Popular in Course
verified elite notetaker
Popular in Department
This 7 page Study Guide was uploaded by kimwood Notetaker on Monday November 9, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 15 views.
Reviews for ISSC421_Case_Study_
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/09/15
Case Study Report 1 Case Study Report Matthew Eliason ISSC421 American Military University Leslie Pang Case Study Report 1 1.0 Introduction As a medium business startup who will be dealing Personal Identifiable Information (PII), a great deal of care must be taken to ensure that your customer’s data is preserved. Lessons were learned from the situations with large corporation’s security breaches such as Target and Sony. To achieve this end goal, certain steps must be taken with regards to information assurance and awareness training, overall best network practices, firewall implementation and the VPN solution. 2.0 Overview of network security fundamentals, security threats, and issues. Networking fundamentals involve an end to end solution. There are many cyber security threats to the average small to medium size business. Security fundamentals involve implementing basic solution to address the following basic threats. Denial of Service attacks Distributed Denial of Service attacks Viruses Case Study Report 1 Worms Trojans These threats are typically going to be a mechanism for data theft, primarily targeting credit card and login information of your customers. There are few basic things that must be done to form a solid security foundation. These include: Systematically patch all software to prevent vulnerabilities from being exploited Employ Windows Server Update Services (If using a Windows Platform) Strong password standards for users and Administrators Manage privileged and nonprivileged user accounts Employ a strong firewall policy The above solutions form a solid foundation for any network of any size. All of these points are linked symbiotically together, if you take one away all the other become vulnerable. 3.0 Detailed network security recommendations 3.1 Fundamentals of firewalls and VPNs The fundamentals of implementing a firewall and Virtual Private Network strategy is determining what type of approach is recommended for your company. The location of the firewall for the company VPN is critical in the protection of data from theft. 3.2 Recommendations for firewall and VPN solutions Case Study Report 1 Taking into account the fact that this company will be using the VPN is implement credit card transactions, a strategy of having the VPN server in front of the firewall server to be able to control what the users are accessing in the company network. This plan also give the VPN the ability to encrypt each connection. The VPN must be configured for filtering of PPTP, L2TP and IPSec. The firewall must have application and software based filtering. Along with protocol and port based filtering enabled. To accomplish all of this, there must be a robust firewall policy developed that implements these solutions. 3.3 Recommendations for implementing proposed solutions for the long term. As with any new security improvement and implementation strategy, it is only as good as the training provided to the trusted users of the VPN. Standardized training for all employees is an absolute requirement for a healthy network. I develop and work on this network for the long term, I will implement an aggressive training plan for all employees that includes weekly emails with tips on securing data and protecting company information. I will also implement a monthly training awareness plan for the employees via a training handout that all employees will review and initial for tracking purposes. All of the recommendations must have training to go along with them or they will fail in the long term. Case Study Report 1 3.2 Recommended Firewall and VPN Solutions Recommend a front VPN side firewall strategy with a policy, application, software, port and protocol based filtering. Recommend a VPN have a filtering policy for PPTP, L2PT and IPSec. Recommend an aggressive training plan for company and employees Recommend a solid network fundamental foundation based on the principals listed in section 2.0. 4.0 Summary In my plan, to avoid all the pitfalls that have sunk other startup companies, solid best network practices must be adhered to religiously. With a solid foundation, everything else will sink with it. Implementation of information assurance and awareness training, overall best network practices, firewall implementation and the VPN solution are the cornerstone and will be the cornerstone of this organization in my vision. Case Study Report 1 References Stewart J. Michael, 2011, Network Security, Firewalls and VPNs Kark, K. n.d.IT GRC: Combining disciplines for better enterprise security. IT GRC: Combining Disciplines for Better Enterprise Security. Retrieved from http://searchsecurity.techtarget.com/tip/ITGRCCombiningdisciplinesforbetterenterprise security Grimes Roger, June 23, 2002, External firewall attack, data retrieved on May 19, 2014 from http://windowsitpro.com/networking/externalfirewallattacks Information security: Challenges and solutions, data retrieved on May 19, 2014 from http://www.peterindia.net/ITSecurityView.html Behringer Michael, May 1, 2011, Network complexity and how to deal with it, data retrieved on May 19, 2014 from https://labs.ripe.net/Members/mbehring/networkcomplexityand howtodealwithit S, E. (2010, October 10). 10 Most Destructive Computer Worms and Viruses Ever. 10 Most Destructive Computer Worms and Viruses Ever. Retrieved May 25, 2014, from Case Study Report 1 http://wildammo.com/2010/10/12/10mostdestructivecomputerwormsandviruses ever/ Williams, M. (2011, May 23). PlayStation Network hack will cost Sony $170M. PlayStation Network Hack Will Cost Sony $170M Computerworld. Retrieved May 25, 2014, from http://www.computerworld.com/s/article/9216926/PlayStation_Network_hack_will_cost _Sony_170M