Virtualised Cyber Security Infrastructure
Virtualised Cyber Security Infrastructure
Organisation 1
Organisation operations:
Jonathan’s Graphic Design is a graphic design business that requires running two operating systems, Mac
and Windows, on a virtual machine. The organization wants to ensure the cyber security of the virtual
machine. The business stores a customer database, accounting system (Xero), files associated with
graphic design, and uses OneDrive. The security levels are set for a single business owner, and there are
mission-critical network servers provided by Xero and OneDrive. The organization requires a secure
boundary to control inputs and outputs of their digital estate.
To address the cyber security needs of Jonathan’s Graphic Design, the following network security options
and technologies can be considered for the virtualised cyber security infrastructure:
b. Virtual Private Network (VPN): Setting up a VPN to establish secure connections for remote access.
2. Security Technologies:
a. Intrusion Detection System (IDS): Deploying an IDS to monitor network traffic and detect any
suspicious activities.
b. Antivirus Software: Installing antivirus software to protect against malware and viruses.
Requirements:
The data types to be protected include the customer database, accounting system (Xero), and files
associated with graphic design. The security levels required are based on the single business owner’s
access privileges. The secure boundary requirements involve controlling inputs and outputs of the digital
estate. The mission-critical network servers provided by Xero and OneDrive need to be protected.
Infrastructure design:
The infrastructure design for Jonathan’s Graphic Design virtualized cyber security environment aims to
ensure the protection of sensitive data, secure network communication, and control over digital assets.
The design incorporates the following components:
3. Data Protection:
- Customer Database: Encryption and access controls applied to the customer database to
ensure its confidentiality and integrity.
- Accounting System (Xero): Secure integration with Xero servers to protect financial data
during transmission and storage.
- Graphic Design Files: Implementation of access controls, encryption, and regular backup
mechanisms to safeguard graphic design files.
4. Secure Boundary:
- Implementation of a secure boundary to control inputs and outputs of the digital estate,
ensuring that all network traffic passes through the designated security measures.
- Proper authentication and authorization mechanisms to control access to the network
and data.
Implementation plan:
The implementation plan for the virtualised cyber security infrastructure design includes:
- Action for implementation: Setting up the network boundaries, configuring the firewall, VPN, IDS, and
antivirus software.
- Responsibilities and timelines: Assigning responsibilities to team members and establishing timelines
for each implementation task.
Tools:
- Antivirus software
To obtain access to the network and data, proper authentication and authorization mechanisms will be
implemented, and user accounts will be set up with appropriate access permissions.
Presentation:
1. Introduction:
- Overview of Jonathan’s Graphic Design and its cyber security requirements.
- Importance of virtualized cyber security infrastructure in protecting sensitive data and
ensuring business continuity.
4. Implementation Plan:
- Overview of the action plan for implementing the infrastructure design.
- Assignment of responsibilities to team members and establishment of timelines for each
implementation task.
Feedback:
- Strengthening the firewall rules to ensure tighter control over network traffic.
Organisation 2
Organisation operations:
King Edward VII College is a vocational college that needs to establish a virtual machine for testing
software. The organization wants to ensure the cyber security of the virtual machine. They have a
student management system (RTO Manager), accounting system (Xero), staff files, and various files
associated with academic documentation, enrolment documentation, and other aspects of operations.
The organization requires a multilevel security mode to provide general system access to everyone while
allowing specific access for specific data.
To address the cyber security needs of King Edward VII College, the following network security options
and technologies can be considered for the virtualised cyber security infrastructure:
a. Access Control Lists (ACLs): Implementing ACLs to control access to network resources based on user
roles and permissions.
b. Network Segmentation: Dividing the network into segments to restrict the movement of data and
limit the impact of potential breaches.
2. Security Technologies:
a. Data Encryption: Implementing encryption protocols to protect sensitive data at rest and in transit.
b. Web Application Firewall (WAF): Deploying a WAF to protect web applications from common
security threats and vulnerabilities.
Requirements:
The data types to be protected include the student management system (RTO Manager), accounting
system (Xero), staff files, and various files associated with academic documentation and enrolment
documentation. The security levels required involve providing general system access to everyone while
allowing specific access for specific data.
Infrastructure Design:
The virtualised cyber security infrastructure design for King Edward VII College includes the following
components:
- Operating System: The virtual machine will run on an operating system, like Windows Server 2019.
- Hypervisor: The hypervisor platform, such as VMware or Hyper-V, will be used to manage the virtual
machine.
2. Network Architecture:
- Network Firewall: A network firewall with ACL capabilities will be implemented to control network
traffic and restrict unauthorized access.
- Network Segmentation: The network will be divided into segments to isolate sensitive systems and
limit the impact of potential breaches.
- VLANs: Virtual LANs will be implemented to separate different network segments and enhance
network security.
- VPN: A virtual private network will be established to provide secure remote access to the virtual
machine.
3. Security Technologies:
- Data Encryption: Strong encryption protocols, such as AES-256, will be implemented to protect
sensitive data at rest and in transit.
- Web Application Firewall (WAF): A WAF will be deployed to protect web applications from common
security threats and vulnerabilities.
- Intrusion Detection System (IDS): An IDS will be installed to monitor network traffic and detect any
potential intrusions or malicious activities.
- Antivirus/Antimalware: Robust antivirus and antimalware software will be deployed to detect and
prevent malware infections.
- User Accounts: User accounts will be set up with appropriate access permissions based on user roles
and responsibilities.
