MIS589
James Young
Professor Gray
Assessment of Belmont State Bank (mini case)
10/18/2012

The following document is a risk assessment on the financial institution Belmont State Bank. It will cover some of the findings and suggested solutions to remedy many of the security issues that were observed. Please review the associated cost of the suggestions/ recommendations to that should improve and correct issues with your current network. This report will cover network antivirus solution and pattern updates, desktop security, VPN, wireless access, network monitoring software, router restrictions and vendor access.

In compliance with network overall security from malicious code, and to maintain the integrity of the network, listed are two tools to that will perform inventory of all company computers and network peripherals, that will ensure not only updated versions are installed but that all systems are compliant with software licensing: a. Manageengine ServiceDesk Enterprise edition, based on the number of technicians you have on staff of 250, I am recommending the 250 technician licenses that will cover over 3000 nodes, cost $2,995.00 this will scan all devices on your network, push all updates so that all systems are current, and only the updates that are required, these can be performed remotely to various machines, based on region/time zone during non-peak hours or if an emergency upgrade is required. b. Microsoft’s SSCM asset configuration software, much cheaper than manageengine, cost for an open NL L&SA 2-Year agreement (must be renewed at the end of 2-Years) $3,607.00 that will perform the same task of upgrades and virus pattern updates.
Desktop security, to prevent spyware or external hackers using BOT’s to control remotely employees computer systems, using group policies within active directory, initiate Desktop Firewalls, and restrict users access to prevent modification. This will help to reduce Denial-of-Service attacks, this along with users education in avoidance of using internet access for other than company usage, which can be restricted by using a proxy server limiting access to the internet. Note for remote or Laptop users an automated scan and update will be initiated using scripts /Shell prior to initial logons to the domain/Network preventing accidental virus attacks. Desktop themes will be universal, meaning no changing of backgrounds/ desktops can be performed by users, in short limiting the user’s access to only applications that require updates based on the user’s required task. Also all desktops will have the encryption software TrueCrypt installed (free software but has the ability to encrypt the hard drive using DOD standard encryption. This will be installed also on all laptop/portable computers.

VPN and Wireless access
Starting with VPN access, the user of a Cisco ASA 5520 firewall VPN device (cost $2,516) will be installed and configured for secure tunneling for transactions, this will reduce the cost of having modems and provide a secure path to the company’s servers.
Wireless access will be controlled and secured using SSL certificate, using WPA2 Enterprise, using a Radius server, restricting the access to permit only authenticated users on the network.
All remote users will be compliant at all times, a separate VLAN that will be monitored, that will reduce overall traffic on the network.
IDS software such as Lanalyzer , to monitor internal network packets for weaknesses, can also be used to detect IP spoofing and packet filtering.
Routers will be restricted by implementing an ACL (Access Control List) to control network traffic. Routers will view all internal and external packets that are processed ensuring packets match for both sender and receiver.
All vendors will sign an acknowledgement to notify your IT Team of any security modifications and patches prior to and after testing; this will also include any vendors that provide software for system testing as well. Internal security personnel will perform their test to make sure all are in standards. Controls will be in place to detect and correct any possible threats to the company’s network and resources. This will help in assessing any possible breaches in security, using various tools such as spread sheets or CSV files created by monitoring software to list assets, threats and controls that network manages as a weight to measure risk.