This lab prepares you to plan the design application-layer security by meeting the following objectives:
This lab looks at the planning that Contoso Ltd. must do to ensure that security is deployed at the application layer to meet the organization's security needs. You need to make decisions on the configuration and deployment of the technologies that are required to meet the company's objectives.
Make sure that you've completed reading the chapter material before starting the lab. Pay close attention to the sections where the design decisions were applied throughout the chapter for information on building your administrative structure.
Contoso Ltd., an international magazine sales company, wants to use application-layer security in several future endeavors. Application-layer security is being considered to restrict data transmissions to members within a project team, protect e-mail messages, and secure a subscription and back issue ordering Web site.
Contoso is currently in the research stage for a new magazine that will focus on the entertainment industry in North America. The Seattle office will handle all the work on the publication.
The magazine's project team consists of 20 employees led by the executive editor at the Seattle office. Of the 20 employees, 18 currently have Windows 2000 Professional desktops or laptop computers. The two summer interns are using older desktop computers running Windows 95.
Management has decided that only members of the project team should be able to connect to the project server named PHOENIX. Access to the PHOENIX server must be protected so that only members of the project team can connect to it. On a previous project, a former employee renamed his desktop computer to match the name of another server and gained access to documents that project members saved to their computers. This occurrence must be prevented in the new magazine project.
Contoso has been approached about buying a small U.S. publisher named Lakes & Sons. Both companies have agreed to the takeover, and the lawyers are drafting the final agreement.
Because information about the takeover has been reported in the local press, management is concerned that there is an internal leak. The article reported the impending takeover and discussed the possibility that Lakes & Sons would drop several titles after the takeover was completed.
Management can't determine if a staff member leaked the information or whether someone outside the organization intercepted an e-mail message regarding the takeover. Management wants to ensure that all future e-mails sent to the lawyers are protected against modification and inspection as the e-mail messages cross the Internet.
Contoso wants to offer subscription services and back-issue ordering services for all their magazine titles. Contoso sees two separate types of clients who will connect to their external web site (ww.contoso.tld).
The Web site must be protected so that all visitors can be sure that any information entered into the site will be kept confidential. When a visitor accesses the Web site and wants to order a subscription or purchase a back issue, the visitor is offered the choice of logging on with the Contoso Club membership by using a digital certificate or accessing a secured Web page where the transaction can be completed by using a Web form.
Contoso wants to reduce the time it takes to revoke a customer's certificate. In the past year the company processed more than $10,000 worth of fraudulent sales that should have been rejected but weren't because certificate revocation was too slow.
This exercise looks at the security design required to implement SMB signing to meet the requirements defined by Contoso for the new magazine project. The answers to these questions can be found in the appendix.
This exercise looks at the security design required to implement secure e-mail for Contoso. The answers to these questions can be found in the appendix.
This exercise looks at the security design required for the subscription and back-issue pages on Contoso's Web site. The answers to these questions can be found in the appendix.