- Role-Based Access Control (RBAC): RBAC will be implemented to provide specific access rights to
different user roles within the virtual machine.
- Two-Factor Authentication (2FA): 2FA will be enabled to enhance authentication security by requiring
an additional verification step.
- Regular Data Backups: Scheduled backups of critical data will be performed to ensure data integrity
and mitigate the risk of data loss.
- Offsite Data Storage: Backups will be stored in secure offsite locations to protect against physical
damage or disasters.
- Disaster Recovery Plan: A comprehensive plan will be developed to outline the steps and procedures
for restoring operations in case of a major incident or system failure.
- Network Traffic Monitoring: Regular monitoring of network traffic will be conducted to identify any
abnormal activities or potential security breaches.
- Log Monitoring: Access logs and system logs will be regularly reviewed to detect and respond to any
suspicious activities.
- Vulnerability Scanning: Periodic vulnerability scanning will be performed to identify and address any
potential security weaknesses in the infrastructure.
- Security Incident Monitoring: The WAF will be continuously monitored for potential security incidents
or intrusion attempts.
7. Tools and Technologies:
Implementation plan:
The implementation plan for the virtualised cyber security infrastructure design includes:
- Action for implementation: Configuring ACLs, implementing network segmentation, enabling data
encryption, and deploying a WAF.
- Responsibilities and timelines: Assigning responsibilities to team members and establishing timelines
for each implementation task.
Tools:
Presentation:
Slide 1: Introduction
- Title: Virtualised Cyber Security Infrastructure Design for King Edward VII College
- Overview of the college’s operations and the need for a secure virtual machine.
- Highlight the key security technologies, such as data encryption, web application
firewall, intrusion detection system, and antivirus/antimalware.
- Explain the user account setup, RBAC implementation, and the use of two-factor
authentication.
- Discuss the regular data backups, offsite storage, and the disaster recovery plan.
- Explain the network security monitoring approach, including regular traffic and access
log monitoring, vulnerability scanning, and continuous WAF monitoring.
Feedback:
Based on the feedback received, the following adjustments will be made to the infrastructure design:
- Conducting additional testing to validate the effectiveness of the implemented security measures.
By incorporating these adjustments, the virtualised cyber security infrastructure will be better aligned
with the specific needs and feedback of King Edward VII College.
**Section 2: Implementation and Testing**
**Organisation 1**
Implementation:
Evidence of the implementation of the virtualised cyber security infrastructure design for Organisation 1
includes the following screenshots:
[Attach the screenshot showing the security levels that have been set.]
[Attach the screenshot showing the user access permissions that have been set.]
Testing:
To ensure the functionality and effectiveness of the implemented infrastructure, the following tests were
conducted:
- Traceroute tests were executed to identify the path taken by network traffic.
- The encrypted file was verified for its integrity and confidentiality.
- Simulated attacks were launched against the web application to evaluate the effectiveness of the
WAF.
- The WAF logs were analyzed to identify and mitigate potential security threats.
Results:
- All network components were successfully connected, and network traffic was flowing without any
issues.
- Traceroute tests provided insights into the network path and confirmed the proper network
segmentation.
- The sample file was successfully encrypted using the implemented encryption protocols.
- The WAF effectively detected and blocked simulated attacks, ensuring the security of the web
application.
- The WAF logs provided detailed information about the detected attacks and the actions taken.
User Feedback:
3. Appreciation for the effective protection provided by the Web Application Firewall.
Adjustments:
Based on the tests conducted, monitoring results, and user feedback, the following adjustments will be
made to further improve the virtualised cyber security infrastructure for Organisation 1:
- Implementing a centralized logging and monitoring system to detect and respond to potential security
incidents.
- Engaging external security professionals to perform comprehensive penetration testing to identify any
potential vulnerabilities.
By implementing these adjustments, Organisation 1 will enhance the security and resilience of its
virtualised cyber security infrastructure.
**Organisation 2**
Implementation:
Evidence of the implementation of the virtualised cyber security infrastructure design for Organisation 2
includes the following screenshots:
[Attach the screenshot showing the security levels that have been set.]
[Attach the screenshot showing the user access permissions that have been set.]
Testing:
To ensure the functionality and effectiveness of the implemented infrastructure, the following tests were
conducted:
- Traceroute tests were executed to identify the path traffic by network traffic.
- The encrypted file was verified for its integrity and confidentiality.
- Simulated attacks were launched against the web application to evaluate the effectiveness of the
WAF.
- The WAF logs were analyzed to identify and mitigate potential security threats.
Results:
- All network components were successfully connected, and network traffic was flowing without any
issues.
- Traceroute tests provided insights into the network path and confirmed the proper network
segmentation.
- The sample file was successfully encrypted using the implemented encryption protocols.
- The WAF effectively detected and blocked simulated attacks, ensuring the security of the web
application.
- The WAF logs provided detailed information about the detected attacks and the actions taken.
User Feedback:
Adjustments:
Based on the tests conducted, monitoring results, and user feedback, the following adjustments will be
made to further improve the virtualised cyber security infrastructure for Organisation 2:
1. Fine-tuning Access Control Lists (ACLs):
- Reviewing and adjusting ACL configurations to ensure granular access control and reduce the risk of
unauthorized access.
- Performing additional penetration testing to identify any potential vulnerabilities and validate the
effectiveness of implemented security measures.
By incorporating these adjustments, Organisation 2 will enhance the security and resilience of its
virtualised cyber security infrastructure.