Table of Contents
Project Outline 3
Security Requirements 4
Perimeter Security 5
Client and Server Security 10
Database Security 10
Server Security 12
Wireless and Remote Access Security 15
Security Configuration Management 19
Tiger Tees is a medium sized business with 4 locations across the eastern United States. This company produces and sells t-shirts for school systems, both locally and across the country via the internet. The organization’s headquarters is located in Beckley, West Virginia, and employs 25 people. The departments include the warehouse, human resources, accounting, sales, and administration. The second location of Tiger Tees ...view middle of the document...
The server segment will consist of a database server, human resource server, accounts payable/accounts receivable server, and an application server. The web/email server will be segmented from the other portions of the network using a DMZ. The servers will be secured in a locked server room to prevent physical access by unauthorized personnel. The internet facing portion of this network will be the greatest security concern due to outsider attacks. This segment will be protected by a router, a firewall, and an intrusion detection system. There will be a wireless access point on this network, and this is also a point of concern. Security will come from the settings on the wireless router. The server set identifier or SSID is an alphanumeric character that is used to identify wireless workstations attempting to connect to the network. The information sent across this wireless network will also be secured using Wired Equivalent Privacy or WEP (Microsoft, 2012).
The office located in Columbus, Georgia, Washington, DC, and Richmond, VA, all have small networks that are connected to the virtual private network. All data that is stored from these locations is stored on the servers located in Beckley, WV. These networks are connected to the VPN using a router. An enterprise firewall working with a router secures the networks. Each of these networks also has an intrusion detection system in place (SANS, 2012).
Network perimeter security requires both function and policy to secure the perimeter of the network. The perimeter of the network is the segment that is internet facing, and has data flowing in and out of the network. This perimeter must be protected against outsider threats and attacks. There are hardware applications that will be in place to ensure that the maximum amount of security is in place while still allowing for network usability.
The most commonly used security measure of this network is the firewall. This application firewall will work be checking IP packets that flow in and out of the network. When the firewall finds that an IP packet does not meet security policy, the IP packet is blocked. If all packets that pass through a firewall are examined it can create a bottleneck on the network slowing down performance drastically. Policy can help alleviate this bottleneck by using policy to determine which packets to inspect. Some examples of these rules are:
• All packets traveling from a public interface to a private interface shall be inspected.
• All packets traveling from a private interface to a public interface shall be inspected.
• Packets traveling from a private interface to a private interface shall not be inspected.
• Packets traveling from a public interface to a public interface shall not be inspected.
These firewall policy rules allow the firewall to inspect the packets that are the biggest threat to the network without inspecting internal traffic. There are also allow, deny policy that will...