Question 1

A. By examining the traffic between the servers' nodes and analyzing the client network
topology described, there is a greater probability that a user will be able to learn more
by scanning full content data. One type of NSM (Network Security Monitoring) is full
content data, which establishes the packets that are stored in the network traffic. [1].
Clients can gather all the information from the headers and payloads of the data packets
that have been intercepted and analyzed between two end points on the network. [2].
In the client network we have 20-39 server host nodes which are accessible by 6 server
farms, by scanning the ports and capturing each packet of the server farms can gain
numerous information from the network. Client and server nodes in this network can
provide user segmentation data by interacting with servers and network hardware like
switches and routers. The reason behind collecting Full Content data would help the
client to gain excess amount of data in the network. Intruders can easily bypass the
network protocols and steal the data for malicious activity. Example, the headers may
include the physical level data like MAC addresses to exchange the data [2] with the
help of this intruders can sabotage the whole client network by performing Dos attack in
the server farms.

B. Tcpdump and Wireshark are tools that can record Full Content data. Tcpdump is one of
the programs that is comparable to Wireshark in that it also aids in packet analysis for
each TCP network and web servers. So, the Tcpdump will help in configuring and
collecting the data from the headers in the networks. In this scenario the user can use
these tools for scanning and detecting purposes for client networks. This may help in
maintaining the track for analyzing any malicious activity in the traffic. Clients can also
use SNORT tool; this tool works in a very efficient way to analyze real-time network
traffic and analyses data packet logging [3]. As mentioned above there could be chances
of DoS attack, SNORT will spot the DoS attack and other relevant attacks. Snort creates
certain rules for each attack that can take place in the network and sends an alert to the
user [3].

C. Observing the client network topology, it is understandable that the network will
become very busy due to the high volume of traffic from each server and from other
network devices, so to maintain the speed and the safety client needs to configure his
 firewall on a regular basis. Client needs to filter out the high-volume traffic by using
"BPF" (Berkeley packet filter), which is a tool that will help in discarding suspicious
activity inside the network, it will avoid the flooding of the packets from each server
farms. Client can install honeypots in the network if some malicious activities are
present in the network honeypots can detect it the network won’t be affected, so this
will maintain the stability of the network process at peak times.

Question 2

In this client network topology, the client must maintain the performance of each network
device up to date, sometimes due to the high volume of traffic there are cases where a few of
the systems or the server may be down. Due to the increasing cyber-attacks, hackers have
multiple ways to bypass in-line devices such as firewalls, intrusion detection systems, routers,
etc. In this scenario, the client can face Deployment costs because of its storage capacities and
outdated software, and firewalls. While capturing suspicious activities or analyzing the packets
there are chances that the client may face a huge loss due to the failure of the security system,
while filtering out the events detected.
The most major concern is about the Network-Based Intrusion detection system, this helps in
monitoring outgoing, and incoming, traffic inspection of NIDS and reduces the chances of
malicious activities [5] Few sensors are to be placed behind the firewalls to inspect the traffic
and should be visible [6] This helps in securing the network structure. The client is dealing with
a combination of web servers which means there are multiple websites in which clients are
using it, so it is mandatory to update the web server regularly because it includes the
installations of the latest security patches and the latest software updates for the smooth
working of the website as well as it will protect the web servers from numerous security threats
[7].
It is essential to keep websites updated regularly and monitor the activities of the web servers
because availability is the main concern for the clients, websites should be 24/7 available and
visible to the users, and traffic should be transferred at any given time if the web server is slow
then clients will abandon the service and eventually will lose the users. Dealing with web
servers one of the best web servers is Apache web server, this is considered to be fast
responding to requests to the servers and has supporting models to actively deploy the web
application [9] One of the robust tools for monitoring web servers is Netdata, this tool benefit
the web server by maintaining the monitoring of the active request, active connection, logs,
etc. Netdata shows if there are any bugs or errors on the website. By using this tool, the client
will be able to keep an up-to-date record of the monitoring cost for the web servers [10].
 Along with the web servers, it is essential to keep the storage optimized and sufficient to store
a large amount of data by the various data collection points, Database should be verified and
evaluated regularly because it manages the users’ credentials. If the database is less secure or
not maintained properly, then there is a higher chance that the whole organization could be
sabotaged. Nowadays technology is so dynamic that every organization and company are
storing their data in the cloud services, there are now multiple cloud services that provide an
efficient way to store the data, user can create their database, can run an operating system,
etc. Using cloud services is also considered as one of the solutions to the disruption for the
deployment cost.
Moreover, analyzing the client network in which there are six server farms becomes difficult to
monitor the packets and activities at extremely high traffic by the servers. Every gateway node
has different client servers which are stressful to manage a lot of traffic at the same time,
determining the configuration parameters of the router and the switches are also different. This
is where configuration management comes into the picture it will help to improve the
monitoring of the network devices configurations which makes the process stable to reduce the
errors and server-down issues, also configuration management automates the new
components to boost the monitoring system for the network [8]. The client should install a
honeypot into the network system to monitor the activities 24 hours regularly, this will save
time analyzing any malicious activities and send an alarm or sense message to the user to
secure the network and the client nodes.
Honeypots are so effective that they will help in detecting any unauthorized access or traffic
from a vulnerable server or the network. Sometimes when the connection is lost it makes it the
monitoring devices complicated to monitor the ingoing and outgoing traffic which gives wrong
results, so the connections and the communications of each server node of each gateway node
should be well maintained and robust.

