Proposal To Improve Security Of IT Systems In UOTC Inca PR

A Proposal To Improve Security Of It Systems In Uotc Inca Proposal To

A Proposal to Improve Security of IT Systems in UOTC Inc. A proposal to enhance cybersecurity measures based on recent audit findings, addressing deficiencies in the wireless network, application and access controls, data encryption, operating systems, antivirus/malware protection, and firewall security to safeguard organizational assets.

Paper For Above instruction

Introduction

The rapid evolution of digital technology and the increasing sophistication of cyber threats necessitate continuous improvement and updating of an organization’s cybersecurity infrastructure. The University of Ottawa Training Center (UOTC Inc.) has recently conducted internal audits revealing critical vulnerabilities across its IT systems. This paper proposes comprehensive measures to rectify these issues, focusing on wireless network security, application access controls, data encryption practices, operating system updates, antivirus/malware defenses, and firewall policies. Implementing these recommendations will significantly bolster UOTC Inc.'s cybersecurity posture, safeguarding its systems from external and internal threats.

Wireless Network Security Enhancement

The first identified weakness pertains to UOTC Inc.’s wireless network, which currently relies on Wired Equivalent Privacy (WEP), a protocol widely regarded as obsolete due to its critical security flaws. WEP's short initialization vector (IV) leads to repeated usage, making encryption vulnerable to cryptanalytic attacks, such as those demonstrated by Fluhrer, Mantin, and Shamir (2001). Moreover, WEP’s authentication mechanisms are easily forged, enabling unauthorized access by malicious actors (Juwaini et al., 2015). Additionally, the proximity of nearby coffee shops providing free Wi-Fi increases the risk of external attackers exploiting the network.

To mitigate these vulnerabilities, a transition to more robust security protocols is essential. Replacing WEP with Wi-Fi Protected Access II (WPA2) or WPA3 would markedly improve security by employing the Advanced Encryption Standard (AES) encryption and robust authentication processes. WPA3, the latest standard, incorporates Simultaneous Authentication of Equals (SAE), providing a more secure handshake against offline dictionary attacks (Cisco, 2020). An immediate step would be to disable WEP and implement WPA2 as a minimum standard, ensuring encrypted data transmission and secured authentication.

Moreover, considering the current hardware constraints, substituting the existing encryption with an improved protocol such as the Linear Feedback Shift Register (LFSR), as suggested by Juwaini et al. (2015), could bolster WEP-like encryption temporarily until hardware upgrades are feasible. However, for long-term security, WPA3 compatibility should be prioritized, minimizing data breaches and reducing exposure to rogue access points.

Benefits:

Upgrading to WPA2 or WPA3 would prevent common Wi-Fi attacks like packet sniffing, data injection, and unauthorized network access. It would ensure data confidentiality and integrity, especially crucial when sensitive organizational information is transmitted over wireless channels.

Application and Access Control Improvements

The internal audit exposed a critical flaw: UOTC Inc. grants all users full administrative privileges across all applications, including critical and sensitive systems. Such a permissive access model heightens the risk of insider threats, accidental data leaks, and malware propagation, aligning with the findings by Zadelhoff (2016). To address this, implementing a layered, dynamic access control strategy is imperative.

This strategy would involve adopting Role-Based Access Control (RBAC), ensuring only designated personnel, mainly management, possess administrative privileges. Regular audits should verify adherence to access policies, and multi-factor authentication (MFA) should be enforced for all high-privilege accounts to reduce risk further (Amoroso, 2011). Additionally, applying the principle of least privilege ensures users only access functions necessary for their roles, minimizing potential attack surfaces.

Furthermore, segmentation of the application environment from the operating system layer is recommended. Critical applications should be hosted on secured, isolated environments with restricted administrative access, controllable solely via management (Chen & Jang-Jaccard, 2018). Automated access management tools can facilitate real-time monitoring, logging, and prompt revocation of privileges when anomalies are detected.

Benefits:

Implementing layered, role-based access controls restricts internal threats and reduces the risk of privilege escalation attacks. It fosters accountability, auditability, and compliance with cybersecurity standards like ISO 27001.

Data Encryption Upgrades

The third identified vulnerability involves outdated cryptographic practices, notably the continued use of the Data Encryption Standard (DES). Discredited as an insecure algorithm by the U.S. National Institute of Standards and Technology (NIST) in 2005, DES’s 56-bit key size makes it particularly susceptible to brute-force attacks (Barker, 2016). Transitioning to stronger encryption algorithms is vital to protect sensitive data.

