Diploma in Applied Network and Cloud Technology

DNCT703 Network and Cloud Security

Table of Contents
Requirement 1..................................................................................................................................2

a)..................................................................................................................................................2

b) Five Network Issues..........................................................................................................2

i. Network security Problems...............................................................................................2

ii. Wireless Services security Issues ....................................................................................3

iii. Malware security Issues .................................................................................................3

iv. Web Services security Issues..........................................................................................3

v. Database security Issues................................................................................................3

c)..................................................................................................................................................3

Requirement 2:.................................................................................................................................5

a)..................................................................................................................................................5

b)................................................................................................................................................10

Requirement 3:...............................................................................................................................11

a)................................................................................................................................................11

i. Infrastructure Security.....................................................................................................11

ii. Data Security:..............................................................................................................12

iii. Access:.........................................................................................................................12

b)................................................................................................................................................13

c)................................................................................................................................................14
Requirement 1

a)

The performance and functionality of Windows Server R2 may be improved by using a more
recent version, such as Windows Server 2012 R2, rather than sticking with Windows Server R2.
Devices may be added and recovered from the server. Between the server and graphical user
interface, it is possible to switch back and forth. While a Hyper-V server is active, it has the
ability to transfer a virtual machine across them. Virtual machines (VMs) operating on Server
2012 have the option of having their own dedicated memory (RAM). Storage capacity may be
increased to 12GB for workstations and PCs, and hard drives can be replaced with SSDs, which
provide much better performance than HDDs. If your computer has been infected by malware, be
sure to keep your antivirus software up to date. Passwords should never be stored and should be
validated by several methods, such as strong passwords and repeated verifications. Set up a
firewall that only allows traffic from networks that are necessary for the firewall to function.
deleting stale users and shutting off unused ports Make sure that the AP's encryption is switched
from WEP to WPA. It's more secure than WEP since the key used by the framework is
progressively changed, while WEP only uses one key. It is forbidden for outsiders to create their
own encryption key that matches the one used by the organisation.

b) Five Network Issues

i. Network security Problems

Initially, in network security, servers must be secure since all traffic enters and exits from
servers. Servers should have strong passwords and encryption. Servers should only be accessed
by authorized users when necessary. As previously said, if a new man-in-the-middle assault here
the users can't get to the site, he may have modified the data transfer capacity or decreased the
transfer speed so that fewer people can go to the site. Another issue is that DNS is unlikely to
resolve the site request, therefore it need to reverify the DNS and may need to configure it

somewhat.
ii. Wireless Services security Issues

WEP encryption is commonly used in wireless security. It just employs one key for encryption.
Assuming an intruder can create that one key, he has access to all of the information flowing in
and out of the enterprise, and he has the ability to modify the traffic in any manner he sees fit, as
well as have all of the data he wants about the company.

iii. Malware security Issues

As previously stated, a significant number of tickets in the log were assessed as "malware or
antivirus issues." They've received a slew of texts that don't add up. Malware is an infection that
replicates itself by inserting its code in various projects. That is the reason for the poor
performance of PCs, despite the fact that the PCs have excellent specifics.

iv. Web Services security Issues

As previously stated, the site's webserver has been targeted several times. Because of the
inaccessibility of the site as a result of the assaults, money has been lost. By hijacking those
sessions, the aggressor got access to the site and performed the progressions or whatever else he
wished to compensate for the inaccessibility of the site. Furthermore, the site's income was lost
as a result of its inaccessibility.

v. Database security Issues

SQL injection, feeble verification, credential misuse, inappropriate credentials, insufficient

logging, and underpowered evaluation are a few strategies for attacking information bases. SQL
infusion vulnerabilities arise when application code involves dynamic data set inquiries that
simply integrate client-provided information. Weak and vulnerable confirmation usually involves
using weak passwords that do not have multi - faceted verification and storing or keeping
passwords on site, as well as providing a greater number of accreditations than is necessary.
Credentials may have been mismanaged by a client who shared the information with someone
else.

c)

Solutions to resolve above issues are:

Malware Prevention

It can protect our frameworks against malware attacks by installing a good antivirus, which
should be updated on a regular basis. Malware that has been identified should be removed as
soon as possible. Use safe verification measures such as using strong passwords and enabling
multiple confirmation. Try not to use administrator accounts ineffectively.

