10.2.10 Lab – Data Security Challenges Answers

Aug 16, 2024 Last Updated: Aug 16, 2024 Endpoint Security No Comments
Tweet Share Pin it

10.2.10 Lab – Data Security Challenges

Objectives

  • Part 1: Secure Data at Rest
  • Part 2: Secure Data in Transit
  • Part 3: Secure Data in Process

Background / Scenario

You have just been hired as the IT administrator for XYZ, Inc. This is a new startup company that manufactures and distributes personal protection equipment (PPE) such as masks, gloves, gowns, and more to hospitals and first responders.

The CEO of the company wants to know how you are going to secure the corporate data. Specifically, you must explain how to secure data at rest, data in transit, and data in process.

In this lab, you will be provided with various scenarios related to XYZ, Inc. Each scenario will require that you answer questions regarding securing the data. You can use the course material and internet searches to help answer the questions.

Required Resources

  • 1 PC with internet access

Instructions

Part 1: Secure Data at Rest

XYZ, Inc. can save all of their data using:

  • Direct-attached storage
  • Network attached storage systems
  • Cloud storage

You will investigate these methods for XYZ, Inc.

Step 1: Securing Data Using Direct-Attached Storage Devices

Direct-attached storage is storage (e.g., hard drive or USB flash drive) connected to a host.

What could you do to secure the data on direct-attached storage devices?

Possible answers you might find in your research include the following:

  • Hardware authentication: Ensure only valid users can access the device.
  • Host encryption software: Use software to automatically encrypt all data on the direct-attached storage (e.g., BitLocker drive encryption, Veracrypt, Truecrypt, etc.).
  • Antimalware protection: Protect the host and its data against malware.
  • Routinely backup: Either implement an automatic or manual process to routinely backup the direct-attached storage devices.

Would you recommend direct-attached storage devices for XYZ, Inc.? Explain your answer.

No, you should not recommend direct-attached storage devices for XYZ, Inc. There are a number of reasons why corporate data should not be saved on direct-attached storage devices. You cannot guarantee that each user will secure their data properly. Systems are not typically setup to share data with other computers on their network. Updating firmware and patching applications may not be completed competently. Manual backups may not be performed.

Step 2: Securing Data Using Network Attached Storage Systems

Network attached storage (NAS) devices store data in a centralized location enabling authorized network users access to files and resources. NAS devices are flexible and scalable within a physical location, enabling administrators to increase network capacity as needed.

What could you do to secure the data using network storage devices?

Possible answers you might find in your research include the following:

  • Only authorized users are allowed to access to the NAS.
  • Implement network devices (i.e., firewalls, Intrusion Prevention Systems (IPS)) to monitor traffic to and from the NAS.
  • Implement automatic backup procedures to routinely secure the data.
  • Assign a dedicated IT technician to continually test and monitor the NAS.

Would you recommend NAS devices for XYZ Inc.? Explain your answer.

NAS devices could be used to store corporate data. Security polices and resources can be implemented to properly secure the data. Automated backups can be implemented ensuring backups may be routinely performed. Note that network access is required. However, if XYZ, Inc. has multiple networks and multiple locations, NAS storage is no longer scalable.

Step 3: Securing Data Using Cloud Storage

Cloud providers use data centers to offer data storage solutions to their customers. Cloud storage allows data to be accessed from any authorized user with internet access.

What could you do to secure the data using cloud storage?

Answers may vary. Cloud security is typically provided by the cloud provider. Ensure employee devices are secured (i.e., authorized users only, malware protection, mandatory firmware and patch updates, and more).

Would you recommend cloud storage for XYZ Inc.? Explain your answer.

Answers will vary. Depending on the size and number of locations for XYZ, Inc. you might recommend cloud storage for corporate data. Cloud storage is also an ideal method for backing up corporate data that is stored on-sight, such as in a NAS or the corporate-owned data center. However, most new start-ups today opt to store all their data in the cloud to save on the capital expense and time it takes to stand up a physical data storage solution. Use access to cloud storage services must be secured through identity and access management (IAM) procedures.

Part 2: Secure Data in Transit

XYZ, Inc. will implement:

  • A wired and a wireless (Wi-Fi) network in the corporate location.
  • Data transfer over the internet between a central site location and branch site location.

Each of these methods involve data in transit. In this part, you will investigate how to secure data in transit.

Step 1: Securing Data in Transit

Data in transit involves sending information from one device to another. Protecting data in transit poses challenges. There are numerous ways to transmit information between devices. Wireless networks are often deployed to provide easy network access to corporate users. Those users then access corporate data.

What could you do to secure the wireless data in transit?

Possible answers you might find in your research include the following:

  • User authentication: You should implement user authentication to ensure only authorized users have access to the wireless network.
  • Enable wireless encryption: Most wireless networks support WPA2 and WPA3 security using AES encryption.
  • Monitor the wireless network: Routinely monitor the wireless for rogue wireless access points and devices that may interfere with the wireless signal.

Step 2: Securing Data Over the Internet Between Two Corporate Sites

Multi-site organizations often deploy site-to-site virtual private networks (VPNs) to secure traffic between sites.

What could you do to protect the confidentiality of data in transit between two corporate sites?

Answers will vary but implementing an IPsec or SSL VPN using strong encryption (i.e., AES) is the most common solution.

What could you do to protect the integrity of data in transit between two corporate sites?

Answers will vary. However, deploying data integrity systems (i.e., hashing using SHA-2) that test the integrity and authenticity of transmitted data would protect the integrity of the data.

What could you do to protect the availability of data in transit between two corporate sites?

Answers will vary. However, implementing mutual authentication systems requiring the user to authenticate to the server and requests the server to authenticate to the user. This way, a user’s device can tell when it is being contacted or it is receiving data requests from unauthenticated, rogue systems.

Part 3: Secure Data in Process

XYZ, Inc. wants to avoid a data entry problem that one of its competitors encountered a few months earlier. The competitor had a disgruntled employee manually change their advertised prices of popular PPE devices to ridiculously lower prices. The error resulted in thousands of dollars in lost revenue.

What could you do to avoid the data entry problem that occurred at the competitor?

Answers may vary. A data entry policy can be enabled that requires a supervisor to review and approve any price changes.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments