Professional Documents
Culture Documents
ED 577 Final 1
ED 577
Final
Charissa Piccotti-Fannu
ED 577 Final 2
ED 577 Final
production and sales. Widget’s Inc. is experiencing several issues related to their growth,
which must be addressed by the CSO. This document will address the technical issues related
The Board of Trustees of Widgets Inc. will be going on a retreat in Florida, and will need
access to their files on the company server. Because this is an internal server, a secure Virtual
Private Network (VPN) must be established. There are three different types of VPN
technologies; secure VPNs, trusted VPNs and hybrid VPNs. Because the Board of Trustees
will be out of the area, using an unsecured network from their retreat location, a Secure VPN
would be the best choice. The Secure VPN will use security protocols to encrypt data
transmitted across public networks. The IPSec (internet protocol security) will ensure
network security through encryption of packets of data, and protocol for authentication, data
Security requirements for the VPN include authentication, authorization, and accounting.
Using the Diameter protocol, minimum security standards will be set for this VPN, including
user authentication, data encryption, and tracking of network use. In order to implement the
VPN, a secure VPN client router must be installed at the retreat location. Care must also be
taken at the main office location because the connection of a VPN may slow internet speeds
connection to and from multiple locations, and includes secure PPTP, L2TP, OpvnVPN, and
IPSec protocols.
ED 577 Final 3
The finance department of Widgets Inc. is thinking about purchasing a server to store
financial documents. Because this server will host financial documents for the corporation,
and will not be involved in outside sales or customer relations, an internal server (intranet) is
the best option for the finance department. This server can be used on a linked local area
network within the finance department, with a gateway computer to link to the rest of the
The company should consider the following issues when planning for the server
purchase. First, Widgets Inc. should consider future growth of the company and what data
will be stored on this server. With that in mind, the company should opt for a server with
scalability, or the ability to add on multiple drives and upgrades, along with a capable
processor. Second, the company must consider space, IT support, and environment. These
factors will contribute to the overall size and features of the server chosen. Widgets Inc. must
be sure to have qualified staff to service and maintain the server chosen, appropriate space
for storage and expansion of the server rack, and a server aligned to the computers being
used, whether they are Mac or PC desktops or laptops. In this case, a Windows Small
Business Server may be the best option. Finally, serious consideration must be given to data
redundancy and fault tolerance of the server chosen (Lynn, 2010). RAID (redundant array of
independent disks) level 5, is an array that stripes data across multiple drives, with no
dedicated parity drive. Because RAID 5 drives can also be hot swapped (replaced without
fault and without powering down the system), this would be the recommendation of the CSO
to ensure safety and redundancy of data, while also balancing operating costs (Whitman &
Mattord, 2016).
ED 577 Final 4
employee technology use agreement signed. We can be reasonably assured that N.A. does not
have a criminal background on malicious intent. However, several security measures must be
taken to ensure confidentiality of data, security of all media and information, and network
security. The CSO must be informed of the employee’s termination prior to any other steps being
First, following the corporations security plan, all access to the Widget’s Inc. network
(intranet, internet, and system files) must be disabled. This can be accomplished by removing
user permissions for the terminated employee and disabling all accounts in that employee’s
name in the ACL (access control list) and capability tables of the company network
(Whitman & Mattord, 2016). Second, physical properties belonging to the company,
including hard drives, removable media, portable storage devices, and the data stored on
them must be returned to the company. A security escort must accompany the employee to
retrieve and return these devices and data. Finally, door keys and keycard access must be
removed and secured. The employee’s keycard must be deactivated on the security system,
and building security must be notified. The terminated employee will be made aware of these
items in an exit interview, as will necessary staff. It is also recommended that security
protocol and procedures, as well as Widgets Incorporated’s Fair and Responsible use policy
be reviewed and updated after this incident, in order to plan for any future occurrences. The
company’s SysSP (system-specific security policy should also be reviewed at this time, as
changes will be made to the ACL and capability table within the system (Whitman &
Mattord, 2016).
ED 577 Final 5
WORM which was just released. Because Worms can replicate themselves to fill all available
hard drive space, memory, and network bandwidth, this is a serious threat to Widget’s
Incorporated. Initially, the IDPS (intrusion detection and prevention system) should be checked
to make sure it is up to date and operating correctly. A security risk assessment and vulnerability
assessment should be performed immediately, focusing on this latest threat. Once security risks
and vulnerabilities are found and documented, steps should be taken to correct any outstanding
issues.
Because worms are most often transmitted through email, often as attachments,
employees should be made aware of the risks of opening any unknown attachment or any
email from an unknown sender. Firewalls on all corporate servers and networks must be
updated and tested to ensure network security. This should include authorizations for access
to the firewall device as well as limiting data through the network. For user email, SMTP
(simple mail transfer protocol) data should be allowed to enter the firewall and then be safely
filtered through the gateway to be routed securely. For web services, web traffic should be
restricted using proxy server firewalls. Finally, all data that is not verifiably authentic should
Additionally, once vulnerability and security risk assessments are completed and
necessary updates made, penetration testing should be performed. Penetration testing should be
performed by an outside firm with little knowledge of the inner workings of the network. This
Widgets Inc. will now be expanding their offerings to online sales and will begin
accepting credit cards. This new addition will require several updates to the company’s web site.
Because of the acceptance of credit card information online, steps must be taken to ensure
privacy of personal financial information. In order to accomplish this, Widgets Inc. will be
Installing a PKI system will ensure the security of sensitive information involved in each
transaction. The PKI integrates the following characteristics: Authentication (validating the
identity of users), Integrity (content has not been altered), Privacy (information is protected from
for transactions). In this case, a Certificate Authority will be used to manage users’ digital
certificates (Whitman & Mattord, 2016).This will enable the maintenance of the PKI certificates
to be handled by a third party and reduce in-house operating time and costs. By implementing a
strong cryptosystem through a complex key, password protection, and hardware-based key
tokens, the PKI can ensure secure, encrypted, binding e-commerce transactions for Widgets Inc.
ED 577 Final 7
References
Fitzpatrick, J. (2016, August 21). Connect Your Home Router to a VPN to Bypass Censorship,
https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-
censorship-filtering-and-more/
Lynn, S. (2010, October 07). How to Buy a Server. Retrieved June 13, 2017, from
http://www.pcmag.com/article2/0,2817,2370348,00.asp
Whitman, M. E., & Mattord, H. J. (2016). Principles of information security (5th ed.). Boston,