1.

0 Introduction “EMC Cyber”

EMC Cyber’ is a reputed cyber security company based in Colombo Sri Lanka
that is delivering cyber security products and services for the top-level companies of the world.
The company develops cyber security software including firewalls, anti-virus, intrusion detection
and protection, and endpoint security which protecting companies’ networks, clouds, web
applications and emails. They also offer advanced threat protection, secure unified access,
endpoint security and play the role of consulting clients on security threats and how to solve
them. They follow different risk management standards, with the ISO 31000 being the most
prominent.

As EMC Cyber solutions has been asked by Lockhead Aerospace manufacturing

to investigate the security implications of developing IOT based automation applications in their
manufacturing process, audit security risks of implementing web based IOT applications in their
manufacturing process and to propose solutions. EMC has been instructed to use the ISO risk
management standards when proposing the solution.

The following report contains potential cyber security threats to their web site,
applications and infrastructure. The planed solution and implementation of it according standard
software engineering principles are included in the report.

1.1 CIA Triad

The CIA triad is a widely used information security model that guides policies for
information security within an organization to keep its data and information secure. It is a
respected model for the development of security policies as well as for identifying problem
areas, and making necessary solutions.

Following three principles are the base of CIA triad.

1. confidentiality - set of rules that limits access to sensitive information for

unknown parties. Data is categorized according to the amount
 and type of damage that could be done if it fell into the
wrong hands.

2. integrity – It involves in maintaining the consistency, accuracy and

trustworthiness of data over its entire lifecycle. In here nobody
should be able to improperly modify it, either accidentally or
maliciously

3. availability - guarantee of access to the information by authorized people.

Authorized users should be able to access data whenever they need
without any data losses or barriers.

How CIA affect to EMC Company.

EMC cyber is a reputed cyber
security company which supply number of services
for both national and international companies. The
security of the company as well as its products and
services should be in a maximum level. If there are
any loopholes in EMC cyber company if will
affect to the company as well as the interacted
companies who bought their products and services.
CIA triad must be highly concern by this company
Figure 1 CIA triad
to ensure its security. If one or more principles in
this triad is violated; data leakage, system attacks, account hijacks, take down of website
maliciously, or any number of other security incidents may occur.

This company have various sectors in both security products and services. They
must evaluate threats and vulnerabilities based on the potential impact they have on the
confidentiality, integrity, and availability of an organization’s assets and they must implement a
set of security controls to reduce risk within their environment. When the
company make security products and services, depending on the unique security goals of each of
them one of these three principles might take priority over another. organization must decide
how to apply these principles given their unique requirements, balanced with their desire to
provide a continuous and safe user experience.

(Fruhlinger, 2020) (Chai, n.d.)

1.2 What is a security risk?

Security risk contain anything that leads to loss or corruption of data or physical
damage to the hardware and/or infrastructure to an organization and its stakeholders that could
occur due to the threats and vulnerabilities associated with the process. They may cause loss of
data and information, assets, money, reputation, or pay fines and pay compensation to affected
parties. Method that are used in breaching the security of a facility, operation, or system by
exploiting a vulnerability ae called threat agents.

(Williams, 2021)
 Figure 2 risks

Threat
A threat is a new or newly revealed case which have a potential to do harm a to system of
the organization. The main types of threats are natural threats (e.g., cyclone, earth slide,
tsunami), unintentional threats (such as an employee mistakenly adding false information) and
intentional threats (spyware, malware, adware companies, intentional wrong actions of an
employee.

Intentional threats can be categorized in to 4 groups as Interception, Interruption, Transmit

modification and fabrication. Interception is some unlicensed party has gained access to the
network. Interruption is lost or being unusable of the asset in a reason like malicious destruction
of a hardware device. Transmit modification occurs when an unauthorized party accessed and
change, the values in a database, alter a program, modify data electronically or modify hardware.
Fabrication is an unauthorized party might create a fabrication of fake objects on a computing
system by insert of spurious transactions to a network communication system or add records to
an existing database.
There are both Physical and virtual Security threats that can affect EMC Cyber company.

