Thank you for the opportunity to make the recommendations to strengthen the security of your network.
A brief introduction
Introduction will entail a short description of the case to highlight the current status of the network in terms of software and hardware specs. Then state the overall
goal of vulnerability (for example, to scan, examine, appraise, and report).
I. Vulnerability Assessments
Develop a vulnerability assessment based on the scenario provided
The first vulnerability is the physical access to the facility. Being an accounting firm it is likely there’s information that must be held as confidential. There’s
likely no need for a security guard but there would be vulnerability if there no locking door preferably a door with a key card access. The Netgear MR814 cable router
is an older router that is out of date and would not have current firmware. This would leave network open to attacks. The two multipurpose printers are not secure in
the current configuration. Hackers can usepacket-sniffing techniques creating a potential liability. The company iPad can lead to vulnerability and loss of
confidential company information. The iPad is open to social engineering attacks. Peer to Peer networking is extremely risky in a company setting. Peer-to-Peer
networking opens the company to malicious attacks. A wireless network can be open to packet sniffing, war driving, which could lead to large financial loss. With a
company hosted website to be used by customers. This can lead to attacks from hackers on the Internet. Another issue is the accounting department, interns, and upper
management all share the same network, files, etc. This breaks the rules of Principle of Least Privilege can lead to access to company files by employees that should
not have access. An employee freely accessing their emails from different web browsers leaves high risks, to virus, malware, and other attacks. Also having employees
connect in this fashion uses more bandwidth.
Follow proper procedures and protocols in completing IT-related tasks.
This includes:
Performing vulnerability assessment based on the scenario
Demonstrating the ability to make network administration or Cybersecurity decisions based on best practices and/or standard procedures/protocols
II. Network/System Security Recommendations
Assess the need for network security devices to support the business or organization.
In the creation of this network the Manageable Network Plan will be utilized- including the steps 8 steps: Prepare to document, Map your network, Protect your network,
Reach your network, Control your network, Manage your network parts 1 and 2, and Document your network. I would agree with the suggestion in purchasing a switch. I
would place the accounting department, upper management, interns, and lobby wireless access on different subnets. I would employ a DMZ approach with the inclusion of
the webserver for hosting the website. The DMZ would consist of web server, and 2 firewalls. The cable router would be updated to a current piece of hardware and
updated with current firmware. The printers would be housed in a printer room with encryption. The iPad would be configured with auto lock, password lock, and the
option to remote wipe if the iPad were to be lost. The employees should be configured with the company email client and group policy. The email server should only be
access via email client with the appropriate security measures in place. The wireless access point for customers to access should be placed in the lobby with low
signal strength so the signal does not breach company premises. Also I would employ a site survey to identify all hosts on the network and access points on wireless
network to prevent any rogue access points from developing. WPA2 would be used with the wireless network.
Assess the need for network services to support the business or organization.
This includes:
Selecting/identifying the network services to implement
Providing justifications for the selected services
Follow proper procedures and protocols in completing IT-related tasks.
This includes:
Demonstrating the ability to make network administration or Cybersecurity decisions based on best practices and/or standard procedures/protocols
III. Application / End-User Security Recommendations
Apply and implement appropriate security measures on a network to support the business or organization.
The creation of user accounts will need to be unique with the use of accompanying complex password creation. Hardening authentication techniques will be employed with
account lockout, account restrictions, and password policies. Smart cards will be provided to each employee.
Apply proper ethical principles in dealing with sensitive customer information.
This includes:
Using appropriate techniques and procedures to secure sensitive customer information
Using proper documentation to track sensitive activities
Follow proper procedures and protocols in completing IT-related tasks.
This includes:
Identifying and applying appropriate software licensing model(s) for the software used in the proposal
Demonstrating the ability to make network administration or Cybersecurity decisions based on best practices and/or standard procedures/protocols
I believe with these key measures your network can be improved drastically to protect the confidentiality, integrity, and access of company information. Any costs
improving the network now can eliminate much larger financial losses later.
[1] Geier, E. (2008, January 2). Your Printer Could Be a Security Sore Spot. Retrieved October 9, 2015, from
http://www.pcworld.com/article/254518/your_printer_could_be_a_security_sore_spot.html
