retake mr singh task 1

 

Part 1 – Fault-Finding Investigation Report

Overview

I was tasked with investigating a series of network and cyber security issues at SkyLink Financial Systems Ltd. Using control documents A, B, and C, I analysed the company’s current network set-up, user-reported issues, and VPN management system to identify root causes, potential vulnerabilities, and provide justified recommendations for improvement.

1. User A – Financial Analyst

Symptoms:

  • Unable to access certain financial databases.
  • Frequent “connection timed out” messages when retrieving reports.
  • Uses a desktop computer with Windows 7 and Office 2010.

Root Cause Analysis:

  • Outdated Operating System: Windows 7 is no longer supported by Microsoft, which means it lacks current security patches and performance updates. This increases vulnerability to malware and compatibility issues with newer servers.
  • DNS or DHCP Conflicts: The network uses DHCP to allocate IP addresses across all PCs and servers. The “connection timed out” messages indicate possible IP address conflicts or DHCP lease exhaustion (scope: 192.168.1.2–192.168.1.201), which is insufficient for over 220 users and multiple devices.
  • Server Performance: The file and print server runs on Windows Server 2008, an outdated OS struggling with modern workloads and lacking optimisation for newer clients.

Security & Performance Risks:

  • Unsupported systems are vulnerable to exploitation.
  • Inefficient DNS and DHCP management could cause intermittent access or man-in-the-middle attacks.

Recommendations:

  1. Upgrade User A’s workstation to Windows 11 Pro and Microsoft 365 for compatibility and improved security.
  2. Extend the DHCP scope to accommodate all devices (e.g., 192.168.1.2–192.168.1.254) and reserve static IPs for servers.
  3. Replace or upgrade the file and print server to Windows Server 2022 for modern DNS and performance management.
  4. Replace the domestic router with a commercial-grade managed router that can handle enterprise-level traffic.

2. User B – Compliance Manager

Symptoms:

  • VPN frequently disconnects while remote working.
  • Receives “Maximum concurrent connections reached” message.

Root Cause Analysis:

  • The VPN management system (Control Document C) shows 12/12 concurrent user licenses in use. Many connections are from unknown or unauthenticated devices using the “Admin” account (e.g., “Becky’s iPhone,” “Unknown,” “AMS-213”).
  • This suggests account sharing and poor credential management, leading to license exhaustion and security risks.
  • “Admin” credentials have been used by multiple devices, violating policy.
  • The system shows unencrypted and unauthenticated connections, exposing sensitive traffic.

Security & Performance Risks:

  • Shared administrator credentials enable unauthorised remote access (potential insider threat).
  • Lack of device authentication increases risk of data interception and man-in-the-middle attacks.

Recommendations:

  1. Disable shared admin access; issue unique user accounts for each authorised employee.
  2. Implement multi-factor authentication (MFA) for VPN logins.
  3. Configure device certificates to restrict access to trusted corporate devices only.
  4. Increase VPN license capacity and enable session timeout policies.
  5. Enforce encryption for all VPN traffic.
  6. Audit and remove all unauthorised connections.

 

3. User C – IT Security Officer

Symptoms:

  • Server access permissions change unexpectedly.
  • New administrator accounts appear without approval.

Root Cause Analysis:

  • Indicates privilege escalation or credential misuse.
  • Could stem from weak access control, shared admin credentials, or lack of role-based access control (RBAC).
  • No mention of security event logging or change monitoring, which makes unauthorised activity harder to trace.

Security & Performance Risks:

  • Insider threats or external attackers could escalate privileges and manipulate data.
  • Breach of compliance with data protection and auditing standards.

Recommendations:

  1. Implement Active Directory role-based access control (RBAC) and limit admin privileges to authorised personnel.
  2. Introduce security event logging and monitoring using a tool such as Windows Event Viewer or a SIEM solution (e.g., Splunk).
  3. Enforce password policies (length, complexity, expiry).
  4. Conduct regular privilege audits and require written approval for any new admin accounts.
  5. Introduce cybersecurity awareness training to all staff focusing on insider threat prevention and credential security.

 

 

 

 

 

 

 

4. General Network and Security Issues

Issue

Impact

Recommendation

Domestic router used for 220 users

Performance bottleneck, unmonitored traffic

Replace with enterprise-grade managed router/firewall

No Wi-Fi password

Open access to external threats

Implement WPA3-secured guest network with VLAN segregation

Outdated servers (2008, 2019 mix)

Compatibility & patch risks

Standardise all servers to Windows Server 2022

No formal staff training

Human vulnerabilities

Introduce induction & ongoing cyber training

DHCP scope too narrow

IP conflicts

Expand range or implement subnetting

Summary of Findings

The main causes of SkyLink’s network and security issues are:

  • Outdated hardware and operating systems.
  • Poor network design (domestic router, limited DHCP).
  • Shared admin credentials and weak access control.
  • Unsecured wireless access.
  • Lack of staff training and formal IT governance.

