Quality Review

School Network Security

1 Overview

1.1 Which group did you review?

We as a Group 4 reviewing Group 10 project and the title of the project is Network Security for the charity organization named SaveTheChildren.

1.2 Which artefacts did you review?

Technical artefact 1: Password Protection
Technical artefact 2: Password Construction
Technical artefact 3: Web application security
Technical artefact 4: Disaster Recovery Plan
Technical artefact 5: Firewall Policy

1.3 Project Summary

The security of a network is very efficient and necessary for any organization because all the work of the organization is dependent on the network and any vulnerability or threat in the network can give huge damage to the entire organization. The network design is completed efficiently. This project is based on network security. The security of the network is a process of preventing software and physical measures to protect the network from misuse, modification, improper disclosure, destruction, and unauthorized access. This project shows the different techniques and rules that can be used to protect the network of any organization. Different security measures that can be used in the security of any organization’s network are evaluated by the group. The group of students who complete this project has implemented some security rules and network design. The design network efficiently shows every aspect of the network and the components that are used in the network design are effectively evaluated.

The group of students uses different technologies, internet protocols, different devices that are necessary for the security of any network. Wifi APIs, protocols, routers, access points, security algorithms are defined by the students in this network security project. This project is successfully evaluated. In this project password protection, password construction, web application security, disaster recovery plan, firewall policy that are used in the network designing are evaluated.

2 Technical Artefact 1 Review

2.1 Technical Artefact Title

Password Protection

2.2 Technical Artefact Summary

This artefact defines the password protection policies for network security and these policies was created by the SANS Institute of internet security. Passwords are very essential aspects for the security of networks and computers. This artefact briefly explains the requirements or needs of passwords in computer networks and systems. Poor passwords on a network or computer can result in third party access or exploitation of resources. All the members including vendors and contractors have some access to the networks or systems. There are some necessary steps required for the protection of passwords mentioned below. The main purpose of this artefact is to build a standard to create strong passwords & some standards to protect those passwords. This policy is very important for network designers and organizations to secure their networks.

The main scope of this study contains all persons that are responsible for the accounts on any system or network that is related to the SaveTheChildren facility and have access to the network of SaveTheChildren or store non-public information of SaveTheChildrens network or system. Some policies have been defined to protect the passwords on the network.

Password Creation: guidelines of password construction should be followed by all the users of the network or system. Users can create different and unique passwords for their different work accounts. Multi-factor authentication services should be followed by the users to protect their passwords.
Password Change: Passwords should be only changed when passwords are compromised. Forgot password services can be used to protect the passwords.
Password Protection: The password of any account should not be shared with any other person. All the passwords are very sensitive to SaveTheChildren data or information. Passwords should not be inserted in the emails. Passwords should be only stored in the password manager that is provided by the organizations. Do not enable remember password function of the systems. If the passwords of any user have been compromised then they should have to change all the passwords.
Some other policies that are important to protect the passwords are discussed in the password protection policy.

2.3 Strengths

This artefact accurately defines the password protection policies and users can get several benefits from this artefact. Unique steps of password protection has been discussed in this artefact and this is the major strength of the artefact. There are some strengths of this artefact that are mentioned below:

Password protection and change techniques are well defined.
The purpose of the password protection policy has been well discussed.
The selection of the techniques that are required to create strong passwords is very good.

2.4 Weaknesses

Major concepts of password protection have been well evaluated in the artefact but students can add more steps to protect the passwords and also they can include strong password making techniques. The password creation techniques are not accurately defined.

2.5 Recommendations

For the protection of passwords, students can use strong password making criteria like a minimum of one special character, letter, or number is a must. They can define some techniques to protect the passwords and stored them in a unique place.

3 Technical Artefact 2 Review

3.1 Technical Artefact Title

Password Construction

3.2 Technical Artefact Summary

The password construction policies are defined in this artefact. This policy has been created by the SANS Institute of internet security. Passwords play an essential role in the security of any network or system. In information, security passwords are the critical factor. Passwords are used to protect the accounts of various users. Weak passwords can result in the compromisation of individual systems, networks, or data. There are some guidelines presented that are needed to secure the passwords. The main purpose of this study is to define the best techniques to create strong passwords. These guidelines can be applied to the contractors, consultants, employees, workers containing all the persons related to 3^rd parties. This policy has been applied to every password includes web accounts, system accounts, users accounts, email accounts, voicemail, router logins, screen saver passwords.

To create strong passwords more characters are required. Strong passwords can protect any system very effectively. Students recommended some password making techniques. In this artefact password, creation or construction is very well defined. Users can utilized special characters to design passwords. There are some criteria given in the artefact that can be used to construct strong passwords. Password length, password restrictions, expiry of passwords, password reset and changed history, account lockout are defined in the artefact and that can be used to create strong passwords. The students has also defined policy compliances that can be used in the study.

3.3 Strengths

The strength of this artefact is that it defines various steps that can be used to create strong passwords and these passwords can effectively protect the systems or networks. The students use password making criteria that can be used to create strong passwords and it is the major strength of this artefact. By the use of this artefact, users can protect their systems very effectively and easily.

3.4 Weaknesses

This artefact has defined all the criteria to protect the systems and networks. Users can effectively create strong passwords with the help of password making criteria. But students can also add some techniques to protect networks and systems.

3.5 Recommendations

Our students group can also use this artefact to effectively evaluate the password protection techniques. There are no recommendations to improve this work.

4 Technical Artefact 3 Review

4.1 Technical Artefact Title

Web application security

4.2 Technical Artefact Summary

This artefact defines the web application security or this artefact is all about the security of web applications. This policy has been created by the SANS institute of internet security. This policy is very suitable for the work of the organization. Web application threats are used in the account for a huge part of the attack vectors besides the malware. Any web application must be assessed for the threats and any threats are remediated before deployment of production. The aim of this artefact is to present some assessments to secure web applications within the SaveTheChildren’. The assessments of web applications are used to find out realized or potential weaknesses as the result of weak authentication, low error handling, leakage of important information, etc. There is a need to find out effective mitigation techniques to protect web applications from different security attacks. There are some policies are defined t protect web applications.

This policy cover all web application security techniques requested by any person, group, or department to maintain the security standard of the applications. Risk management, compliance, and changes control of technologies are used in SaveTheChildren. All the changes for web application security are completed by some security experts either by employees or contractors by SaveTheChildren. All the findings are considered confidential information that can be used in the application security. There are many security techniques are defined in the artefact and this artefact can be very useful for the organization to secure their applications. In this artefact there are some criteria define to perform security operations like major or new application release, patch releases, point releases, acquired or 3^rd party applications. There are many security levels are find out in the security assessment and these risks are mitigated according to their levels: low, medium, high. There are some tools of security assessments that are evaluated like HTTrack, SQLmap, Nmap, OWASP-ZAP, Metasploit, etc.

4.3 Strengths

The strength of this artefact is that it evaluates security measurements and risk mitigation techniques. In this artefact, the tools that can be used to mitigate risks are effectively evaluated. This artefact also defines security risks on the web applications and its solutions are proposed in the artefact. Web application’s security assessments criteria have been effectively discussed in the artefact.

4.4 Weaknesses

Security techniques that can be used in the protection of web applications can be evaluated but this artefact does not define various security algorithms and techniques. The students can give details about the security risk mitigations tools that are described in the artefact. Security assessment levels can be evaluated more accurately.

4.5 Recommendations

This artefact has defined major factors that can be used to secure web applications. Students should also add more detials about the security techniques and tools. They can add an application’s example which is suffered from security attacks.

5 Technical Artefact 4 Review

5.1 Technical Artefact Title

Disaster Recovery Plan

5.2 Technical Artefact Summary

This technical artefact is all about the recovery plan of disaster recovery. This policy has been also created by the SANS Institue of internet security. Disasters in the application happen rarely. The disaster recovery process has been evaluated in this artefact. It is very important to analyze having a plan of contingency can give competitive advantages to SaveTheChildrens’. This policy needs some better management plans to find out various disasters that can happen in the organization’s systems or networks. Disasters are not limited to the worst weather conditions. Any events that can give harm to the system can be considered disasters. The plan of disaster recovery is generally a part of the plan of the business community. This policy can define the needs of recovery plan of disasters. The plan of disasters can be developed according to this policy. This plan can describe the IT systems recovery process, data, and applications from any disaster that cause major harm.

This policy is defined for the staff of IT management that is responsible to make sure the plan is tested, developed, and updated. This policy can fulfil the requirements of a disaster recovery plan. There is some disaster recovery plan described in the artefact.

Contingency Plan: this plan can be evaluated in some steps like DR team creation, disaster identification, disaster assessment, the finding of affected assets, machine critical assets, backups check, operations restoration, response documentation.
Succession plan
Data recovery plan

5.3 Strengths

This artefact has defined all the disaster recovery plans. The main strength of this artefact is its plan of disaster recovery. The data recovery plans and succession plans are briefly explained in this artefact.

5.4 Weaknesses

The students can add more information related to the disaster management plan. Technical solutions should have to be included in this artefact.

5.5 Recommendations

Our team can improve the disaster recovery plan policies from this artefact. Students can add more information related to the study of disaster recovery plans.

6 Technical Artefact 5 Review

6.1 Technical Artefact Title

Firewall Policy

6.2 Technical Artefact Summary

In this technical artefact, firewall configuration rules are defined. There are some rules that have been defined in this technical artefact like all specific traffic, allow ports, source IP. The rules that are defined in the technical artefact are as follow.

All specific traffic: the description of this rule is the source IP address, Destination ports, Protocols allowed like RDP/TCP, range of destination IP addresses.
Block all traffic: the description of this rule is to reject access from every IP address and port.
Source IP: As the connections can be designed available from WFH scenarios, HTTP server is used for source IP.
Allow Ports: there are some ports allowed for firewall policy like Http, SSL, chat, RDP 3389, etc.

6.3 Strengths

The ports that are important for the firewall policies are well defined.

6.4 Weaknesses

The students can add more details of the firewall policy rules in this artefact.

6.5 Recommendations

Students of this group should have to improve the firewall policy rules that are mentioned in the artefact.

7 Project Review

All the artefact has been reviewed and a better result has been generated. The major artefact that is involved in this report are well defined but some artefact does not provide the essential information related to the topic.

7.1 Evaluation

Give a rating for each item by placing an X in the appropriate box.

	Much better than our group	Slightly better than our group	About same as our group	Worse than our group
Quality			yes
Depth and details				yes
Presentation		Yes

7.2 Reflection: How do you recommend your group improves?

Our group can improve the work by improving the disaster recovery plan policies from this artefact. Students can add more information related to the study of disaster recovery plans. The above-mentioned artefacts briefly explain the different security techniques, password protection, etc. Our group can take help from those artefact to improve their work. The password protection policy that is designed by the group 10 is very good and this policy can be very helpful for our group. Different network security measurements can be taken into action to improve the quality of work. Our group can improve their work in web application security techniques and password protection with the help of some sources.

7.3 Based on what you have seen from another group, explain what you can do differently in your project to improve.

The other group has evaluated the project very well but the students of this group lacks in some artefact where they cannot define the necessary information. My group can use this information as a reference and can improve the work accordingly.