Physical Threat
A physical threat is a possibility of an incident that may result in loss or physical damage to the
computer systems. They may happen by internal, external or human impact.

Internal threats
Internal threats may occur by reasons such as fire, unstable power supply,
improper Wiring or damages in wiring system, by animals such as rats, humidity etc. It may
cause damages for hardware and loss of data and information stored in it, loss of assets and
devices etc. They can be minimized by proper maintenance and frequent monitoring on physical
assets, Backup data in both cloud environment and storage device out of office, using automatic
fire detectors and extinguishers that do not use water to put out a fire, using voltage controllers
and control the humidity in the computer room using air conditioners.

External threats
External threats are threats such as harm by flooding, lightning, earthquakes etc.
Lightning threats can minimize by using, lightning rod, proper lightning detectors and power
breakers. Placing the building in highlands and reduce flooding. Structuring Buildings according
to geographical situations also important.

Human threats are the threats occur by human impact. Robberies of hardware,
Damaging hardware, vandalism of the infrastructure and/or hardware, disruption, accidental or
intentional errors belongs to this. It can minimize by Restrict access to computer rooms for
external parties, CCTV monitoring, allow only few highly trusted persons to access storage area,
use 2 factor authentication for entrance and etc.

Virtual Security Threat

Virtual security threat or a cybersecurity threat is a malicious and measured attack by a party to
gain unauthorized access to another individual’s or organization’s network to damage, disrupt, or
steal IT assets, computer networks, intellectual property, or any other form of sensitive data.
There are number of physical and virtual security risks on EMC cyber company. Some of them
are cloud jacking, ransomware attacks, malware, cross site attacks.

Cloud jacking

Cloud jacking is the process by which cloud computing is infiltrated by a third

party. Once a hacker gets into your company cloud, they may try to reconfigure the cloud code to
manipulate sensitive data, eavesdrop on employees and company
communications, and expand their reach to take control of the
entire cloud.

As a Cyber security company their data security

platforms should include cloud security capabilities such as end-
to-end encryption, application control, continuous data
monitoring, and the ability to control or block risky data activity
based on behavioral and contextual factors involving the user,
Figure 3 cloud hijack event, and data access type. Even they have taken the best
security measures at the time they should frequently update their security measurements and
passwords with the highly changing technology. (Lord, 2018)

Ransomware Attacks
Ransomware installs itself on a user system or network. Once installed, it prevents
access to functionalities (in part or whole) until a “ransom” is paid to third parties. Attackers are
able to purchase ransomware kits on the dark web is becoming easier and they update with the
technology faster with the frequently changing
technology. If this company attacked by these
ransomwares they will experience even greater costs
from downtime and recovery also lose their reputation
as a cyber-security company.

Figure 4 Ransomware Attack

 The prevention tips EMC must take are Maintain backups, develop plans and
policies, Review port settings, keeping anti-virus updated and as they have their own antivirus
guards frequently do research and development in their anti-virus systems. All ways having well
trained employees avoiding malicious links, current backups and replications.

Cross Site Attack

It is also called an XSS attack. In here, a third-party will target a vulnerable
website, typically one lacking encryption. Once targeted the dangerous code loads onto the site.
When a regular user accesses said website, that payload is delivered either to their system or
browser, causing unwanted behavior. It will disrupt standard services or steal user information.

To prevent cross site attacks encryption on the host’s side, providing the option to
turn off page scripts is vital to thwart a malicious payload from activating, install script-blocker
add-ons to their browser can be done. Also the works must take secure tips / avoid using
unknown sites when using working place machines. The employees must be well trained and
well-disciplined even when they use their own devices.

