diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/Final-Report.typ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/Final-Report.typ
new file mode 100644
index 0000000..1a79032
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/Final-Report.typ
@@ -0,0 +1,568 @@
+#let gold = rgb("#ffc500")
+#set text(font: "Calibri", size: 12.5pt)
+#show link: set text(blue)
+#show cite: set text(.8em, blue)
+#let gradient_fill = (
+ color.hsl(230deg, 60%, 20%),
+ color.hsl(225deg, 60%, 15%),
+ color.hsl(220deg, 60%, 15%),
+ color.hsl(220deg, 60%, 15%),
+ color.hsl(220deg, 60%, 15%),
+ color.hsl(220deg, 60%, 15%),
+ color.hsl(210deg, 60%, 15%),
+ color.hsl(210deg, 80%, 20%),
+)
+
+#set heading(numbering: "1.1.")
+#let heading-block-inset = (x: 8pt, y: 8pt)
+#show heading.where(level: 1): it => (
+ context {
+ if counter(heading).get().first() != 1 {
+ pagebreak()
+ }
+ block(
+ inset: heading-block-inset,
+ radius: 100%,
+ fill: gold,
+ text(
+ font: "Roboto",
+ fill: black,
+ size: 1.2em,
+ tracking: .1pt,
+ weight: "black",
+ )[#it],
+ )
+ }
+)
+
+#let navy = rgb("#00265E")
+#show heading.where(level: 2): it => {
+ block(
+ inset: heading-block-inset,
+ radius: 100%,
+ fill: navy,
+ text(
+ font: "Roboto",
+ fill: white,
+ size: 1.15em,
+ weight: "bold",
+ )[#it],
+ )
+}
+#show heading.where(level: 3): it => {
+ block(
+ inset: heading-block-inset,
+ radius: 100%,
+ fill: red.darken(50%),
+ text(
+ font: "Roboto",
+ fill: white,
+ size: 1.125em,
+ weight: "bold",
+ )[#it],
+ )
+}
+
+#show heading: it => {
+ v(1em)
+ it
+ v(1em)
+}
+
+#let shieldnet_font = "IBM Plex Sans"
+#let title = [NARO, INC. Cybersecurity Assessment Report]
+#set page(
+ "us-letter",
+ margin: (x: 1in, top: 1.2in, bottom: 1.25in),
+ header: context if here().page() > 1 {
+ align(
+ center + horizon,
+ box(
+ width: page.width + 4em,
+ height: 100%,
+ fill: gradient.linear(..gradient_fill),
+ [
+ #place(left + horizon, dx: +page.margin.left)[
+ #text(
+ size: 1.1em,
+ fill: gold,
+ font: shieldnet_font,
+ weight: "black",
+ )[SHIELDNET CYBERSECURITY],
+ #text(size: 1.1em, fill: white)[#title],
+ ]
+ #let icon_size = 45%
+ #place(
+ right + horizon,
+ dx: -page.margin.left,
+ box(
+ baseline: icon_size,
+ image(
+ "./assets/shieldnet-logo-7.svg",
+ height: icon_size,
+ fit: "contain",
+ ),
+ ),
+ )
+ ],
+ ),
+ )
+ },
+ footer: context if here().page() > 1 {
+ text(
+ size: 0.8em,
+ fill: color.luma(35%),
+ [
+ #v(1.5em)
+ ShieldNet Cybersecurity
+ #h(1fr)
+ #{
+ here().page()
+ }
+ #align(
+ center + bottom,
+ block(
+ width: page.width,
+ height: 20%,
+ fill: gradient.linear(..gradient_fill),
+ ),
+ )
+ ],
+ )
+ },
+)
+
+#let weakness(title: none, justification: none, mitigation: none) = [
+ *#title*\
+ #block(inset: (
+ left: 2em,
+ ))[#underline[Justification]: #justification]
+
+ #block(inset: (
+ left: 2em,
+ ))[#underline[Mitigations]: #mitigation]
+]
+
+#let strength(title, ..strengths) = {
+ [*#title*]
+ block(inset: (left: 1em), list(..strengths))
+}
+
+#let observation(title, description, recommendation) = [
+ *#title*\
+ #block(inset: (
+ left: 2em,
+ ))[#underline[Description]: #description]
+
+ #block(inset: (
+ left: 2em,
+ ))[#underline[Recommendation]: #recommendation]
+]
+
+// COVER PAGE
+
+#set page(background: context if here().page() == 1 {
+ box(
+ fill: gradient.linear(angle: 60deg, ..gradient_fill),
+ width: 100%,
+ height: 100%,
+ )
+
+ place(
+ top + center,
+ rect(
+ width: 100%,
+ height: 100%,
+ fill: pattern(
+ size: (18pt, 18pt),
+ place(
+ dy: 3pt,
+ dx: 1pt,
+ circle(
+ radius: 3.5pt,
+ fill: blue.darken(65%),
+ ),
+ ),
+ ),
+ ),
+ )
+
+ let globe = read("./assets/globe-thick.svg").replace(
+ "#000000",
+ blue.darken(40%).to-hex(),
+ )
+ place(
+ bottom + right,
+ dy: 70pt,
+ dx: 120pt,
+ rotate(-20deg, image.decode(globe, height: 600pt)),
+ )
+
+
+ let darken_amount = 30%
+ place(
+ top + right,
+ stack(
+ dir: btt,
+ ..{
+ let rect_height = 30pt
+ (
+ rect(
+ width: 50pt,
+ height: rect_height,
+ fill: red.darken(darken_amount),
+ ),
+ rect(
+ width: 75pt,
+ height: rect_height,
+ fill: gold.darken(darken_amount),
+ ),
+ rect(
+ width: 100pt,
+ height: rect_height,
+ fill: blue.darken(darken_amount),
+ ),
+ )
+ },
+ ),
+ )
+
+ place(
+ horizon + left,
+ rect(
+ fill: blue.darken(darken_amount),
+ height: 100%,
+ width: 8pt,
+ ),
+ )
+
+})
+
+#context {
+ let icon_size = 36pt
+ place(
+ left + top,
+ align(
+ horizon,
+ grid(
+ columns: 2,
+ column-gutter: 5pt,
+ image(
+ "./assets/shieldnet-logo-7.svg",
+ height: icon_size,
+ fit: "contain",
+ ),
+ text(
+ size: 1.6em,
+ font: shieldnet_font,
+ fill: gold,
+ weight: "black",
+ )[SHIELDNET\ CYBERSECURITY],
+ ),
+ ),
+ )
+ place(
+ center + horizon,
+ box(
+ width: page.width,
+ text(
+ font: "Roboto",
+ size: 5em,
+ fill: blue.lighten(75%),
+ weight: "black",
