Case Study

You should give yourself 20 minutes to review this testlet, review the diagram, and complete the questions.

Background

Overview TenGard Security Systems (TSS) is a company who designs, builds, and sells safes.

Physical Locations TSS has an office in Los Angeles, an office in Seattle, and an office in Philadelphia. The office in Los Angeles is connected to the office in Seattle with a dedicated 256K link. A VPN connection connects the Seattle office with the Philadelphia office. The following shows the layout:

Existing Environment

Directory Services TSS has a domain controller in each office. Active Directory replication takes place between sites at a specified schedule.

Network Infrastructure All servers in the network are running Windows Server 2003, Enterprise Edition. All workstations are running Windows XP. The network also has a perimeter network located in Los Angeles. The perimeter network contains a server named WSB2BSRV1 that is not a member of any Active Directory domain. WSB2BSRV1 hosts a web service that all resellers must have access to for inventory, pricing, and ordering information.

Problem Statements The server in the perimeter network must be accessible at all times. Currently, if a security incident takes place and requires that WSB2BSRV1 be taken offline, no resellers will be able to sell any of TSS’s safes. Users constantly forget to use the Windows Update website to update their computers, which leaves most laptops and workstations vulnerable to emerging exploits.

Interviews

Chief Information Officer We plan on implementing a wireless network in Seattle so that our users can access the network and its resources with laptop computers without having to locate an Ethernet jack. We need to make sure that users who have laptops don’t infect the corporate network should their laptops obtain a virus.

Network Administrator We need to devise a plan to prevent security incidents from taking place. Should an incident occur, we need to make sure that the appropriate evidence is preserved so that the authorities can follow up legally.

Chief Financial Officer Regardless of the situation that takes place, our resellers must be able to access our inventory information at all times. We have an agreement that guarantees to our resellers that our data will not be unavailable for more than one hour within a week.

Business Requirements

The following rules must be in place to comply with the guidelines set forth by the government:

• All workstations must have virus protection installed, and it must be updated on a regular basis.

• Internet Information Services should not be installed on any domain controllers.

• The internal network and the demilitarized zone (DMZ) must be segregated so that if an attacker can breach the DMZ, they will still not gain access to the internal network.

• In the event of a security incident, evidence must be maintained so that the authorities can be notified.

• All workstations must have new operating system patches and service packs applied in a timely fashion.

• There must be more than one layer that an attacker has to compromise in order to penetrate the internal network.

• Only essential services should be running on domain controllers.

• Each office should continue to function in the event of an incident with a minimal impact on production.