The recommendation is to replace DES with Triple Data Encryption Algorithm (3DES), also known as TDEA, which utilizes three independent keys, effectively increasing key length and security. However, modern standards advocate for adopting Advanced Encryption Standard (AES), which offers superior security and performance. AES encryption with 128-bit or higher keys should be adopted across all data repositories and during data transit (NIST, 2001).

Implementing AES encryption aligns with best practices outlined by the National Institute of Standards and Technology, offering resilience against contemporary cryptanalytic attacks (Amoroso, 2011). Additionally, robust key management policies must be established to prevent key compromise, including regular key rotation and secure storage mechanisms.

Benefits:

Upgrading cryptographic algorithms ensures confidentiality, integrity, and compliance with industry standards, significantly reducing the risk of data breaches and unauthorized data disclosures.

Addressing Second Report Findings

In addition to the above, the second report identified critical issues concerning operating systems, antivirus software, and firewall configurations. These vulnerabilities pose immediate risks that require urgent intervention.

Operating System Upgrade:

UOTC Inc.’s reliance on outdated Microsoft Windows XP is a significant security hazard. Windows XP ceased support from Microsoft in 2014, meaning no further security updates or patches are provided, leaving systems exposed to malware, ransomware, and zero-day vulnerabilities (Microsoft, 2014). Upgrading to supported Windows versions, such as Windows 10 or Windows 11, will ensure ongoing security updates, vulnerability patches, and compatibility with modern security tools.

The upgrade process must include comprehensive testing, user training, and data migration protocols to minimize operational disruption. Moreover, the migration to newer OS versions should incorporate endpoint protection and network segmentation strategies for added security.

Antivirus and Malware Protection:

The current antivirus solution significantly underperforms, detecting only about 10% of threats and impacting system resources by 40%. A move toward advanced, cloud-based endpoint detection and response (EDR) solutions, such as CrowdStrike Falcon or Symantec Endpoint Security, would provide real-time threat detection with higher accuracy (Davis et al., 2020). These tools leverage artificial intelligence and behavioral analytics to identify threats proactively, reducing false positives, and lowering system overhead.

Firewall Reconfiguration:

The existing stateless firewall is inadequate for modern network security, which demands stateful inspection capabilities. Upgrading to a stateful firewall, such as Cisco ASA or Palo Alto Networks PA series, would enable continuous monitoring of network connections, review of packets based on connection states, and better detection of malicious activities. Implementation of Intrusion Detection and Prevention Systems (IDPS) complements firewall functions, providing layered defense (Scarfone & Mell, 2007).

Benefits:

Upgrading operating systems ensures compatibility and ongoing security support (Microsoft, 2014). Advanced antivirus solutions improve threat detection rates, and stateful firewalls with IDPS capabilities strengthen perimeter security, collectively defending against a spectrum of cyber threats.

Conclusion

The security vulnerabilities identified in UOTC Inc.’s recent audits signify critical gaps that, if unaddressed, could lead to significant organizational disruptions, data breaches, or regulatory non-compliance. Transitioning from obsolete protocols and systems to modern, supported security solutions—such as WPA3, AES encryption, updated operating systems, advanced endpoint protections, and stateful firewalls—will create a robust security architecture. These improvements, coupled with layered access controls and rigorous cryptographic policies, support organizational resilience against evolving cyber threats.

Effective implementation of these recommendations necessitates strategic planning, resource allocation, and continuous monitoring. This proactive approach will enable UOTC Inc. to safeguard its critical assets, maintain stakeholder trust, and comply with industry standards and regulations.

References

1. Amoroso, E. G. (2011). Cyber Attacks: Protecting the National Infrastructure. Burlington: Elsevier Inc.
2. Barker, E. (2016, August). Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms. National Institute of Standards and Technology.
3. Cisco. (2020). Wi-Fi Security: WPA3. Cisco White Paper.
4. Davis, J., Smith, R., & Johnson, P. (2020). Modern Endpoint Security Solutions and Threat Detection. Journal of Cybersecurity, 16(4), 123-135.
5. Juwaini, M., Alsaqour, R., Alsokour, O., & Abdelhaq, M. (2015). A review on WEP wireless security protocol. Journal of Theoretical and Applied Information Technology, 40(1), 39-42.
6. Microsoft. (2014). End of Support for Windows XP. Microsoft Official Blog.
7. NIST. (2001). Advanced Encryption Standard (AES). FIPS PUB 197.
8. Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94.
9. Zadelhoff, M. V. (2016, September 19). The Biggest Cybersecurity Threats Are Inside Your Company. Harvard Business Review.