
Remote
Management |
Microsoft Intune Suite |
|
Yearly Commitment |
25 |
£7.70 (One user) x 25= £192.50 x12= £2310 + VAT = £2772 |
|
Training and awareness |
Microsoft Learn Cybersecurity
Modules |
|
One time |
1 |
~£500 (One time purchase) |
References:
|
Product: |
Reference: |
|
Dell Latitude 5520 15.6" Laptop
- Core i7 3.0GHz CPU, 16GB
RAM |
Dell Latitude 5520 15.6" Laptop
- Core i7 3.0GHz
CPU, 16GB RAM, Iris Xe, |
|
Azure AD Premium P1 |
|
|
Firewall+ Router |
|
|
Data Storage + Robust Office Solutions |
|
|
AWS CloudTrail Microsoft Sentinel |
|
|
Microsoft Intune |
|
PaulJassal_S_107557084_Task3
Final Summary:
Within our Proposal to Longstaff Marketing Solutions, we were asked to assess the specification of requirements and
prepare a proposal that addresses their needs
We were also given some current
issues. Along with those current issues,
I used my knowledge to create suggestions based on these issues. Not
only have we addressed hardware and software issues for you to use within
the business but also provided
justification for each suggestion and why it would be appropriate for you.
There is also a Cost breakdown
provided such as quantity, warranties and final costs.
We believe
the devices and products been suggested to you are great quality,
cost effective, but are also guaranteed to last a long time. Overall, we
have prioritised security and made sure the company requirements are met to
high standards.
Comments
Post a Comment