Module 2: Network Security

A 6-Unit Module that Started on June 2022 and was Covered in 6 Weeks by Beran Necat

Summary

In this Module, we looked at the impact of cyber security on network systems and designs by focusing on network vulnerability assessments.

We also discussed the techniques that can be used to scan, evaluate and in some case mitigate network vulnerabilities.

Skills Acquired

Ability to identify and analyse security threat and vulnerabilities in network systems.

Ability to gather and synthesise information from multiple sources (including internet security alerts and warning sites) so as to aid in the systematic analysis of security breaches and issues.

Gained knowledge on how to create and use security vulnerability and assessment tools

Gained Knowledge of the legal, social, ethical and professional issues faced by information security and risk professionals: Data privacy, etc.

Ability to determine appropriate methodologies, tools and techniques to manage and/or solve security threats and vulnerabilities: Use of Threat methodologies like: CyberKill Chain model, use of penetration testing tools, Attack trees, OWASP, STRIDE, DREAD, etc.

Awareness of the various protocols and architectures used by various network systems.

Knowledge of the fundamentals of vulnerability assessment in various systems and the fundamentals of the provision of security in information networks.

References Used

Below is a list of all the Sources (articles, books, reports, whitepapers, websites, etc) that I used through out this module (Using Harvard Referencing style).

Anon, N.D.. The top cybersecurity challenges for brick-and-mortar stores. [Online] Available at: https://ergos.com/security/the-top-cybersecurity-challenges-for-brick-and-mortar-stores/

Banerji, R., 2019. Will the T&D utility of the future have a digital DNA. [Online] Available at: https://www.accenture.com/us-en/blogs/accenture-utilities-blog/will-the-td-utility-of-the-future-have-a-digital-dna

Spremić, M. & Šimunic, A., 2018. Cyber Security Challenges in Digital Economy. [Online] Available at: http://www.iaeng.org/publication/WCE2018/
WCE2018_pp341-346.pdf

Ranum, M. J., 2014. Breaking Cyber Kill Chains. [Online] Available at: https://www.tenable.com/blog/breaking-cyber-kill-chains

Atashzar, H., Torkaman, A., Bahrololum, M. & Tadayon , M. H., 2011. A survey on web application vulnerabilities and countermeasures. Seogwipo, Korea (South), IEEE, pp. 647-652.

Bassi, B., 2021. 6 Common Website Security Vulnerabilities. [Online] Available at: https://www.commonplaces.com/blog/6-common-website-security-vulnerabilities/

Bechenea, D., 2021. Website Vulnerability Assessment. [Online] Available at: https://pentest-tools.com/blog/website-vulnerability-assessment

Bocetta, S., 2020. 4 steps to conducting a proper vulnerability assessment. [Online] Available at: https://blog.candid.org/post/4-steps-to-conducting-a-proper-vulnerability-assessment/

Geib, J. et al., 2022. Getting started with the Threat Modeling Tool. [Online] Available at: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-getting-started

Johnston, M., 2016. 6 Best Anti-Spam Plugins for your Website. [Online] Available at: https://www.cmscritic.com/6-best-anti-spam-plugins-for-your-website/

Kotagiri, R. & Leckie, C., 2002. A probabilistic approach to detecting network scans. Florence, Italy, IEEE, pp. 359-372.

Meier, J. D. et al., 2010. Chapter 2 - Threats and Countermeasures. [Online] Available at: https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff648641(v=pandp.10)?redirectedfrom=MSDN

Meyer, J., 2018. Vulnerabilities Found in Popular Ticketing System. [Online] Available at: https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c

Singh, R., 2021. What is a Website Vulnerability and How Can it be Exploited. [Online] Available at: https://www.indusface.com/blog/what-is-a-website-vulnerability-and-how-can-it-be-exploited/

Srinivas, 2018. Automated Tools vs a Manual Approach. [Online] Available at: https://resources.infosecinstitute.com/topic/
automated-tools-vs-a-manual-approach/

Team Hallam, 2018. Website legal requirements: laws and regulations in the UK (2018). [Online] Available at: https://www.hallaminternet.com/internet-marketing-and-the-law-legal-issues-affecting-you-and-your-website/

Anon, 2017. Call to action and resources (threat modeling for drivers). [Online] Available at: https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn613894
(v=vs.85) [Accessed 20 July 2022].

Danielle, 2016. What is a Firewall, and Why Do You Need It?. [Online] Available at: https://www.powderkegwebdesign.com/what-is-a-firewall/ [Accessed 24 July 2022].

