IT340_IP5

docx

School

Colorado Technical University *

*We aren’t endorsed by this school

Course

340-1603B-

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

18

Uploaded by carant417

Report
Client / Server System and Network Administration IT340-2104A-01 Instructor: Professor Thomas October 20, 2021
Table of Contents Introduction ..................................................................................................................................... 3 Network Architecture ...................................................................................................................... 4 Network Diagram ......................................................................................................................... 5 Managing and Protecting Data ........................................................................................................ 6 Risk Assessment ............................................................................................................................. 10 Digital Evidence Controls ............................................................................................................... 13 Drive Imaging ............................................................................................................................. 13 Hash Values ................................................................................................................................ 13 Chain of Custody ........................................................................................................................ 13 Computer Forensic Analysis ........................................................................................................... 14 Wireshark ................................................................................................................................... 14 Autopsy ...................................................................................................................................... 14 Recovering Files ............................................................................................................................. 15 Recommendations for Best Practices ............................................................................................ 16 References ..................................................................................................................................... 18
Introduction The company I have chosen is Global Television Sales Corporation, GTSC. GTSC is located in Charleston, SC and is a locally owned small business employing at any given time between 10 and 20 employees. The employees have different roles such as sales agents, field technicians, administrative assistants, and team managers. The services they offer are any sort of telecommunication and security system, they serve as a dealer for Satellite services such as ViaSat and DIRECTV, for internet and VOIP services such as Comcast, AT&T and Ring Central, as well as audio and video surveillance. GTSC was chosen for many reasons including it’s size, it is a manageable size that is not overwhelming but is also large enough to have some various needs. GTSC has an existing hard- wired ethernet infrastructure but also uses Wi-Fi so various types of devices are required. GTSC also relies on being connected and cannot operate if their internal LAN fails. Additionally, GTSC has been in business for over 20 years and much of their infrastructure and systems are aging so they may need to consider updates hardware and software in the near future for performance and security concerns.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Network Architecture GTSC will be using a wired (ethernet) Local Area Network, (LAN) as well as a Wireless Local Area Network, (WLAN) which uses Wi-Fi to connect their many clients with one another and the server. We will be using a Star Topology which means that each client is not connected directly to one another, but instead is connected to a central hub (switch or router) which is then responsible for providing the connection and relaying the data to the other clients and the server (Ashrit, 2020). Our internet is provided by Comcast Business and is a very high-speed Gigabit connection to support all the users on our LAN. The equipment required will be a business class modem which is provided by Comcast, our Internet Service Provider, (ISP), a business class Linksys router to take the signal from the modem and transfer it to each of the different workstations, as well as provide our Wi-Fi signal, a Linksys business class ethernet network switch to allow additional clients to connect ( Linksys business switches - Managed, Unmanaged, Smart ). We also will require a server to store the company’s data as well as an individual client for each workstation. The individual clients are either PCs connected by ethernet to the switch or router, or cell phones and tablets connected to the router by Wi-Fi. All the ethernet cables in the building are Cat5e to support Gigabit speeds. Each workstation also has a Cisco VOIP phone which is connected by a short Cat5e patch cable to the PC.
Network Diagram