Figure 5 Cross site attack

Weak passwords
EMC Cyber solutions system is a vast secret information system. If a cyber-criminal is logged in,
the information in all accounts is at risk. The whole company and their stakeholders will be at a
risk. The company should use strong password and the employees related to the department or
session have a huge roll in using proper passwords

Unpatched devices

All the hardware devices and software that EMC uses may present an invitation for hackers to
gain entry. Network devices, such as routers, and printers that employ software or firmware in
their operation, yet either a patch for a vulnerability in them was not yet created or sent, or their
hardware was not designed to enable them to be updated following the discovery of
vulnerabilities. This leaves an exploitable device in your network, waiting for attackers to use it
to gain access to your data.

EMC Cyber solutions have a Wi-Fi system and it influences for a risk. According to the
above discussed risk analysis, the company has a high risk of virus infection, a hacker can access
the company data via a Wi-Fi system damage the company. Using a Firewalls strongest
advantage is it effectively isolates computer from external threats. When using a firewall,
network administrators can carefully select the specific ports which receive and transmit data for
various operations, including web browsing, email communication. EMC Cyber also can be used
as a proxy server as a solution. it covers social media such as Facebook, Instagram and
YouTube.
1.3 security procedures for EMC Cyber to minimize the impact of Cyber
security issues

To make sure that EMC cyber companies’ data is safe from attacks from both
internal and external factors technologies, processes, structures, and practices used to protect
networks, computers, programs, and data from unauthorized access or damages. The final goal of
any cybersecurity strategy is to ensure confidentiality, data integrity, and availability.

Figure 6 Risk Managing Process

Framework used to consider the risk assessment and related best practices .

 Develop an organizational understanding to manage cybersecurity risk to systems, people,

assets, data and capabilities.
 Develop and implement proper safeguards to ensure delivery of critical services.
 Develop activities to identity the occurrence of a cybersecurity event.
  Clearly stand activities to take action about a detected cybersecurity incident.
 Maintain plans for resilience and to restore any capabilities or services that were impaired
due to a cybersecurity incident
(Steve Ursillo, 2019)

Security and Risk Management process

For the protection from Malicious Software and External Attacks, the company
needs to be sure it is equipped to deal with a dynamic threat landscape. As this is a cyber-
security company most of the following step have been already taken. But regular updates and
research and development must be done frequently.

 Making more powerful firewalls to protect the system from attack to the organization’s
systems via both internal and external communication links.
 Advanced malware/spyware and web proxy protection solutions
 Anti-spam software protects email inboxes from being clogged by unwanted broadcasted
email.
 Use advance anti-phishing software protects users visiting websites that are designed to
trap user information.
Hardware Maintenance Plans must be implemented. Quickly rectify hardware failures hardware
maintenance contracts should be maintained with hardware suppliers. Critical hardware such as
servers, switches, and backup technologies require quick attention. When contracting following
must be considered.

 Their knowledge and experience with the organization’s hardware and operating system
configuration and application software.
 Proper due diligence, trustfulness and vendor risk management to ensure that the third
party is providing the services based on the company’s expectations.
Benefits of Security and Risk Management process

When managing people, company should establish a plan to mitigate the risk of key
people being unavailable in the event of a system failure and keep backup technicians. Document
the outline of hardware and software applications and keep this up to date is important so that a
new technician can quickly rebuild the system

The EMC Cyber company should have a proper IT governance procedure and they must
implement a formal risk assessment process and develop policies to ensure that systems are not
misused. Continuous training and development to all employees on technology risks should form
part of the organizations risk management framework.

In Security and Risk Management process that maintains the integrity of information and
protection of assets. It includes establishing and maintaining security roles and responsibilities,
polices, standards, and procedures. For the protection of confidential data of IT system of EMC
Cyber company from unauthorized parties’ user account management is important. Rules and
policies must establish for all levels of users and workers and should take procedures to ensure
the timely discovery of security incidents. Effective data management helps ensure the quality,
timeliness, and availability of business data. In here effective actions must be taken to manage
the repositories, data backup and recovery, and proper disposal of media.

