Unit:
Network Security and Cryptography
Assignment title: Smith and Jones Auctions
Spring 2020 – 20 Credit
Important notes
• Please refer to the Assignment Presentation Requirements for advice on how to set out your assignment. These can be found on the NCC Education website. Click on ‘Policies & Advice’ on the main menu and then click on ‘Student Support’.
• You must read the NCC Education documents What is Academic Misconduct? Guidance for Candidates and Avoiding Plagiarism and Collusion: Guidance for Candidates and ensure that you acknowledge all the sources that you use in your work. These documents are available on the NCC Education website. Click on ‘Policies & Advice’ on the main menu and then click on ‘Student Support’.
• You must complete the Statement and Confirmation of Own Work. The form is available on the NCC Education website. Click on ‘Policies & Advice’ on the main menu and then click on ‘Student Support’.
• Please make a note of the recommended word count. You could lose marks if you write 10% more or less than this.
• You must submit a paper copy and digital copy (on disk or similarly acceptable medium). Media containing viruses, or media that cannot be run directly, will result in a fail grade being awarded for this assessment.
• All electronic media will be checked for plagiarism.
Scenario
As the world’s largest industrial auctioneer, Smith and Jones Auctioneers conducts hundreds of live unreserved public auctions of used heavy equipment, trucks and industrial components every year. Auctions take place at more than 60 auction sites in North America, Europe, the Middle East, Asia, and Australia. More than half of bidders participate online, at www.SandJauction.example.com.
The company works hard to keep the network fast and free of infections. Malware can prevent customers from bidding online and can expose sensitive information. “We need to give customers confidence that online bidding is safe and secure,” says Milo, senior network security specialist for Smith and Jones. “Their first experience has to be good.”
A common source of infections is when employees or customers unknowingly click links to malicious websites. Smith and Jones had tried using a web-filtering application at the head office. “The trouble was that routing web traffic from all 60 sites to one location slowed down critical business applications,” says Milo. Routing all web traffic through Canada also meant that customers at auction sites around the world could only use Canadian search engines. Smith and Jones. decided to give each auction site its own Internet connection for web traffic but the company wanted to centrally control web security for all auction sites.
Additionally, the company intends to confidently offer guest Wi-Fi access at all auction sites. Customers like being able to connect with their phones or tablets to browse the web and check email. They can also bid online for items at other auction sites, increasing sales. Auction sites expect as many as 500 people to connect over Wi-Fi at the same time.
Key Challenges
• Adding two new sites (Manchester & Mexico City) and using the new sites as prototypes for all other Smith and Jones auctions sites
• Connect sites through to main site in Toronto
• Prevent network outages and protect sensitive information
• Provide great experience for employees and customers
• Minimise workload for small IT team
• Offer a Site Security Solution
• Improve/Future proof WAN performance
• Identify and design Wi-Fi BYOD systems
Network Security and Cryptography
© NCC Education Limited 2020
Page 2 of 6
Task 1 – Risk Assessment – 10 Marks
a) Analyse the scenario and identify what you consider to be the 5 most important electronically held information assets for the Smith and Jones. Justify your decision. You will need to make some reasonable assumptions here, since the scenario is brief.
This section of the report should be approximately ONE HUNDRED AND FIFTY (150) words.
b) Create a table (see below) which lists the assets. For each asset identify the main security threats that you think could affect its confidentiality (C), integrity (I) or availability (A). Remember, threats can be accidents as well as malicious. There are likely to be multiple threats for each asset and the same threats are likely for several assets.
c) Complete the columns of the table by assessing the likelihood of the threat being successful and the impact that it would have on the company. In this scenario you should consider Low/Medium and High definitions as follows:
Asset
Threat
CIA?
Likelihood
Impact
Risk
E.g. Personal data
Server failure
A
Low
Medium
Low
Employee theft
C
Low
High
Medium
Likelihood
Low
Less than once per year
Medium
Once per year to once per week
High
Several times a week
Impact
Low
Inconvenience may affect operation for a day or two
Medium
Operation may be impacted for over a week, loss of customers
High
Company may not survive – lost reputation and customers
d) Now complete the Risk column by using the following Risk matrix.
Impact
Low
Medium
High
Low
Very Low
Low
Medium
Likelihood
Medium
Low
Medium
High
High
Medium
High
Very High
Network Security and Cryptography
© NCC Education Limited 2020
Page 3 of 6
Task 2 – Controlling the risks – Explanation – 45 Marks
Once you have identified the highest risks, you need to make recommendations of how to control those risks, i.e. what security you will put in place.
a) Discuss each of the threats you have identified and explain what security you recommend they use to reduce the risk and justify your choice.
b) Discuss why there will be a need for encryption and state the protocol or encryption algorithm that you recommend.
This section of the report should be approximately NINE HUNDRED (900) words.
Task 3 – Setting up the VPN – 30 Marks
a) Explain the two site-to-site VPN connection options for using either the Intranet or Extranet outlining the differences and benefits. You should make recommendations regarding which option would be the best option for Smith and Jones auctions to their branch sites and justify your recommendation.
b) Draw a diagram, showing the components that will be needed to create the site- to-site VPN connection between Main site and the Mexico City and Manchester branches. Each client PC need not be shown, but all other components should be included.
c) As part of the security features of using a VPN, discuss the use of Firewalls and the rules they use.
This section of the report should be approximately SIX HUNDRED (600) words.
Task 4 – Maintaining Security – 5 Marks
Explain any actions you would recommend for ensuring security is taken seriously across the partnership by all users and how you would monitor the effectiveness of the Information Security Management System.
This section of the report should be approximately ONE HUNDRED AND FIFTY (150) words.
Network Security and Cryptography
© NCC Education Limited 2020
Page 4 of 6
Task 5 – 10 Marks
Using the Rolfe, G., Freshwater, D. and Jasper, M. (2001) model, critically review the learning that you have undertaken in order to complete this assignment.
Based upon your learning, your reflection should include a description; an analysis and; an action plan in order to bring about improvements in the future.
Network Security and Cryptography
© NCC Education Limited 2020
Page 5 of 6
Submission requirements
• The report should be professionally presented, checked and proofed. In addition, the report should be presented in a format and style appropriate for your intended audience. You must also include a list of references and you must always use correct Harvard referencing and avoid plagiarism throughout your work.
• Your answers to the tasks should be combined in a single word-processed report with an appropriate introduction. The report should be 1750 words +/- 10% in length (excluding tables).
• Familiarise yourself with the NCC Education Academic Dishonesty and Plagiarism Policy and ensure that you acknowledge all the sources which you use in your work.
• You must submit a paper copy and digital copy (on disk or similarly acceptable medium).
• Media containing viruses, or media which cannot be run directly, will result in a fail grade being awarded for this module.
Candidate checklist
Please use the following checklist to ensure that your work is ready for submission.
Have you read the NCC Education documents What is Academic Misconduct? Guidance for Candidates and Avoiding Plagiarism and Collusion: Guidance for Candidates and ensured that you have acknowledged all the sources that you have used in your work?
Have you completed the Statement and Confirmation of Own Work form and attached it to your assignment? You must do this.
Have you ensured that your work has not gone over or under the recommended word count by more than 10%?
Have you ensured that your work does not contain viruses and can be run directly?
Network Security and Cryptography
© NCC Education Limited 2020
Page 6 of 6
❑
❑ ❑ ❑