Assignment as Essay Example for Free

Assignment as EssayAs part of the network warrantor team, we will be proving IDI with a network certification plan to mitigate the vulnerabilities that have been discovered. A rock-steady site will be set up with network intrusion detection and network rampart systems will be available to approach path via the inherent network. Policies will be presented for removed access and the intention of VPN. Also contained within this report will be strategies for hardening the network and mitigating risks. An updated network lay come in with increased network security to meet the current needs will be included. In the interest of business continuity, remote access will be utilized. User wishing access to internal network assets will only(prenominal) be able to access said assets with the drill of a company issued laptop. We will make mapping of MAC citation dribbleing to allow remote users access to the internal network via VPN. Each of the remote access laptops will have be en loaded with VPN and have the MAC address added to the list on the MAC address filter. Users will be able to login to the VPN by using their topical anaesthetic username and password.By making use of a VPN connection, users should be able to easily access the network assets. VPN connections are protected by SSL encryption which provides communicating security over the internet. Each of the remote access laptops will be encrypted with McAfee safeboot encryption and all local data will remain encrypted until a valid login is entered. McAfee safeboot encryption requires additional login information to access the IDI internal network. At the present there is one web server for employees to access both internal and remote sites.The network security team will be integrating a web server locate within the internal network. This Web server will be accessible only from within IDIs local area network. We will be using the layered security concept to protect IDIs internal servers. An (IDS ) intrusion detection system will be set up to send out alerts in the event of an intrusion and log all connections. An (IPS) intrusion prevention system will be set up to prevent the detected intrusions and will make use of MAC address filtering to get over or allow connections based off the MAC address or physical address of each(prenominal) machine.MAC address filtering will allow the servers to accept incoming traffic from predetermined hosts. To further good the local area network, the network security team will be implementing the principle of least prerogative in regards to the users. By using the principle of least privilege we will be preventing multiple forms of bitchy or accidental risks by only giving the user the permissions and privileges necessary to complete their job. Microsofts inadvertence security computer software is commonly used and well known making the vulnerabilities well known, which would make it easier for a hacker to plan out an attack.Third part y antivirusmalware and firewall software will be used on all machines. The servers located within the network will make use of a statefull firewall to monitor and filter all traffic on the network by scanning for congruence between data packets. The everyday facing servers used to connect the internal webserver to the customer website are contained within the demilitarized zone. Due to the demilitarized zones proximity to the all-encompassing area network, we will be taking a layered security approach. There will be a statefull firewall located between the router and the demilitarized zone.This firewall will protect the internal network via the LAN-to-WAN connection by do in-depth packet inspection and closely monitoring the LANs inbound and outbound traffic. A dispossessed physical firewall device will be in place between the internet service supplier and the demilitarized zone. This firewall hardware will allow for larger amounts of inbound and outbound traffic. The demilitar ized zone will make use of both an IDS and IPS to handle any intrusions within this part of the network. Current IDI Network Weaknesses/vulnerabilities Logisuite 4. 2.2 has been installed 10 years ago, has not been upgraded, however over 350 modifications have been made, and license is expired RouteSim-The destination delivery program is used to don routes, costs and profits , it is not integrated into Logisuite or oracle financials to take advantage of the databases for real-time cash valuation and profit loss projections IDI needs to standardize office automation hardware and software before long there are about 600 workstations , 200 HP, 150 Toshibas, 175 IBM, 50 dell, rest are orchard apple tree PowerBooks without CAD software available Software ranges from various antique word processing packages of which are at variance(p) for integration with each other(a), causing transfer of charges to become corrupt when opened by incompatible software Polices exist that prohibit the introduction of individualised devices, many executives have had administrators install clients on their unsupported non-standard personal laptops, pcs, ws that interface with internet with little or no personal protection WAN was designed by MCI in early 2000s which has not been upgraded since data rate increases have occurred in Asia and Brazil has been distressed. among September and March (peak hours) capa urban center is insufficient, customers are lost due to dropped connections and abandoned shopping baskets, further diminution growth and revenue Telecommunications limited Mitel SX-2000 private automatic branch exchange (PABX) that only provides voicemail and call packaging Current IDI StrengthsSao Paulo is presently the strongest link in the chain. Sao Paulo Brazil is a model of standardization all other sites will be modeled after this site. The Sao Paulo office includes the following setup 30 MS windows for file and print 4 Linux (Unix) servers for major production a pplications 2 Linux (Unix) servers with the internet zone with juniper high-speed switches and routers A storage area network based on EMC CLARiiON SAP R/3(ECC6-Portal based apps) Up-to-date security policies although in Spanish The telephone system provided by SP Telesis- one of the four competing providers in the metropolitan city The NEC NEAX 2400 Series PABX used for internal and external communications