Applied Business Project 2 – Security Analysis

Submit your ABP-2 report to TurnItIn as a PDF file

Name: Wang, Yinuo (yinuow)

Project: ABP-2 – Security Analysis

Task 1: Ishikawa Cause-and-effect Diagram

a) cause-and-effect diagram

Shoulder surfing: This is one of the Non-electronic attacks. Attackers though looking victim's
keyboard or screen to get victim's password. So this situation always happens when victim
forgets to pay attention to surrounding during they log in.

Dumpster diving: Dumpster diving attack is one of the Non-electronic attacks. This kind of
attack though search victim's trash-bins, printer trash bins, and sticky notes on victim's desk to
achieve information gathering.

Wang, Yinuo Page 1 of 7

 Applied Business Project 2 – Security Analysis

Brute forcing attack: Brute forcing attack belongs to one of the active online attacks. The
attacker tries every possible combination of characters until victim's password is broken. Brute
forcing attack doesn't require skills and training.

Password guessing: This attack is kind of active online attack. the attacker needs to list all of the
possible passwords and try those password from high probability level to low-level one by one.
Password guessing attack needs the attacker knows some information such as birthday, name
and age about victim.

Replay: The error is one of the passive online attacks. Hackers or attackers use the sniffer to
steal victims' individual information. Sniffer is used on packets and authentication to relevant
information. This kind of attack relates to skills and tools.

Man-in-the-Middle: This attack is one of the passive online attacks. The definition of this attack
is attackers are able to get the victim's personal information by access to communication
channels between victim and server.

Task 2: Two-dimensional mapping of root causes

a) I2 Chart

Wang, Yinuo Page 2 of 7

 Applied Business Project 2 – Security Analysis

b) 150 word discussion

<In the 2D chart, likelihood to occur and effort to remediate are the two measurements that
used to measure the root causes of password compromising. The shoulder surfing attack is the
most frequent attack. It doesn't relate to any skills and training of the students, staffs, and
faculty member. To avoid this most frequently error, pay attention to people around you. For
example, if a colleague who sits next to you want to know your password, the most effective
way is shoulder surfing shoulder. So, pay attention to surroundings is necessary. Man-in-the-
middle attack and replay attack always relate to the skills of the students, staffs, and the faculty

Wang, Yinuo Page 3 of 7

 Applied Business Project 2 – Security Analysis

members. If attackers able to access communication channel between victim and server, it's
difficult to avoid. >

Task 3: VPN Authentication Process (Cross-functional diagram)

a) Cross-functional Diagram

Wang, Yinuo Page 4 of 7

 Applied Business Project 2 – Security Analysis

Wang, Yinuo Page 5 of 7

 Applied Business Project 2 – Security Analysis

Task 4: Recommendation to Management

a) Question 4A - Report

<From task 1, we can know that there is three type of attacks include non-electronic attack,
active online attack, and passive online attack. Those three tasks also provide some possible
ways to teach students, staffs, and faculty members what they should do to protect their
accounts and personal information. Task 1 recommend students always change their password,
selecting a complex password and better to get some training about how to avoid online
attacks. Those ways can provide better network security. Though task 2, students can find which
kind of online attacks are most frequently. They know how to prevent those frequently attacks.
Task 3 provides some strategies that students should use to protect their accounts and
individual information. For example, they can use both DUO Mobile App, U of A’s VPN, and
NETID+ to prevent the online attack. >

Task 5: VPN Compromise Analysis and Report

a) Question 5A – Bar Chart

<=VLOOKUP(B2,'IP by Country'!A:D,3 >

<=COUNTIF('VPNLogData DecWeek1 2014'!C:C,'List of Counteries'!A2) >

Wang, Yinuo Page 6 of 7

 Applied Business Project 2 – Security Analysis

Connections by country for the top 10 counties

282

287

450

457

460

638

739

761

1233

2046
0 500 1000 1500 2000 2500
< >

b) Question 5B – Report

<Since Eller students always travel to other counties, the connections had been increased.
However, the first week of December in the year of 2014 should be a school week. Most of the
students are staying in the US. According to a large number of the international VPN
connections, some of the students' accounts might be compromised. To protect student's NetID
and password, step 1 they should change their passwords frequently. Step 2 use reliable APP
and website such as DUO Mobile APP and NETID+ are necessary to avoid being the compromise.
Step 3 Always remember to log out the account when they finish using. Those three 3 steps can
help students protect their accounts and passwords. University should provide better network
security education to students, to remember students stay alert. >

Wang, Yinuo Page 7 of 7