Dholakiya, P., N.D.. What Is the Cyber Kill Chain and How It Can Protect Against Attacks. [Online] Available at: https://www.computer.org/publications/tech-news/trends/what-is-the-cyber-kill-chain-and-how-it-can-protect-against-attacks [Accessed 21 July 2022].

Hernan, S., Lambert, S. & Ostwald , T., N.D. Uncover Security Design Flaws Using The STRIDE Approach. [Online] Available at: https://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWF
pbnxzZWN1cmVwcm9ncmFtbWluZ3xneDo0
MTY1MmM0ZDI0ZjQ4ZDMy [Accessed 16 July 2022].

Johnston, M., 2016. 6 Best Anti-Spam Plugins for your Website. [Online] Available at: https://www.cmscritic.com/6-best-anti-spam-plugins-for-your-website/

Kaur , N. & Kaur, P., 2014. Input Validation Vulnerabilities in Web Applications. Journal of Software Engineering, Volume 8, pp. 116-126.

Kumar , C., 2022. SSL Test Certificate. [Online] Available at: https://geekflare.com/ssl-test-certificate/ [Accessed 21 July 2022].

Wright, L., N.D.. The severe ramifications of failing to comply with GDPR. [Online] Available at: https://www.core.co.uk/blog/blog/ramifications-failing-comply-with-gdpr#:~:text=Financial%20penalties,of%20a%20
company's%20annual%20turnover. [Accessed 24 July 2022].

Overview of Key Tasks and Projects Completed

During this module, I completed a series of tasks and assignments that equipped me with practical skills in cybersecurity and software development.
Below is a summary of the projects, techniques, and security solutions learned throughout the course.

Network Security and Cyber Kill Chain Model

Explored the history of network security and vulnerabilities, analyzing key security incidents from the past and their impact on modern cybersecurity practices.

Studied and applied Lockheed Martin's Cyber Kill Chain Model to real-world case studies, including the SolarWinds exploit, to understand how advanced persistent threats (APTs) operate.

Participated in a collaborative discussion on security implications of the digital economy, sharing insights on digitalization risks and mitigation strategies.

Vulnerability Assessments and Breach Analysis

Conducted a vulnerability audit and assessment for a case study on PC Help Me, performing:

- Testing and scanning using industry-standard vulnerability assessment tools.

- Analysis of findings to create a structured audit document and security improvement plan.

- Executive summary outlining key risks and recommendations for mitigation.

Analyzed major security breaches, including the Adobe data breach, evaluating attack vectors, weaknesses exploited, and countermeasures.

Logging, Forensics, and Incident Response

Examined logging techniques in Windows vs. Linux environments and explored forensic tools for security investigations.

Reviewed forensic methodologies and tools used for extracting evidence during security incidents.

Developed an Assessment Reporting Template based on industry best practices to document security findings effectively.

Emerging Trends and the Future of the Internet

Studied next-generation internet technologies, including:

- Content-centric networking (CCN, NDN, COAST)

- Peer-to-peer overlay networks (BitTorrent, TOR, Freenet, KAD)

- MobilityFirst architecture

- Security enhancements in IPv6 (DNSSEC, HTTP/3, IPsec)

Participated in a debate on the future of the internet, presenting arguments in favor of peer-to-peer overlay-based networking as the dominant future model.

Key Tasks and Projects Completed

The tasks, projects and assignments that equipped me with practical skills in cybersecurity and software development.

Vulnerability Assessments

Did an Assessment (Vulnerability Audit and Assessment - Baseline Analysis and Plan) for https://pchelpme.org.uk case study. Below is the essay that I handed out.

Download PDF

As a continuation, I did another Assessment (Vulnerability Audit and Assessment - Results and Executive Summary) for https://pchelpme.org.uk case study.
Below is the essay that I handed out.

Download PDF

Breach Analysis and Mitigation Report

Below is my report after analysing the Adobe data breach case study.

Download PDF

Breach Analysis and Mitigation Report

A group debate on "The Future of the Internet" that we were to second that "It is our belief that the future of the internet is based on peer-to-peer overlay-based networking (BitTorrent, TOR, Freenet, KAD)".
After a couple of group meetings discussing on the subject above, we presented:

Download PDF

Final Reflective Piece

Completed a Reflective Essay, discussing the key lessons learned throughout the module and their practical applications in real-world cybersecurity scenarios.

Download PDF

E-Portfolio: Beatrice MUTEGI-ROYER