KII5056 System Security

Background information

InSycure Corp is a pharmaceutical company currently experiencing unprecedented growth in its industry. The company headquarters is located in the western suburb of Arndell Park, New South Wales. It is a campus environment with three buildings with approximately 150 users. The regional offices are located in Dubbo, Orange, Ballina, and Kiama. All of the offices have at least one wireless access point and several of the offices have three or more. Each office has its own local internet connection.

All the remote offices are connected to headquarters via a leased WAN connection.

The headquarters has an old IBM mainframe that runs several legacy applications, including the accounting system. The mainframe is accessed by a variety of staff at headquarters and in each of the regional offices. The vast majority of the workstations are running Windows 8 operating system. The graphics department, located in the headquarters, uses Apple computers. Static IP addresses are typically assigned to common resources and DHCP is used for workstations. When the network was originally designed, IP subnets were assigned to different offices and departments.However, over time and as the network has grown, this subnet organisation has broken down. Over the last several years IP subnets have been assigned and reassigned without any regard to department or location.

All connections to the internet are protected by firewalls and network intrusion-detection systems. All of the workstations have virus-scanning software and a central console is used to push out signature updates. Workstations and servers are generally kept up-to-date with patches and service packs. The networking staff has employed all of the standard security practices one would expect to find at most organizations of this size. Although network security is pretty well established in this company, there arestill several vulnerabilities that the company faces on a regular basis, mostly from human-machine interactions.

For example, a salesperson who frequently holds meetings in a conference room near his office was frustrated by the lack of available network connections for meeting participants. He decided to pick up an inexpensive wireless access point at his local electronics store and plugged it in. The salesman didn't consider that the conference room was next to the parking lot, making the access point available to the public.

Another problem they face is the amount of time it takes for the network administrator to locate infected computers whenever a virus strikes throughout the enterprise. It is always a challenge to quickly identify, locate and disable the switch ports of machines infected. It can take up to 45 minutes per workstation for a potential total of 75 hours to locate and identify the infected users. This process usually includes logging into and querying routers and switches, and physically going to the switch to identify the port and trace the wire to the workstation. This process would have been even more difficult if the workstation happened to be located in a regional office. This process is unproductive, costly, and time-consuming. Additionally, it assumes some knowledge of the network architecture. A new network administrator who did not possess knowledge of the network topology would have a much more difficult time locating the infected workstations.

Requirements and deliverables

In this assessment task, you are required to perform the following:

Q. Perform a Risk Analysis of the InSycure computer system. You are required to perform the following in a report format:

• Evaluate the current network/system of the organization and identify the threats.
• Evaluate the threats associated with the system and determine the level ofrisk associated with the entire network. You are expected to include a riskmatrix in this section.

Q. Develop a Security Plan and a Disaster Recovery Plan (DRP) for InSycure.

a) Security plan should contain the following items:

• Evaluation of the current Security risks
• Security strategies
• Public key infrastructure policies
• Security group descriptions
• Group Policy
• Network logon and authentication strategies
• Information security strategies
• Administrative policies

b) Disaster Recovery Plan may contain following items:

• Purpose of this report
• Scope and objectives
• Emergency management procedures
• Data backup policy
• Types of disasters
• IT Recovery Strategies
• Testing your disaster recovery plan

Q. Conduct research to identify common Security Perimeter issues and best practices applicable to organisational network infrastructures.

Include the following elements in your Research Report:

1. Provide a brief explanation (at least 200 words) of how a 3-Legged DMZarchitecture can be used to implement a security perimeter on a corporate network.
2. Include key benefits and weaknesses of using such a network architecture that employs DMZ containing corporate servers (e.g. mail, web, FTP, etc.).
3. Describe briefly (at least 100 words) how this security perimeter can be configured to provide secure failover and redundancy in the event of a router failure.
4. Develop a list of current software and hardware, including key features or capabilities, that support network perimeter solutions.
5. Develop a process or technique for logging data from security analysis conducted on the DMZ based network to enhance security.(Data may include outcomes of penetration testing or comprehensive scanning of network threats).
6. Identify an alternative security enhancement technology that can be used toimplement a security perimeter across corporate network infrastructures.

Provide reference to all information sought from external sources.