1) Briefly define the 3 key technical goals in network design. Use the format below:

Technical goal 1 (specify): Definition (2 lines MAX)

Technical goal 2 (specify): Definition (2 lines MAX)

Technical goal 3 (specify): Definition (2 lines MAX)

2) For each technical goal above, discuss four (4) best practices4 in network design one can use to reach that goal. Do not use a same best practice more than once in this exercise, which means you should discuss a total of 12 different5 best practices. Use the format below:

Best practice # 1 for technical goal 1 (10 words MAX)

o Explain how your best practice # 1 improves technical goal 1 (3 lines MAX) o IF this is not a default best practice, briefly explain when it is recommended

Best practice # 2 for technical goal 1 (10 words MAX)

o Explain how your best practice # 2 improves technical goal 1 (3 lines MAX) o IF this is not a default best practice, briefly explain when it is recommended

Best practice #3 for technical goal 1 (10 words MAX)

o Explain how your best practice # 3 improves technical goal 1 (3 lines MAX) o IF this is not a default best practice, briefly explain when it is recommended

Best practice #4 for technical goal 1 (10 words MAX)

o Explain how your best practice # 4 improves technical goal 1 (3 lines MAX) o IF this is not a default best practice, briefly explain when it is recommended

Best practice #5 for technical goal 2 (10 words MAX)

o Explain how your best practice # 5 improves technical goal 2 (3 lines MAX) o IF this is not a default best practice, briefly explain when it is recommended

Etc.

PART 2 Case: Marriott security incident (35 marks)

Below is a summarized timeline of a security incident at Marriott as reported by its CEO. Because the incident involved the Starwood Guest Reservation System database, the timeline begins with the merger of Marriott and Starwood Hotels & Resorts Worldwide in September 2016.

A. Merger with Starwood

On November 15, 2015, Marriott signed a merger agreement with Starwood and the transaction closed on September 23, 2016. During the intervening ten months, we obtained information about Starwoods technology and network and assessed how to integrate the two reservation systems. Following this evaluation, we made the decision to retain Marriotts reservation system as the central system for the combined group of hotels and to retire Starwoods reservation system. Migrating all of Starwoods 1,270 hotels onto Marriotts reservation system while avoiding disruption of the reservation process for guests and hotels was a significant undertaking over a period of two years. After the close of the merger, we continued to operate the Starwood system and we invested in additional information security measures for that system. In November 2018, we accelerated the

3 Exclude MANs and WANs

4 For this part, use the lecture note slides starting from Week1

5 Different means you CANNOT use the same best practice twice i.e., once for technical goal 1 and once for technical goal 2 OR once for the access layer and once for the backbone network.

Page 2 of 3

timeline to retire the system and, as of December 18, 2018, we are no longer using the Starwood Guest Reservation System to conduct business operations.

B. Discovery and Investigation of the Incident

On September 8, 2018, Accenture, which managed the Starwood Guest Reservation System database, contacted Marriotts IT team with information about a Guardium alert generated on September 7. Guardium is an IBM security product used on the Starwood system to help secure databases. The Guardium alert was triggered by a query from an administrators account to return the count of rows from a table in the database. Such a query would not return the content of these rows, only the total number of rows in the table. As part of our investigation into the alert, we learned that the individual whose credentials were used had not actually made the query. On September 10, 2018, two days after Accenture elevated the alert, Marriott brought in third-party investigators to conduct a full investigation into the circumstances that led to the alert and to assist with containment measures. On September 17, 2018, the investigators uncovered a Remote Access Trojan (RAT), a form of malware that allows an attacker to covertly access, surveil, and even gain control over a computer.

C. Investigation findings and scope of the incident

Uncovering the full scope of the attack took significant forensic work. We worked with and relied on experts in the field to conduct a thorough and careful investigation. In early October 2018, the investigators found on some systems evidence of malware, including MimiKatz, a tool that searches a computer for usernames and passwords. In November 2018, findings showed evidence of an unauthorized party on the Starwood network and that the attacker had accessed guest data in the Starwood Guest Reservation System and exported approximately 500 million guest records including passport information and credit card information.

Q1: Briefly discuss the immediate actions Marriott should take after discovering the attack. Include in your discussion why such actions are required (6 lines MAX)

Q2: Briefly discuss FIVE (5) security controls covered in the ITEC 3210 mandatory text that would have helped prevent the security incident. Use for EACH security control the format below:

Security control #1 (list name): Explain how Security control #1 helps prevent the incident (3 lines MAX)

Q3: Discuss THREE (3) security controls covered in the ITEC 3210 mandatory text that would not have helped prevent the security incident reported in this case. Use for EACH security control the format below:

Security control #1 (list name): Explain why Security control #1 does NOT help prevent the incident (3 lines MAX)