Managing and Protecting Data User access to computer resources User access will be determined by a need to know basis, restricting access to systems and data based on specific department and individual roles within the company. The sales department will have access to customer lead information such as a brief profile of the customer and their contact information but not billing. Existing customer’s billing information will be restricted to the administrative team. Field technicians will have access to open work orders but not customer’s billing information. There will be an acceptable use policy stating what the computers can be used for, such as no personal use and not streaming services. Office resources such as printers and scanners will be limited to supervisors. Security profiles Security profiles will be in place based on where the user is attempting to access data. The most sensitive data must be accessed from an Office PC and access will be blocked to user’s Home computers and mobile devices. Passwords The policy for Passwords will be that all users must create a “strong” password which consists of at least 8 characters including at least one lower case, one uppercase, one number and a special character. Passwords will be required to be reset every 6 months and cannot be set to a previous 2 passwords already used. In addition to Passwords we will use a multi-factor
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
authentication in the form of a SMS sent to the user’s registered cell phone that will provide a code for them to enter. If an incorrect password is entered 3 times, the user’s account will be locked after the 3 rd attempt and they must call Help Desk to get a temporary password that will allow them to login and prompt them to create a new password. E-mail According to (Talamantez, 2020), some basic policy guidelines are to prohibit personal use of company email as best as possible. It should also be specified that company’s private information, or “trade secrets” should not be emailed to a third party. User’s need to be educated and advised not to open attachments from third party or unrecognized senders as these could be viruses or spam. Users should also be advised to use professional and appropriate language in their email communications. Internet access As previous outlined in the company resource section, an Acceptable Use policy will be in place. Absolutely prohibited websites would be anything regarding illegal activities, violence, or pornography. Casual web browsing will be allowed during lunches and breaks such as reading the news regarding industry updates and business-related events. Streaming music or video will absolutely be prohibited to conserve bandwidth. Antivirus Antivirus software will be Windows Defender. The policy will be that the users should, under no circumstances, disable the anti-virus or install any sort of mal-ware or third-party app to interfere with its operation.
Backup System-wide backups of company servers will be handled by system administrators and will not be the personal responsibility of each user. The user’s responsibility will be to ensure that important documents are saved and located on the central server and not on their personal PC, in case of a hardware failure on their personal client. System patches Users should update their system as soon as the newest update is released. The policy will be that if the user does not download and install the update and then restart their computer within 7 days from the release, then their computer will force restart and install the update. Regular notices will go out if individual systems such as Java need to be updated and will provide the timeline as far as when their previous version will no longer be compatible with the latest update. Remote access Remote access generally will not be used on a regular basis but in a time of emergency such as a natural disaster, severe weather, or health pandemic, it may be authorized. When accessing company resources, employees will be required to be connected through a VPN, Virtual Private Network. Intrusion detection Intrusion detection will be the responsibility of the system administrator who will monitor network activity for any suspicious activity when it comes to web sites frequently visited, network bandwidth consumed, and time and date of access. If an intrusion is detected, the system administrator should take the necessary actions to stop the attack,
identify what damage was done, and then perform damage recovery. Required will be an Incident Handling Form to document any security breach, and all security incidents will be logged in an Incident Log.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Risk Assessment System assets include all networking hardware such as the cables, routers, switches and servers as well as individual clients, (employee’s computers) and the mainframe systems such as the network server. Assets also include data records such as client lists, client account information, employee data for Human Resources purposes, as well as internal proprietary information such as business plans and the business model of the company. Most software that we use is purchased from a vendor such as Microsoft Office or Windows and could easily be downloaded since we maintain an account with them, so it is not really at risk of being lost in the case of an emergency. Security policies for software and acceptable use have been defined in the previous section. Security procedures need to be implemented as far as the physical access goes to the facilities and access to hardware. This needs to be implemented in the form of identifying who has access to the building at what time. Individuals need to be designated as “keyholders” who can unlock the entrance doors and individuals who are not a keyholder do not need to be allowed access if a keyholder is not present. Also, the main server and router need to be locked in an equipment room with limited access only by IT personnel. This protects the company external vulnerabilities such as strangers, vandals or thieves as well as internal vulnerabilities such as untrustworthy employees. Checking for patches and updates will be a weekly task assigned to the IT Manager. The IT manager will check the software developer’s publications to see if anything new has been released as well as read security blogs and news sources for possible widespread vulnerabilities.