Server Security admin Access

To begin, upgrade the servers from 2008 R2 to 2012 R2. To gain access to the servers, use Solid
Authentication. Try not to let anyone get to it, and be cautious about it.

Wireless AP Prevention

On the AP, WEP encryption is used, and each gatecrasher must create a single key that encrypts
all network traffic. Change the encryption to WAP since it dynamically changes the key using
TKIP, making it impossible for the gatecrasher to match your key.

Securingthe Web Server

To secure your site, keep an eye out for SQL injections. It is simple to implant them, but it can
avoid them by always employing specified inquiries. Most web languages include this
component, and it is simple to execute.

Always be aware of error messages and be cautious about the information it discloses in your
blunder messages. Continuously use strong and complicated passwords since they are tough to
crack and will keep your data safe for a long time. Additionally, try to use https. HTTPS is a
security protocol that is used on the Internet.

Database Prevention

SQL injection should be avoided while securing data bases in general. SQL infusion
vulnerabilities occur when application code contains dynamic data set inquiries that simply
integrate client-provided information. To avoid it, avoid the use of dynamic queries within apps.
The use of predefined proclamations with parametrized queries will prevent SQL infiltration.
Always keep solid validation in mind, such as using complicated secret words rather than simple
passwords. Try not to grant rights to someone who may abuse them, such as a person who may
disclose information to an unsuitable individual. Keep access to the information restricted.

Requirement 2:

a)

SWOT Analysis

Threats and Opportunities for Cloud Management Companies SWOT analysis is a

standard tool used by business managers. It aids in identifying and overcoming vulnerabilities
and dangers. It also aids in identifying and capitalizing on the firm's strengths and prospects.

A SWOT analysis looks at both internal and external issues, or what is going on within
and outside your business. As a result, it will have some influence over some of these aspects
while others will not. In any scenario, the best course of action will become obvious once you've
identified, documented, and evaluated as many variables as possible.

Performing SWOT Analysis

While keeping records is essential for a SWOT study, there's much more! When it starts
keeping in contact with one list (say, Strengths), your reasoning system and investigation will
lead your ideas to new classes (Weaknesses, Opportunities or Threats). When it examines these
lists, you'll most certainly see links and clashes that you'll want to highlight and investigate.

Strengths Weaknesses
What do it do well? What could it improve?
What unique resources can it draw on? Where do it have fewer resources than
What do others see as your strengths? others?
What are others likely to see as
weaknesses?
 

Opportunities Threats
What opportunities are open to you? What threats could harm you?
 What trends could it take advantage of? What is your competition doing?
How can it turn your strengths into What threats do your weaknesses expose to
opportunities? you?

Try not to rely upon your own, fragmented information on your business. It is conceivable that
your suspicions are erroneous. Rather, gather a gathering of people from different capacities and
levels to make an exhaustive and significant assortment of perceptions. Then, at that point,
assuming it find a Strength, Weakness, Opportunity, or Threat, compose it in the relevant
segment of the SWOT investigation matrix so that everybody might be able to see.

Strengths:

Qualities are characteristics that distinguish your company from competitors or that it excels at.
Consider your firm's advantages over competitors. Representative inspiration, access to
specialized sources, or a well-coordinated set of production techniques are just a few examples.

Think on what makes your organization "click." What skill do it have that no one else possesses?
What values do it think convince people in your company? What unique or low-cost assets
would it be able to access that the others can't? Recognize and assess your company's USP, and
keep it in mind for the Strengths section.

Weaknesses:

Because your company's weaknesses, like its strengths, are essential traits, focus on your people,
assets, systems, and procedures. Think about what it might improve and what it need to avoid.
Consider (or learn) how people in your field see you. Do they see issues that it aren't aware of?
Make an effort to figure out where and how your competitors exceed you. What exactly are it
losing out on?

