Describe Cybersecurity Knowledge

Test Plan for GTC Network Environment and Risks

Current Network Environment

By analyzing the GTC network environment over the past few weeks. Using multiple network scanning and vulnerability assessment tools, it was observed that the current network setup and security practices are robust, but also, there are critical vulnerabilities that make them vulnerable to cyber risks.

The network uses a Windows AD structure of a domain for centralized user authentication and resource access controls. However, the legacy of OS and software versions is still widely used across clients and servers, which are likely to have no latest security patches (Mitchell & Chen, 2020). A centralized, firm password policy has been configured for the domain, but password strength rules are not evenly applicable across all credentials. Even though a next-generation firewall controls traffic at the network perimeter and the internal network is segmented, misconfigurations authorize movement between internal systems. Protection against endpoints is achieved via the Windows Defender Antivirus. However, its functionalities of detecting advanced malware threats are weak. Backups made with the help of Veeam give data availability and ensure speed of restoration, but there are no isolation protections in the backup storage.

A third-party penetration test confirmed many of these findings by taking over domain administrator access through the same compromised local admin account, exhibiting that the current controls would not stop or catch hidden attacker from full compromise of the sensitive systems and data on the internal network. Overall, as many best practices have been carried out by GTC, but inconsistently structured patches, violating strict enforcement policies, firewall rulesets, host-based defenses, and monitoring systems create room for vulnerabilities that could result in data breaches.

Summary of Network Risks

The worst risks the GTC network faces today include malware designed to lock operations, insider threats from stolen accounts, data exfiltration of personal data, and destructive cyber-attacks that manipulate medical equipment to harm patients. Specific vulnerabilities that serve as risk vectors are summarized below: Specific vulnerabilities that serve as risk vectors are outlined below:

Outdated Software & Systems: Even though Microsoft will no longer be releasing updates for legacy Windows 7 clients and Windows Server 2008 R2 systems, their attacks provide opportunities for adversaries to penetrate these holes, become privileged, and install backdoors (Pekárek & Máchová, 2019). An initial audit unveiled multiple devices with platforms that were already outdated and had their end of life.

Weak Credentials: With a tightly coupled Active Directory password policy set up, some exceptions for service accounts and differences between users were detected. Within a few minutes, the third-party penetration test had used one of her weak passwords to become more privileged. Credit hygiene is a common first vector in attack (credential hygiene remains prevalent).

Misconfigurations: The client machines and the servers used unnecessary services on the network, which increased the attack surface. Moreover, misconfigurations on firewalls allow the attackers to move inside the systems in a side-by-side fashion if the systems are compromised and do not restrict intruders. The least privilege principle of least privilege needs to be adhered to in GTC’s security architecture in terms of keeping settings tightly calibrated.

Legacy AV Defenses: Windows Defender Antivirus does not possess the heuristics and machine learning abilities that ~current tools for next-generation endpoint detection and response (EDR)~ apply to produce dynamic defenses updated with the new tactics and signatures of malware (Hoffman, 2021). Possible GTC data leak through the failure to identify modern and sophisticated malware strains.

Internet Threats: Thanks to geographically remote workers and broad web-based tool use, GTC experiences thousands of daily Internet demands for the services of email, websites, and clouds (Rumee et al., 2021). Those interactions will lead to an increase in users falling for phishing emails and providing their credentials, drives-by webpages introducing malware, and attacks against unprotected data streams in the cloud.

To counteract these risks, the Test Plan’s recommendations strive to implement controls in terms of foundations like up-to-date and hardened assets through timely patching and configuration fixes, applying least-functionality limitations, deploying multiple next-generation defense layers, providing proactive monitoring and response features, and training users as a vital defense layer while maintaining regularly validated restorative backups. Uphold these cyber risk management principles as foundational security measures, and will substantially improve GTC’s ability to withstand advanced threats.

Recommendations

Based on the risks and vulnerabilities identified through an extensive evaluation of GTC’s network environment using various tools and techniques, the following controls and recommendations are provided to mitigate the significant security gaps that currently exist:

1. Software and Hardware Upgrades

• Migrate all Windows 7 and Server 2008 platforms to the supported platforms with extended security updates such as Windows 10 and Windows Server 2019. Patch currencies have to be sustained.
• Put the clients on Windows 10 and the servers on Windows Server 2019 for the similar security capa,bilities and for t,he patching of the servers which is ,easier.
• We will replace the old medical equipment running on the outdated operating systems with updated versions to keep the vendor’s ability to provide security updates.

2. IDs and Access Controls

• Implement entail 15+ character complex passwords with complexity requirements applied to the accounts through Group Policy. Demand password changes to be carried out every 60-90 days.
• Enable MFA on the server/service accounts and externally accessible services like VPN and email.
• Ensure administrative credentials are only delivered using the principle of least privilege where it is based on the defined responsibilities and to minimize the attack surface.

3. Network Protections

• Prioritize the fix of firewall misconfigurations (e.g. left unblocked ports) which allow lateral movement across network zones. Distinguish IT resources from medical tools, bed management systems, and EHR databases in an orderly fashion.
• Secure wireless access points requiring complex passphrases, the most recent encryption standards using WPA3 , and traffic filtering rules providing isolation of guest networks.
• Place next-generation firewalls at the network periphery and the edge and core boundaries to provide a deeper inspection for network traffic.
• Integrate a system of intrusion prevention (IPS) providing the running-time detecting and blocking of the possible breach-attempts through the networking activities that appear as suspicious.

4. Host Defenses

• Switch from Windows Defender to a commercial systems-level EDR platform like CrowdStrike, SentinelOne or Cybereason.
• Deployed applications have execution policies that allow only executable code and scripts authorized to run.
• Follow Group Policy Object (GPO)-based image standardization of images for workstations, hardening them to a secure baseline mode.

5. Security Operations

• Extend monitoring by introducing a Security Information and Event Management (SIEM) solution for consolidating and correlating data from across systems.
• Formulate response plans and procedures for different breach types on the basis of risk assessments.
• Compel all employees attend mandatory cybersecurity awareness training that will help them to understand how to identify phishing emails, correctly sanitize data inputs, follow data handling procedures and other best practices.

The GTC can achieve a complete and thorough response to the weaknesses identified by the inspection of current networks and security controls by applying these tested recommendations that are based on cybersecurity best practices. (Ray et al., 2020). Doing the above-mentioned prioritization will make GTC resilient enough to ward off the highly sophisticated threat landscape facing healthcare organizations presently.

References

Hoffman, C. (2021). Medical device cybersecurity challenges and promising solutions. IEEE Pervasive Computing, 20(1), 58-66.

Mitchell, R., & Chen, Y. (2020). Standardizing Healthcare Cybersecurity Practices and Supply Chains to Address Patient Safety. IEEE Engineering Management Review, 48(3), 116–120.

Pekárek, M., & Máchová, R. (2019). Threat Detection and Analysis in Medical Cyber-Physical Systems. IEEE Access, 7, 14572-14589.

Ray, A., Parashar, A., & Khatter, K. (2020). Ten Deadly Cyber Security Threats Amid COVID-19 Pandemic. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), 1–6.

Rumee, S., Kamal, A., & Kamruzzaman, J. (2021). A review of healthcare cybersecurity frameworks: Issues and challenges. Security and Privacy, 4(5), e143.