[SOLVED] INFS1701 NETWORKING AND SECURITY INFS3617 NETWORKING CYBER SECURITY TERM 1 2023 FINAL EXA

SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY MANAGEMENT

TERM 1 2023

INFS1701: NETWORKING AND SECURITY

INFS3617: NETWORKING & CYBER SECURITY

FINAL EXAMINATION

QUESTION 1 50 MARKS

MiningFirst is an Australian business developing ore mining technologies for the mining sector. The business started off in ore mining research labs and is yet to capitalise on the opportunities that come from a highly connected global mining technology businesses and mining scientists around the world. In order to venture into this global business, the founders and their recently hired Director of Business Development commissioned a computer networking consulting company to design a scalable local network for their business which is capable of communicating with business partners around the world. The suggested network diagram looks like this:

Figure 1 Network Diagram

Given the nature of their business, cybersecurity is very important. They collect and store sensitive customer information and intellectual properties of new mining technologies, and they would rather compromise performance to maintain high levels of cybersecurity of the data.

As a prestigious business in the mining sector, they are looking to hire an energetic and capable Cybersecurity Manager, and in keeping with their startup motivations they would like to give a fresh graduate a head start. You have been short listed for the job, congratulations!

Required:

As part of the interview process you must provide answers to the following questions. The interview panel consists of the two Founding Directors (mining scientists) and the Director of Business (finance specialist) who have a basic understanding about networking:

(a) Based on the given network diagram in Figure 1, how files would travel

between Client A and External Partner Y using the TCP/IP model. Identify the TCP/IP layers in the correct order and provide brief descriptions of each layer’s functions. You might find using a diagram helps to discuss your key points in your answer.

[Word Limit: 500] (25 MARKS)

(b) Various network security vulnerabilities exist within various TCP/IP layers and network devices. Identify TWO (2) vulnerabilities that the above network is susceptible to. Discuss the likely impact of these vulnerabilities on the business operations.

[Word Limit: 200] (10 MARKS)

(c) Imagine you are a penetration tester and would like to find out the

vulnerabilities in the server in the network diagram above, where a penetration tester is a cybersecurity expert who attempts to find and exploit vulnerabilities  in a digital network. For each CIA component – Confidentiality, Integrity, and Availability – please identify ONE (1) attack scenario and propose appropriate mitigation(s).

[Word Limit: 330] (15 MARKS)

QUESTION 2 50 MARKS

With the prevalence of digital business, organisations subscribe to applications provided by third-party vendors, store their data in third-party cloud storages, collaborate with their suppliers and business partners more frequently in cyberspace.

However, the recent news report on supply chains in Asia Pacific

(https://securitybrief.com.au/story/apac-supply-chains-at-risk-from-cyber-threats- report) raises the concern of cyber threats in supply chains.

As a cybersecurity professional, you are tasked to evaluate the potential cybersecurity risks in supply chains and make your expert recommendations to manage those risks.

Required:

With reference to the above scenario, please answer all of the following questions:

(a) In your own words, provide a summary about the news

(https://securitybrief.com.au/story/apac-supply-chains-at-risk-from-cyber- threats-report), highlight details that are relevant to cybersecurity.

[Word Limit: 100] (4 MARKS)

(b) Identify and explain THREE (3) specific threat scenarios that are most likely to unfold if a third-party entity, e.g., a supplier, vendor, or business partner, is compromised. In your explanation, decompose each threat scenario into a sequence of events. Use a numbered list to write the sequence of events. Clearly identify the relevant vulnerabilities, assets, and threat actors involved in each scenario.

[Word Limit: 360] (18 MARKS)

(c) Propose a high-level network diagram that incorporates NIST Special

Publication 800-207 Zero Trust Architecture (ZTA). Label everything in your diagram clearly. Explain how your proposed network diagram could mitigate the impacts of the identified threat scenarios in 2(b) based on the seven tenets in ZTA.

[Word limit: 400] (20 MARKS)

(d) After implementing your network design in 2(c), your supervisor has some

concerns about the cybersecurity maturity level of the organisation. Thus, your supervisor would like you to (i) perform. a cybersecurity risk assessment, and (ii) propose ONE (1) recommendation based on your assessment to enhance cybersecurity maturity level.

[Word limit: 180] (8 MARKS)