Opportunities

Improve products or services or chances for wonderful things to happen, but it must take
advantage of them! They usually stem from circumstances outside your company's control and
need foresight into what might happen tomorrow. They might emerge from changes in the
market it serve or the technologies it use. The ability to spot and grasp chances may make a big
difference in your company's ability to compete and gain a competitive advantage in your
market. Consider excellent opportunities that it can take advantage of right immediately. These
don't have to be game-changers: even little advantages might help your company compete more
effectively.

Threats

Threats include everything that might have a negative influence on your company from the
outside, such as supply-chain concerns, market shifts, or a shortage of recruits. It's vital to
anticipate dangers and take steps to avoid them until it become a victim and your development is
halted.

Risk Management:

Incompatibility of the Existing Architecture  

Numerous CIOs trust that one of the significant dangers of moving to the cloud is the intricacy of
their present IT engineering. It eases back their cloud relocation since organizations should
observe individuals with adequate IT abilities who can make the whole engineering "cloud-
prepared" at the necessary speed.

Undertakings that as of now have a microservices design and arrange their holders with
instruments like Kubernetes or Docker motor will think that it is more straightforward to move to
the cloud. AWS and Azure give explicit help to Kubernetes just as different motors, which
supports the relocation cycle.

Prevention:

To set up the engineering for relocation, gather a group of IT specialists who will review the
heritage design, resolve specialized obligation, recognize reliant parts, and make broad
documentation.

To establish a cross breed climate by joining public and private mists with on-premise resources,
it should update your in-house IT foundation to decrease irregularities and interoperability issues
between various frameworks.
System as code (IaC) is a fundamental engaging impact for capable cloud migration of legacy
structures. Rather than actually orchestrating PCs and associations (physical or possibly virtual),
it can use substance to supervise and course of action them thusly.

Data Losses

Make a complete backup of your data before commencing the migration, paying particular
attention to the files that will be moved. During the migration process, it may run across
corruption, incomplete information, or missing files. And if anything goes wrong, recovering the
data from a backup is a simple solution.

Prevention:

Anything from a power failure in a data centre to a security incident might result in data loss. If it
has database backups saved on a server or in the cloud, it can easily restore all of your data.
Furthermore, it won't have to worry if one of your cloud providers' services goes down suddenly
if it utilizes different providers. If it wants to run your application on another cloud provider, it
may usually do so for free. A few cloud service providers provide low-cost storage solutions that
may be used for backup. The time and money saved by setting up backups of information that
has been relocated might be enormous. It is essential that it create a copy of your previous
foundation in case any documents go missing.

Wasted Costs

Even while the pricing structures of cloud service providers are adaptable, it might be tough to
grasp them if you're not familiar with the market. Analysts at Gartner, Brandon Medford and
Craig Lowery, estimate that as much as 70% of cloud expenses go to waste
Prevention:

It needs to do the lower your expenses. When in doubt, seek the help of a professional. There are
various recommended practises for cloud cost optimization. The following are some of the most
common:

 Remove instances that aren't being used and adjust the amount of your workloads.
 Autoscaling is a good idea.
 Storage that is seldom used may be moved to a cheaper tier.
 Alerts may be set up to notify it when a predetermined expenditure limit is crossed.
 Consider shifting your hosting location to save money.
 Pre-reserved timeslots are a smart investment.
 It can run serverless apps and other operations that don't need a lot of uptime on spot
instances.

Security

“ITPro Today” found that the majority of organizations (57 percent) experience the largest risk
in cloud computing migration, followed by cost & legacy infrastructure. Compliance violations,
contractual breaches, unsecured APIs and provider concerns are just a few of the security
hazards associated with cloud storage.

Prevention:

Popular cloud service providers like Azure and AWS provide security as a service. They prevent
illegal access to your physical assets. The great majority of cloud service providers are well-
versed in a variety of regulatory frameworks, including ITAR, DISA, HIPAA, CJIS, and FIPS, to
name just a few. Customers' personal information is well-protected because of the considerable
resources they devote to security.