Overall Recommendation:
SkyLink must invest in modern infrastructure, implement centralised identity and access management, enforce secure VPN and device policies, and introduce continuous monitoring and training to reduce both insider and external threats.

 

 

 

 

 

 

 

Test ID

User

Date

Device/Spec

Test Description

Expected Outcome

Actual Outcome

Actions Taken / Changes Made

User Acceptance

T1

User A (Financial Analyst)

 

Desktop PC – Win 7, Office 2010

Ping test to file server (192.168.1.2)

Successful, <20ms response

Timeout/intermittent

Reconfigure DHCP scope; replace router; retest

Accepted

T2

User A

 

Upgraded to Win 11

Access financial DB after upgrade

Stable connection

Stable after upgrade

Verified DNS resolution fixed

Accepted

T3

User B (Compliance Manager)

 

Laptop (Win 10)

Connect to VPN using individual account

Connection established securely

Failed – “Max concurrent connections”

Disabled shared Admin account; increased license limit

Accepted

T4

User B

 

Laptop

Verify encryption enabled (AES-256)

“Yes” encryption required

Working correctly

Applied encryption policy

Accepted

T5

User C (IT Security Officer)

 

Admin workstation

Review user permissions in AD

Only approved admins visible

Unauthorised admin detected

Deleted rogue accounts; implemented RBAC

Accepted

T6

All users

 

N/A

Test Wi-Fi guest network

Access restricted to Internet only

Accessing company network

VLAN separation configured

Accepted

T7

IT Admin

 

Server

Simulate login attempts (audit test)

Log all events visible

No audit trail before

Implemented SIEM log retention

Accepted

T8

HR PC

 

Win 10

Access printer after network redesign

Print jobs succeed

Successful

Confirmed after router replacement

Accepted

 

Comments

Post a Comment

Popular posts from this blog

TASK 1 MINE FULL

Image
      Introduction   I am a consultant who is working with TeachTechNow and I have been asked to make recommendations to secure the network and to resolve some specific issues that have been brought to my attention to the office there are currently a range of different issues and I will talk about them specifically what they are and what to do and how to mitigate these risks. I have been also told that that several organisations within the same sector have experienced successful cyber attacks and the board of directors are concerned with the management of the it systems at TeachTechNow and the impact it could have on their reputations so it is my job to ensure this does not happen and is prevented.         Overview of current issues:   Outdated operating systems One of the many factors that are making TeachTechNow have a insecure network is that they have old os systems and this is a major flaw and due to t...
Read more

Eveything TASK format

 You're in excellent shape — and yes, based on what you've now completed and plan to finish, you are in a strong position to earn full marks (6/6) for both parts of Task 4 , if you follow through properly . ✅ Let’s go over it clearly: ๐Ÿงพ Part 1: Satisfaction Survey (6 marks) You already: ✔ Wrote thoughtful, varied questions ✔ Covered all required topics (ease of use, security, VPN/cloud access, confidence, secure work) ✔ Included different question types (tick boxes, yes/no, open, ranking, Likert scale) ✔ Aimed it at non-technical users ✔ Planned to add in formatting later (which is fine — it's expected) ➡️ As long as you add in the actual tick boxes, scales, and fix spelling/grammar , you’ll get full marks . ๐Ÿ“„ Part 2: Project Summary (6 marks) You now have: ✔ A detailed overview of the original network weaknesses ✔ A clear list of solutions you implemented (cloud storage, VPN, hardware) ✔ A breakdown of security issues mitigated ✔ ...
Read more

Full format what i done at home questions

 Perfect — to help you achieve full marks (6 marks) on the sample satisfaction survey for Task 4, here's a fully expanded and professionally formatted version with a wide variety of question types , including: ✅ Yes/No ✅ Tick boxes ✅ Open-ended ✅ Ranking (1–10) ✅ Likert scale (Strongly Agree → Strongly Disagree) This version is clearly laid out, accessible for non-technical users , and specifically covers: Ease of use Network security Ability to connect to resources (especially via cloud/VPN) Confidence in security Ability to work securely and efficiently ๐Ÿ“‹ NexaTech IT Solutions – User Satisfaction Survey Thank you for taking part in this short survey. Your feedback helps us evaluate the effectiveness of our recent system upgrades, including new cloud storage and cloud-based VPN access. Section 1: General Usage and Frequency 1.1 Which department are you in? ☐ Finance  ☐ HR  ☐ Sales  ☐ IT  ☐ Operations  ☐ Other: ___________ 1.2 How often do you use...
Read more