August 24, 2014
There are a number of risks on our network. Those risks are data confidentiality, data access and network issues. Our network has a router/firewall configuration. All files are kept on the network. The network can be accessed from home. The computers in the lab have direct access to the internet. All of these can invite potential threats at any time.
The network allows potential threats through a router/firewalled device. I am assuming that the firewall has been configured by a default means. This will give hackers the ability to exploit any open ports left open. There will also be the security hole of the router itself if the ...view middle of the document...
The router will be configured for only the devices that are used on the network. No personal devices or unauthorized devices will be allowed access.
Second, I would start utilizing servers to store all of the data. Having data all over the network is dangerous. If a device fails and there is no redundancy then that data is lost. I would have at least two servers in place for this. The second server would be for backup and both will not be on the DMZ. The servers will both have firewalls and be placed behind the router. The router will be placed behind the firewall.
Third, after correcting the network, I would deploy a SSL VPN server. All direct access will be revoked. Users using their personal devices to access will also be revoked. The users will be issued a personal laptop or company device to gain access to the network. They will have to acquire permissions to access the VPN. The company laptops will also have to be provisioned for VPN access. The VPN server will be placed before the firewall and after the router. The VPN will be responsible for allowing users past the router. I would also set up times and specific permissions to access data and files on the network.
There are a number of other devices I would have added. I would add a sniffer and secondary firewall instead of using software firewalls on the devices. I would also add token VPN. This would require another gateway server to allow access. The SSL VPN server will suffice as it provides the same security to the network. The token only secures someone’s password with an algorithm. There would be a secondary router and a switch to control traffic. I thought about deploying a proxy server to control what is accessed on the internet. Most of these devices and software have high costs. I did not include them in this report.
The enhancements I...