DHN1 Task 1: Network Merger and Implementation Plan
Western Governors University
D482 – Secure Network Design
A. Network Security and Infrastructure Problems
, Company A
Network Security Problems:
Weak Password Policy: Company A enforces only eight-character passwords without
complexity or expiration requirements. This exposes the organization to brute-force and
credential-stuffing attacks, especially from automated tools that can easily crack short
passwords. In a financial institution handling customer PII and sensitive data, such weaknesses
increase the risk of data breaches and regulatory noncompliance (e.g., GLBA).
Open and Unsecured Ports: Company A's risk assessment shows open ports ranging from 21–
90 and 3389 (RDP). These ports, particularly 3389, are known vectors for external threats,
including ransomware and unauthorized remote access. The absence of proper filtering or access
controls makes exploitation more likely.
Infrastructure Problems:
Use of End-of-Life (EOL) Systems: The company still operates legacy systems such as
Windows Server 2012 and Cisco 3750X switches, which no longer receive vendor support or
security patches. These systems pose a significant risk because known vulnerabilities remain
unpatched and easily exploitable.
Outdated Wireless Access Points: Meraki MR28 wireless access points are still in production.
These devices are not only nearing or at EOL but also have known vulnerabilities (e.g.,
CVE-2022-33279), which allow for arbitrary code execution and potential denial-of-service
(DoS) conditions.
Company B
Network Security Problems:
Lack of Multi-Factor Authentication (MFA): MFA is not enforced across user accounts,
leaving the organization vulnerable to phishing, password reuse, and credential theft. In a cloud-
connected and remote-access environment, this creates a significant security gap.
PostgreSQL Admin Interface Exposed to Internet: A critical vulnerability was identified
where the PostgreSQL admin console is directly exposed to the internet. Without proper access
controls or VPN restrictions, attackers can exploit this to gain access to backend databases and
sensitive medical or financial data.
Infrastructure Problems:
Western Governors University
D482 – Secure Network Design
A. Network Security and Infrastructure Problems
, Company A
Network Security Problems:
Weak Password Policy: Company A enforces only eight-character passwords without
complexity or expiration requirements. This exposes the organization to brute-force and
credential-stuffing attacks, especially from automated tools that can easily crack short
passwords. In a financial institution handling customer PII and sensitive data, such weaknesses
increase the risk of data breaches and regulatory noncompliance (e.g., GLBA).
Open and Unsecured Ports: Company A's risk assessment shows open ports ranging from 21–
90 and 3389 (RDP). These ports, particularly 3389, are known vectors for external threats,
including ransomware and unauthorized remote access. The absence of proper filtering or access
controls makes exploitation more likely.
Infrastructure Problems:
Use of End-of-Life (EOL) Systems: The company still operates legacy systems such as
Windows Server 2012 and Cisco 3750X switches, which no longer receive vendor support or
security patches. These systems pose a significant risk because known vulnerabilities remain
unpatched and easily exploitable.
Outdated Wireless Access Points: Meraki MR28 wireless access points are still in production.
These devices are not only nearing or at EOL but also have known vulnerabilities (e.g.,
CVE-2022-33279), which allow for arbitrary code execution and potential denial-of-service
(DoS) conditions.
Company B
Network Security Problems:
Lack of Multi-Factor Authentication (MFA): MFA is not enforced across user accounts,
leaving the organization vulnerable to phishing, password reuse, and credential theft. In a cloud-
connected and remote-access environment, this creates a significant security gap.
PostgreSQL Admin Interface Exposed to Internet: A critical vulnerability was identified
where the PostgreSQL admin console is directly exposed to the internet. Without proper access
controls or VPN restrictions, attackers can exploit this to gain access to backend databases and
sensitive medical or financial data.
Infrastructure Problems:
