(Solved) : Network Design Security 6 18 Points Asked Consult Network Security Small Health Clinic S Q41428536 . . .

Network Design and Security 6 ..................... .............. 18 points You have been asked to consult on the network se

Network Design and Security 6 ………………… ………….. 18 points You have been asked to consult on the network security of the small health clinic shown in the diagram below. All computers in the clinic are on the same Local Area Net- work (LAN), which uses a small cisco router to connect to the Internet. The medical record database is stored on a dedicated linux computer also on the LAN, and is ac- cessed by all the office computers except the payroll computer. A WiFi Network is used by employees to access the LAN with their cell phones, and to provide a guest network for patients. The fishtank is not on any network, but a manufacturer supplied cellphone APP is used to monitor its temperature by staff. The clinic also supports a public web server which is used for patient appointments, to advertise times for Flu shots and other public announcements. Office Fishtank with Bluetooth Thermometer Medical Record Database Local Area Network for Clinic Firewall Office Computers Payrol Computer Internal Web Server Public Web Server DMZ (a) (2 points) What is the purpose of the Demilitarized Zone(DMZ)? (b) (2 points) Is one firewall sufficient? (c) (4 points) The clinic’s WWW address was recently used in a phishing attack, after attackers altered its public DNS record via a DNS cache poisoning exploit. Explain what happened, and how the clinic could prevent this from happening again. (d) The Blueborne(CVE-2017-1000251) attack, announced in September 2017, allows an attacker to install and run malicious code on affected bluetooth devices without any interaction with the user. The attack has been sucessfully demonstrated on all major computer and mobile phone platforms, and many other bluetooth devices. The attack can also propagate itself to other bluetooth devices. Assume that none of the Bluetooth devices in the Clinic have been patched. i. (2 points) Explain how an attacker on the Guest network could probe for local bluetooth devices. ii. (4 points) Explain all the steps in a plausible attack that uses the office fishtank to attack the payroll computer and extract data to a visitor’s laptop. (e) (4 points) Given that the Cisco router provides support for Virtual Lans (VLAN), draw and label a diagram showing how to reorganise the network to provide better security for the payroll computer. You may add additional named devices if you wish, and should provide a brief explanation for the reasons for your changes. Show transcribed image text Network Design and Security 6 ………………… ………….. 18 points You have been asked to consult on the network security of the small health clinic shown in the diagram below. All computers in the clinic are on the same Local Area Net- work (LAN), which uses a small cisco router to connect to the Internet. The medical record database is stored on a dedicated linux computer also on the LAN, and is ac- cessed by all the office computers except the payroll computer. A WiFi Network is used by employees to access the LAN with their cell phones, and to provide a guest network for patients. The fishtank is not on any network, but a manufacturer supplied cellphone APP is used to monitor its temperature by staff. The clinic also supports a public web server which is used for patient appointments, to advertise times for Flu shots and other public announcements. Office Fishtank with Bluetooth Thermometer Medical Record Database Local Area Network for Clinic Firewall Office Computers Payrol Computer Internal Web Server Public Web Server DMZ (a) (2 points) What is the purpose of the Demilitarized Zone(DMZ)? (b) (2 points) Is one firewall sufficient? (c) (4 points) The clinic’s WWW address was recently used in a phishing attack, after attackers altered its public DNS record via a DNS cache poisoning exploit. Explain what happened, and how the clinic could prevent this from happening again. (d) The Blueborne(CVE-2017-1000251) attack, announced in September 2017, allows an attacker to install and run malicious code on affected bluetooth devices without any interaction with the user. The attack has been sucessfully demonstrated on all major computer and mobile phone platforms, and many other bluetooth devices. The attack can also propagate itself to other bluetooth devices. Assume that none of the Bluetooth devices in the Clinic have been patched. i. (2 points) Explain how an attacker on the Guest network could probe for local bluetooth devices. ii. (4 points) Explain all the steps in a plausible attack that uses the office fishtank to attack the payroll computer and extract data to a visitor’s laptop. (e) (4 points) Given that the Cisco router provides support for Virtual Lans (VLAN), draw and label a diagram showing how to reorganise the network to provide better security for the payroll computer. You may add additional named devices if you wish, and should provide a brief explanation for the reasons for your changes.

Expert Answer


Answer to Network Design and Security 6 ………………… ………….. 18 points You have been asked to consult on the netwo…