Assessment 2: Case Study - Part 2A & 2B Analysis and Remediation

Verified

Added on 2022/09/06

AI Summary

This case study analyzes firewall logs and identifies security issues within a banking network. The student identifies external requests via port 9999, the rejection of TCP connections, and the impact on mail and application servers. The analysis includes a tentative remediation plan focusing on firewall configuration and service errors, along with a communication strategy for incident management involving the CIO, operations manager, and IT team. The interpretation of the information provided confirms firewall misconfiguration as the root cause of delays in mail delivery and external email sending, leading to recommendations for communication with network and security managers to implement necessary changes. The student references several key sources to support the analysis.

Running head: ASSESSMENT 2
ASSESSMENT 2: CASE STUDY: PART 2A AND 2B
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ASSESSMENT 2 2
Introduction
From assessment one, it is evident that there are various issues identified from the city
bank network system. This report is divided into two major sections. The first section will
highlight the identified issues with the firewall, other devices that an IT security manager needs
to request events or logs of the gadget to reduce the impact of the bank attack, and remediation
plan to stop any cyber-related attack. The second part will give an interpretation of the
information provided; where an explanation will be highlighted on how the information was
helpful.
Assessment part 2A
Issues identified from the firewall log
By just installing a firewall and configuring its rule-set and by letting it deny or pass
network traffic is not enough especially in the banking sector. One needs to continually monitor
firewall logs. From the firewall log provided it is evident that requests to banking resources are
external and are done via port 9999. All the various IP addresses have been rejected. From the
logs given it is evident from timestamp that the date and time of request of connection is the
same that is 20/12/18 at 14:18. Also, connections are TCP type. From the view the firewall
prohibits from passing any TCP type of connection this is the reason as to external users are
always complaining of services as SEND TCP –DESTINATION-UNREACHABLE BACK TO
THE SOURCE error is always found by the external users. The services which they are denied
are; assess to mail and application servers (Vacca & Ellis, 2013)

ASSESSMENT 2 3
Identification of any devices and information needed
Besides firewall logs, as IT security manager, one needs to request information about
router logs. Router logs provide the most basic information about network traffic; routers process
high volume of network traffic as compared to firewalls. By examining router logs, one can tell
the basic features of packets and connections when making certain decisions. Some of the added
information that one will get by examining router logs are the size of each packet, and the TCP
flags. Also, an IT security manager needs to ask for all the server logs. This will assist in
gathering statistics and the important figures about the usage of the server; for example by
requesting mail server logs, the IT security manager will be in a position to tell the usage of a
mail server. Also, an IT security manager can know the automatic logging of crawlers; here the
IT security manager will be able to tell all the visit that was done to a certain server.
Tentative remediation plan
To those individuals trying to access the banking resources; i.e. the mail and application
servers through TCP connection they always receive a TCP RST (Reset) option response i.e. a
reject response. There are two common causes of this; one is the misconfiguration of the
firewall. Here the security team needs to check the port number clearly and re-configure the
firewall. Second is service error, like where a service that ought to be listening on a port is
crashed or deemed unavailable. Also, the bank’s firewall is configured to silently reject any TCP
connections to the mail or application servers. The main goal of this remedy is to accept genuine
request from the external environment (Bosworth, Kabay, & Whyne, 2014)

ASSESSMENT 2 4
Communication regarding the incident
Any IT related issue requires a proper communication plan. Usually, a communication
plan consists of strategies and procedures on how to counter a certain incident. This means that
the first contact person needs to the CIO, and operation manager of the bank. This assists in
bringing into attention the agency of the IT issue. This ought to be done face to face and
documented using emails. Face to face communication is better as it allows one to demonstrate
the repercussion to the organization thus assist them in drafting strategies. The second team to be
contacted is the IT team. Here the IT security manager needs to highlight firewall configuration
steps. All communication ought to be done when an issue is reported to facilitate faster response
to remediation plan in place by again re-configuring again the bank firewall (Pemble & Goucher,
2019).
Assessment task 2B
An interpretation of the information provided and an explanation of interpretation of the
security incident
To start with any information which was provided was helpful. For example the
information provided by the security team (part 2b) about the current performance of the various
servers assisted to confirm that there was an issue with firewall configuration on mail and
application server. The security team stated that there was an issue with the corporate mail server
where there was a delay in receiving inbound mails of up-to 90 minutes, there was also issues
with sending email to external parties whereas internal testing to the mail server showed no any
issues. This assisted in proving that the firewall was not configured appropriately as it would
always reject TCP Ext_bound connections (Whitman & Mattord, 2014).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ASSESSMENT 2 5
Communication regarding the incident taking
Communication regarding this is done to both the network manager and security
administrators. Network manager who is responsible for data communication needs to be
notified there is a firewall misconfiguration which causing the slow response to the organization
mail server. The security managers need to be notified that they need to implement the new
firewall changes. Communication to network manager can be done via mail or phone. To the
security managers, the communication needs to be done face to face to express the damage
which can be caused by not implementing the new firewall configuration changes (Harringt,
2015).

ASSESSMENT 2 6
References
Bosworth, S., Kabay, M. E., & Whyne, E. (2014). Computer security handbook. New York: John
& Wiley Press.
Harringt, J. L. (2015). Network security : a practical approach. Amsterdam ; Boston: Elsevier :
Morgan Kaufmann Publishers.
Pemble, M., & Goucher, W. (2019). The CIO's guide to information security incident
management. New York: wesley Press.
Vacca, J. R., & Ellis, S. (2013). Firewalls jumpstart for network and systems administrators.
Amsterdam: USA EBSCO Industries, Inc.
Whitman, M. E., & Mattord, H. J. (2014). Guide to firewalls and network security. New York:
Cengage Learning Press.