+ )[#title],
+ ),
+ )
+
+ place(
+ left + bottom,
+ dy: +8%,
+ text(
+ size: .75em,
+ fill: white,
+ style: "italic",
+ )[ShieldNet Cybersecurity _|_ Prepared for NARO, Inc.],
+ )
+}
+#pagebreak()
+
+
+#set par(
+ leading: 1.2em,
+ spacing: 2.25em,
+)
+// Actual Content
+= ABSTRACT
+
+ShieldNet Cyber Security was contracted by NARO, Inc to conduct a cybersecurity audit on its organization. NARO, a small business that specializes in Electric Vehicle (EV) technology, is a non-profit conducting research and development on a small-footprint solar-based vehicle charger that could be installed in apartment complexes. Given the technical nature of the organization’s activities, it’s fitting that employing adequate cybersecurity measures will ensure the continued and sustained operation of their business, which is currently 35 employees strong. ShieldNet took on the task of evaluating the organization’s cybersecurity to find their weaknesses, and provide fixes to maintain their security in the future.
+
+ShieldNet was given an overview of operations by NARO to assist in understanding how and where they were likely to be exploited. This included information ranging from the physical office spaces to wireless infrastructure and a run-down of NARO’s outsourced IT contractor. ShieldNet also provided NARO with an Audit Checklist to help gauge, at an objective level, where it lies in terms of cybersecurity practice. This helped ShieldNet understand where the organization was putting its effort into keeping their organization secure, and what may need consideration for the future.
+
+Despite the efforts made by NARO to secure their organization, ShieldNet discovered various variabilities that posed a threat to their information integrity. Some were physical, such as the physical offices potentially allowing unauthorized entry, while others were digital, such as the existence of unencrypted backups. The organization had made more than minimal efforts to ensure security, however there are errors that need correction.
+
+We recommend that NARO follow-up this assessment with another audit as soon as six months following its conclusion, or as late as a year. ShieldNet stresses that while improvements to NARO’s security handling can help in the short-term, it’s important for the long-term that NARO maintains the process of evaluating its cybersecurity so it can stay ahead of threats to its organization. It is here we’d like to thank NARO, Inc for its cooperation with our auditing practices, especially William Donaldson III, who’s insight and dedication to the project allowed us to conduct our best work in uncovering critical flaws that needed immediate addressing.
+
+= TABLE OF CONTENTS
+#par(leading: .75em, outline(title: none, indent: 1.25em))
+
+= INTRODUCTION
+
+This section lays out the background, the reasons why NARO chose to undergo a cybersecurity assessment, the scope of the assessment, what was and wasn't evaluated during the assessment, and finally the organization of this report.
+
+== Background
+
+Cybersecurity threats have been expanding targets to include energy infrastructure and energy research companies. As a result, the Department of Energy’s (DOE) Office of Energy Efficiency and Renewable Energy (EERE) delivered a report to congress in May of 2021 to improve cybersecurity among energy companies. Due to this, NARO, Inc. (NARO) contracted with ShieldNet to undertake a cybersecurity assessment in the wake of increasing scrutiny from the DOE’s EERE surrounding NARO’s solar energy technologies.
+
+== Scope
+
+ShieldNet was tasked with investigating the internal and external properties of NARO to address its cybersecurity capabilities. This encompassed various physical and technical aspects of the organization, from a white-box perspective. ShieldNet was provided with significant insider knowledge of the organization to assist in the assessment. While a black-box approach might represent a more real-world scenario, a white-box approach allowed our team to skip particular nuances that would otherwise slow down other attackers. This also allowed ShieldNet to provide an over-encompassing analysis of NARO’s various infrastructures, allowing it to improve a vast array of its infrastructure in a single assessment. From a technical perspective, ShieldNet employed various forms of assessment methodologies, all of which were agreed upon by NARO in advance. None of the methodologies utilized by ShieldNet compromised the security of any NARO systems, employees, customers, or technologies in any significant way. The goal was to reveal lapses in NARO’s security and provide means to improve it, not cause harm or obtain information that ShieldNet does not need to possess (i.e employee’s private information from phishing attempts).
