|< Day Day Up >|| |
The Chief Security Officer (CSO) of your organization has asked you to create a network design for the three new servers that you will be deploying: one Exchange Server computer, one IIS computer, and one DNS server. Currently, these services are provided by your ISP, but the Chief Information Officer (CIO) wants to reduce costs by bringing these services in-house. All three computers must be accessible to users on both the public Internet and the internal network. Unfortunately, your CIO has no budget for additional servers. You do, however, have an existing Internet connection with a firewall. You only have a single firewall with a total of four network interfaces.
Your CSO stresses that security is extremely important. The employees of your organization frequently send confidential information through e-mail, and if your Exchange Server computer were compromised, the losses could be huge. Your Web server hosts your company’s Web site. The Web site is your company’s online identity, and if an attacker were to modify the content on the site, it would hurt the image of the company. Your DNS server holds records for every system on your internal network, and if compromised, it would provide an attacker with a roadmap for future attacks against your intranet. Worse yet, a savvy attacker could modify your DNS records to get internal computers to communicate confidential information to computers controlled by the attacker.
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.
How would you design the network?
To which of the following ports will you have to configure the firewall to forward to the perimeter network?
How many security templates would you use to configure and analyze the security settings on this network?
Besides configuring the initial security settings on the Web, messaging, and DNS servers, what security-related tasks should be performed on an ongoing basis?
|< Day Day Up >|| |