The download, installation and update of patches will be a weekly requirement for all employees. In addition to having dedicated keyholders, physical security will be reenforced by conducting a perimeter check ensuring all of the building and parking lot are covered by lighting at night. Security cameras will be reviewed to ensure they are positioned to provide complete visibility with no blind spots. The DVR footage from the security cameras will be reviewed to confirm that all cameras are functioning and all footage is being properly recorded in the case of needing to be reviewed. Also for physical security, the alarm system should be tested to ensure that it alerts in the case of a breech. The physical IT equipment room should also be attempted to be accessed to see if someone can breech the security without a key. Some attempts should be made to access unauthorized data as a user without access, for example, the IT manager probing for vulnerabilities should log in as a sales agent and attempt to access data restricted for HR. The manager can then attempt to guess the password or brute force attack it. If our testing is unsuccessful then when know the security in place will be effective. We can also hire a low cost “white hat hacking” company or “penetration testing” company to attempt to probe our system for any vulnerabilities and see if there are ways to access restricted content that we did not anticipate. Security training should be provided to all employees to educate them on the best ways to create and manage secure passwords. A 2019 study conducted by Microsoft determined that two factor authentication effectively blocks automated attacks up to 99.9% of the time (Bott, 2021).
The effects of a system breech could be catastrophic. If our systems were compromised, our server could be taken offline which would make conducting business as usual impossible. Client’s specific account information could be compromised which could lead to lawsuits. The likelihood of these events are very slim as we are such a small company, employing less than 20 people, but still have to be protected against. The level of risk we are comfortable taking would be classified as moderate. We do not have the budget for a massive security investment and do not have the anticipation of a large-scale attack due to the minimum value of any data an attacker could steal, and because all of our equipment is easily replaceable with only a few thousand dollars. Risk Action Recommendation Video surveillance Viewed DVR footage N/A Power failure Disconnected power for test Purchase battery backup Hardware failure Test all equipment Have spare backup equipment and on backup servers Internal Data Security Send fake phishing attempts A) Limit user access to certain directories "needs based" B) Employee security training External Data Security Attempt brute force login Enforce 2FA Fire Test fire alarm Routine fire drills, extinguisher inspections External Hackers Hire white hat hacker to test Employ firewall and security measures as advised Security Patches Check update version Update all systems weekly Natural disaster n/a Configure remote access for employees Internal Employees Audit list of users Delete terminated employees
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Digital Evidence Controls There are three main methods for preserving digital evidence for computer forensic analysis. The three methods we will be looking at are: Drive Imaging, Hash Values and Chain of Custody (Hamilton, 2021). Drive Imaging consists of creating a physical copy of the entire drives being analyzed. A real- world or contemporary comparison could be along the lines of taking a photograph of a crime scene and then studying the photograph for clues instead of analyzing the scene in person. Hamilton notes that the forensics should take place on the copied drive and not the original source in order to preserve its integrity. Hash Values authenticate the integrity of a file by ensuring that is exactly a duplicate of the original file. The algorithms that create a hash value create a unique value for every single individual file, meaning that even one bit or digit was changed, the hash value on the altered file would be different from the original, indicating a modification or alteration took place. Chain of Custody is a critical documentation process to log where all evidence has been transferred to and who has been in position of it. If there was a gap in the record, then it could be argued legally that during that time evidence could have been tapered with.
Computer Forensic Analysis Wireshark is the first Forensic tool I would recommend that our IT department utilize. Wireshark is available for Windows and Unix based systems such as Linux. It captures packets that are transmitted over Wi-Fi and displays who is requesting what information. It is an Open- Source Software so it is free from fees or licensing and will be a cost-effective means of network monitoring for the business ( Wireshark Introduction ). Autopsy is the second forensic tool should be implemented, which is a GUI to Sleuth Kit, which helps analyze disk images. the reason this tool was chosen is because it utilizes Hash Filtering, to identify when changes were made, and it shows a Timeline Analysis for a drive image. Disk imaging comparison is important because if there is a suspected security breech, comparing images of a disk from before and after the incident will allow us to see exactly what was changed, when it was changed, and hopefully identify who it was changed by. Autopsy is also free, which will help us minimize costs ( Autopsy ).