+
+== Report Organization
+
+The remaining content within this report is organized as follows: Section 2 provides an overview of NARO’s systems. Section 3 breaks down the methodologies employed by ShieldNet during our cybersecurity assessment and section 4 describes the ShieldNet audit team’s activities done during the cybersecurity assessment. The results of the assessment and the team’s recommended mitigations can be found within section 5. Section 6 is the final conclusions of the ShieldNet team and additional proposed actions to be taken by NARO based upon this assessment.
+
+= SYSTEM OVERVIEW
+
+NARO provided ShieldNet with various documentation regarding its physical and digital infrastructure. This information laid the groundwork for the vulnerabilities ShieldNet investigated. It also provided useful information regarding what was already secure, and what was being done right. NARO’s offices house its 35 employees, and its digital infrastructure consists of a few workstations, laptops, and a server room.
+
+== Physical Office Spaces
+
+NARO leases two separate office spaces, one for engineers and R&D, and another for administrative staff. The engineering building is its own building, however, the administrative office shares a floor with another organization, Geological Analysis and Surveying (GAS). NARO and GAS share many sections of the building, including custodial rooms, storage, a kitchen, and most notably, a server room. There are 20 staff members that work in the engineering department, and 15 staff members working in the administrative department, totaling 35 employees between the two buildings. The engineering building has basic security features, including proximity cards for access to the engineering office, PIN locks for entering the vehicle bays from the office, and padlocks preventing access to the vehicle bay from the overhead doors on the outside. There also exists a lab for testing equipment and a hazmat storage area, however, the organization of the building regarding these two rooms is not explicit.
+
+The building the administrative team is occupying has a second floor, which is currently under renovation. The exterior building doors are left unlocked so construction crews can easily access the building while GAS and NARO are not present/working. The administrative office doors from the lobby are left unlocked during normal working hours, making their proximity card readers only necessary outside of working hours. The receptionist can also bypass the magnetic door locks with a button located at their desk. Leaving the office is as simple as walking to the exit, as the magnetic locks will automatically disengage.
+
+== Workstations
+
+NARO utilizes very few workstations compared to laptops. The only workstations present across the two buildings are located in the vehicle bay in the engineering building. NARO utilized workstations in this particular area to collect data on vehicle charging that is not capable of being captured by a laptop due to the lack of expansion card support. All devices outside of this (and presumably excepting the servers), are laptops.
+
+== Laptops
+
+NARO has many windows laptops, each with Office 365, Nord VPN, and Zoom softwares installed. Additionally, many laptops have MatLab, and employees have permissions to download other applications like TikTok, seemingly without needing approval. The laptops are configured with essential tools such as Office 365 for productivity, NordVPN for secure remote access, and MATLAB for engineering applications. These devices are pre-installed with Windows Defender for antivirus protection and BitLocker for data encryption, ensuring a level of security. Automatic updates are enabled for operating systems and software to minimize vulnerabilities, though a patch compliance check is necessary to ensure all devices remain secure. Employees have significant ownership over their devices, including the ability to install software without prior approval, which presents a potential risk for introducing unauthorized or insecure applications. Laptops are also monitored through a centralized logging system, allowing administrators to track usage and remotely delete data in the event of loss or theft. However, physical security remains a concern, as devices are often left unattended on desks or taken home without additional safeguards. Laptops are not stored anywhere when not in use and can be taken home by employees or left on desks unattended. A few older laptops are stored in a storage cabinet.
+
+== Remote Access
+
+Employees can connect to the NARO network with a VPN that is installed on every laptop, or access work emails through Office 365. The VPN requires NARO username and password to access. According to NARO’s checklist results, this VPN can also be accessed through personal devices (phones, home laptops, etc.). Their network drive is also accessible through OneDrive.
+
+== Server Room
+
+The server room is located in the NARO administrative building with necessary power and cooling. Their physical server room is shared with GAS, however the networks are separate between NARO and GAS. Each desk, and subsequently each employee, seems to have access to a network KVM that allows direct access to the servers. Unfortunately, the server room seems to lack protections from leaks caused by other rooms in the building according to NARO, Inc. Additional Information. The server room also houses the on-site, physical backup devices. Server racks have Juniper SRX firewall protections and are set up to support internet and NARO network access.
+
+== Servers
+
+NARO has 17 servers split between two different brands, Dell and Supermicro. The Dell servers are used for the Windows Domain and run Windows Server 2019, while the Supermicro servers are for R&D data and run Ubuntu 18.04.6 LTS.
+
+== Wireless
+
+NARO utilizes both a NARO business network, where authentication is required and MAC address filtering is applied, and a NARO guest network where no authentication is required. The two networks are connected via directional antennas on both buildings.