 Data assets should be encrypted both in transit and while they are on a storage device.
 Configure policies for user access and turn on two-factor authentication.
 Limit the amount of harm an attacker may do by isolating specific workloads.
 Make sure it have a firewall installed;
 Put in place the essential safeguards;
 Teach people how to keep their data safe in the clouds.

b)

Cloud Implementation - HYBRID:

The private cloud framework is joined with at least one public cloud administrations in a half
breed cloud framework. Cross breed mists remember for premise framework and server farms,
colocation foundation, and oversaw colocation or information facilitating administrations. Cross
breed cloud arrangements are recognized by responsibility and information convey ability, just
as application organization across various processing conditions.

Importance:

 Easy Cloud Transfer: Associations are utilizing crossover cloud answers for work with the
relocation of on-premise information and application responsibilities into the cloud, with
objectives like expense decrease, expanded IT effectiveness, and quicker an ideal opportunity
to-showcase for new items and administrations.
 Optimization of Workload Resources: Mixture cloud stages permit organizations to exploit
the most suitable processing climate for each assignment. Process requesting exercises on the
public cloud, where additional limit is modest and simple to drop by, while simpler jobs stay
on-premises or on private cloud framework.
 Protect Your Data: Basic monetary or client information is put away on private foundation,
while less touchy information is put away in the public cloud.
 Processing Large Data Sets: By combining on-premises and public cloud capabilities,
businesses can unlock the potential of their massive data. Organizations approach the
computing resources required to analyses massive informational indexes and focus on
experiences that may be used to drive business decisions.

Requirement 3:

a)

i. Infrastructure Security
Data Leakage:

Information leakage is a serious problem. The private and public clouds are typically connected
over the internet in a hybrid manner. As a result, data leakage is a possibility due to human error,
compromised endpoints (such as misplaced smartphones), man-in-the-middle attacks, and other
circumstances. Data leaking may occur if cloud management APIs are not properly built and
safeguarded.

Compliance Risk:

Consistence related dangers as far as getting and keeping up with reliable consistence, Hybrid
Clouds give an extensive test. Keeping up with and consenting to administration structures
across changed foundations turns out to be progressively difficult when information streams
among public and private cloud parts, particularly when they are provided by various specialist
co-ops with varying consistence capacities.

Security Control:

Deficiencies in Security Controls There might be inconsistencies or misalignments in the

security controls utilized across Hybrid Cloud implementations. Public clouds are usually held to
higher security requirements than private clouds and have a higher level of security maturity. For
instance, private cloud infrastructures may not be patched as extensively as public cloud
infrastructures.
Network Connectivity Breaks:

The organization association is lost. In a Hybrid Cloud Architecture, network correspondence

across mists is basic for keeping up with SLAs. There might be weak links in the more extensive
organization engineering, bringing about boundless cloud administration blackout. In the event
that spine directing hubs need overt repetitiveness, for instance, a solitary damaged spine switch
can bring the whole Hybrid Cloud down.

Account Seizing

As businesses increasingly rely on cloud-based frameworks and apps for core business activities,
account snatching is one of the most basic cloud security problems. An adversary who uses a
worker's credentials can acquire access to basic information or usefulness, while hacked client
credentials give them complete control of their internet record. Furthermore, cloud-based
operations frequently lack the capacity to detect and respond to these threats as effectively as on-
premises systems.

ii. Data Security:

This is another significant security challenge that can emerge in a half breed cloud model.
Working with a crossover cloud requests adaptability in information development among public
and private mists. In such cases, there are high possibilities that your information can succumb to
gatecrasher assaults, testing the association's information protection rules.

Measures like endpoint check convention, powerful VPN, and solid encryption strategy can
encode and ensure your information during security break episodes.

