...ABC Inc. Internet Edge Student Name: Michael Wakefield Degree Program: Bachelor of Science IT-Security Mentor Name: Signature Block Student’s Signature Mentor’s Signature Table of Contents Capstone Proposal Summary 1 Review of Other Work 8 Rationale and Systems Analysis 16 Goals and Objectives 22 Project Deliverables 26 Project Plan and Timelines 27 References 28 Appendix 1: Competency Matrix 4 Capstone Proposal Summary Internet of Everything (IoE) and “Big Data” equates to competitive advantages to the modern business landscape. Numerous white papers are circulating on the Internet highlighting the business case supporting the IoE initiative. For instance, in a white paper conducted by Cisco Inc. on the Value Index of IoE in 2013 reported the following: In February 2013, Cisco released a study predicting that $14.4 trillion of value (net profit) will be at stake globally over the next decade, driven by connecting the unconnected –people-to-people (P2P), machine-to-people (M2P), and machine-to-machine (M2M) - via the Internet of Everything (IoE). Cisco defines the Internet of Everything as the networked connection of people, process, data, and things. The IoE creates new “capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries” (The Internet of Everything, Cisco, Inc. 2014). With such a lofty goal looming, and the monetary potential, many sources will support the notion of...
Words: 5523 - Pages: 23
...Title: ABC Inc. Firewall upgrade Report Student Name: Michael Wakefield Degree Program: BS- IT Security Mentor Name: Dave Huff Signature Block Student’s Signature Mentor’s Signature Table of Contents Capstone Summary 3 Review of Other Work 13 Rationale and Systems Analysis 19 Goals and Objectives 25 Project Deliverables 28 Project Plan and Timelines 30 Project Development…………………………………………………………………………………………………………………………….31 Additional Deliverables………………………………………………………………………………………………………………………….35 Conclusion…………………………………………………………………………………………………………………………………………….35 References 37 Appendix 1: Competency Matrix 38 Appendix 2: Cisco ASA 5555-X Firewall Specifications…………………………………………………………….40 Appendix 3: ABC Inc. Project Schedule…………………………………………………………………………………….44 Appendix 4: High-Availability Design Screenshots……………………………………………………………………45 Appendix 5: Screenshots of inside to outside access; outside to DMZ access; NAT rules and configurations; and performance graphs and performance results….........................................51 Capstone Report Summary Internet of Everything (IoE) and “Big Data” equates to competitive advantages to the modern business landscape. Numerous white papers are circulating on the Internet highlighting the business case supporting the IoE initiative. For instance, in a white paper conducted by Cisco Inc. on the Value Index of IoE in 2013 reported the following: In February 2013, Cisco released a study predicting...
Words: 9337 - Pages: 38
...Week 1 Lab Part 1: Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: 1. Configure user accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what...
Words: 1428 - Pages: 6
...the Internet and log into the Web server using their browser. The could access the corporate mainframe as if they were using TN3270 terminal with response times being under one minute. Before ING could launch their new public infrastructure, they had a security consultants probe for vulnerabilities in the system. But even as the years go by, new threats and weaknesses endanger the security of ING and the private information that it holds in its systems. Charl Van der Walt (2002) quoted in an article by saying; “The Internet, like the Wild West of old, is an uncharted new world, full of fresh and exciting opportunities.” But Walt also mentioned that like the Wild West, the Internet is full of new threats and obstacles as well. This case study will prove and critique the difficulties and risks associated using public infrastructure as part of a business solution. Also, coming up with a solution to provide that would be better suited for brokers to use as a secure source for information. Problems with...
Words: 862 - Pages: 4
...In this case study we have been asked to create a report about disaster recovery and the best practices involved for such an incident. There are many types of disaster recovery systems that can be employed. For our purposes I will talk about two of the currently industry standards. First is the "Cloud-Based" disaster recovery. In this type of recovery, SMPR would be required to lease network storage space from a cloud-based DR vendor and SMPR would set up proprietary backup software that would communicate with the vendors system and remotely and securely store SMPR's backup data and network configurations on the Cloud, or in other words in a server farm of hosted SAN devices. This option is typically a little more cost effective because the vendor has to maintain the hardware for storage, and ensure that it can be accessed within an agreed upon SLA. The next method of disaster recover we will talk about is called a Co-Location shorted to Co-Lo in the industry. In a Co-location setting, you pay rental space for a building, you then bring in your own hardware and setup and manage your own connections to this location for your data backups and storage. Typically in a Co-Lo, you will need to worry about how much power you will use, how much rack space will be required, and how much bandwidth you will need between the SMPR offices and Co-Lo. A Co-Location typically has many redundant systems to ensure that your servers do not lose power, or data connection, they generally have features...