+
+== IT Support
+
+IT support is outsourced to PITA, who has configured automatic updates on all necessary systems. A PITA consultant comes in every two months to update systems and software that require it, and will come in if there is a failure in anything. PITA has remote access to all systems configured via TeamViewer. So far, PITA has made 2 - 3 visits to NARO for required maintenance after an occurring failure or critical issue. Additionally, PITA seems to be responsible for keeping backups and checking logs for malicious activity. More specifically, along with on-site backups, PITA’s offline backups keep up to date via a script that automatically backs up NARO, Inc. systems and data weekly.
+
+= ASSESSMENT METHODOLOGY
+
+ShieldNet’s team utilized an assessment methodology based upon NISTIR-7621 known as ShieldNet’s Small Organization Security Assurance (SOSA) Methodology. The SOSA Methodology was chosen due to NARO’s categorization as a small business. SOSA is expanded upon in the following sections.
+
+== The SOSA Methodology
+
+SOSA was developed with the security challenges small businesses, non-profits, and other small entities face in mind. Small businesses often have security concerns already handled or otherwise remediated differently in larger companies and organizations. SOSA is designed to be flexible to the widely varying needs found within small organizations and was purposely designed to be broadly applicable to any small organization. The SOSA Methodology has five primary phases derived from NISTIR-7621 @nistir-7621, those being: Identify, Protect, Detect, Respond, and Recover. These phases are described in detail in the following sections.
+
+=== Identify
+
+The Identify phase of the SOSA Methodology develops an organizational understanding of how to manage cybersecurity risk to systems, assets, data, and capabilities. It gives an organization, in this case NARO, an understanding of their existing business security stance, their current resources, and builds an awareness of their cybersecurity risks. This enables an organization to prioritize its efforts to remediate, enhance, and reduce security risks related to their business needs. The Identify phase may result in recommendations to modify asset management processes, improved business environment awareness, enhancing governance of risk, and recommended improvements to an organization’s risk management strategy.
+
+=== Protect
+
+The Protect phase of the SOSA Methodology drives the development of appropriate safeguards to be used within a given organization. This phase supports creating methods or implementing services that limit or contain the potential impact of a security event. Observations from this phase can include access control implementations, improvements to staff training, enhancing data security, implementing information protection procedures, implementation of security maintenance, and implementation of protective technologies.
+
+=== Detect
+
+The Detect phase is responsible for the identification of controls and activities that should be implemented to improve an organization’s discovery and recognition of cybersecurity events. The goal is to enhance the timely discovery of cybersecurity events to enhance an organization’s resilience in their risk management strategies. Recommendations can include improving the identification of anomalies and events, implementing continuous security monitoring, and detection process improvements.
+
+=== Respond
+
+The Respond phase assists in the development of appropriate actions to take in the face of a cybersecurity event. The Respond phase supports an organization’s ability to reduce the impact of a potential cybersecurity event and improve critical service uptime. Recommendations coming from this phase may include response planning, communications enhancement, mitigating risk vectors, and general organizational security response improvements.
+
+=== Recover
+
+The Recover phase handles the restoration of assets and operations impacted by a cybersecurity incident. It supports the timely restoration of operations which reduces the felt effects of cybersecurity incidents. This may include recommendations surrounding recovery planning, recovery improvements, and recovery communication improvements.
+
+= ASSESSMENT ACTIVITIES
+
+NARO provided ShieldNet with various documentation of its work environment, both physical and digital to assist in vulnerability discovery. ShieldNet also provided NARO with an Audit Checklist with the purpose of understanding its current minimum cybersecurity requirements. This directly influenced some of ShieldNet’s investigative activities, the results of which will be explained in the following section.
+
+== NARO Overview Review
+
+NARO provided ShieldNet Cyber Security with various insights into its operational facilities and procedures. This included information regarding its offices, devices, servers, network infrastructure, and IT support. This information was necessary for us to understand where NARO was most vulnerable, and where attacks are most likely to occur from. A follow up from William Donaldson III provided additional insight into NARO’s wireless networking, as well as the backup procedures provided by an outsourced IT company, PITA.
+
+== Audit Checklist
+
+NARO was made to fill out an audit checklist to help us understand what cybersecurity procedures/policies the company already had in place. ShieldNet Cyber Security was able to make many conclusions from the results of this checklist, including what practices in place were sufficient, what could use improvement, and what requires immediate implementation.
+
+== Email Phishing
+
+Phishing emails are a common way for an attacker to gain access to sensitive information. Attackers typically pose as an organization or individual of importance, such as someone with immediate work or familial relation to the target, and attempt to make the target click on a malicious link or download a dangerous file. Phishing can be conducted in a variety of manners, however, our team focused on email phishing schemes targeting NARO staff. In an ideal scenario, email services would filter out attempts to phish for private information. Most significant email services have sufficient spam filtering, but no filter is perfect.
+
+We conducted multiple phishing campaigns, targeting both engineering and administrative staff by posing as various individuals or companies. Many of the schemes involved mimicking threats of compromised account security, asking users to follow a link to reset their password that would have been designed to capture account credentials. Others involved sending attachments and seeing how many targets downloaded/opened them.
+
+The goal of the phishing schemes was not to actively steal any employee account information or to install malicious software on NARO or user machines, but to instead understand the threat such schemes poses on employees and NARO as a whole.