Question 3
The most essential part of any organization is to protect their data through legal aspects, this
also considers the utmost priority to protect users’ confidential data with robust security
methodologies. As the client is having a wide network design he/she has to go through some of
the essential legal documents and key methods for data protection, the client should
understand the correct laws and regulations which are been published by the “UK GDPR”
(General Data Protection Regulation) this data protection rules and regulations are applied to
all the UK businesses or the startups for their growth [11].
The client has the big responsibility of other client nodes and their data protection which are
dealing with the organization and multiple websites. This shows that the client is dealing with
tons of data which the client must protect and optimize, UK GDPR will help in implementing
data protection techniques to overcome the problems. The three main aspects of Information
security are “Confidentiality”, “Integrity”, and “Availability” Each organization should
necessarily look into the confidentiality and Integrity of their data.
Those two aspects are a major part of the security in an organization, UK GDPR considers this as
an essential principle to follow the rules and laws to implement this in their network for data
protection & safety. According to the principle of UK GDPR regarding data Confidentiality and
Integrity, clients should conduct and follow things like risk analysis, organizational policies, and
physical and technical measures [12]. Risk analysis of a whole network will help the client to
improve the weakness in the topology and can ensure the client nodes are for future security
threats, also will help in data processing & storing from different web servers and the server
nodes, this makes it easier for detecting analyzing the loopholes in the network.
The other legal aspect of data protection is the “Guide to Law Enforcement Processing” which
comes under the section of UK GDPR and Guidance towards data protection, this is advised to
use by clients who are having daily responsibilities of data handling and protection in the
organization of law enforcement functions [13] but this also depends on few different aspects
such as logging, logging is another essential and broad term for an organization who is using
automated processing systems like the client is having web servers, server farms which will be
having databases and different client nodes. Logging automates the monitoring process that
keeps track of each data that has been shared from device to device by capturing the traffic.
Logging ensures the safety and protection of data by monitoring unauthorized access or
suspicious activity within the network [14].

Question 4
User behavior towards the application or the product brings the changes and the challenges for
the developers to improve. In this network user behavior could be of securing password, client
has multiple websites user needs to authorize to use the application, so creating a strong and
secure password could be a step of protection from cyber threat and attacks. Client should
secure the database as well as website by the attackers who can easily crack the passwords

Client network is serving various clients one of them is of multinational firm and foreign
agencies, this firm is connected to the multiple client server for data transformation and
communication. User interaction

Analyzing six server farms which has further server nodes will be very difficult to maintain the

https://ieeexplore.ieee.org/document/8320776

AI

1.A

The threat landscape is evolving at a fast pace with the technological world. Every organization
should have a plan in place to provide a higher level of security for their network in order to
guard against threats and extortion from outsiders. Every organization has its own network, but
they are all unaware of how to handle networking security as the network expands. By
examining the fig. above Active sensors should be used to examine/monitor the network. The
sensors are the tools that gather and examine network traffic in order to identify suspicious
activity. The data is completely client-owned. Some of it, however, needs to be monitored and
kept secure since it is sensitive. The network management system entails forensic network
analysis, which includes traffic accounting, malware identification, and intrusion detection.Full
content data is one of the best way for monitoring the entire network except the storage
requirement there is now other disadvantage in this network security management.

Investing in cybersecurity involves significant costs in terms of equipment, human effort, and inconvenience. However, the
benefits of such investments outweigh the costs. In terms of equipment, investing in hardware, software, and training
resources can help the client detect and respond to security incidents, such as unauthorized access or data exfiltration. This can
prevent data breaches and the associated costs, such as legal fees, regulatory fines, and reputational damage 1. In terms of
human effort, manual configuration and steering of monitoring operations and training can help the client develop a strong
security culture and ensure that security policies and procedures are followed. This can reduce the risk of human error and
improve the overall security posture of the organization 2. In terms of inconvenience, disruption to normal operations can be
minimized by implement ing security controls that are transparent to users and do not interfere with their work. This can
help maintain productivity while ensuring that the network is secure 3. By investing in cybersecurity, the client can protect their
assets, maintain customer trust, and avoid the costs associated with data breaches.

[]Ashwin Krishnan
https://www.techtarget.com/searchsecurity/tip/Cybersecurity-budget-breakdown-and-best-practices

[]A Cost-Benefit Analysis Approach to Cyber Security

March 3, 2021

https://www.6dg.co.uk/blog/cost-benefit-approach-to-cyber-security/

[]How to Justify Your Cybersecurity Budget

https://securityscorecard.com/blog/how-to-justify-your-cybersecurity-budget/

Several factors can affect network equipment costs. One factor is the type of equipment needed, such as routers, switches,
hubs, and LAN cards1. Another factor is the quality of the equipment, as higher quality equipment can be more expensive. The
size and complexity of the network can also affect equipment costs, as larger networks may require more equipment.
Additionally, the type of network, such as a home network or a business network, can affect equipment costs2. Maintenance
and administration costs can also add to the overall cost of network equipment3. Finally, the budget allocated for network
construction can be a significant factor in determining equipment costs4. By considering these factors, it is possible to get a
better understanding of the costs associated with network equipment and to make informed decisions about network design
and implementation.