Circulated processing servers are growing feebler against data breaks. Cloud establishment
security game plans help in guaranteeing the security of data like sensitive information and
trades. It moreover upholds holding a pariah back from hindering the data being moved. The
cloud is planned to make data sharing fundamental. Many fogs grant it to expressly invite an
associate through email or outfit an association that licenses anybody with the URL to see the
normal resource. While this straightforwardness of data exchange is a benefit, it may moreover
be a significant cloud security peril.
 iii. Access:
Devices and unauthorized users cannot get into the network. Protecting applications against
vulnerabilities is the goal of implementing application security measures on both the hardware
and software sides of the system. Firewalls act as network gatekeepers, allowing or discouraging
certain types of network traffic.

Rather than a relationship's on-premises system, cloud-based foundations are arranged outer the
association edge and are rapidly open from the public Internet. While this is useful to the extent
of agent and customer permission to this system, it moreover works on it for an aggressor to get
unapproved induction to an affiliation's cloud-based resources. Inadequately set security or
compromised capabilities might allow an assailant to get quick access, perhaps without the
awareness of a business.

b)

Prevention of infrastructure security of Hybrid Cloud:

Decide if gadgets or applications approach distributed storage, regardless of whether distributed

storage administrations are utilized across the association, and how information streams are
planned. Inside clients that needn't bother with distributed storage ought to be denied admittance,
and end-client shadow cloud utilization ought to be disposed of. Utilizing an assortment of
computerized devices, information might be arranged into awareness levels. These let's lose it to
zero in on information in distributed storage that represents a security or consistency hazard.
Since distributed storage is effectively expandable, it's normal to safeguard unused information,
like whole information volumes or previews. To lessen the assault surface and fulfill
administrative guidelines, distinguish and dispense with superfluous information.

Data Security Preventions:

Encrypt data while it's in transit as well as when it's at rest. Make use of powerful identity and
access management (IAM) tools. Use of cryptographic protocols (SSL/TSL) ensures secure data
transport across networks. SSH network protocols should be used for transmitting data across
unsecured networks. Inform your clients and end users about the dangers of unauthorized access
to their personal data.
Access prevention:

 Comprehend the common security obligation model per merchant. Know your
obligations and go to proactive lengths in playing out your part.
 Teach your end clients. Train and ensure your labor force and end clients see how to
wellbeing treat information and cloud resources.
 Limit access. Utilize the guideline of least honor when setting up access control for
clients.
 Staff right. Utilize in-house specialists to deal with the shifted setup settings of your half
and half cloud climate.

c)

Backup and recovery

Pretty much every organization regularly visits reinforcements. In any case, not very many
organizations really attempt successive reclamation to guarantee the usefulness and adequacy of
reinforcements, bringing about upsetting shocks without a second to spare.

Cloud organizations have this progression down way since the results of a botch will be
annihilating to their business. Once more, this is a double-sided deal that is relying upon the
cloud supplier's principles, which might be adequate for your association's necessities.

Cyber Security:

Organizations should have a comprehensive cybersecurity programmed as the complexity and

frequency of cyber-attacks increases. Financial organizations are under a lot of pressure to keep
their data secure and keep their clients' personal information protected. To identify, monitor, and
mitigate threats, an institution must use an aggressive, analytics-driven strategy.
Reference:

 Faction Inc. (2021, December 22). Top 10 Advantages of the Hybrid Cloud.

https://www.factioninc.com/blog/advantages-of-the-hybrid-cloud/

 Gavrylov, A. (2020, April 9). 7 risks in cloud migration and how to avoid them. N-IX.

https://www.n-ix.com/risks-cloud-migration-how-avoid/

 Global Cloud Migration Services Market Opportunities, Threats, SWOT Analysis and PDF

Report(2020–2029). (2020, September 28). AP NEWS.

https://apnews.com/press-release/wired-release/corporate-news-technology-business-cloud-

computing-information-technology-c7bce08404c5c896bb48e67f817b1f9f
 Anand, A. (n.d.). 8 Pillars of Risk Management in Cloud Computing | Analytics Steps.

Analyticsteps. https://www.analyticssteps.com/blogs/8-pillars-risk-management-cloud-

computing