+
+= RESULTS AND RECOMMENDATIONS
+
+The findings from Section 4’s assessment activities are laid out below. This includes an evaluation of NARO’s strengths, weaknesses, and general observations as discovered by ShieldNet. Strengths observed show what NARO is doing correctly, and should continue to do. Weaknesses reveal vulnerabilities NARO’s current infrastructure holds, their severity, and how NARO can mitigate them. General observations don’t fall into either category, but instead can be read as cautions that could offer improvement, without having an immediate threat to cybersecurity.
+
+== Weaknesses
+
+#weakness(
+ title: [(Moderate) Exterior doors are left unlocked outside of NARO business hours],
+ justification: [As outlined in the overview of NARO, the external doors to the building housing the administrative office are left unlocked because of the “off-hour” work nature of the construction crew renovating the second floor. While on its own, this wouldn’t be a significant threat to the administrative office’s security, the reception desk has a button which disables the magnetic locks to NARO’s administrative office. Assuming the reception desk is not manned outside of typical business hours, the unlocked doors and reception bypass button could be utilized by a bad actor to grant unauthorized access into NARO’s administrative office. The engineering building is not exploitable in this manner, since all points of entry into that building require either a proximity card, PIN, or destructive means to enter.],
+ mitigation: [We recommend NARO implements a multi-factor means of opening doors to the administrative office. Requiring a proximity card of an authorized employee in addition to pressing the button would minimize the risk that anyone who can simply press the reception desk button would be able to enter the office. A PIN could also be used, however, NARO would need to ensure that the PIN could not be seen when being entered by the receptionist. In this situation, a proximity card is both convenient for the receptionist and minimizes the risk of the second factor becoming redundant if the PIN were to be leaked.],
+)
+
+#weakness(
+ title: [(Severe) NARO and GAS share server rooms],
+ justification: [NARO and GAS sharing the first floor also means they share a server room. This is remarkably dangerous because individuals outside of the NARO organization can access the physical server modules NARO utilizes. This also means NARO’s security of the server room is reliant on GAS’s ability to keep the server room secure. If either of them falter, both of their servers are at risk. Perhaps most distressingly, NARO keeps hard drives with unencrypted backup data in the server room. Even if these are under lock and key, if anyone were to possess those drives, any and all data on them would be easily accessible.],
+ mitigation: [Unless NARO can move office spaces into an area where they can have an isolated server room, nothing can be done about the shared nature of the server room. Instead, NARO should act as though the server room is already compromised. This means including multiple means of protecting the physical servers from unauthorized access (such as physically locking the racks from being tampered with easily) and ensuring any and all devices stored in the server room are essentially impossible to be read by encrypting them. Ideally, backups should be stored off-site where no one but trusted NARO employees could access them.],
+)
+
+#weakness(
+ title: [(Severe) PITA Backup Procedure uses File Transfer Protocol (FTP)],
+ justification: [File Transfer Protocol (FTP) is a known insecure protocol for copying files remotely. The FTP login can be intercepted via a Man in the Middle Attack during the login phase and during any file transfer procedures. This means an attacker can reuse the intercepted FTP credentials to login to the PITA servers and copy, modify, or destroy sensitive proprietary information.],
+ mitigation: [NARO should use a secure version of FTP known as SSH File Transfer Protocol (SFTP) to ensure any data transfer occurring between the PITA servers and the backup script are encrypted in transit. This will deny attackers the ability to conduct a Man in the Middle Attack and intercept any login information. This will ensure any information stored on the PITA servers can not be easily accessed by unauthorized parties resulting from the backup script.],
+)
+
+#weakness(
+ title: [(Moderate) PITA has unsupervised access to “all systems” in the NARO network],
+ justification: [NARO seems to be mostly unaware of the actions by PITA, including those actions -and their frequency- taken by PITA to backup systems. It can also be concluded that the access PITA has to “all systems” via TeamViewer is somewhat of a liability. TeamViewer, given the right authorizations, allows for unattended access to a system @teamviewer-unattended-access. Seeing how PITA has access to “all of the systems”, it can be assumed that PITA has been granted that unattended access. According to NARO, “All of the systems are configured with TeamViewer so PITA can conduct remote administration, if necessary”. It can be assumed that the TeamViewer access PITA has is given high level permissions in the NARO network and systems individually. This means that any PITA employee, or more arbitrarily, any individual that has access to PITA’s network with the right authentications, has access to NARO’s network in “administration” capacities. It is dangerous for any 3rd party to have high level, unattended access to a NARO system or network, and the current relationship between NARO and PITA seems, in more ways than one, relying unreasonably on trust from the side of NARO.],
+ mitigation: [NARO should only allow PITA to access their systems at time when administration is necessary and their access can be monitored. PITA may require administrative access to push updates to their scripts that log system data, and they need access in some amount to NARO’s network to monitor logs, but these permissions should be separate. Any updates to PITA’s logging system should be reviewed, and access should be given only temporarily to push those changes. Any monitoring done by PITA should not require administration level access. These logs could be exported to a lower permission area that can be accessed by PITA without risky levels of permissions being granted.],