EMC Cyber company can have ratified legislation with particular policies, or
issues within a particular policy, to be addressed. System use, e-mail use, internet use and remote
access can have following policies. It will be discussed future.

Even after making every steps mentioned above Insurance should cover the cost
of replacing damaged infrastructure as well as the labor costs to investigate the incident, rebuild
systems and restore data. Consider also insurance for productivity loss resulting from a major
system failure or catastrophic event.
For the above security procedures technologies such as firewalls, VPN can be implemented.
There are several benefits of using them.

What is a Firewall

Figure 7 Firewall

A firewall is a network security device/ software that monitors incoming and outgoing
network traffic and decides whether to allow or block specific traffic based on a defined set of
security rules. They establish a barrier between secured and controlled internal networks that can
be trusted and untrusted outside networks, such as the Internet to protect the important
information.

The main uses of firewalls are defending resources, validate access, manage and control
network traffic, record and report on events and act as an intermediary.

There are mainly 3 types of firewalls depending on their structure.

1. Software firewalls - It is also called host firewall and it is a program installed to the
computer/ device that works through port numbers and other installed software.
 2. Hardware firewalls - It is a physical device that attaches between a computer and a
gateway which act as a barrier for security threats. It can also reffered as an appliance
firewall. Example: - broadband router
3. Hybrid of both software and hardware firewalls.

There are number of firewalls based on their features namely,

 Packet-filtering Firewalls – This is the basic type of firewall and it acts as a controlling
program that monitors network traffic and filters inward packets based on configured
security rules. They block network traffic of IP protocols, IP address, port number if data
packet does not match the established rule-set.

Figure 8 Packet filtering firewall

 Circuit-level Gateways – This is easily configured to allow or block traffic use to ensure
that established sessions are protected. It runs at the session-level of the OSI model by
verifying TCP connections.

Figure 9 • Circuit-level Gateways

 Application-level Gateways (Proxy Firewalls) - Operate at the application layer as an

intermediate device to filter incoming traffic between two end systems. These firewalls
 transfer requests from clients imagining to be original clients on the web-server and
protects the client's identity and other important information, keeping the network safe
from potential attacks.
e.g., network and traffic systems

Figure 10 • Application-level Gateways

 Stateful Multi-Layer Inspection (SMLI) Firewalls - |This include both packet inspection
technology and TCP handshake verification. When a operator starts a connection and
requests data, the firewall creates a state table and store data. Using this stateful
inspection technology, these firewalls create security rules to allow predicted traffic.

Figure 11• Stateful Multi-Layer Inspection (SMLI) Firewalls

 Next-generation Firewalls (NGFW) - These firewalls include deep-packet inspection

(DPI), surface-level packet inspection, and TCP handshake testing, etc.
 Figure 12•Next-generation Firewalls

 Network Address Translation (NAT) Firewalls – These are designed to access Internet
traffic and block all unwanted connections by hide the IP addresses of our devices,
making it safe from attackers.
 Cloud Firewalls
 Unified Threat Management (UTM) Firewalls.

firewall Policy
A firewall policy orders how firewalls should handle network traffic for specific IP addresses
and address ranges, protocols, applications, and content based on the organization’s information
security policies. Firewalls should block all inbound and outbound traffic that has not been
expressly permitted by the firewall policy.

(Lutkevich, 2021)

Implementing Firewall to EMC Cyber Company.

EMC Cyber Company is a Huge multinational security company. It must have a huge security
because the number of international companies’ security depend EMC companies’ security.

EMC Company must have both Hardware firewalls and Software firewalls to ensure its security.
The instances they use depend on the structure and the departments of the company.
Also the company should mainly use Proxy firewalls, SMLI firewalls in whole company. Other
than that depending on department and activities Cloud firewalls, NG firewalls are also used.
Specially for EMC cloud storage services using cloud firewalls is efficient. sing cloud firewalls
is efficient. (team, 2020)

Virtual private network (VPN)

Figure 13 VPN provides

VPN covers a communal system through encrypted connections through Internet and traffic
remains private as it travels. An operative can work at home and still securely connect to the
trade network. VPN is a Secure tunnel between two or more devises to prevent from web traffic,
snooping, interference, and censorship.

