You have been recently hired as a network security analyst for a small accounting firm. The firm is realizing that they need help to secure their network and customer’s data. With your background and skills, they are looking to you to provide guidance. In addition to helping them secure their network, they require that you obtain your CompTIA Security+ certification within 60 days of being hired.
In addition to the owner, who serves as the overall business manager, there are about 20 people on staff:
➢ 10 accountants
➢ 3 administrative support specialists
➢ 1 vice president
➢ 1 financial manager
➢ 2 interns
There is also one IT support technician on staff, who has basic computer hardware and networking knowledge. He has requested that the firm create a website, hosted internally, so that new customers can get information about the firm. This will be important to remember as you complete your final project.
The firm has a simple network. There are currently 20 computers and two multipurpose printers. All computers and printers are connected wirelessly to a NETGEAR MR814 device. This router is connected to a Motorola SB3100 cable modem. Staff e mail accounts are set up through the company’s Internet provider. Employees use a combination of Microsoft Outlook and standard web browsers to access their e-mail. The owner is known to use his personal iPad during work hours to check and respond to e mail messages.
Prior to your hiring, they hired a network cabling contractor to run Cat 6 cables from the central wiring closet to all offices and cubicles. They want to move away from using wireless as the primary network connection, but want to keep wireless access for customers coming to the building. The technician who did the wiring mentioned to your supervisor that he should look into setting up a Windows Server domain to manage user access, instead of the current peer-to-peer network. He also recommended that the firm invest in a managed switch and a firewall, and look into having some backups. The internal IT support technician agreed with these recommendations but needs your help to implement them.
You’ve been asked to assess the current vulnerabilities and provide a recommendation to the firm’s owner on how to better secure the network infrastructure. Now that you are aware of the firm’s history, your assessment and recommendation should provide specifics about the network security settings that must be implemented and the equipment that must be procured, installed, and configured. The firm’s owner has a basic understanding of computing, so it is important that you explain the technical issues in layman’s terms.
You will provide a detailed vulnerabilities assessment document, along with some specific recommendations to implement to address the vulnerabilities you have described. This document should be based on the scenario provided. Use LabSim as a guide in your analysis and recommendations.
Your proposal will be submitted in three major parts:
- Vulnerabilities Assessment
- Network System Security Recommendations
- Application/End-User Security Recommendations
Use this template as a guide while creating your Vulnerabilities Assessment and Recommendation Document (Parts 1-3).
pART 1:Vulnerabilities Assessment
This section should include areas where network security could pose security problems. Explain why these vulnerabilities could be exploited and what the implications are if they are not addressed. In this section, you do not need to provide specific recommendations on how to mitigate these issues.
pART 2: Network Security Recommendations
This section should include specific recommendations based on the vulnerabilities identified in previous section. These would include procuring new equipment or systems, and you should explain why these systems or equipment are needed. Cognizant that the firm only has a NETGEAR wireless router, determine what else is needed. They have Cat 6 cable running from each work area to the central wiring closet. But those cables are just hanging from the ceiling right now. The technician has recommended implementing a managed switch, a firewall, and a Windows domain, as well as setting up some backups (note: this could mean many things). Research appropriate equipment and provide guidance on their setup as appropriate for the business.
Include any configuration information for the equipment. For example, if you are getting a firewall, what setting(s) from a firewall should be in place for this firm?
pART 3:Application/ END-USER SECURITY rECOMMENDATION
This should include end-user specific recommendations such as the need for a specific application on the end-user’s computer or a specific training or best-practice that the user must employ. Again, explain why these are necessary and provide the specific configuration information as needed.