+)
+
+#weakness(
+ title: [(Moderate) Network devices are updated only when critical issues occur],
+ justification: [PITA patches network devices during visits for critical issues only. If any network device were to have a vulnerability between these visits, NARO would be open to attacks to their network.],
+ mitigation: [NARO should regularly update their network devices, ideally as soon as an update becomes available. Many network devices have auto-update functionalities that will apply patches at set times (e.g. at midnight) and can send an email to report if the update failed or succeeded.],
+)
+
+#weakness(
+ title: [(Low) It it is unclear if NARO’s guest network allows NARO’s own business devices to access NARO’s confidential information while on the guest network],
+ justification: [The guest network is a clear target for malicious actors who may conduct scans and attempt to gain access to any devices connected to the guest network. If any of those devices are capable of accessing any confidential data NARO possesses and are on the guest network, it’s possible for them to be breached and then permit attackers access to NARO’s confidential information.],
+ mitigation: [NARO should clearly delineate what business devices can access their guest network and deny those devices accessing the guest network by MAC filtering or another identification mechanism of the device.],
+)
+
+#weakness(
+ title: [(Moderate) No Phishing Email Training is conducted],
+ justification: [Phishing is a major attack vector in the modern cyberspace. According to OWASP @owasp-phishing 91% of cyber attacks use email as their entry point. Phishing can be used against NARO to make employees download and run malicious software or share NARO’s confidential information.],
+ mitigation: [NARO should begin conducting regular email phishing training internally and create a formal way to report phishing within NARO itself. Systems like KnowBe4’s Phishing Campaigns @knowbe4-phishing-campaigns can also be employed to simulate a phishing campaign to assist with phishing training.],
+)
+
+#weakness(
+ title: [(High) NARO itself does not maintain a 3-2-1 backup solution],
+ justification: [NARO depends on PITA to create off-site backups and it is unclear how PITA handles those backups. NARO stores their own backups within the server room, if a fire were to occur or any other event on-site NARO would lose their own single source of backed up data. It also does not appear that NARO has backups on different media types, meaning if the media type, in this case hard drives, were to fail, there is no alternative medium of storage to recover from.],
+ mitigation: [NARO should employ the 3-2-1 rule as recommended by CISA @cisa-backups for creating and maintaining backups of their data. This means keeping 3 copies of any important information, 1 primary and 2 backups, as well as keeping the files on 2 different media types to protect against hazards that may affect one media type but not another, and lastly store a single copy offsite so any events at NARO itself cannot render all of NARO’s data lost. Importantly, NARO should have at least a record of how that offsite backup is being handled by PITA if NARO does not wish to create and manage their own offsite backup; although, we strongly recommend NARO does do their own offsite backup.],
+)
+
+#weakness(
+ title: [(Severe) NARO allows any employee to install other software without prior authorization],
+ justification: [Allowing any employee to download and install software may result in malware being installed on their machines. Not all employees have the same level of knowledge of cybersecurity threats and what software may or may not be safe to download and install. Spear Phishing campaigns may also be employed by attackers to get employees to install an attacker’s software, which even security-conscious users may fall victim to. By allowing employees to install any software without oversight, many attack vectors are opened into NARO’s systems.],
+ mitigation: [NARO should disable the ability of any employee to install any software they desire. All employees should be required to submit a request to install specific software and a standard suite of software should be created that is installed on all of NARO’s systems by default.],
+)
+
+#weakness(
+ title: [(High) Servers are running operating systems that are past end-of-life],
+ justification: [NARO’s Windows Domain servers are running Windows Server 2019. Windows server 2019 reached end of life on January 9th, 2024 @windows-server-2019-lifecycle meaning that new security updates and other important patches are no longer being provided by Microsoft. Moreover, Naro’s Supermicro servers are running Canonical's Ubuntu 18.04.6 LTS in April, 2023 @ubuntu-lifecycle. Since all of NARO’s servers are beyond their end of life date, that leaves them uniquely vulnerable to any attack methods that may be or have been discovered after the support period for those server versions.],
+ mitigation: [The Windows and Ubuntu servers should be updated to the latest versions that are in support by their respective providers. If an operating system update is not viable, in the interim both Canonical and Microsoft provide extended release support for both Ubuntu 18.04 LTS and Windows Server 2019 with an additional long term release extension contract.],
+)
+
+#weakness(
+ title: [(Moderate) The Netgear ProSafe JGS524 Gigabit switch is end-of-life],
+ justification: [Netgear no longer supports the JGS524 @netgear-switch-eol and as important such security patches and updates are no longer created. This means any new attacks created after its end-of-life date can gain access to the switch which may enable further attacks to gain access to more of NARO’s network or intercept the traffic going over the switch and steal confidential data.],
+ mitigation: [The JGS524 switch should be replaced with a new switch that is currently supported by its supplier.],
+)
+
+#weakness(
+ title: [(Moderate) Engineering lab systems are not part of the NARO Windows Domain, but can access NARO’s confidential information],
+ justification: [Since the engineering lab’s systems aren’t in NARO’s Windows Domain, but can access important information within NARO, they are uniquely positioned for data exfiltration. The lack of pairing with the domain means these systems can have out-of-band difficult to monitor configurations and security policies cannot be easily enforced on those systems. Even more dangerously, these systems are on NARO’s general wireless network, and thus have access to even more confidential data.],