A VPN uses data encryption and other security mechanisms to prevent unauthorized users
from accessing data, and to ensure that data cannot be modified without detection as it flows
through the Internet. It then uses the tunneling process to transport the encrypted data across the
Internet. (Shayne, 2020)

There are mainly 2 types of VPN namely,

  Remote access VPN – It securely connects endpoint devices such as laptops, tablets
and smartphones outside of the office. VPN technology allows security checks on
endpoints to make sure they meet a convinced position before connecting

Figure 14 remote access VPN

 site-to-site VPN. – It connects the head office to branch offices over the Internet
instances like when distance makes it unrealistic to have direct network connections
between these offices. Special equipment is used to establish and maintain a
connection.

Figure 15• site-to-site VPN

VPN Policy
VPN policy is a set of rules that includes how to use this secure tunnel so it’s easy to handle
this tunnel. This is an application that is designed to control the web traffic from snooping,
interference and censorship. In VPN,

 Access VPNs provide remote users with reliable access to corporate networks.
 Intranet VPNs allow branch offices to be linked to corporate headquarters in a secure
manner.
2.1 Potential impact to the organization when there is an improper
firewall system and VPN.

How improper firewalls and VPNs impact to the EMC company

EMC is a well reputed Cyber solution provider in Sri Lanka. They provide
security products for both national and international companies. There main market is on security
software including firewalls, anti-virus, intrusion detection and guard, and endpoint security.
Also EMC Cyber is protecting companies’ networks, clouds, web applications and emails. When
working with them installing and continuous update of firewalls and VPNs is very important.

When working with international companies

networks some unauthorized accesses can be
attacked to the network system, not only that some
other private networks also can attack to the network
system. When it gets attacked by other accesses,
they can get important information of EMC
Figure 16 VPN technology
company, specially by the competitors of both EMC
Cyber Solutions and competitors of the clients who take security service from them. If those
competitors get the details about the company it’s a huge risk to the company and its clients both
financially and non-financially. To prevent these kinds of risks the firewalls are very important
to install. The firewalls must be continuously updated and developed with the latest technology.
And if there are improper firewalls also, we have to face these risks

Individuals, businesses, corporations, and even governments are facing a real

challenge in staying safe online. EMC Cyber also facing same problem even it is a cyber-security
company. A VPN helps protect EMC business tactics by hiding all the online activities and
ensuring that they are encrypted and secured from prying eyes. Existing without or an improper
VPN there might have web traffic, snooping and interference by these webs traffics transaction
can’t do properly it may buffer. From the improper VPNs the reputation of the EMC company
might get damaged because of that we have to install proper VPN. (shayne, 2019)

Network Monitoring System and its’ importance

Network monitoring is a computer network's organized effort to separate slow or

failing network mechanisms, such as overloaded or stopped servers, failing routers, failed
switches or other difficult devices. In a network hindrance the network monitoring system alerts
the network administrator.

Figure 17Network Monitoring System

Network monitoring mostly used to identify whether a given web server is operative and
connected properly to networks worldwide. Benefits in Network monitoring system for EMC
Cyber are,

 Protecting EMC network against attackers – It identify doubting traffic, there by

authorizing owners to act fast. It provides a broad overview of an EMC’s entire IT
infrastructure, so that nothing is misused.
 Keeping Informed without in-house staff – A network monitoring service will send
warnings and information to EMC when an issues arise. Data breaches can be More
harmful and more expensive the longer they go without being noticed.
  Optimizing and monitoring EMC network – With the changes done in EMC Cyber
continuously the network security must be optimized according to that. Also it should be
continuously monitored with the technological development.
 Network monitoring services will map out the infrastructure and show the area of
development and any issues that currently need to be addressed.

