Scenario:
ALEXA Finance Pvt. Limited is a renowned financial services company. It has gained a good reputation in the city of Melbourne and its surrounding regional areas. The company deals in both the personal and commercial financial services to the corporate sectors. The company’s head office is situated at the CBD of Melbourne with its regional offices in Geelong and Ballarat. The company is using MYOB as the ERP and all the services are provided through a centralised management system.
For better services to its customers, AlEXA has made all the data centralised stored in the head office. The company’s management is fully aware of the importance and the integrity of the data as financial data of different clients is always critical and needs to be protected by the company. The IT department of the company is well equipped and comprised of latest tools and technologies with all the computers, printers, scanners (NAS-Storage Servers), servers, WiFi access points, switches , routers, IP Phones connected in a sophisticated and efficient network. The network provide all the employees of the company to access the centralised data stored on the servers of the company by the network using the LAN connections, while the regional offices connect and access the date using the in-house configured and managed VPN.
The IT department is headed by RONE, the IT Manager while Steve assists him in managing the networks and the systems and work as the System Administrator. With the ever increasing workload and the data of the company’s clients, the IT department is looking forward to design and implement a security system for their network to not only protect the data but also to provide efficient and secured access for the end users.
The job responsibilities and the network diagram of the company are as follow:
Job Responsibilities of IT Manager:
- Running regular checks on network and data security
- Identifying and acting on opportunities to improve and update software and systems
- Developing and implementing IT policy and best practice guides for the organisation
- Designing training programs and workshops for staff
- Conducting regular system audits
- Running and sharing regular operation system reports with senior staff
- Overseeing and determining timeframes for major IT projects including system updates, upgrades, migrations and outages
- Managing and reporting on allocation of IT budget
- Providing direction for IT team members
- Identifying opportunities for team training and skills advancement
Job Responsibilities of System Administrator:
- Provide technical support for both hardware and software issues our users encounter
- Manage the configuration and operation of client-based computer operating systems
- Monitor the system daily and respond immediately to security or usability concerns
- Create and verify backups of data
- Respond to and resolve help desk requests
- Upgrade systems and processes as required for enhanced functionality and security issue resolution
- Administrate infrastructure, including firewalls, databases, malware protection software and other processes
- Install and test computer-related equipment
- Upgrade systems with new releases and models
- Develop expertise to train staff on new technologies
- Build an internal wiki with technical documentation, manuals and IT policies
Network Diagram of Alexa Finance to give illustration of all the all the computers, printers, scanners (NAS-Storage Servers), servers, WiFi access points, switches , routers, IP Phones connected
Task: (Role Play on evaluation of the network security threats)
The IT department needs to correspond with the management of the company to elaborate the requirement of the design and implementation of the security system. The IT department will organise a meeting and explain the requirements to the General Manager and the Finance Manager. After the elaboration of the requirements, they need to complete the minutes of meetings and get it signed off by all the attendees including the General Manager to initiate the implementation.
You will act as the Systems Administrator and will elaborate the requirements of the security system. You will evaluate the different types of network security threats. The trainer/assessor will act as the IT Manager and will supervise the evaluation of the network security threats. Two of the students will act as the General Manager and the Finance Manager, while the Finance Manager will arise the financial constraints attach to the implementation. After the role play, you need to document a precise report define the threats on the security system.
In the role-play you need to discuss the following:
- Analyse different types of malwares and mitigation of the network attacks
- Explain the analytical and structured approach towards the protection of the network infrastructure of the company.
- The nature of the security being required by the ALEXA’s ICT network infrastructure o Level of Security required for the Network
- Explain and analyse the functions and importance of Authentication, Authorisation and accounting for the security of the network
- Elaborate and compare different common features of TACAS+ and RADIUS for ensuring the security of the network
- Discuss the operational strategies and weaknesses of the different firewall technologies
- Explain the Analysis different IDPS technologies along with monitoring methods and responses to the attacks and options to monitor them
- Compare and analyse Network based and Host based IDPS for the identification of the malicious activity and maintaining the log, attempt to block them and reporting of the malicious activity
- Discuss with the assessor about the different cryptographic techniques that can ensure network security
- Discuss and analyse the Internet Key Exchange Protocol –IKE and explain the binding blocks of IPSec and the security functions it provides
- You also need to design a brief report on Switch Security Attacks – Layer 2 and mitigation techniques against them.