+ mitigation: [The engineering lab systems should be peered with the Windows Domain if feasible. If it’s not feasible, the systems should have a minimum level of central control through automation systems like Ansible @ansible and should not be able to access NARO’s general wireless network, instead being cordoned off onto a separate network to limit their impact if breached.],
+)
+
+#weakness(
+ title: [(Low) Cybersecurity policies are “not comprehensive”],
+ justification: [Employees lacking guidance in explicitly what is deemed unacceptable behavior can lead to risky practices and unchecked liability risks. This leaves each employee to assume what is important to address and protect and leaves the decision making of how to act to prevent cybersecurity threats up to the individual.],
+ mitigation: [It is the responsibility of NARO to keep a comprehensive and well maintained cybersecurity policy that is very concrete in what it expects from an employee. This standard should be upheld with every iteration of the policy, and there should be no room for interpretation in how the policies state that individuals should maintain security and protect information in their work.],
+)
+
+== Strengths
+#strength(
+ "Interior padlocks to the vehicle bay exterior door",
+ [
+ The engineering building is, all-around, very secure from unauthorized access. An unorganized individual would have trouble getting anywhere from attacking it. A simple component of this security is that the locks to the vehicle bays’ overhead doors are located on the interior of the vehicle bay. This prevents attackers from using simple destructive means to break the locks and gain access to the vehicle bay. An attacker would likely need to have insider knowledge of the overhead doors and its locks if they wanted to attack them.
+ ],
+)
+
+#strength(
+ "Employment of MAC filtering on the business network
+",
+ [MAC filtering for the business network is a strong step to ensure unauthenticated access without a NARO device is defeated. ],
+ [MAC filtering likewise can log attacker attempts to infiltrate the network when on premises.],
+)
+
+#strength(
+ "Unified Software Licensing",
+ [Pre-installed applications like Office 365 ensure that all employees have access to the same tools, minimizing compatibility issues and increasing collaborative efficiency.],
+)
+
+#strength(
+ "Mobile Workforce",
+ [Through the use of laptops and not desktops, they provide flexibility for employees to be able to work remotely or move offices if need be, this increases productivity and adaptability.],
+)
+
+#strength(
+ "Cybersecurity policies update interval",
+ [The interval at which policies are updated is reasonable and should be maintained. According to Cybersecurity Program Best Practices @cybersec-best-practices, security policies, procedures, guidelines, and standards should be reviewed and updated if necessary at least annually.],
+)
+== Observations
+
+#observation(
+ "No workstations are present in the administrative office",
+ [
+ Since the only devices used for work in the administrative office are laptops and the server room, there are no physical workstations that can be accessed in the administrative office. Despite this, laptops may still be left behind by employees on their desks.
+ ],
+ [
+ NARO should encourage employees to take their work devices home at the end of the work day, or provide the ability to lock them up either in their desk or somewhere else in the office to keep them from immediate unauthorized contact. Even though the laptops are encrypted and password protected, they can still be stolen if left unattended.
+
+ ],
+)
+
+#observation(
+ "Limited Environmental Monitoring",
+ [
+ The Server room currently lacks any sort of environmental monitoring system, such as humidity, temperature, and air quality. While the room is equipped with the necessary power and cooling environmental damage might need to also be acknowledged, fluctuations in temperature or excessive humidity could damage equipment and compromise operations.
+ ],
+ [
+ NARO should install environmental monitoring systems in the server room, to be able to detect and address issues like spikes in temperature, humidity changes, or leaks in real time. Having the system integrate with an alert system, we’d be able to tell IT immediately. Additionally, conducting regular inspections of the physical environment of the server room can prevent small issues turning into big problems.
+
+ ],
+)
+
+= CONCLUSION AND FOLLOW-UP ACTIVITIES
+
+The cybersecurity assessment team ShieldNet covers the evaluation of NARO, inc. and their cybersecurity practices. This assessment focuses on evaluating NARO’s physical and digital security, especially concerning its shared facilities. The ShieldNet team utilized the Small Organization Security Assurance (SOSA) Methodology, which is based on NISTIR-7621 and tailored for small organizations. The findings included several vulnerabilities but also included its best practices that will ensure great security.
+
+The assessment identified various vulnerabilities in NARO’s cybersecurity, specifically around shared facilities and device access controls. This also includes that NARO shares a server room with Geological Analysis and Surveying (GAS), which compromises the security of NARO’s servers and physical backups and unauthorized access from non-NARO representatives, which presents a risk to the integrity of NARO’s data. External doors to NARO’s administrative office are left unlocked outside business hours and NARO’s dependence on laptops, which can be left unattended in unsecured areas, creates vulnerabilities. Although equipped with basic security software, laptops and data backups lack sufficient physical protections or encryption.
+
+For follow-on activities, in order to strengthen security, NARO should take these recommended steps to ensure a matured system design:
+
++ Improving physical security is a priority, including moving to a dedicated server room or adding locked racks and restricted access in shared spaces.
++ Additional controls like multi-factor access for the administrative office would further reduce risks.
