D482 SECURE NETWORK DESIGN TASK 1 WESTERN GOVERNORS’ UNIVERSITY

D482 SECURE NETWORK DESIGN TASK 1 WESTERN GOVERNORS’ UNIVERSITY

Task 1
Company A has identified multiple network and infrastructure vulnerabilities. Identified network
security vulnerabilities include all network users have local administrative privilegesand use
only eight-character passwords. Hardware vulnerabilities are end of life equipment being
utilized as well as open port 3389.
Users having local administrative privileges is a network security issue. Allowing all users to
have this level of privilege has a moderate vulnerability risk. Company A should deploy the
concept of least privilege to mitigate the likelihood of nefarious actors accessing the company
network. “The Principle of Least Privilege (POLP) is widely recognized as a security concept that
enforces giving an identity (a person or machine identity) only the permissions that are essential
to performing its intended function. If an identity does not need the authorization, they should
not possess it. It is implemented to minimize the cloud attack surface and protect data by
mitigating the number of opportunities for exploitation via permissions.” (Shea, Tally, (2026,
November 30). What’s Least Privilege? How to Implement & Stay There. Retrieved from
https://sonraisecurity.com/blog/principle-least-privilege/ ).
The requirement that users only use eight-character passwords is another Company A
vulnerability and is considered a high likelihood risk. A recent study has found that an eightcharacter password only takes approximately five minutes to crack. (Whitney, Lance, (2026,
August 7). How an 8-Character Password Could be Cracked in Just a Few Minutes. Retrieved
from https://www.techrepublic.com/article/how-an-8-character-password-couldbe-cracked-in-less-than-an-hour/). “Security experts keep advising us to create strong and
complex passwords to protect our online accounts and data from savvy cybercriminals. And
“complex” typically means using lowercase and uppercase characters, numbers, and even
special symbols.” (Whitney).
The fact that Company A is a global financial company puts it at a greater risk of nefarious
activity by hackers and the like. Implementing and enforcing complex passwords can reduce the
risk of identity theft and financial fraud of those entrusting Company A with their financial
information. An example of a recent financial institution hacking is what occurred at Block which
resulted in 8.2 million customers having theirfinancial information compromised. The exposed
information was not just personal identification information but also brokerage account data
and credit card information. (Kost, Edward, (2026, August 3). 10 Biggest Data Breaches in
Finance. Retrieved from https://www.upguard.com/blog/biggest-data- breachesfinancial-services). These types of breach not only impact the customer it affectsthe company in
form of reputation, stock value (if applicable), and fine/fees.