PricingBlogAbout Us

Security Audit and Vulnerabilities in Building 402, Curtin University

Verified

Added on  2020/03/23

|11
|2140
|57
Report
AI Summary
This report presents a comprehensive analysis of security vulnerabilities within Building 402, the Office of Research and Development at Curtin University. It begins with a detailed overview of the building's layout, including entrances, exits, and internal spaces like the server room and computer labs. The report categorizes security measures into three levels: perimeter security (Level-0), interior access control (Level-1), room-specific security (Level-2), and workstation security (Level-3). The report includes floor plans and diagrams illustrating potential attacker routes, identifying vulnerabilities in access points like the main entrance, fire exits, and the building's terrace. A risk assessment is conducted for Room 230, evaluating the technological assets (workstations and a switch), calculating Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE), and identifying potential security vulnerabilities such as injection flaws, broken authentication, security misconfigurations, sensitive data exposure, and component vulnerabilities. The report concludes with recommendations for preventative measures, including regular security updates, continuous monitoring, the use of advanced security techniques, data protection, and regular component checks. The bibliography provides a list of relevant sources used in the report.
Document Page
Running head: SECURITY VULNERABILITIES
Security Vulnerabilities
Name of Student:
Name of University:
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1
SECURITY VULNERABILITIES
Detailed access control and physical security audit of the entrances, ground floor and
workstations in Building 402
The Curtin University Office of Research and Development of West Australia is the
building that is being discussed here. The building number 402 is surrounded by the building son
both sides and the by a ground and road on the other two sides of the building. The address of the
building provided is 402, Kent Street, Bentley, Perth 6102. Western Australia. The building has
two adjacent building located on the north and the west of the research building. The east side of
the building is surrounded by the ground of the research institute that is meant for different type
of sporting activities. In addition to this the south of the building is surrounded by the Kent road.
The inside of the building is consisting of the main entrance on the south and also the main
entrance provides the access to the main road. In addition to this, the building consists of an
emergency fire exit that is located on the north east end of the building. On the north east flank
of the building is the stairway that provides the access to the upper floor of the building. The
escalator is also present on the right flank of the building. In addition to all this, 6 rooms and a
washroom is present on the ground floor of the building. There are three training rooms, two
computer labs and a server room is present. Additional information about the server room is also
provided. The server room is very important for the network components of the building. The
training rooms of the building are used for the training purposes and the computer labs are used
for the training and the purpose of research for the research Centre. Additionally, the server room
is air conditioned and the temperature and the humidity level of the lab and the server room are
monitored and kept in control. In addition to this the washroom is being accessed by all the staffs
and the users that are present in the building. The main security measures that are applicable for
the building can be categories into three level.
Document Page
2
SECURITY VULNERABILITIES
Level-0: The level 0 security is concerned with the security of the building is the fencing that is
surrounding the building. It is outer layer of security for the building. The building is surrounded
by a 5 m wall on three sides. The wall is 10 meters high and this makes it very difficult for any
attacker to climb it. Hence, sufficient protection is provided to the building by the outer layer.
Level-1: The level 1 security is basically concerned with the interior security of the building. The
main entrance is guarded by iron door followed by glass wall and is locked internally when the
shift hours are over in the building. In addition to this there is the fire exit that is guarded by an
iron wall. The door is also locked internally and also provided an exterior protection.
Level 2: The level 2 security of the building is associated with the protection of the different
rooms and also with the level of protection in the different type of rooms that are present in the
building. The server room door is locked by the use of biometric means. An alarm goes off if the
intruder tries to get into the room without proper authentications. In addition to this, the doors of
the other rooms are locked by the default locking techniques.
Level 3: The level 3 locking technique is used for the machines that are installed in the building.
The machine is locked by means of biometrics and also an automated pin for every machine is
generated by which the access to the machine is possible.
Hence, the security of the building can be properly justified by these levels. The access
to the buildings are very restricted by all the above mentioned method and the breach of security
is very difficult for any type of intruder that tries to have access to the system.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3
SECURITY VULNERABILITIES
Detailed floorplan of the entrance level on Building 402
Figure 1: Detailed plan for the building 402
Source: (created by Author)
The above diagram provides the information about the location of the building and
different type of aspects of the different type of aspects of the buildings that are the buildings
that are surrounding the main building and also the different exits and the entrance to the
building displayed aptly in the building. The stairways and the escalators are also displayed aptly
in the building plan for the building number 402. The pathways to the different outlets form the
building are also displayed in the diagram.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4
SECURITY VULNERABILITIES
Figure 1: Diagram showing the route taken by the attacker inside the building
Source: (created by Author)
The path that can be taken by the intruder or the attacker is displayed in the diagram that
is provided above. The red, blue and the yellow lines are used for displaying the different routes