Words: 520 - Pages: 3
...Enhanced security student Self-service system Contents Chapter 1 Introduction to the study 3 1.1 Background of the project 3 1.1.1 Overview 3 1.1.2 Problem context 3 1.1.3 Rationale 4 1.1.4 Target Users 5 1.2 Scope and objectives 5 1.3 Project plan 6 1.3.1 System Functionality 6 1.3.2 Deliverables 7 1.3.3 Project Scheduling 8 1.3.4 Assumptions and Constraints 9 CHAPTER 2: LITERATURE REVIEW 10 2. Domain Research 10 2.1 Real Life Self-service system case studies 10 2.2 Protecting data in a self-service system 13 2.2.1 Data Encryption: 14 What is data encryption? 14 Types of Data encryption: 14 Types of data encryption methods: 15 2.2.2 Digital Signature 16 2.2.3 Firewalls 17 Network layer Firewall: 18 Application layer firewall: 18 Proxies: 19 2.24 Intrusion Detection System (IDS) 20 3. Technical Research 23 3.1 Language 23 JavaScript 23 PHP 24 VB.Net 24 3.2 Databases 25 MS Access 25 MS SQL Server 25 MySQL 26 Language and database justification: 26 3.3 System architecture 27 3.4 Methodology 29 Spiral Model 32 Methodology Justification 32 References: 34 Chapter 1 Introduction to the study 1.1 Background of the project 1.2.1 Overview The paper is based on the improvement of the service at the administration office through the implementation of a new system to replace the traditional way currently used to deliver such services to the student community. It focuses mainly...
Words: 6376 - Pages: 26
...Case Study Questions 1. List and describe the security and control weaknesses at Sony that are discussed in this case. The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. 2. What people, organizational, and technology factors contributed to these problems? Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in place...
Words: 333 - Pages: 2
...Week 5 Case Study Risk Management Policy By Jovan Kirby SEC 280 Professor T. Campbell DeVry University Risk management is the process of making and carrying out decisions that will minimize the adverse effect of accidental losses upon our company. The risk management process is vital to the personal health and safety of employees and the safety of the public. In financial terms, it is vital to our ability to pursue our goals, commence and operate programs, and to perform duties in an efficient and professional manner. We will implement a plan to cover credit card theft and as well as internal breach of personal company information. Some ways to protect against credit card information being compromised is this. We have implemented some ways such as firewalls, restricted policies, and proxy servers. We will go through each one and explain why and how they will make this company stronger and better. First firewalls using a firewall will help build a strong defense. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. For example, if a firewall is configured with a rule to block Telnet access, then the firewall will drop packets destined for TCP port number 23, the port where a Telnet server application would be listening. The role of a firewall is to prevent malicious traffic reaching the resources that it is protecting. Some security experts feel this is an outdated...
Words: 765 - Pages: 4
...Sony Case Study Questions 1. List and describe the security and control weaknesses at Sony that are discussed in this case. The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. 2. What people, organizational, and technology factors contributed to these problems? Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in...
Words: 334 - Pages: 2
...must be executed. Ethical hacking has the ability to suggest proper security tools that can avoid attacks on the networks. Hacking tools can be used for email systems, data bases and voice over internet protocol applications in order to make communications securely. Ethical hacking can also be known as penetration testing which can be used for networks, applications and operating systems (Jeff Forristal and Julie Traxler, 2001). Using hacking tools is a best method for identifying the attacks before it effect the entire organization. Ethical hackers are nothing but authorized users for the sensitive information or networks of an organization. Using hacking techniques for handling employees in organization and for solving critical judicial cases is not a crime. An ethical hacker use same tools and actions as performed by normal hacker. The main aspect in ethical hacking is that target permission is essential for performing...
