The web diagram of Global Finance. Inc. ( GFI ) depicts the layout of the company’s mission critical systems. The company has two waiters ( Email and the Oracle database ) which are used more than any of their other systems. GFI to a great extent depend on their web to be stable because of their fiscal systems that are running and any outage would negatively impact their operations and fiscal state of affairs. Like all other concern. client satisfaction and the security of GFI’s web is important. In order to guarantee their web and information is unafraid. GFI has begun to re-evaluate their web substructure. GFI has had some service breaks that has cost them over $ 100. 000 in gross losingss.
Description of GFI’s Network. Interconnection and Communication environment Global Finance Inc. Network
The Internet is made up of two 10GB connexions.
Remote Dial up entree via PSTN
VPN gateway connected to an Off-site office
A DMZ web which is made up of 2 Border ( Core ) routers. which are connected to the 2 10GB cyberspace connexions. 2 Distribution Routers. 1 VPN gateway. 1 firewall. 1 RMS waiter and a PBX box that is connected to the PSTN distant entree dial up web.
Above is a tabular array that list the six sections. There is besides a dislocation of the workstations and 26 pressmans per section.
There are 6 10GB Access Layer VLAN switches and 3 10GB Multi-Layer switches
There is besides a Trusted Computing Base Internal Network that is locate inside of Global Finance Inc. Network that is made up of 1 SUS Server. 1Oracle 9i DB Server. 1 Microsoft 2000 Exchange Email Server. 1 File and Print Server. 1 Intranet Web Server and 7 Workstations.
Assess hazard based on the Global Finance. Inc. Network Diagram scenario
The GFI web diagram depicts how fast the company in relation to the sum of web devices and other equipment. GFI web seems to be built to be resilient every bit good as being mistake tolerant. However. the company has
failed to maintain the webs security up to day of the month in relation to the growing of the web. So the chief focal point should be on web security. GFI needs to implement equipment degree policies that will beef up its web security. These policies should include such things as: updated hardware constellations. good maintained and updated hardware microcode and OS’s. Intrusion sensing systems. system backups. real-time monitoring of the web and hardware constellations. immediate probe of any and all security issues that are related to the web substructure. Since GFI has experienced anterior breaks due to web onslaughts. it makes since to presume that it is more of a possibility that an break could happen. So in order to measure the hazards to GFI’s web we can utilize a simple expression that includes means + motor ten chance x concern Impact over Controls that would be the hazards.
Below is a diagram of how the hazard to the web will be determined.
I can do the undermentioned premises based on the web diagram and the other information that was supplied. The web design seems to miss proper firewall coverage.
Describe and support your premises as there is no farther information from this company. The company does non wish to let go of any security-related information per company policy.
The sure computer science base ( TCB ) internal web in the Global Finance. Inc. Network Diagram hosts the company’s mission critical systems without which the company’s operations and fiscal state of affairs would endure. The Oracle database and email systems are among the most intensively used application waiters in the company. As we know. GFI can non afford system outages because its hard currency flow and fiscal systems to a great extent depend on the web stableness. GFI has experienced DOS web onslaughts twice this twelvemonth and its Oracle database and electronic mail waiters had been down for a hebdomad. The recovery procedure required GFI to utilize $ 25. 000 to reconstruct its operations back to normal. GFI estimated the loss from these web onslaughts at more than $ 100. 000 including lost client assurance.
Those who take attention of all regular ( non-security related ) concern demands of GIAC Enterprises. •Access to the corporate web
•Access to the information web indirectly
•No entree to the distant web
•No entree to the “service” web
The Employees of GIF includes all inside employees EXCEPT a group of employees designated as the “Security Team” who will execute the daily undertakings of making concern. All direction will be considered to be among this group of employees and they will non be granted different entree to services. Protocol sum-up for the Employees:
•HTTP ( TCP 80 )
•FTP informations ( TCP 21 )
•SMTP ( TCP 25 )
•DNS ( UDP 53 )
The firewall provides a figure of cardinal characteristics:
Security Proxies – used to use regulations to the contents of the TCP/IP packages. Stateful Dynamic Packet Filtering – used to construct filtrating regulations based on the province of a connexion.
1. Scan Detection – default protection from assorted common web scans.
2. Spoofing Protection – detect burlesquing efforts and drops the packages
3. Site Blocking – prevents defined web from go throughing the “wall”
4. Port Blocking – prevents defined “dangerous” ports in TCP and UDP from come ining
5. SYN inundation Protection – stops SYN flood Denial of Service onslaughts
6. Dynamic NAT – hides internal references
7. URL Filtering – Uses a Cyber Patrol database to command cyberspace browse