Recovering Files According to ( Computer forensics: Recovering deleted files 2018), some basic methods of recovering deleted files could be as simple as checking a recycling bin on a device, as most devices ranging from smartphones to Personal Computers have a recycling bin sort of function. Another more advanced method could be to scan the entire hard drive. When Windows deletes a file it does not immediately erase the data from the drive, instead it deletes the path to that file, which makes it seem like the data is no longer there since there is not a “road map” to find it. The data remains on the disk until it is over written. By scanning the drive in detail, deleted files that have not yet been overwritten can be recovered.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Recommendations for Best Practices In summary, we have chosen a star topology for our architecture so that if any one of our clients fails, the rest will not be affected as they would be in a bus or ring topology. We have implemented both wired and wi-fi connections for speed and reliability but also to provide flexibility and connection for smaller devices such as phones or tablets that do not have an ethernet port. In the star topology, the only failure that could impact the system would be our main server or router, of which we have backup equipment to rapidly replace. The reason we are using all Linksys networking equipment is so that we can have a single company for a point of contact if customer service is required and we don't have to worry about compatibility issues, and setup and configuration will be familiar on all devices. For security, we recommend users have restricted access on a "need to know" basis based on their job role and what data they need to perform their duties. We have also established a company policy for Password strength, expiration dates, two factor authentication and lockout scenarios in the event of an attempt to guess a password. We have created an acceptable use policy that defines how company email as well as internet resources can be used. System administrators will be responsible for implementing Antivirus Software, creating data backups, and installing regular system patches to ensure all programs and operating systems are up to date with the most recent security updates.
Some recommendations from our Risk Assessment include purchasing a battery backup, purchasing spare equipment (extra routers and switches as well as spare hard drives and individual clients for each user), and providing security training to all employees. Administrators are also required to be familiar with Forensic programs such as Wireshark and Autopsy and will monitor activity logs on the network and the server drives. Another best practice will be for the administrators to regularly audit the list of users to remove access for terminated employees. This plan should be implemented because with these steps in place, a secure and reliable network will be established that will have minimum risk to threats from both internal employees and external attackers. Regular security training should be conducted annually as a refresher for all existing employees, and security training should be included with onboarding training for new hires. It is also recommended that in the event an employee changes their role within the company that additional training be provided for their new position and the security risks and expectations of the new role.
References Ashrit, L. (2020, July 2). LAN (Local Area Network) - Topology, Types, Applications, Advantages . electricalfundablog.com. Retrieved September 23, 2021, from https://electricalfundablog.com/lan-local-area-network-topology-types/ Linksys business switches - Managed, Unmanaged, Smart . Linksys. (n.d.). Retrieved September 23, 2021, from https://www.linksys.com/us/c/business-network-switches/ Talamantez, J. (2020, November 24). Back to basics: How to write a company email policy . Advance2000. Retrieved September 30, 2021, from https://www.advance2000.com/write- email-policy/ Bott, E. (2021, April 15). Better than the best password: How to use 2FA to improve your security. ZDNet. Retrieved October 4, 2021, from https://www.zdnet.com/article/better- than-the-best-password-how-to-use-2fa-to-improve-your-security/#:~:text=A %202019%20report%20from%20Microsoft,from%20Google%20offered%20similar %20conclusions Hamilton, M. (2021). 3 methods to preserve digital evidence for computer forensics . Critical Insight. Retrieved October 14, 2021, from https://www.criticalinsight.com/resources/news/article/3-methods-to-preserve-digital- evidence-for-computer-forensics Wireshark Introduction . Wireshark. (n.d.). Retrieved October 14, 2021, from https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntro Features. Autopsy . Sleuthkit. (n.d.). Retrieved October 14, 2021, from https://www.sleuthkit.org/autopsy/. Computer forensics: Recovering deleted files . Atlantic Data Forensics. (2018, December 19). Retrieved October 14, 2021, from https://www.atlanticdf.com/blog/2018/11/20/computer-forensics-recovering-deleted- files/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Assignment 1.docx
EHR challenges and resolutions - Simran Kaur.docx
Case Study 1.doc
IT401_IP5.docx
IT329_IP4.docx
IT140_IP5.docx
CS346_IP5.docx
Module 13_ Quiz_ (LAW6003-0001.fa23) Contract Risk Management.pdf
IMG_6255.png
Assignment - EVA Pitch Paper.docx
Ryan_Gillard_ITDI_375_Unit2.docx
Ryan_Gillard_ITDI_372_Unit2.docx