E-Portfolio Artifacts

Prince Damte | Cybersecurity

SKILL 1: NETWORK SECURITY & DEFENSE

Artifact 1 — Network Design and Configuration Lab Report

Course Context: Network Security Fundamentals Date: Spring 2024

Overview

This lab report documents the design and configuration of a secure small-business network environment. The objective was to build a network architecture that minimizes attack surface, enforces access controls, and demonstrates core defensive security principles.

Network Design

The network was designed using a three-tier architecture: an external perimeter zone, a demilitarized zone (DMZ), and an internal trusted network. This separation ensures that publicly accessible services (web server, email server) are isolated from internal systems containing sensitive data.

Network Diagram Summary:

  • External Zone: Connects to the internet via ISP router
  • Perimeter Firewall: Filters all inbound and outbound traffic using stateful packet inspection
  • DMZ: Houses the web server (192.168.2.10) and mail server (192.168.2.11)
  • Internal Network: Hosts workstations (192.168.1.0/24) and file server (192.168.1.100)
  • Internal Firewall: Provides second layer of protection between DMZ and internal network

Configuration Steps

Step 1 — Firewall Rules (Perimeter) The perimeter firewall was configured with the following rules:

  • Allow inbound HTTP (port 80) and HTTPS (port 443) to DMZ web server only
  • Allow inbound SMTP (port 25) to DMZ mail server only
  • Deny all other inbound traffic by default
  • Allow all outbound traffic from internal network
  • Log all denied connection attempts

Step 2 — VLAN Segmentation VLANs were configured on the internal switch to separate:

  • VLAN 10: Administrative workstations
  • VLAN 20: General staff workstations
  • VLAN 30: Server VLAN (file server, internal DNS)

Inter-VLAN routing was restricted so that general staff could not access the administrative VLAN without explicit firewall rules permitting it.

Step 3 — Access Control

  • All administrative accounts required strong passwords (minimum 14 characters, complexity enforced)
  • Remote access to network devices was restricted to SSH only; Telnet was disabled
  • SNMP community strings were changed from default values
  • Unused ports on switches were disabled and assigned to an unused VLAN

Step 4 — Intrusion Detection A host-based intrusion detection system (HIDS) was installed on the file server to monitor for unusual file access patterns, privilege escalation attempts, and unauthorized login attempts.

Testing and Validation

After configuration, the network was tested using the following methods:

  • Port scanning with Nmap to verify that only expected ports were open from the external zone
  • Attempted lateral movement from the general staff VLAN to the administrative VLAN (blocked successfully)
  • Simulated brute-force login attempt against the file server (HIDS alert triggered successfully)

Lessons Learned

This lab reinforced the principle of defense in depth — the idea that no single security control is sufficient and that layered defenses create meaningful barriers even when individual controls are bypassed. I also learned that documentation is inseparable from good security practice: a network that is configured correctly but not documented is nearly impossible to maintain or audit.

Artifact 2 — Secure Network Policy: Small Business Security Policy Document

Course Context: Information Security Policy and Management Date: Fall 2023

Purpose

This policy document establishes the minimum security standards for the internal network of a fictional small business, Meridian Consulting Group. It is intended to guide administrators, employees, and contractors in the secure use of organizational technology resources.

Scope

This policy applies to all employees, contractors, and third-party vendors who access Meridian Consulting Group’s network resources, whether on-premises or remotely.

Acceptable Use Policy

  1. Network resources are to be used for business purposes only. Personal use is permitted on a limited basis provided it does not consume excessive bandwidth or expose the network to risk.
  2. Users must not attempt to access systems, files, or data for which they have not been granted explicit authorization.
  3. Installation of unauthorized software on company devices is prohibited.
  4. All work-related data must be stored on company-approved systems. Personal cloud storage (personal Google Drive, Dropbox, etc.) must not be used for company data.

Password Policy

  • Minimum password length: 12 characters
  • Passwords must include uppercase letters, lowercase letters, numbers, and special characters
  • Passwords must be changed every 90 days
  • Password reuse is prohibited for the last 10 passwords
  • Multi-factor authentication (MFA) is required for all remote access and all administrative accounts

Network Access Controls

  • All devices connecting to the internal network must be registered with the IT department
  • Guest Wi-Fi is provided on a separate network segment with no access to internal resources
  • Remote access is permitted via VPN only, using certificate-based authentication
  • Inactive VPN sessions will time out after 30 minutes

Incident Reporting

All employees are required to report suspected security incidents immediately to the IT security team. Incidents include but are not limited to:

  • Receiving suspicious emails or phishing attempts
  • Noticing unusual behavior on a company device
  • Losing or having a company device stolen
  • Accidentally disclosing login credentials

Compliance

This policy is aligned with the NIST Cybersecurity Framework (NIST, 2018) and will be reviewed annually. Non-compliance may result in disciplinary action up to and including termination.

References

National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity (Version 1.1)https://www.nist.gov/cyberframework

Artifact 3 — Network Breach Case Study: The Target Data Breach of 2013

Course Context: Cybersecurity Risk and Analysis Date: Fall 2023

Introduction

The 2013 Target Corporation data breach remains one of the most instructive case studies in network security failure. Over a period of approximately three weeks during the holiday shopping season, attackers accessed the payment card data of approximately 40 million customers and the personal information of an additional 70 million. This case study examines how the breach occurred, what network security failures enabled it, and what lessons can be drawn for security practitioners.

How the Breach Occurred

The attack began with a phishing email sent to employees of Fazio Mechanical, an HVAC vendor that had network access to Target’s systems for the purpose of electronic billing and project management. When a Fazio employee clicked on a malicious link, attackers gained credentials that allowed them to access Target’s vendor portal.

From the vendor portal, the attackers were able to move laterally through Target’s network — a movement that should have been prevented by network segmentation controls. Target’s network allowed a third-party vendor with billing access to reach systems far beyond what was necessary for their business function. This violation of the principle of least privilege was the critical enabling failure.

Once inside the broader network, attackers installed malware on Target’s point-of-sale (POS) systems. This malware scraped payment card data from memory as cards were swiped, a technique known as RAM scraping. The stolen data was then aggregated on a server within Target’s network before being exfiltrated to external servers.

Security Failures Identified

1. Inadequate Network Segmentation The vendor network should have been strictly isolated from payment systems. A properly segmented network would have prevented lateral movement from a vendor portal to POS infrastructure.

2. Failure to Act on Alerts Target had deployed a security monitoring tool (FireEye) that generated alerts when the malware was installed. Security staff reportedly reviewed and dismissed these alerts. This represents a failure of incident response process, not just technology.

3. Third-Party Risk Management Target failed to adequately assess and control the security posture of its vendors. Third-party access was granted without sufficient controls or monitoring.

Lessons for Security Practitioners

  1. Network segmentation must be enforced rigorously, especially for third-party access
  2. Security alerts require defined escalation procedures — technology alone is insufficient
  3. Third-party risk management is an essential component of network security
  4. The principle of least privilege must be applied to all accounts, including vendor accounts

Conclusion

The Target breach illustrates that network security failures are rarely purely technical. They involve process failures, organizational decisions, and human behavior. A comprehensive security posture requires attention to all of these dimensions simultaneously.

Leave a Reply

Your email address will not be published. Required fields are marked *