++ All data backups should be encrypted, ideally with off-site storage for added safety. For device security, NARO could provide lockable storage for laptops and restrict VPN access to NARO devices with multi-factor authentication. Regular cybersecurity training, such as phishing simulations, will help employees stay alert to potential threats.
++ Finally, regular security audits, vulnerability scans, and penetration tests will ensure NARO’s defenses remain strong and up to date against evolving threats.
+
+Finally, ShieldNet would once again like to thank the personnel at NARO for undergoing this Cybersecurity assessment. William Donaldson III assisted greatly with gathering NARO's current security stance and greatly enabled us to properly analyze NARO Inc.
+
+#set par(
+ leading: .8em,
+ spacing: 1.5em,
+)
+
+= Sources
+#bibliography(title: none, "bibliography.yml")
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/globe-thick.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/globe-thick.svg
new file mode 100644
index 0000000..7868221
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/globe-thick.svg
@@ -0,0 +1,22 @@
+
+
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/globe.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/globe.svg
new file mode 100644
index 0000000..20d6819
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/globe.svg
@@ -0,0 +1,241 @@
+
+
+
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-1.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-1.svg
new file mode 100644
index 0000000..fb582d3
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-1.svg
@@ -0,0 +1,23 @@
+
+
\ No newline at end of file
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-2.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-2.svg
new file mode 100644
index 0000000..76a5f89
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-2.svg
@@ -0,0 +1,23 @@
+
+
\ No newline at end of file
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-3.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-3.svg
new file mode 100644
index 0000000..a88d9df
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-3.svg
@@ -0,0 +1,24 @@
+
+
\ No newline at end of file
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-4.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-4.svg
new file mode 100644
index 0000000..51fd923
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-4.svg
@@ -0,0 +1,23 @@
+
+
\ No newline at end of file
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-5.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-5.svg
new file mode 100644
index 0000000..b59ce8e
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-5.svg
@@ -0,0 +1,24 @@
+
+
\ No newline at end of file
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-6.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-6.svg
new file mode 100644
index 0000000..97c9873
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-6.svg
@@ -0,0 +1,21 @@
+
+
\ No newline at end of file
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-7.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-7.svg
new file mode 100644
index 0000000..e8f0f69
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo-7.svg
@@ -0,0 +1,62 @@
+
+
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo.svg b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo.svg
new file mode 100644
index 0000000..40a545c
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/assets/shieldnet-logo.svg
@@ -0,0 +1,23 @@
+
+
diff --git a/Fall-2024/CS-3113/Group-Project/5-Final-Report/bibliography.yml b/Fall-2024/CS-3113/Group-Project/5-Final-Report/bibliography.yml
new file mode 100644
index 0000000..50a5d1f
--- /dev/null
+++ b/Fall-2024/CS-3113/Group-Project/5-Final-Report/bibliography.yml
@@ -0,0 +1,79 @@
+owasp-phishing:
+ title: THE STATE OF PHISHING ATTACK VECTOR
+ type: Web
+ url:
+ value: https://wiki.owasp.org/images/4/4b/Phishing_Presentation(OWASP_Ghana).pdf
+ access: 2024-11-17
+
+
+knowbe4-phishing-campaigns:
+ title: Phishing Campaigns Overview
+ type: Web
+ url:
+ value: https://support.knowbe4.com/hc/en-us/articles/360051262754-Phishing-Campaigns-Overview
+ access: 2024-11-17
+
+nistir-7621:
+ title: NISTIR 7621 Revision 1
+ type: article
+ author:
+ - Celia Paulsen
+ - Patricia Toth
+ date: 2012-08-08
+ publisher: National Institute of Standards and Technologies
+ page-total: 54
+
+cisa-backups:
+ title: Data Backup Options
+ type: article
+ author:
+ - Paul Ruggiero
+ - Matthew A. Heckathorn
+ date: 2012-08-08
+ publisher: United States Computer Emergency Readiness Team
+ page-total: 6
+ page-range: 1
+
+windows-server-2019-lifecycle:
+ title: Windows Server 2019
+ type: Web
+ url:
+ value: https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2019
+ access: 2024-11-17
+
+
+ubuntu-lifecycle:
+ title: The Ubuntu lifecycle and release cadence
+ type: Web
+ url:
+ value: https://ubuntu.com/about/release-cycle
+ access: 2024-11-17
+
+teamviewer-unattended-access:
+ title: Set up unattended access [for TeamViewer]
+ type: Web
+ url:
+ value: https://community.teamviewer.com/English/kb/articles/108689-set-up-unattended-access?omit_analytics_page_load=true
+ access: 2024-11-17
+
+netgear-switch-eol:
+ title: NETGEAR Business Products EOL List
+ type: Web
+ url:
+ value: https://www.downloads.netgear.com/files/netgear/pdfs/EOL.pdf
+ access: 2024-11-17
+
+ansible:
+ title: Ansible Collaborative
+ type: Web
+ url:
+ value: https://www.ansible.com/
+ access: 2024-11-17
+
+cybersec-best-practices:
+ title: CYBERSECURITY PROGRAM BEST PRACTICES
+ type: Web
+ url:
+ value: https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/cybersecurity-best-practices.pdf
+ access: 2024-11-17
+