Words: 9223 - Pages: 37
...prohibitions for social media websites (Facebook, Twitter etc.), online blog, online document stores (Google Drive, DropBox etc) to ensure no private company information is shared. This may expose that can be sent to external e-mail addresses. This may expose Softsearch with confi confidentially if private information is sent to external e-mail addresses. E-mail policy should be enhanced to include statement regarding no attachment policy for external e-mail addresses. Employee’s can e-will be able to and internet usage addresses softsearch policSoftsearch new policy addresses issues with e-mail E-mail usage policy clearly dictates B. Case Study Analysis OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) risk-assessment methodology was used to analyses Softsearch Case study. Scope of this risk analysis is limited to how Softsearch network will establish partner network...
Words: 1015 - Pages: 5
...NETWORK-ATTACHED STORAGE FOR SMALL COMPANIES Case: Design Foundation Finland LAHTI UNIVERSITY OF APPLIED SCIENCES Degree Programme in Business Information Technology Bachelor Thesis Autumn 2012 Jari-Pekka Koivisto Lahti University of Applied Sciences Degree Programme in Business Information Technology KOIVISTO, JARI-PEKKA: Network-attached storage for small companies Case: Design Foundation Finland Thesis in Degree Programme in Business Information Technology, 56 pages, 11 pages of appendices Autumn 2012 ABSTRACT This study focuses on finding the proper solution to create Network-attached storage (NAS) for a small company. This study was commissioned by Design Foundation Finland, aiming to improve the security and the management of the information. This research will be aiming to find the proper way to design and implement a network storage, which will be used as the main data storage within the company for creating an ideal solution for data maintenance, security and ease of access to all the data of the foundation. The outcome of the thesis is a solution, which is created from scratch, offering a design and implementation of an NAS in a small company with a relatively small budget. The case foundation is located in Lahti. The foundation was established in 2009, aimed to improve and support the education (of design), as well as research and development of design. Design Foundation Finland also has an own R&D group to improve the design of Finnish products in several...
Words: 10025 - Pages: 41
...Case Study Questions 1. List and describe the security and control weaknesses at Sony that are discussed in this case. The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. 2. What people, organizational, and technology factors contributed to these problems? Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in place...
Words: 493 - Pages: 2
...Deploying Application Firewall in Defense in Depth Principle Abstract Information security should be a priority for businesses, especially when they are increasingly involved in electronic commerce. With the understanding that securing an operating system successfully requires taking a systematic and comprehensive approach, security practitioners have recommended a layered approach called defense-in-depth. The cost and complexity of deploying multiple security technologies has prevented many organizations from achieving their information security goal. In view of these constraints and in compliance with recent with recent corporate and industry regulations like Sarbanes-Oxley Act and Payment Card Industry Data Security Standard, businesses now deploy application firewalls as security measures. Based on the foregoing, the author has recommended the use of application firewalls as a single platform for achieving layered security through network protection, application protection and data protection. This paper commences by examining the defense in depth theory and the types of application firewall and the author concludes by citing the Institute for Computing Applications (IAC) of the Italian National Research Council (CNR) as an example of an organization which engaged application firewalls in resolving its network security problem. Research Analysis/ Body The development of Information security is of paramount importance to organizations that have online presence...
Words: 1701 - Pages: 7
...part of any organization in the modern era of globalization. The organizations who have failed to use IT properly for their benefit either have declined or is in a very unproductive stage. Implementation of IT also brings in some dangers which are required to be dealt efficiently with responsibility. This efficiency comes with adequate knowledge of the nuances of the IT industry and the main drawbacks or problems regarding the system. In this case study, Sunnylake’s hospital has been attacked by intruders and Sunnylake’s electronic medical records (EMR), which used to help a lot to Sunnylake to improve its performance in dealing with patients’ information, have got hackers’ attack. The CEO of Sunnylake hospital Paul received the blackmail continuously and is facing a mind-boggling and annoying situation. With respect to this issue in the case, this report will discuss the suggestions to deal with the attack and offer some recommendations to Sunnylake in addition to the three pieces of advice given by the experts in the case. The Case Sunnylake Hospital started as a community center with a vision to help people to cure their disease. Paul Layman, the CEO of the Sunnylake Hospital had joined the organization five years back with a vistion of implementing cutting edge technology to the community center to build it into a hospital which is sought after by the people. Paul implemented electronic medical records (EMR) which replaced the traditional way of prescribing and checking...
Words: 3458 - Pages: 14