and processes that can be adopted by the intruder to enter into the building and access the system
of the building. The red line indicates the route taken by the intruder that is starting from the
main entrance. This route is very difficult as this way is guarded by the security guards and even
if the intruder is able to get access to the main entrance he has to unlock a level two lock that is
set in the main entrance. The intruder after entering into the building can however roam around
Document Page
5
SECURITY VULNERABILITIES
freely, as the security cameras installed inside the building are not in a working state at that
moment of time and no one would be present at night in the building to monitor the cameras.
After the intruder gets in the building the he can enter into different rooms provided that he has
the access to the systems and also the biometric data for the authentication should be available to
the intruder for the access to the rooms so that he can easily get out of the rooms. In addition to
this, the yellow line denotes a different path for the intruder that would allow the intruder the
access to the building. The intruder would be able to get into the building via the fire exit. The
intruder would have to travel the path on the side of the building and reach to the back door.
Although the door is not guarded by any type of security guards the door is more complex to
access. In addition to this, the blue line indicates the path that is taken by the intruder for access
to the building via the terrace of the building. The intruder has to traverse through all the floors
of the building and reach to the ground floor. The intruder can also access the escalator to reach
to the ground floor.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6
SECURITY VULNERABILITIES
Detailed plan of inside Room 230
Figure 1: Detailed plan for room number 230
Source: (created by Author)
The above diagram provides the information about the room number 230. The room
consists of six workstations and six chairs. The room also has two doors both of which are
accessible by the biometric data that is stored in the database of the server that is located in the
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
SECURITY VULNERABILITIES
building. In addition to this, there is a switch that helps in connecting the workstation to the main
server.
Detailed risk assessment of the lab 230
The technological assets that are present in the room are:
Workstation: There are six workstations in the room. These are developed by Acer. The
model number of the workstations area Aspire E1, Aspire E2, Aspire E3, Aspire E4, Aspire E5
and Aspire E6.
The estimated value of the workstations is: $10,000 each
Switch: the switch present in the room is developed by TP link. The model number being
T5098. The estimated value of the switch is $12,000.
The expected value of the SLE and ALE are:
SLE for the workstations: The chance of occurrence is very rare and hence the ARO is
40%. Hence, the ALE is 10000 x 40/100 = $4000.
ALE for the Workstations: 4000 x 40% = $1600
SLE for the Switch: The chance of occurrence is very rare and hence the ARO is 50%.
Hence, the ALE is 12000 x 40/100 = $6000.
ALE for the Switch: $6000 x 50% = $3000
Security vulnerabilities are:
Injecting flaws: The attacker can inject flaws in the locking system or the monitoring system of
the building so that he can rap fruitful benefits form it.
Document Page
8
SECURITY VULNERABILITIES
Broken Authentication: The attacker can break into the rooms by breaking the authentications
that are set in the rooms.
Security Misconfiguration: The security can be misconfigured leaving the system vulnerable to
outside intrusion.
Sensitive data exposure: The biometric data can be left exposed by the staffs in some instances.
This would result in an easy access for the intruder.
Use of components without knowing the vulnerabilities associated with it: The use of
components in the building without any proper information can result in situations that are
vulnerable for the building.
Prevention
1. The security should be updated regularly.
2. Regular monitoring on the security should be done.
3. Advanced security techniques are to be used.
4. Data should be well protected and monitored regularly.
5. The components should be checked regularly.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
9
SECURITY VULNERABILITIES
Bibliography
Amoozadeh, Mani, Arun Raghuramu, Chen-Nee Chuah, Dipak Ghosal, H. Michael Zhang, Jeff
Rowe, and Karl Levitt. "Security vulnerabilities of connected vehicle streams and their impact on
cooperative driving." IEEE Communications Magazine 53, no. 6 (2015): 126-132.
Cifuentes, Y., L. Beltrán, and L. Ramírez. "Analysis of Security Vulnerabilities for Mobile
Health Applications." In 2015 Seventh International Conference on Mobile Computing and
Networking (ICMCN 2015). 2015.
Cifuentes, Y., L. Beltrán, and L. Ramírez. "Analysis of Security Vulnerabilities for Mobile
Health Applications." In 2015 Seventh International Conference on Mobile Computing and
Networking (ICMCN 2015). 2015.
Fonseca, Jose, Nuno Seixas, Marco Vieira, and Henrique Madeira. "Analysis of field data on
web security vulnerabilities." IEEE transactions on dependable and secure computing 11, no. 2
(2014): 89-100.
Giaretta, Alberto, Sasitharan Balasubramaniam, and Mauro Conti. "Security Vulnerabilities and
Countermeasures for Target Localization in Bio-NanoThings Communication Networks." IEEE
Transactions on Information Forensics and Security 11, no. 4 (2016): 665-676.
Marsden, Terry, Ana Moragues Faus, and Roberta Sonnino. "Corporate Food Governance,
Financialisation and the Reproduction of Food Security Vulnerabilities." Connecting local and
global food for sustainable solutions in public food procurement 14 (2015): 414.
Ristov, Sasko, Marjan Gusev, and Aleksandar Donevski. "Openstack cloud security
vulnerabilities from inside and outside." Cloud Computing (2013): 101-107.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10
SECURITY VULNERABILITIES
Sadeghi A, Bagheri H, Malek S. Analysis of Android inter-app security vulnerabilities using
COVERT. InSoftware Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International
Conference on 2015 May 16 (Vol. 2, pp. 725-728). IEEE.
Tamrawi, Ahmed, and Suresh Kothari. "Projected Control Graph for Accurate and Efficient
Analysis of Safety and Security Vulnerabilities." In Software Engineering Conference (APSEC),
2016 23rd Asia-Pacific, pp. 113-120. IEEE, 2016.
Zuo, Chaoshun, Wubing Wang, Zhiqiang Lin, and Rui Wang. "Automatic Forgery of
Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services."
In NDSS. 2016.
chevron_up_icon
1 out of 11
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.