2.2 Trusted network system

A trusted network is a network of devices that are connected to each other, open only to
authorized users, and allows for only secure data to be transmitted. A Trusted Network System
architecture uses current standards, protocols and hardware plans to implement “trust.” Trusted
Network System deliver vital security services such as user authentication, complete network
device admission control, end-device status checks, policy-based access control, traffic filtering,
automated remediation of non-compliant devices and auditing.

DMZ (demilitarized zone)

Figure 18 DMZ
 A host or another network system that exists as a secure and intermediate network
system is a DMZ. It is mainly used to safe an internal network from communication with and
abuse and access by external nodes and networks. DMZ can be a logical sub-network, or a
physical network substitute as a safe bridge between an interior and exterior network. If an
attacker plans to breach or attack an organization’s network, a successful attempt will only result
in the compromise of the DMZ network, not the core network behind it.

The two major methods to construct a network with a DMZ are a single firewall, and dual
firewalls. Each of these system can be expanded to create complex architectures built to satisfy
network requirements:

Single firewall: It involves using a single firewall, with a minimum of 3 network interfaces.
The DMZ will be placed Inside of this firewall. The external network device makes the
connection from the ISP, the internal network is connected by the second device, and
connections within the DMZ is handled by the third network device.

Dual firewall: Two firewalls use to create a DMZ and is the more secure method. Frontend
firewall is configured to only allow traffic destined for the DMZ. The backend firewall is only
responsible for the traffic that travels from the DMZ to the internal network. While more
effective, this scheme can be costlier to implement across a large network.

benefits
A DMZ provides additional security for EMC from external attacks, but can’t
help on internal attacks such as sniffing communication via a packet analyzer or spoofing. DMZ
helps ensure the safety of the internal database, which is often storing sensitive information. The
web servers can then interact with internal database server through an application firewall or
directly, while still falling under the umbrella of the DMZ protections. When an email server will
be built or placed inside the DMZ in order to interact with and access the email database without
directly exposing it to possibly harmful traffic.
static IP

A static IP address is simply an address that doesn't change.

Static IP addresses are assigned by Internet Service
Providers and once the device is assigned a static IP
address, that number typically stays the same until the
device is withdrew or the network architecture changes.
Static IP addresses generally are used by servers gaming
services, website hosting or Voice over Internet Protocol
(VoIP or other important equipment. A static IP address
may be IPv4 or IPv6. According to a static address is

Figure 19 static ip
constant, systems with static IP addresses are vulnerable to
data extraction and higher security risks.

Advantages of Static IPs

Static IP addresses are much easier to set up and manage with DNS servers and when EMC
company is hosting a web server, email server, or any other kind of server, having a static IP
address makes it easier for customers to find you via DNS. Also a static IP address makes it
easier to work remotely using a VPN or other remote access programs. With a static IP address,
services can match the IP address with its physical location.

Disadvantages of static IPs

Even there are number of advantages for EMC Cyber it has some disadvantage related to cost
and security. Static IPs are more hackable because hackers know exactly where your server is on
the Internet. That makes it easier for them to attack it. A powerful security system can
avoid/minimize the risk. ISPs generally charge more for static IP addresses, particularly with
consumer ISP plans. Another main disadvantage with static IP is anyone with the right network
tools can find where employee and the computers are located. Using a proper VPN can avoid
that risk.

NAT (Network Address Translation)

Figure 20 NAT

Network Address Translation is the procedure where a network device, usually a firewall,
allocates a public address to a computer inside an isolated network. It’s a way to map multiple
local private addresses to a public one before transferring the information.

NAT is used to limit the number of public IP addresses an organization or company must use, for
both economy and security purpose. However, to access resources outside the network, like the
internet, these computers have to have a public address in order for replies to their requests to
return to them. The Benefits of Network Address Translation are reuse of private IP addresses,
enhance security for private networks by keeping internal address private from the external
network, connecting a large number of hosts to the global internet using a smaller number of
public IP address, there by conserving IP address space.