WGU C844 EMERGING TECHNOLOGIES IN CYBERSECURITY

WGU C844 EMERGING TECHNOLOGIES IN CYBERSECURITY Performance Assessment GRP-1 Task 2 Table of Contents A. Wireless Local Area Network (WLAN) Vulnerabilities. 2 B. Mobile Device Vulnerabilities. 2 C. Steps for Mitigation. 3 D. Preventative Measures. 4 E. Recommended Solution for Bring Your Own Device (BYOD). 4 F. Cited Sources. 5 A. Wireless Local Area Network (WLAN) Vulnerabilities Within this section I will point specifically point out some of the potential Wireless Local Area Network (WLAN) vulnerabilities found during the initial review of the Alliah corporate headquarters. Even though these two vulnerabilities are the focus this WLAN Vulnerabilities section, a further, in-depth inspection and assessment may lead to others as well. Below are the two vulnerabilities that should be considered the first and foremost that should be considered to contain the most impact to the network infrastructure, corporate data, and employees and I recommend to address at the earliest stages. • The third floor is vacant for expansion, this space could easily house a rogue access point used for Man-in-the-Middle (MITM) attacks and data capture wherein “an attacker deploys an access point (AP) that has been configured to appear as part of an organization’s WLAN infrastructure” (NIST Special Publication 800-153, Guideline to Securing Wireless Local Area Networks (WLANs), 2012). If this unoccupied space is not secured, monitored, and inspected during both scheduled and unscheduled time periods a malicious actor could install and configure unknown wireless access points (WAP) for use as network/data monitoring and capture and to launch MITM attacks. • The patio area used by the employees could also be considered a vulnerability depending on the strength of the wireless network signal. Wireless sniffers can “sniff” out and find wireless networks and launch attacks and capture network traffic and corporate data. If the network signal extends into and past the boundaries of the Alliah external surroundings, mobile attackers using Wardriving and Warchalking techniques, “driving around office parks with attempting to connect to open access points” (NIST Special Publication 800-42 Guideline on Network Security Testing, 2003 and SP 800-115 Technical Guide to Information Security Testing and Assessment, 2008). This technique could be used to identify and access the Alliah network and also mark it for other potential malicious actors. While these above topics are but two examples, once again a thorough inspection of the Alliah headquarters and system security policies may provide additional vulnerabilities found that would need to be mitigated. B. Mobile Device Vulnerabilities 2 Within this section I will draw attention to two vulnerabilities associated with mobile device use within the Alliah corporation. In today’s society, the use of mobile devices are a wide-set phenomenon that allows users to perform productivity actions virtually anywhere. Tasks can be accomplished in areas that have and do not have network connectivity and afterwards, once connecting to a network, those tasks and task updates can simply be uploaded to corporate or cloud networks or emailed to the intended recipient or group. But with these abilities, also come risks that must be mitigated to prevent the loss/theft of equipment, data or both. • Loss or theft of mobile devices is a concern for all corporate members of Alliah, whether the device is corporately owned or privately owned since Alliah allows a BYOD policy. Mobile devices, as this name would indicate, provide a user to move around from one location to another with the device. This opens the possibility for the owner to lose or forget the device at any number of locations such as a local coffee shop or even within the within the confines of the Alliah corporate headquarters itself. The ability to transport and use the devices in public areas such as airports, coffee shops, hotel rooms and conferences also present the opportunity for possible theft of these devices. • Remote connections to the Alliah corporate resources are a concern as the company has five account representatives that are away from the corporate headquarters at least 80% of the time. All users that utilize a public Wi-Fi connection are placing the data on the device as well as while in transmission at a risk and could be easily captured, stolen, and redirected to another destination. C. Steps for Mitigation Having a plan to mitigate risks and their associated vulnerabilities is an essential process that the Alliah corporation must implement. Most risks cannot be completely eliminated but can be reduced through a risk mitigation plan, the level of exposure to the potential vulnerability can be lessened to a point of acceptability. “Organizations should conduct risk assessments to identify the threats against their WLANs” (NIST Special Publication 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs), 2012). To assist with risk mitigation of the specified vulnerabilities found for the wireless local area network and mobile devices, I have listed some of the available options below for consideration. • For the unused vacant third floor of the Alliah corporate headquarters, security is a concern and should addressed through the use of various types of locks, key fobs for entry, closed circuit tv cameras, biometrics, and roaming security forces that will physically inspect the vacant areas. “Organizations with WLANs should conduct regular periodic technical WLAN security assessments.” (NIST Special Publication 800-153 Guideline to Securing Wireless Local Area Networks (WLANs), 2012). • The open patio area should be evaluated to ensure that the network signal does not exceed the boundaries of the building and if so, ensure a very limited distance of signal is available. Also, “the use of more robust security techniques in the network, such as the WPA (Wi-Fi Protected Access) or RSN (Robust Security Network)” (NIST Special Publication 800-42 Guideline on Network Security Testing 2003 and SP 800-115 Technical Guide to Information Security Testing and Assessment, 2008) should be implemented for data in transmit protection. • Losses or theft of mobile devices is harder to prevent but in the event of such an incident, remote wiping should be enabled as well as the Bitlocker encryption or Trusted Platform Module encryption enabled on the mobile device. It is recommended that “System configuration of a mobile devices enabling device encryption are completed prior to issuing the device to the user” (NIST Special Publication 800-124 Rev2, 2020). • For the members utilizing remote or public Wi-Fi access to Alliah resources, a Virtual Private Network must be used for network security. The use of a VPN will protect “data flowing between the client device and the organization from being viewed by others” (NIST Special Publication 800-124 Rev2, 2020). Upon implementation of a risk assessment and mitigation plan, a team should be elected to monitor and review such plan at both specified and unspecified time periods. Doing this will allow for updates to the plan when necessary and is used to identify new and emerging vulnerabilities and risks to the Alliah assets. D. Preventative Measures The practice of preventative measures begins with performing an honest assessment of the practices, procedures, and policies within the Alliah corporation. A team can be appointed to do the assessment but, in the end, must also be supported by higher level of management to approve the actions suggested by the team. Below are some suggestions for preventative measures that should be addressed to assist with the security of Alliah and its assets. • Preventative measures begin with employee training. “Security awareness training for personnel to ensure that they understand that poor system configuration and poor security